OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/site_isolation_policy.h" | 5 #include "content/child/site_isolation_policy.h" |
6 | 6 |
7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
11 #include "base/process/process_handle.h" | |
Charlie Reis
2013/09/03 16:43:23
Is this just for the logging statement? We should
| |
11 #include "base/strings/string_piece.h" | 12 #include "base/strings/string_piece.h" |
12 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
13 #include "content/public/common/content_switches.h" | 14 #include "content/public/common/content_switches.h" |
14 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" | 15 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
15 #include "net/http/http_response_headers.h" | 16 #include "net/http/http_response_headers.h" |
16 #include "third_party/WebKit/public/platform/WebHTTPHeaderVisitor.h" | 17 #include "third_party/WebKit/public/platform/WebHTTPHeaderVisitor.h" |
17 #include "third_party/WebKit/public/platform/WebString.h" | 18 #include "third_party/WebKit/public/platform/WebString.h" |
18 #include "third_party/WebKit/public/platform/WebURL.h" | 19 #include "third_party/WebKit/public/platform/WebURL.h" |
19 #include "third_party/WebKit/public/platform/WebURLRequest.h" | 20 #include "third_party/WebKit/public/platform/WebURLRequest.h" |
20 #include "third_party/WebKit/public/platform/WebURLResponse.h" | 21 #include "third_party/WebKit/public/platform/WebURLResponse.h" |
(...skipping 17 matching lines...) Expand all Loading... | |
38 const char kTextXml[] = "text/xml"; | 39 const char kTextXml[] = "text/xml"; |
39 const char xAppRssXml[] = "application/rss+xml"; | 40 const char xAppRssXml[] = "application/rss+xml"; |
40 const char kAppXml[] = "application/xml"; | 41 const char kAppXml[] = "application/xml"; |
41 const char kAppJson[] = "application/json"; | 42 const char kAppJson[] = "application/json"; |
42 const char kTextJson[] = "text/json"; | 43 const char kTextJson[] = "text/json"; |
43 const char kTextXjson[] = "text/x-json"; | 44 const char kTextXjson[] = "text/x-json"; |
44 const char kTextPlain[] = "text/plain"; | 45 const char kTextPlain[] = "text/plain"; |
45 | 46 |
46 } // anonymous namespace | 47 } // anonymous namespace |
47 | 48 |
49 // The cross-site document blocking/UMA data collection is deactivated by | |
50 // default, and only activated for a rederer process backed-up by | |
Charlie Reis
2013/09/03 16:43:23
nit: renderer
Also, "backed up by RenderProcessIm
| |
51 // RenderProcessImpl (so we exclude plugin processes too), when the renderer is | |
52 // not for extensions. | |
53 bool SiteIsolationPolicy::g_policy_activated = false; | |
54 | |
48 SiteIsolationPolicy::ResponseMetaData::ResponseMetaData() {} | 55 SiteIsolationPolicy::ResponseMetaData::ResponseMetaData() {} |
49 | 56 |
57 void SiteIsolationPolicy::SetPolicyActivationFlag(bool flag) { | |
58 LOG(ERROR) << "setpolicyactivationflag:" << flag << ":" << | |
Charlie Reis
2013/09/03 16:43:23
We should remove this.
dsjang
2013/09/03 19:13:11
Done.
| |
59 base::GetCurrentProcId(); | |
60 g_policy_activated = flag; | |
61 } | |
62 | |
50 void SiteIsolationPolicy::OnReceivedResponse( | 63 void SiteIsolationPolicy::OnReceivedResponse( |
51 int request_id, | 64 int request_id, |
52 GURL& frame_origin, | 65 GURL& frame_origin, |
53 GURL& response_url, | 66 GURL& response_url, |
54 ResourceType::Type resource_type, | 67 ResourceType::Type resource_type, |
55 const webkit_glue::ResourceResponseInfo& info) { | 68 const webkit_glue::ResourceResponseInfo& info) { |
69 if (!g_policy_activated) { | |
Charlie Reis
2013/09/03 16:43:23
nit: No braces needed on one-line body.
| |
70 return; | |
71 } | |
72 | |
56 UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1); | 73 UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1); |
57 | 74 |
58 // See if this is for navigation. If it is, don't block it, under the | 75 // See if this is for navigation. If it is, don't block it, under the |
59 // assumption that we will put it in an appropriate process. | 76 // assumption that we will put it in an appropriate process. |
60 if (ResourceType::IsFrame(resource_type)) | 77 if (ResourceType::IsFrame(resource_type)) |
61 return; | 78 return; |
62 | 79 |
63 if (!IsBlockableScheme(response_url)) | 80 if (!IsBlockableScheme(response_url)) |
64 return; | 81 return; |
65 | 82 |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
149 } else { \ | 166 } else { \ |
150 SITE_ISOLATION_POLICY_COUNT_NOTBLOCK(BUCKET_PREFIX) \ | 167 SITE_ISOLATION_POLICY_COUNT_NOTBLOCK(BUCKET_PREFIX) \ |
151 } \ | 168 } \ |
152 } | 169 } |
153 | 170 |
154 bool SiteIsolationPolicy::ShouldBlockResponse( | 171 bool SiteIsolationPolicy::ShouldBlockResponse( |
155 int request_id, | 172 int request_id, |
156 const char* data, | 173 const char* data, |
157 int length, | 174 int length, |
158 std::string* alternative_data) { | 175 std::string* alternative_data) { |
176 if (!g_policy_activated) | |
177 return false; | |
178 | |
159 RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap(); | 179 RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap(); |
160 RequestIdToResultMap* result_map = GetRequestIdToResultMap(); | 180 RequestIdToResultMap* result_map = GetRequestIdToResultMap(); |
161 | 181 |
162 // If there's an entry for |request_id| in blocked_map, this request's first | 182 // If there's an entry for |request_id| in blocked_map, this request's first |
163 // data packet has already been examined. We can return the result here. | 183 // data packet has already been examined. We can return the result here. |
164 if (result_map->count(request_id) != 0) { | 184 if (result_map->count(request_id) != 0) { |
165 if ((*result_map)[request_id]) { | 185 if ((*result_map)[request_id]) { |
166 // Here, the blocking result has been set for the previous run of | 186 // Here, the blocking result has been set for the previous run of |
167 // ShouldBlockResponse(), so we set alternative data to an empty string so | 187 // ShouldBlockResponse(), so we set alternative data to an empty string so |
168 // that ResourceDispatcher doesn't call its peer's onReceivedData() with | 188 // that ResourceDispatcher doesn't call its peer's onReceivedData() with |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
263 if (!command_line.HasSwitch(switches::kBlockCrossSiteDocuments)) | 283 if (!command_line.HasSwitch(switches::kBlockCrossSiteDocuments)) |
264 result = false; | 284 result = false; |
265 (*result_map)[request_id] = result; | 285 (*result_map)[request_id] = result; |
266 | 286 |
267 if (result) { | 287 if (result) { |
268 alternative_data->erase(); | 288 alternative_data->erase(); |
269 alternative_data->insert(0, " "); | 289 alternative_data->insert(0, " "); |
270 LOG(ERROR) << resp_data.response_url | 290 LOG(ERROR) << resp_data.response_url |
271 << " is blocked as an illegal cross-site document from " | 291 << " is blocked as an illegal cross-site document from " |
272 << resp_data.frame_origin; | 292 << resp_data.frame_origin; |
273 | |
274 } | 293 } |
275 return result; | 294 return result; |
276 } | 295 } |
277 | 296 |
278 #undef SITE_ISOLATION_POLICY_COUNT_NOTBLOCK | 297 #undef SITE_ISOLATION_POLICY_COUNT_NOTBLOCK |
279 #undef SITE_ISOLATION_POLICY_SNIFF_AND_COUNT | 298 #undef SITE_ISOLATION_POLICY_SNIFF_AND_COUNT |
280 #undef SITE_ISOLATION_POLICY_COUNT_BLOCK | 299 #undef SITE_ISOLATION_POLICY_COUNT_BLOCK |
281 | 300 |
282 void SiteIsolationPolicy::OnRequestComplete(int request_id) { | 301 void SiteIsolationPolicy::OnRequestComplete(int request_id) { |
302 if (!g_policy_activated) | |
303 return; | |
283 RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap(); | 304 RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap(); |
284 RequestIdToResultMap* result_map = GetRequestIdToResultMap(); | 305 RequestIdToResultMap* result_map = GetRequestIdToResultMap(); |
285 metadata_map->erase(request_id); | 306 metadata_map->erase(request_id); |
286 result_map->erase(request_id); | 307 result_map->erase(request_id); |
287 } | 308 } |
288 | 309 |
289 SiteIsolationPolicy::ResponseMetaData::CanonicalMimeType | 310 SiteIsolationPolicy::ResponseMetaData::CanonicalMimeType |
290 SiteIsolationPolicy::GetCanonicalMimeType(const std::string& mime_type) { | 311 SiteIsolationPolicy::GetCanonicalMimeType(const std::string& mime_type) { |
291 if (LowerCaseEqualsASCII(mime_type, kTextHtml)) { | 312 if (LowerCaseEqualsASCII(mime_type, kTextHtml)) { |
292 return SiteIsolationPolicy::ResponseMetaData::HTML; | 313 return SiteIsolationPolicy::ResponseMetaData::HTML; |
(...skipping 259 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
552 return &metadata_map_; | 573 return &metadata_map_; |
553 } | 574 } |
554 | 575 |
555 SiteIsolationPolicy::RequestIdToResultMap* | 576 SiteIsolationPolicy::RequestIdToResultMap* |
556 SiteIsolationPolicy::GetRequestIdToResultMap() { | 577 SiteIsolationPolicy::GetRequestIdToResultMap() { |
557 CR_DEFINE_STATIC_LOCAL(RequestIdToResultMap, result_map_, ()); | 578 CR_DEFINE_STATIC_LOCAL(RequestIdToResultMap, result_map_, ()); |
558 return &result_map_; | 579 return &result_map_; |
559 } | 580 } |
560 | 581 |
561 } // namespace content | 582 } // namespace content |
OLD | NEW |