Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(176)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/blob_storage/blob_dispatcher_host.cc

Issue 2385553002: Revert of Lock down the registration of blob:chrome-extension:// URLs (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/bad_message.h ('k') | content/browser/child_process_security_policy_impl.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/blob_storage/blob_dispatcher_host.h" 5 #include "content/browser/blob_storage/blob_dispatcher_host.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/metrics/histogram_macros.h" 10 #include "base/metrics/histogram_macros.h"
(...skipping 286 matching lines...) Expand 10 before | Expand all | Expand 10 after
297 context); 297 context);
298 Send(new BlobStorageMsg_CancelBuildingBlob( 298 Send(new BlobStorageMsg_CancelBuildingBlob(
299 uuid, IPCBlobCreationCancelCode::BLOB_DEREFERENCED_WHILE_BUILDING)); 299 uuid, IPCBlobCreationCancelCode::BLOB_DEREFERENCED_WHILE_BUILDING));
300 } 300 }
301 } 301 }
302 } 302 }
303 303
304 void BlobDispatcherHost::OnRegisterPublicBlobURL(const GURL& public_url, 304 void BlobDispatcherHost::OnRegisterPublicBlobURL(const GURL& public_url,
305 const std::string& uuid) { 305 const std::string& uuid) {
306 DCHECK_CURRENTLY_ON(BrowserThread::IO); 306 DCHECK_CURRENTLY_ON(BrowserThread::IO);
307 ChildProcessSecurityPolicyImpl* security_policy = 307 BlobStorageContext* context = this->context();
308 ChildProcessSecurityPolicyImpl::GetInstance();
309
310 // Blob urls have embedded origins. A frame should only be creating blob URLs
311 // in the origin of its current document. Make sure that the origin advertised
312 // on the URL is allowed to be rendered in this process.
313 if (!public_url.SchemeIsBlob() ||
314 !security_policy->CanCommitURL(process_id_, public_url)) {
315 bad_message::ReceivedBadMessage(this, bad_message::BDH_DISALLOWED_ORIGIN);
316 return;
317 }
318 if (uuid.empty()) { 308 if (uuid.empty()) {
319 bad_message::ReceivedBadMessage(this, 309 bad_message::ReceivedBadMessage(this,
320 bad_message::BDH_INVALID_URL_OPERATION); 310 bad_message::BDH_INVALID_URL_OPERATION);
321 return; 311 return;
322 } 312 }
323 BlobStorageContext* context = this->context();
324 if (!IsInUseInHost(uuid) || context->registry().IsURLMapped(public_url)) { 313 if (!IsInUseInHost(uuid) || context->registry().IsURLMapped(public_url)) {
325 UMA_HISTOGRAM_ENUMERATION("Storage.Blob.InvalidURLRegister", BDH_INCREMENT, 314 UMA_HISTOGRAM_ENUMERATION("Storage.Blob.InvalidURLRegister", BDH_INCREMENT,
326 BDH_TRACING_ENUM_LAST); 315 BDH_TRACING_ENUM_LAST);
327 return; 316 return;
328 } 317 }
329 context->RegisterPublicBlobURL(public_url, uuid); 318 context->RegisterPublicBlobURL(public_url, uuid);
330 public_blob_urls_.insert(public_url); 319 public_blob_urls_.insert(public_url);
331 } 320 }
332 321
333 void BlobDispatcherHost::OnRevokePublicBlobURL(const GURL& public_url) { 322 void BlobDispatcherHost::OnRevokePublicBlobURL(const GURL& public_url) {
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after
409 context->RevokePublicBlobURL(url); 398 context->RevokePublicBlobURL(url);
410 } 399 }
411 for (const auto& uuid_refnum_pair : blobs_inuse_map_) { 400 for (const auto& uuid_refnum_pair : blobs_inuse_map_) {
412 for (int i = 0; i < uuid_refnum_pair.second; ++i) 401 for (int i = 0; i < uuid_refnum_pair.second; ++i)
413 context->DecrementBlobRefCount(uuid_refnum_pair.first); 402 context->DecrementBlobRefCount(uuid_refnum_pair.first);
414 } 403 }
415 async_builder_.CancelAll(context); 404 async_builder_.CancelAll(context);
416 } 405 }
417 406
418 } // namespace content 407 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/bad_message.h ('k') | content/browser/child_process_security_policy_impl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698