content/browser/security_exploit_browsertest.cc - Issue 2182633007: Avoid using ContentBrowserClient::IsIllegalOrigin in ResourceDispatcherHost.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/browser/security_exploit_browsertest.cc

Issue 2182633007: Avoid using ContentBrowserClient::IsIllegalOrigin in ResourceDispatcherHost. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix compile errors Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« content/browser/loader/resource_dispatcher_host_impl.cc ('K') | « content/browser/loader/resource_dispatcher_host_impl.cc ('k') | content/public/browser/resource_dispatcher_host.h » ('j') | content/public/browser/resource_dispatcher_host.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/browser/security_exploit_browsertest.cc

diff --git a/content/browser/security_exploit_browsertest.cc b/content/browser/security_exploit_browsertest.cc

index f9d6d7f935e50d0255017c7e2c568db8317eb30a..4be50943b432b01c58583209b9b57491b5d38f02 100644

--- a/content/browser/security_exploit_browsertest.cc

+++ b/content/browser/security_exploit_browsertest.cc

@@ -401,16 +401,6 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest,

ASSERT_EQ("\"okay2\"", interstitial->last_command());

}

-class IsolatedAppContentBrowserClient : public TestContentBrowserClient {

- public:

- bool IsIllegalOrigin(content::ResourceContext* resource_context,

- int child_process_id,

- const GURL& origin) override {

- // Simulate a case where an app origin is not in an app process.

- return true;

- }

-};

// Renderer processes should not be able to spoof Origin HTTP headers.

IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) {

// Create a set of IPC messages with various Origin headers.

@@ -426,6 +416,8 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) {

NavigateToURL(shell(), web_url);

RenderFrameHost* web_rfh = shell()->web_contents()->GetMainFrame();

+ ResourceDispatcherHost::Get()->AddSchemeForAccessCheck("https");

Charlie Reis 2016/08/02 20:41:42 Please add a comment about how this leads to denyi

// Web processes cannot make XHRs with chrome:// Origin headers.

{

RenderProcessHostWatcher web_process_killed(

@@ -447,7 +439,7 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) {

{

// Set up a ContentBrowserClient that simulates an app URL in a non-app

// process.

- IsolatedAppContentBrowserClient app_client;

+ TestContentBrowserClient app_client;

Charlie Reis 2016/08/02 20:41:42 Why keep this if you're removing IsolatedAppConten

ContentBrowserClient* old_client = SetBrowserClientForTesting(&app_client);

RenderProcessHostWatcher web_process_killed(

web_rfh->GetProcess(),