content/browser/child_process_security_policy_impl.h - Issue 2364633004: Lock down the registration of blob:chrome-extension:// URLs

Unified Diff: content/browser/child_process_security_policy_impl.h

Issue 2364633004: Lock down the registration of blob:chrome-extension:// URLs (Closed)

Patch Set: Phrasing. Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« chrome/browser/extensions/process_manager_browsertest.cc ('K') | « content/browser/blob_storage/blob_dispatcher_host.cc ('k') | content/browser/child_process_security_policy_impl.cc » ('j') | content/browser/child_process_security_policy_impl.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/browser/child_process_security_policy_impl.h

diff --git a/content/browser/child_process_security_policy_impl.h b/content/browser/child_process_security_policy_impl.h

index e0eaf4a971dd72990491ecf6dc4b0a20c3596a80..ef4a53e5d69689a96c28aaf160ef14151b75d022 100644

--- a/content/browser/child_process_security_policy_impl.h

+++ b/content/browser/child_process_security_policy_impl.h

@@ -43,6 +43,9 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl

// ChildProcessSecurityPolicy implementation.

void RegisterWebSafeScheme(const std::string& scheme) override;

+ void RegisterWebSafeIsolatedScheme(

+ const std::string& scheme,

+ bool always_allow_in_origin_headers) override;

bool IsWebSafeScheme(const std::string& scheme) override;

void GrantReadFile(int child_id, const base::FilePath& file) override;

void GrantCreateReadWriteFile(int child_id,

@@ -64,6 +67,8 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl

const std::string& filesystem_id) override;

void GrantOrigin(int child_id, const url::Origin& origin) override;

void GrantScheme(int child_id, const std::string& scheme) override;

+ bool CanRequestURL(int child_id, const GURL& url) override;

+ bool CanCommitURL(int child_id, const GURL& url) override;

bool CanReadFile(int child_id, const base::FilePath& file) override;

bool CanCreateReadWriteFile(int child_id,

const base::FilePath& file) override;

@@ -127,17 +132,6 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl

// Revoke read raw cookies permission.

void RevokeReadRawCookies(int child_id);

- // Before servicing a child process's request for a URL, the browser should

- // call this method to determine whether the process has the capability to

- // request the URL.

- bool CanRequestURL(int child_id, const GURL& url);

- // Whether the process is allowed to commit a document from the given URL.

- // This is more restrictive than CanRequestURL, since CanRequestURL allows

- // requests that might lead to cross-process navigations or external protocol

- // handlers.

- bool CanCommitURL(int child_id, const GURL& url);

// Whether the given origin is valid for an origin header. Valid origin

// headers are commitable URLs plus suborigin URLs.

bool CanSetAsOriginHeader(int child_id, const GURL& url);

@@ -235,9 +229,10 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl

// class. You must not block while holding this lock.

base::Lock lock_;

- // These schemes are white-listed for all child processes. This set is

- // protected by |lock_|.

- SchemeSet web_safe_schemes_;

+ // These schemes are white-listed for all child processes in various contexts.

Charlie Reis 2016/09/29 21:39:37 Is it worth keeping the comment about being protec

ncarter (slow) 2016/09/29 22:04:02 Done.

+ SchemeSet schemes_okay_to_commit_in_any_process_;

+ SchemeSet schemes_okay_to_request_in_any_process_;

+ SchemeSet schemes_okay_to_appear_as_origin_headers_;

// These schemes do not actually represent retrievable URLs. For example,

// the the URLs in the "about" scheme are aliases to other URLs. This set is