Updated suborigin serialization to latest spec proposal

content/browser/child_process_security_policy_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/child_process_security_policy_impl.h"
 
 #include <algorithm>
 #include <utility>
 
 #include "base/command_line.h"
@@ skipping 290 matching lines @@
   RegisterWebSafeScheme(url::kFtpScheme);
   RegisterWebSafeScheme(url::kDataScheme);
   RegisterWebSafeScheme("feed");
   RegisterWebSafeScheme(url::kBlobScheme);
   RegisterWebSafeScheme(url::kFileSystemScheme);
 
   // We know about the following pseudo schemes and treat them specially.
   RegisterPseudoScheme(url::kAboutScheme);
   RegisterPseudoScheme(url::kJavaScriptScheme);
   RegisterPseudoScheme(kViewSourceScheme);
+  RegisterPseudoScheme(kHttpSuboriginScheme);

[nasko, 2016/09/22 23:53:42]

I'll poke at this tomorrow, but now that we have a special method to check for
valid origin header, do we need it to be registered at all here?

[jww, 2016/09/23 04:12:44]

Fair question. My impression was that all schemes that are "used" by Chrome, but
are not web-safe, are registered as pseudo-schemes. That is, looking at the
comment before pseduo_schemes_ in child_process_security_policy_impl.h:

// These schemes do not actually represent retrievable URLs.  For example,
// the the URLs in the "about" scheme are aliases to other URLs.  This set is
// protected by |lock_|.

Which, to me, sounds like suborigin schemes.

[nasko, 2016/09/23 21:59:48]

Yeah, I poked around a bit and indeed it is a good idea to add it to the
PseudoScheme set. 

+  RegisterPseudoScheme(kHttpsSuboriginScheme);
 }
 
 ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() {
   web_safe_schemes_.clear();
   pseudo_schemes_.clear();
   security_state_.clear();
 }
 
 // static
 ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() {
@@ skipping 289 matching lines @@
     SecurityStateMap::iterator state = security_state_.find(child_id);
     if (state == security_state_.end())
       return false;
 
     // Otherwise, we consult the child process's security state to see if it is
     // allowed to commit the URL.
     return state->second->CanCommitURL(url);
   }
 }
 
+bool ChildProcessSecurityPolicyImpl::CanSetAsOriginHeader(int child_id,
+                                                          const GURL& url) {
+  if (!url.is_valid())
+    return false;  // Can't set invalid URLs as origin headers.
+
+  // Suborigin URLs are a special case and are allowed to be an origin header.
+  if (IsPseudoScheme(url.scheme()) && (url.scheme() == kHttpSuboriginScheme ||

[nasko, 2016/09/23 21:59:47]

You technically don't need the IsPseudoScheme check here, as it is guaranteed to
return true given we added it in the constructor. Maybe just DCHECK inside the
if statement body that it returns true for either of those two.

Also, multiline if statements should use {}.

[jww, 2016/09/23 22:52:27]

Done.

+                                       url.scheme() == kHttpsSuboriginScheme))
+    return true;
+
+  return CanCommitURL(child_id, url);
+}
+
 bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id,
                                                  const base::FilePath& file) {
   return HasPermissionsForFile(child_id, file, READ_FILE_GRANT);
 }
 
 bool ChildProcessSecurityPolicyImpl::CanReadAllFiles(
     int child_id,
     const std::vector<base::FilePath>& files) {
   return std::all_of(files.begin(), files.end(),
                      [this, child_id](const base::FilePath& file) {
@@ skipping 221 matching lines @@
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
 
   return state->second->can_send_midi_sysex();
 }
 
 }  // namespace content