Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(41)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/child_process_security_policy_impl.cc

Issue 2358193002: Revert of Disallow navigations to blob URLs with non-canonical origins. (Closed)
Patch Set: Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/blob_storage/blob_url_browsertest.cc ('k') | content/browser/child_process_security_policy_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/child_process_security_policy_impl.h" 5 #include "content/browser/child_process_security_policy_impl.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 561 matching lines...) Expand 10 before | Expand all | Expand 10 after
572 // Every child process can request <about:blank>. 572 // Every child process can request <about:blank>.
573 if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL)) 573 if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL))
574 return true; 574 return true;
575 // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be 575 // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be
576 // requestable by any child process. Also, this case covers 576 // requestable by any child process. Also, this case covers
577 // <javascript:...>, which should be handled internally by the process and 577 // <javascript:...>, which should be handled internally by the process and
578 // not kicked up to the browser. 578 // not kicked up to the browser.
579 return false; 579 return false;
580 } 580 }
581 581
582 // https://crbug.com/646278 Valid blob URLs should contain canonically
583 // serialized origins.
584 if (url.SchemeIsBlob() &&
585 !base::StartsWith(url.GetContent(), url::Origin(url).Serialize() + "/",
586 base::CompareCase::INSENSITIVE_ASCII)) {
587 return false;
588 }
589
590 // If the process can commit the URL, it can request it. 582 // If the process can commit the URL, it can request it.
591 if (CanCommitURL(child_id, url)) 583 if (CanCommitURL(child_id, url))
592 return true; 584 return true;
593 585
594 // Also allow URLs destined for ShellExecute and not the browser itself. 586 // Also allow URLs destined for ShellExecute and not the browser itself.
595 return !GetContentClient()->browser()->IsHandledURL(url) && 587 return !GetContentClient()->browser()->IsHandledURL(url) &&
596 !net::URLRequest::IsHandledURL(url); 588 !net::URLRequest::IsHandledURL(url);
597 } 589 }
598 590
599 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id, 591 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id,
600 const GURL& url) { 592 const GURL& url) {
601 if (!url.is_valid()) 593 if (!url.is_valid())
602 return false; // Can't commit invalid URLs. 594 return false; // Can't commit invalid URLs.
603 595
604 // Of all the pseudo schemes, only about:blank is allowed to commit. 596 // Of all the pseudo schemes, only about:blank is allowed to commit.
605 if (IsPseudoScheme(url.scheme())) 597 if (IsPseudoScheme(url.scheme()))
606 return base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL); 598 return base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL);
607 599
608 // https://crbug.com/646278 Valid blob URLs should contain canonically
609 // serialized origins.
610 if (url.SchemeIsBlob() &&
611 !base::StartsWith(url.GetContent(), url::Origin(url).Serialize() + "/",
612 base::CompareCase::INSENSITIVE_ASCII)) {
613 return false;
614 }
615
616 // TODO(creis): Tighten this for Site Isolation, so that a URL from a site 600 // TODO(creis): Tighten this for Site Isolation, so that a URL from a site
617 // that is isolated can only be committed in a process dedicated to that site. 601 // that is isolated can only be committed in a process dedicated to that site.
618 // CanRequestURL should still allow all web-safe schemes. See 602 // CanRequestURL should still allow all web-safe schemes. See
619 // https://crbug.com/515309. 603 // https://crbug.com/515309.
620 if (IsWebSafeScheme(url.scheme())) 604 if (IsWebSafeScheme(url.scheme()))
621 return true; // The scheme has been white-listed for every child process. 605 return true; // The scheme has been white-listed for every child process.
622 606
623 { 607 {
624 base::AutoLock lock(lock_); 608 base::AutoLock lock(lock_);
625 609
(...skipping 241 matching lines...) Expand 10 before | Expand all | Expand 10 after
867 base::AutoLock lock(lock_); 851 base::AutoLock lock(lock_);
868 852
869 SecurityStateMap::iterator state = security_state_.find(child_id); 853 SecurityStateMap::iterator state = security_state_.find(child_id);
870 if (state == security_state_.end()) 854 if (state == security_state_.end())
871 return false; 855 return false;
872 856
873 return state->second->can_send_midi_sysex(); 857 return state->second->can_send_midi_sysex();
874 } 858 }
875 859
876 } // namespace content 860 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/blob_storage/blob_url_browsertest.cc ('k') | content/browser/child_process_security_policy_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698