Index: content/browser/security_exploit_browsertest.cc |
diff --git a/content/browser/security_exploit_browsertest.cc b/content/browser/security_exploit_browsertest.cc |
index f9d6d7f935e50d0255017c7e2c568db8317eb30a..4be50943b432b01c58583209b9b57491b5d38f02 100644 |
--- a/content/browser/security_exploit_browsertest.cc |
+++ b/content/browser/security_exploit_browsertest.cc |
@@ -401,16 +401,6 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, |
ASSERT_EQ("\"okay2\"", interstitial->last_command()); |
} |
-class IsolatedAppContentBrowserClient : public TestContentBrowserClient { |
- public: |
- bool IsIllegalOrigin(content::ResourceContext* resource_context, |
- int child_process_id, |
- const GURL& origin) override { |
- // Simulate a case where an app origin is not in an app process. |
- return true; |
- } |
-}; |
- |
// Renderer processes should not be able to spoof Origin HTTP headers. |
IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) { |
// Create a set of IPC messages with various Origin headers. |
@@ -426,6 +416,8 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) { |
NavigateToURL(shell(), web_url); |
RenderFrameHost* web_rfh = shell()->web_contents()->GetMainFrame(); |
+ ResourceDispatcherHost::Get()->AddSchemeForAccessCheck("https"); |
Charlie Reis
2016/08/02 20:41:42
Please add a comment about how this leads to denyi
|
+ |
// Web processes cannot make XHRs with chrome:// Origin headers. |
{ |
RenderProcessHostWatcher web_process_killed( |
@@ -447,7 +439,7 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) { |
{ |
// Set up a ContentBrowserClient that simulates an app URL in a non-app |
// process. |
- IsolatedAppContentBrowserClient app_client; |
+ TestContentBrowserClient app_client; |
Charlie Reis
2016/08/02 20:41:42
Why keep this if you're removing IsolatedAppConten
|
ContentBrowserClient* old_client = SetBrowserClientForTesting(&app_client); |
RenderProcessHostWatcher web_process_killed( |
web_rfh->GetProcess(), |