chrome/browser/budget_service/budget_manager.cc - Issue 2366533002: Budget API calls should only succeed on secure origins

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/budget_service/budget_manager.cc

Issue 2366533002: Budget API calls should only succeed on secure origins (Closed)

Patch Set: Modified security check and added test for unique origins. Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/browser/budget_service/budget_manager.cc

diff --git a/chrome/browser/budget_service/budget_manager.cc b/chrome/browser/budget_service/budget_manager.cc

index 24f6d26b26f1ca6b851df189475b1e5c871a67b2..382830ca538fffc83443d01d441f926a87a2e388 100644

--- a/chrome/browser/budget_service/budget_manager.cc

+++ b/chrome/browser/budget_service/budget_manager.cc

@@ -17,6 +17,7 @@

#include "components/pref_registry/pref_registry_syncable.h"

#include "components/prefs/pref_service.h"

#include "content/public/browser/browser_thread.h"

+#include "content/public/common/origin_util.h"

#include "third_party/WebKit/public/platform/modules/budget_service/budget_service.mojom.h"

#include "url/origin.h"

@@ -68,12 +69,22 @@ double BudgetManager::GetCost(blink::mojom::BudgetOperationType type) {

void BudgetManager::GetBudget(const url::Origin& origin,

const GetBudgetCallback& callback) {

+ if (origin.unique() || !content::IsOriginSecure(GURL(origin.Serialize()))) {

harkness 2016/09/23 10:32:19 As discussed, the HTTP/HTTPS check has been update

+ callback.Run(blink::mojom::BudgetServiceErrorType::NOT_SUPPORTED,

+ mojo::Array<blink::mojom::BudgetStatePtr>());

+ return;

+ }

db_.GetBudgetDetails(origin, callback);

}

void BudgetManager::Reserve(const url::Origin& origin,

blink::mojom::BudgetOperationType type,

const ReserveCallback& callback) {

+ if (origin.unique() || !content::IsOriginSecure(GURL(origin.Serialize()))) {

+ callback.Run(blink::mojom::BudgetServiceErrorType::NOT_SUPPORTED,

+ false /* success */);

+ return;

+ }

db_.SpendBudget(origin, GetCost(type),

base::Bind(&BudgetManager::DidReserve,

weak_ptr_factory_.GetWeakPtr(), origin, callback));

@@ -82,6 +93,11 @@ void BudgetManager::Reserve(const url::Origin& origin,

void BudgetManager::Consume(const url::Origin& origin,

blink::mojom::BudgetOperationType type,

const ConsumeCallback& callback) {

+ if (origin.unique() || !content::IsOriginSecure(GURL(origin.Serialize()))) {

+ callback.Run(false /* success */);

+ return;

+ }

bool found_reservation = false;

// First, see if there is a reservation already.

« no previous file with comments | « no previous file | chrome/browser/budget_service/budget_manager_unittest.cc » ('j') | no next file with comments »