Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(819)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/browser/guest_view/web_view/web_view_guest.cc

Issue 2182633007: Avoid using ContentBrowserClient::IsIllegalOrigin in ResourceDispatcherHost. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Remove the IsIllegalOrigin function from ContentBrowserClient Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/public/browser/resource_dispatcher_host.h ('K') | « extensions/browser/guest_view/web_view/web_view_guest.h ('k') | extensions/shell/test/shell_test.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/browser/guest_view/web_view/web_view_guest.cc
diff --git a/extensions/browser/guest_view/web_view/web_view_guest.cc b/extensions/browser/guest_view/web_view/web_view_guest.cc
index 5424db93d4ef0a12ae8b425dc82d1411fab5d169..36c9f1bc4e7dab2badab2671a5f2a1de0cad541e 100644
--- a/extensions/browser/guest_view/web_view/web_view_guest.cc
+++ b/extensions/browser/guest_view/web_view/web_view_guest.cc
@@ -31,6 +31,7 @@
#include "content/public/browser/render_view_host.h"
#include "content/public/browser/render_widget_host.h"
#include "content/public/browser/render_widget_host_view.h"
+#include "content/public/browser/resource_dispatcher_host.h"
#include "content/public/browser/resource_request_details.h"
#include "content/public/browser/site_instance.h"
#include "content/public/browser/storage_partition.h"
@@ -52,8 +53,8 @@
#include "extensions/browser/guest_view/web_view/web_view_content_script_manager.h"
#include "extensions/browser/guest_view/web_view/web_view_permission_helper.h"
#include "extensions/browser/guest_view/web_view/web_view_permission_types.h"
-#include "extensions/browser/guest_view/web_view/web_view_renderer_state.h"
#include "extensions/common/constants.h"
+#include "extensions/common/extension.h"
#include "extensions/common/extension_messages.h"
#include "extensions/common/manifest_constants.h"
#include "extensions/strings/grit/extensions_strings.h"
@@ -934,13 +935,12 @@ void WebViewGuest::PushWebViewStateToIOThread() {
web_view_info.embedder_process_id, web_view_info.instance_id);
content::BrowserThread::PostTask(
- content::BrowserThread::IO,
- FROM_HERE,
- base::Bind(&WebViewRendererState::AddGuest,
+ content::BrowserThread::IO, FROM_HERE,
+ base::Bind(&WebViewGuest::AddGuestHelper,
base::Unretained(WebViewRendererState::GetInstance()),
web_contents()->GetRenderProcessHost()->GetID(),
- web_contents()->GetRoutingID(),
- web_view_info));
+ web_contents()->GetRoutingID(), web_view_info,
+ browser_context()->GetResourceContext()));
}
// static
@@ -948,11 +948,11 @@ void WebViewGuest::RemoveWebViewStateFromIOThread(
WebContents* web_contents) {
content::BrowserThread::PostTask(
content::BrowserThread::IO, FROM_HERE,
- base::Bind(
- &WebViewRendererState::RemoveGuest,
- base::Unretained(WebViewRendererState::GetInstance()),
- web_contents->GetRenderProcessHost()->GetID(),
- web_contents->GetRoutingID()));
+ base::Bind(&WebViewGuest::RemoveGuestHelper,
+ base::Unretained(WebViewRendererState::GetInstance()),
+ web_contents->GetRenderProcessHost()->GetID(),
+ web_contents->GetRoutingID(),
+ web_contents->GetBrowserContext()->GetResourceContext()));
}
void WebViewGuest::RequestMediaAccessPermission(
@@ -1505,4 +1505,51 @@ void WebViewGuest::SetFullscreenState(bool is_fullscreen) {
web_contents()->GetRenderViewHost()->GetWidget()->WasResized();
}
+void WebViewGuest::AddGuestHelper(
+ WebViewRendererState* renderer_state,
+ int guest_process_id,
+ int guest_routing_id,
+ const WebViewRendererState::WebViewInfo& web_view_info,
+ const content::ResourceContext* context) {
+ DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+
+ // Guest processes can access resources from the host (extensions). The
+ // ResourceDispatcherHost object performs access checks for certain origins
+ // like extensions when they are requested. We should inform the
+ // ResourceDispatcherHost instance about guests so it can enforce accesses
+ // correctly. This should be done only for new guest processes.
+ bool new_guest = !renderer_state->IsGuest(guest_process_id);
+ renderer_state->AddGuest(guest_process_id, guest_routing_id, web_view_info);
+ if (new_guest && !web_view_info.owner_host.empty()) {
+ content::ResourceDispatcherHost::Get()->AddProcessForOrigin(
+ context,
+ Extension::GetBaseURLFromExtensionId(web_view_info.owner_host).spec(),
+ guest_process_id,
+ false);
+ }
+}
+
+void WebViewGuest::RemoveGuestHelper(
+ WebViewRendererState* renderer_state,
+ int guest_process_id,
+ int guest_routing_id,
+ const content::ResourceContext* context) {
+ DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+
+ std::string owner_id;
+ renderer_state->GetOwnerInfo(guest_process_id, nullptr, &owner_id);
+
+ renderer_state->RemoveGuest(guest_process_id, guest_routing_id);
+ // If this is no longer a guest process, then inform the
+ // ResourceDispatcherHost accordingly so it can enforce accesses correctly.
+ if (!owner_id.empty() && !renderer_state->IsGuest(guest_process_id)) {
+ content::ResourceDispatcherHost::Get()->RemoveProcessForOrigin(
+ context,
+ Extension::GetBaseURLFromExtensionId(owner_id).spec(),
+ guest_process_id,
+ false);
+ }
+}
+
+
} // namespace extensions
« content/public/browser/resource_dispatcher_host.h ('K') | « extensions/browser/guest_view/web_view/web_view_guest.h ('k') | extensions/shell/test/shell_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698