Index: content/browser/security_exploit_browsertest.cc |
diff --git a/content/browser/security_exploit_browsertest.cc b/content/browser/security_exploit_browsertest.cc |
index f9d6d7f935e50d0255017c7e2c568db8317eb30a..d8fb91a3789e21057daa25631a3b121cf7eaeb3e 100644 |
--- a/content/browser/security_exploit_browsertest.cc |
+++ b/content/browser/security_exploit_browsertest.cc |
@@ -9,6 +9,7 @@ |
#include "base/macros.h" |
#include "base/strings/utf_string_conversions.h" |
#include "build/build_config.h" |
+#include "content/browser/bad_message.h" |
#include "content/browser/dom_storage/dom_storage_context_wrapper.h" |
#include "content/browser/dom_storage/session_storage_namespace_impl.h" |
#include "content/browser/frame_host/navigator.h" |
@@ -24,7 +25,9 @@ |
#include "content/public/browser/content_browser_client.h" |
#include "content/public/browser/interstitial_page.h" |
#include "content/public/browser/interstitial_page_delegate.h" |
+#include "content/public/browser/resource_context.h" |
#include "content/public/browser/resource_dispatcher_host.h" |
+#include "content/public/browser/resource_dispatcher_host_interceptor.h" |
#include "content/public/browser/storage_partition.h" |
#include "content/public/common/appcache_info.h" |
#include "content/public/common/browser_side_navigation_policy.h" |
@@ -401,14 +404,29 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, |
ASSERT_EQ("\"okay2\"", interstitial->last_command()); |
} |
-class IsolatedAppContentBrowserClient : public TestContentBrowserClient { |
+// Intercepts the HTTP origin header and on being invoked once it is found |
+// aborts the requeest. |
+class HttpOriginInterceptor |
+ : public content::ResourceDispatcherHostInterceptor { |
public: |
- bool IsIllegalOrigin(content::ResourceContext* resource_context, |
- int child_process_id, |
- const GURL& origin) override { |
- // Simulate a case where an app origin is not in an app process. |
- return true; |
+ HttpOriginInterceptor() { |
+ ResourceDispatcherHost::Get()->RegisterInterceptor("Origin", "", this); |
} |
+ |
+ ~HttpOriginInterceptor() override { |
+ ResourceDispatcherHost::Get()->UnregisterInterceptor("Origin", this); |
+ } |
+ |
+ void OnHttpHeaderReceived(const std::string& header, |
+ const std::string& value, |
+ int child_process_id, |
+ content::ResourceContext* resource_context, |
+ OnHeaderProcessedCallback callback) override { |
+ callback.Run(false, content::bad_message::RDH_ILLEGAL_ORIGIN); |
+ } |
+ |
+ private: |
+ DISALLOW_COPY_AND_ASSIGN(HttpOriginInterceptor); |
}; |
// Renderer processes should not be able to spoof Origin HTTP headers. |
@@ -445,10 +463,8 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) { |
// ResourceRequest IPC can't be created in a test outside content/. |
NavigateToURL(shell(), web_url); |
{ |
- // Set up a ContentBrowserClient that simulates an app URL in a non-app |
- // process. |
- IsolatedAppContentBrowserClient app_client; |
- ContentBrowserClient* old_client = SetBrowserClientForTesting(&app_client); |
+ std::unique_ptr<HttpOriginInterceptor> origin_interceptor( |
+ new HttpOriginInterceptor); |
RenderProcessHostWatcher web_process_killed( |
web_rfh->GetProcess(), |
RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); |
@@ -458,7 +474,6 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) { |
kRequestIdNotPreviouslyUsed, |
embedder_isolated_origin_msg)); |
web_process_killed.Wait(); |
- SetBrowserClientForTesting(old_client); |
} |
// Web processes cannot make XHRs with invalid Origin headers. |