Chromium Code Reviews Chromium Code Reviews
Issue 2322673005:
Fix process transfers for blob urls of sites requiring dedicated processes. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/macros.h" | 5 #include "base/macros.h" |
| 6 #include "build/build_config.h" | 6 #include "build/build_config.h" |
| 7 #include "content/browser/frame_host/frame_tree.h" | 7 #include "content/browser/frame_host/frame_tree.h" |
| 8 #include "content/browser/frame_host/frame_tree_node.h" | 8 #include "content/browser/frame_host/frame_tree_node.h" |
| 9 #include "content/browser/renderer_host/render_view_host_impl.h" | 9 #include "content/browser/renderer_host/render_view_host_impl.h" |
| 10 #include "content/browser/web_contents/web_contents_impl.h" | 10 #include "content/browser/web_contents/web_contents_impl.h" |
| 11 #include "content/public/browser/notification_service.h" | 11 #include "content/public/browser/notification_service.h" |
| 12 #include "content/public/browser/notification_types.h" | 12 #include "content/public/browser/notification_types.h" |
| 13 #include "content/public/common/content_switches.h" | |
| 13 #include "content/public/common/url_constants.h" | 14 #include "content/public/common/url_constants.h" |
| 14 #include "content/public/test/browser_test_utils.h" | 15 #include "content/public/test/browser_test_utils.h" |
| 15 #include "content/public/test/content_browser_test.h" | 16 #include "content/public/test/content_browser_test.h" |
| 16 #include "content/public/test/content_browser_test_utils.h" | 17 #include "content/public/test/content_browser_test_utils.h" |
| 17 #include "content/public/test/test_navigation_observer.h" | 18 #include "content/public/test/test_navigation_observer.h" |
| 18 #include "content/public/test/test_utils.h" | 19 #include "content/public/test/test_utils.h" |
| 19 #include "content/shell/browser/shell.h" | 20 #include "content/shell/browser/shell.h" |
| 21 #include "content/shell/common/shell_switches.h" | |
| 20 #include "content/test/content_browser_test_utils_internal.h" | 22 #include "content/test/content_browser_test_utils_internal.h" |
| 21 #include "content/test/test_frame_navigation_observer.h" | 23 #include "content/test/test_frame_navigation_observer.h" |
| 22 #include "net/dns/mock_host_resolver.h" | 24 #include "net/dns/mock_host_resolver.h" |
| 23 #include "net/test/embedded_test_server/embedded_test_server.h" | 25 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 24 #include "third_party/WebKit/public/web/WebSandboxFlags.h" | 26 #include "third_party/WebKit/public/web/WebSandboxFlags.h" |
| 25 #include "url/url_constants.h" | 27 #include "url/url_constants.h" |
| 26 | 28 |
| 27 // For fine-grained suppression on flaky tests. | 29 // For fine-grained suppression on flaky tests. |
| 28 #if defined(OS_WIN) | 30 #if defined(OS_WIN) |
| 29 #include "base/win/windows_version.h" | 31 #include "base/win/windows_version.h" |
| 30 #endif | 32 #endif |
| 31 | 33 |
| 32 namespace content { | 34 namespace content { |
| 33 | 35 |
| 36 namespace { | |
| 37 | |
| 38 std::string GetOriginFromRenderer(FrameTreeNode* node) { | |
| 39 std::string origin; | |
| 40 EXPECT_TRUE(ExecuteScriptAndExtractString( | |
| 41 node, "window.domAutomationController.send(document.origin);", &origin)); | |
| 42 return origin; | |
| 43 } | |
| 44 | |
| 45 } // namespace | |
| 46 | |
| 34 class FrameTreeBrowserTest : public ContentBrowserTest { | 47 class FrameTreeBrowserTest : public ContentBrowserTest { |
| 35 public: | 48 public: |
| 36 FrameTreeBrowserTest() {} | 49 FrameTreeBrowserTest() {} |
| 37 | 50 |
| 38 void SetUpOnMainThread() override { | 51 void SetUpOnMainThread() override { |
| 39 host_resolver()->AddRule("*", "127.0.0.1"); | 52 host_resolver()->AddRule("*", "127.0.0.1"); |
| 40 ASSERT_TRUE(embedded_test_server()->Start()); | 53 ASSERT_TRUE(embedded_test_server()->Start()); |
| 41 SetupCrossSiteRedirector(embedded_test_server()); | 54 SetupCrossSiteRedirector(embedded_test_server()); |
| 42 } | 55 } |
| 43 | 56 |
| 44 protected: | |
| 45 std::string GetOriginFromRenderer(FrameTreeNode* node) { | |
| 46 std::string origin; | |
| 47 EXPECT_TRUE(ExecuteScriptAndExtractString( | |
| 48 node, "window.domAutomationController.send(document.origin);", | |
| 49 &origin)); | |
| 50 return origin; | |
| 51 } | |
| 52 | |
| 53 private: | 57 private: |
| 54 DISALLOW_COPY_AND_ASSIGN(FrameTreeBrowserTest); | 58 DISALLOW_COPY_AND_ASSIGN(FrameTreeBrowserTest); |
| 55 }; | 59 }; |
| 56 | 60 |
| 57 // Ensures FrameTree correctly reflects page structure during navigations. | 61 // Ensures FrameTree correctly reflects page structure during navigations. |
| 58 IN_PROC_BROWSER_TEST_F(FrameTreeBrowserTest, FrameTreeShape) { | 62 IN_PROC_BROWSER_TEST_F(FrameTreeBrowserTest, FrameTreeShape) { |
| 59 GURL base_url = embedded_test_server()->GetURL("A.com", "/site_isolation/"); | 63 GURL base_url = embedded_test_server()->GetURL("A.com", "/site_isolation/"); |
| 60 | 64 |
| 61 // Load doc without iframes. Verify FrameTree just has root. | 65 // Load doc without iframes. Verify FrameTree just has root. |
| 62 // Frame tree: | 66 // Frame tree: |
| (...skipping 621 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 684 main_url.GetOrigin().spec()); | 688 main_url.GetOrigin().spec()); |
| 685 | 689 |
| 686 GURL data_url("data:text/html,foo"); | 690 GURL data_url("data:text/html,foo"); |
| 687 NavigateFrameToURL(root->child_at(1), data_url); | 691 NavigateFrameToURL(root->child_at(1), data_url); |
| 688 | 692 |
| 689 // Navigating to a data URL should set a unique origin. This is represented | 693 // Navigating to a data URL should set a unique origin. This is represented |
| 690 // as "null" per RFC 6454. | 694 // as "null" per RFC 6454. |
| 691 EXPECT_EQ(root->child_at(1)->current_origin().Serialize(), "null"); | 695 EXPECT_EQ(root->child_at(1)->current_origin().Serialize(), "null"); |
| 692 } | 696 } |
| 693 | 697 |
| 698 // FrameTreeBrowserTest variant where we isolate http://*.is, Iceland's top | |
| 699 // level domain. This is an analogue to --isolate-extensions that we use inside | |
| 700 // of content_browsertests, where extensions don't exist. Iceland, like an | |
| 701 // extension process, is a special place with magical powers; we want to protect | |
|
Charlie Reis
2016/09/09 21:18:23
Ha!
ncarter (slow)
2016/09/09 21:56:31
Acknowledged.
| |
| 702 // it from outsiders. | |
| 703 class IsolateIcelandFrameTreeBrowserTest : public ContentBrowserTest { | |
|
Charlie Reis
2016/09/09 21:18:23
Is there a reason this doesn't derive from FrameTr
ncarter (slow)
2016/09/09 21:56:31
CrossProcessFrameTreeBrowserTest didn't derive fro
| |
| 704 public: | |
| 705 IsolateIcelandFrameTreeBrowserTest() {} | |
| 706 | |
| 707 void SetUpCommandLine(base::CommandLine* command_line) override { | |
| 708 command_line->AppendSwitchASCII(switches::kIsolateSitesForTesting, "*.is"); | |
| 709 } | |
| 710 | |
| 711 void SetUpOnMainThread() override { | |
| 712 host_resolver()->AddRule("*", "127.0.0.1"); | |
| 713 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 714 SetupCrossSiteRedirector(embedded_test_server()); | |
| 715 } | |
| 716 | |
| 717 private: | |
| 718 DISALLOW_COPY_AND_ASSIGN(IsolateIcelandFrameTreeBrowserTest); | |
| 719 }; | |
| 720 | |
| 721 // Regression test for https://crbug.com/644966 | |
| 722 IN_PROC_BROWSER_TEST_F(IsolateIcelandFrameTreeBrowserTest, | |
| 723 ProcessSwitchForIsolatedBlob) { | |
| 724 // blink suppresses navigations to blob URLs of origins different from the | |
| 725 // frame initiating the navigation. We disable those checks for this test, to | |
| 726 // test what happens in a compromise scenario. | |
| 727 base::CommandLine::ForCurrentProcess()->AppendSwitch( | |
| 728 switches::kDisableWebSecurity); | |
| 729 | |
| 730 // Set up an iframe. | |
| 731 WebContents* contents = shell()->web_contents(); | |
| 732 FrameTreeNode* root = | |
| 733 static_cast<WebContentsImpl*>(contents)->GetFrameTree()->root(); | |
| 734 GURL main_url(embedded_test_server()->GetURL( | |
| 735 "a.com", "/cross_site_iframe_factory.html?a(b)")); | |
| 736 EXPECT_TRUE(NavigateToURL(shell(), main_url)); | |
| 737 | |
| 738 // The navigation targets an invalid blob url; that's intentional. Secure | |
| 739 // behaviors are for this navigation to either be cancelled, or for it to | |
|
Charlie Reis
2016/09/09 21:18:23
I'm a little unclear here. Is there a mode where
ncarter (slow)
2016/09/09 21:56:31
I removed the speculative language.
| |
| 740 // commit an a 404 response in a process dedicated to http://b.is. | |
| 741 std::string result; | |
| 742 EXPECT_TRUE(ExecuteScriptAndExtractString( | |
| 743 root, | |
| 744 "var iframe_element = document.getElementsByTagName('iframe')[0];" | |
| 745 "iframe_element.onload = () => {" | |
| 746 " domAutomationController.send('done');" | |
| 747 "};" | |
| 748 "iframe_element.src = 'blob:http://b.is:2932/';", | |
| 749 &result)); | |
| 750 WaitForLoadStop(contents); | |
| 751 | |
| 752 // Make sure we did a process transfer back to "b.is". | |
| 753 EXPECT_EQ( | |
| 754 " Site A ------------ proxies for B\n" | |
| 755 " +--Site B ------- proxies for A\n" | |
| 756 "Where A = http://a.com/\n" | |
| 757 " B = http://b.is/", | |
| 758 FrameTreeVisualizer().DepictFrameTree(root)); | |
| 759 } | |
| 760 | |
| 694 } // namespace content | 761 } // namespace content |
| OLD | NEW |
