Index: content/browser/loader/resource_dispatcher_host_impl.h |
diff --git a/content/browser/loader/resource_dispatcher_host_impl.h b/content/browser/loader/resource_dispatcher_host_impl.h |
index 339daec4d5d6a909fe8f05f1e134db52e5d8a370..38ee8ede2b7b8107753cb188ff766a0e9d62079f 100644 |
--- a/content/browser/loader/resource_dispatcher_host_impl.h |
+++ b/content/browser/loader/resource_dispatcher_host_impl.h |
@@ -107,7 +107,13 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl |
void SetDelegate(ResourceDispatcherHostDelegate* delegate) override; |
void SetAllowCrossOriginAuthPrompt(bool value) override; |
void ClearLoginDelegateForRequest(net::URLRequest* request) override; |
- |
+ void AddSchemeForAccessCheck(const std::string& scheme) override; |
+ void AddProcessForOrigin(const ResourceContext* context, |
+ const std::string& origin, |
+ int process_id) override; |
+ void RemoveProcessForOrigin(const ResourceContext* context, |
+ const std::string& origin, |
+ int process_id) override; |
// Puts the resource dispatcher host in an inactive state (unable to begin |
// new requests). Cancels all pending requests. |
void Shutdown(); |
@@ -292,6 +298,12 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl |
void OnRenderFrameDeleted(const GlobalFrameRoutingId& global_routing_id); |
+ // Checks whether the child process identified by |child_process_id| is |
+ // allowed to access the |origin| and returns true if not. |
+ bool IsIllegalOrigin(ResourceContext* context, |
+ const GURL& origin, |
+ int child_process_id); |
+ |
private: |
friend class ResourceDispatcherHostTest; |
@@ -325,6 +337,26 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl |
// Map from ProcessID+RouteID pair to the "most interesting" LoadState. |
typedef std::map<GlobalRoutingID, LoadInfo> LoadInfoMap; |
+ // Information about a web origin. |
+ struct OriginAccessInfo { |
+ // This structure is complicated enough for clang to require the ctors to |
+ // be explicitly defined in the cc file. |
jam
2016/08/02 17:01:46
now that this is just one set, any reason to keep
ananta
2016/08/02 22:28:28
Done.
|
+ OriginAccessInfo(); |
+ ~OriginAccessInfo(); |
+ OriginAccessInfo(const OriginAccessInfo& other); |
+ |
+ std::set<int> allowed_processes; |
+ }; |
+ |
+ // Map from the origin host (std::string) to its information |
+ // (OriginAccessInfo). |
+ // This map is per ResourceContext. |
+ typedef std::map<std::string, OriginAccessInfo> OriginAccessInfoMap; |
+ |
+ typedef std::map<const ResourceContext*, |
+ std::unique_ptr<OriginAccessInfoMap>> |
+ ResourceContextOriginMap; |
+ |
// ResourceLoaderDelegate implementation: |
ResourceDispatcherHostLoginDelegate* CreateLoginDelegate( |
ResourceLoader* loader, |
@@ -537,6 +569,11 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl |
CertStore* GetCertStore(); |
+ // Returns the OriginAccessInfoMap instance for the |context| passed in. This |
+ // map is used to enforce access checks on web requests for some origins. |
+ OriginAccessInfoMap* GetOriginAccessMapForResourceContext( |
+ const ResourceContext* context); |
+ |
LoaderMap pending_loaders_; |
// Collection of temp files downloaded for child processes via |
@@ -631,6 +668,14 @@ class CONTENT_EXPORT ResourceDispatcherHostImpl |
// outlive this ResourceDispatcherHostImpl. |
CertStore* cert_store_for_testing_; |
+ // Used to check whether a request to retrieve an origin resource is allowed. |
+ // This is only done for origins which are to be checked for access. |
+ ResourceContextOriginMap context_origin_access_info_map_; |
+ |
+ // This contains the set of origins we need to enforce access checks on. By |
+ // default everything is allowed. |
+ std::set<std::string> origins_for_access_check_; |
+ |
DISALLOW_COPY_AND_ASSIGN(ResourceDispatcherHostImpl); |
}; |