OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/site_isolation_policy.h" | 5 #include "content/child/site_isolation_policy.h" |
6 | 6 |
7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
(...skipping 27 matching lines...) Expand all Loading... | |
38 const char kTextXml[] = "text/xml"; | 38 const char kTextXml[] = "text/xml"; |
39 const char xAppRssXml[] = "application/rss+xml"; | 39 const char xAppRssXml[] = "application/rss+xml"; |
40 const char kAppXml[] = "application/xml"; | 40 const char kAppXml[] = "application/xml"; |
41 const char kAppJson[] = "application/json"; | 41 const char kAppJson[] = "application/json"; |
42 const char kTextJson[] = "text/json"; | 42 const char kTextJson[] = "text/json"; |
43 const char kTextXjson[] = "text/x-json"; | 43 const char kTextXjson[] = "text/x-json"; |
44 const char kTextPlain[] = "text/plain"; | 44 const char kTextPlain[] = "text/plain"; |
45 | 45 |
46 } // anonymous namespace | 46 } // anonymous namespace |
47 | 47 |
48 // The cross-site document blocking/UMA data collection is deactivated by | |
49 // default, and only activated for a rederer process backed-up by | |
Charlie Reis
2013/09/03 20:22:10
You missed my comment about this in the earlier pa
dsjang
2013/09/03 22:31:30
Done.
| |
50 // RenderProcessImpl (so we exclude plugin processes too), when the renderer is | |
51 // not for extensions. | |
52 | |
48 SiteIsolationPolicy::ResponseMetaData::ResponseMetaData() {} | 53 SiteIsolationPolicy::ResponseMetaData::ResponseMetaData() {} |
49 | 54 |
55 // The cross-site document blocking/UMA data collection is deactivated by | |
56 // default, and only activated for a renderer process, not for extensions. | |
57 bool SiteIsolationPolicy::g_policy_enabled = false; | |
58 | |
59 void SiteIsolationPolicy::SetPolicyEnabled(bool flag) { | |
60 g_policy_enabled = flag; | |
61 } | |
62 | |
50 void SiteIsolationPolicy::OnReceivedResponse( | 63 void SiteIsolationPolicy::OnReceivedResponse( |
51 int request_id, | 64 int request_id, |
52 GURL& frame_origin, | 65 GURL& frame_origin, |
53 GURL& response_url, | 66 GURL& response_url, |
54 ResourceType::Type resource_type, | 67 ResourceType::Type resource_type, |
68 int origin_pid, | |
55 const webkit_glue::ResourceResponseInfo& info) { | 69 const webkit_glue::ResourceResponseInfo& info) { |
70 if (!g_policy_enabled) | |
71 return; | |
72 | |
73 // if |origin_pid| is non-zero, it means that this response is for the plugin | |
Charlie Reis
2013/09/03 20:22:10
for the -> for a
dsjang
2013/09/03 22:31:30
Done.
| |
74 // spawned from this renderer process. We exclude responses for plugins for | |
75 // now, but eventually, we're going to make plugin processes directly talk to | |
76 // the browser process so that we can apply the cross-site document blocking | |
Charlie Reis
2013/09/03 20:22:10
I agree with everything but the last part. The go
dsjang
2013/09/03 22:31:30
Done.
| |
77 // to them. | |
78 if (origin_pid) | |
79 return; | |
80 | |
56 UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1); | 81 UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1); |
57 | 82 |
58 // See if this is for navigation. If it is, don't block it, under the | 83 // See if this is for navigation. If it is, don't block it, under the |
59 // assumption that we will put it in an appropriate process. | 84 // assumption that we will put it in an appropriate process. |
60 if (ResourceType::IsFrame(resource_type)) | 85 if (ResourceType::IsFrame(resource_type)) |
61 return; | 86 return; |
62 | 87 |
63 if (!IsBlockableScheme(response_url)) | 88 if (!IsBlockableScheme(response_url)) |
64 return; | 89 return; |
65 | 90 |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
149 } else { \ | 174 } else { \ |
150 SITE_ISOLATION_POLICY_COUNT_NOTBLOCK(BUCKET_PREFIX) \ | 175 SITE_ISOLATION_POLICY_COUNT_NOTBLOCK(BUCKET_PREFIX) \ |
151 } \ | 176 } \ |
152 } | 177 } |
153 | 178 |
154 bool SiteIsolationPolicy::ShouldBlockResponse( | 179 bool SiteIsolationPolicy::ShouldBlockResponse( |
155 int request_id, | 180 int request_id, |
156 const char* data, | 181 const char* data, |
157 int length, | 182 int length, |
158 std::string* alternative_data) { | 183 std::string* alternative_data) { |
184 if (!g_policy_enabled) | |
185 return false; | |
186 | |
159 RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap(); | 187 RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap(); |
160 RequestIdToResultMap* result_map = GetRequestIdToResultMap(); | 188 RequestIdToResultMap* result_map = GetRequestIdToResultMap(); |
161 | 189 |
162 // If there's an entry for |request_id| in blocked_map, this request's first | 190 // If there's an entry for |request_id| in blocked_map, this request's first |
163 // data packet has already been examined. We can return the result here. | 191 // data packet has already been examined. We can return the result here. |
164 if (result_map->count(request_id) != 0) { | 192 if (result_map->count(request_id) != 0) { |
165 if ((*result_map)[request_id]) { | 193 if ((*result_map)[request_id]) { |
166 // Here, the blocking result has been set for the previous run of | 194 // Here, the blocking result has been set for the previous run of |
167 // ShouldBlockResponse(), so we set alternative data to an empty string so | 195 // ShouldBlockResponse(), so we set alternative data to an empty string so |
168 // that ResourceDispatcher doesn't call its peer's onReceivedData() with | 196 // that ResourceDispatcher doesn't call its peer's onReceivedData() with |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
263 if (!command_line.HasSwitch(switches::kBlockCrossSiteDocuments)) | 291 if (!command_line.HasSwitch(switches::kBlockCrossSiteDocuments)) |
264 result = false; | 292 result = false; |
265 (*result_map)[request_id] = result; | 293 (*result_map)[request_id] = result; |
266 | 294 |
267 if (result) { | 295 if (result) { |
268 alternative_data->erase(); | 296 alternative_data->erase(); |
269 alternative_data->insert(0, " "); | 297 alternative_data->insert(0, " "); |
270 LOG(ERROR) << resp_data.response_url | 298 LOG(ERROR) << resp_data.response_url |
271 << " is blocked as an illegal cross-site document from " | 299 << " is blocked as an illegal cross-site document from " |
272 << resp_data.frame_origin; | 300 << resp_data.frame_origin; |
273 | |
274 } | 301 } |
275 return result; | 302 return result; |
276 } | 303 } |
277 | 304 |
278 #undef SITE_ISOLATION_POLICY_COUNT_NOTBLOCK | 305 #undef SITE_ISOLATION_POLICY_COUNT_NOTBLOCK |
279 #undef SITE_ISOLATION_POLICY_SNIFF_AND_COUNT | 306 #undef SITE_ISOLATION_POLICY_SNIFF_AND_COUNT |
280 #undef SITE_ISOLATION_POLICY_COUNT_BLOCK | 307 #undef SITE_ISOLATION_POLICY_COUNT_BLOCK |
281 | 308 |
282 void SiteIsolationPolicy::OnRequestComplete(int request_id) { | 309 void SiteIsolationPolicy::OnRequestComplete(int request_id) { |
310 if (!g_policy_enabled) | |
311 return; | |
283 RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap(); | 312 RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap(); |
284 RequestIdToResultMap* result_map = GetRequestIdToResultMap(); | 313 RequestIdToResultMap* result_map = GetRequestIdToResultMap(); |
285 metadata_map->erase(request_id); | 314 metadata_map->erase(request_id); |
286 result_map->erase(request_id); | 315 result_map->erase(request_id); |
287 } | 316 } |
288 | 317 |
289 SiteIsolationPolicy::ResponseMetaData::CanonicalMimeType | 318 SiteIsolationPolicy::ResponseMetaData::CanonicalMimeType |
290 SiteIsolationPolicy::GetCanonicalMimeType(const std::string& mime_type) { | 319 SiteIsolationPolicy::GetCanonicalMimeType(const std::string& mime_type) { |
291 if (LowerCaseEqualsASCII(mime_type, kTextHtml)) { | 320 if (LowerCaseEqualsASCII(mime_type, kTextHtml)) { |
292 return SiteIsolationPolicy::ResponseMetaData::HTML; | 321 return SiteIsolationPolicy::ResponseMetaData::HTML; |
(...skipping 259 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
552 return &metadata_map_; | 581 return &metadata_map_; |
553 } | 582 } |
554 | 583 |
555 SiteIsolationPolicy::RequestIdToResultMap* | 584 SiteIsolationPolicy::RequestIdToResultMap* |
556 SiteIsolationPolicy::GetRequestIdToResultMap() { | 585 SiteIsolationPolicy::GetRequestIdToResultMap() { |
557 CR_DEFINE_STATIC_LOCAL(RequestIdToResultMap, result_map_, ()); | 586 CR_DEFINE_STATIC_LOCAL(RequestIdToResultMap, result_map_, ()); |
558 return &result_map_; | 587 return &result_map_; |
559 } | 588 } |
560 | 589 |
561 } // namespace content | 590 } // namespace content |
OLD | NEW |