| Index: content/browser/security_exploit_browsertest.cc
|
| diff --git a/content/browser/security_exploit_browsertest.cc b/content/browser/security_exploit_browsertest.cc
|
| index f9d6d7f935e50d0255017c7e2c568db8317eb30a..4b30f485453aaf004f3d40fcbc83554d0841a304 100644
|
| --- a/content/browser/security_exploit_browsertest.cc
|
| +++ b/content/browser/security_exploit_browsertest.cc
|
| @@ -4,9 +4,11 @@
|
|
|
| #include <stdint.h>
|
|
|
| +#include "base/bind_helpers.h"
|
| #include "base/command_line.h"
|
| #include "base/containers/hash_tables.h"
|
| #include "base/macros.h"
|
| +#include "base/process/process_handle.h"
|
| #include "base/strings/utf_string_conversions.h"
|
| #include "build/build_config.h"
|
| #include "content/browser/dom_storage/dom_storage_context_wrapper.h"
|
| @@ -401,16 +403,6 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest,
|
| ASSERT_EQ("\"okay2\"", interstitial->last_command());
|
| }
|
|
|
| -class IsolatedAppContentBrowserClient : public TestContentBrowserClient {
|
| - public:
|
| - bool IsIllegalOrigin(content::ResourceContext* resource_context,
|
| - int child_process_id,
|
| - const GURL& origin) override {
|
| - // Simulate a case where an app origin is not in an app process.
|
| - return true;
|
| - }
|
| -};
|
| -
|
| // Renderer processes should not be able to spoof Origin HTTP headers.
|
| IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) {
|
| // Create a set of IPC messages with various Origin headers.
|
| @@ -426,6 +418,18 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) {
|
| NavigateToURL(shell(), web_url);
|
| RenderFrameHost* web_rfh = shell()->web_contents()->GetMainFrame();
|
|
|
| + // Registering the https scheme and the URL with RDH leads to the
|
| + // embedder_isolated_origin_msg being denied
|
| + ResourceDispatcherHost::Get()->AddSchemeForAccessCheck("https");
|
| + BrowserThread::PostTask(
|
| + BrowserThread::IO, FROM_HERE,
|
| + base::Bind(
|
| + &ResourceDispatcherHost::RegisterOriginForAccessChecks,
|
| + base::Unretained(ResourceDispatcherHost::Get()),
|
| + shell()->web_contents()->GetBrowserContext()->GetResourceContext(),
|
| + "https://isolated.bar.com",
|
| + ResourceDispatcherHost::DENY_FOR_NON_OWNERS));
|
| +
|
| // Web processes cannot make XHRs with chrome:// Origin headers.
|
| {
|
| RenderProcessHostWatcher web_process_killed(
|
| @@ -447,8 +451,6 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) {
|
| {
|
| // Set up a ContentBrowserClient that simulates an app URL in a non-app
|
| // process.
|
| - IsolatedAppContentBrowserClient app_client;
|
| - ContentBrowserClient* old_client = SetBrowserClientForTesting(&app_client);
|
| RenderProcessHostWatcher web_process_killed(
|
| web_rfh->GetProcess(),
|
| RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT);
|
| @@ -458,7 +460,6 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) {
|
| kRequestIdNotPreviouslyUsed,
|
| embedder_isolated_origin_msg));
|
| web_process_killed.Wait();
|
| - SetBrowserClientForTesting(old_client);
|
| }
|
|
|
| // Web processes cannot make XHRs with invalid Origin headers.
|
|
|
Chromium Code Reviews
Issue 2182633007:
Avoid using ContentBrowserClient::IsIllegalOrigin in ResourceDispatcherHost. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master