Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(325)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/renderer/render_frame_impl.cc

Issue 2442793002: Extra browser-side validation of transferred_request_child_id / request_id. (Closed)
Patch Set: Rebasing... (renumbering bad_message.h) Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/loader/resource_dispatcher_host_impl.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/renderer/render_frame_impl.h" 5 #include "content/renderer/render_frame_impl.h"
6 6
7 #include <map> 7 #include <map>
8 #include <string> 8 #include <string>
9 #include <utility> 9 #include <utility>
10 #include <vector> 10 #include <vector>
(...skipping 4209 matching lines...) Expand 10 before | Expand all | Expand 10 after
4220 extra_data->set_render_frame_id(routing_id_); 4220 extra_data->set_render_frame_id(routing_id_);
4221 extra_data->set_is_main_frame(!parent); 4221 extra_data->set_is_main_frame(!parent);
4222 extra_data->set_frame_origin( 4222 extra_data->set_frame_origin(
4223 url::Origin(frame->document().getSecurityOrigin()).GetURL()); 4223 url::Origin(frame->document().getSecurityOrigin()).GetURL());
4224 extra_data->set_parent_is_main_frame(parent && !parent->parent()); 4224 extra_data->set_parent_is_main_frame(parent && !parent->parent());
4225 extra_data->set_parent_render_frame_id(parent_routing_id); 4225 extra_data->set_parent_render_frame_id(parent_routing_id);
4226 extra_data->set_allow_download( 4226 extra_data->set_allow_download(
4227 navigation_state->common_params().allow_download); 4227 navigation_state->common_params().allow_download);
4228 extra_data->set_transition_type(transition_type); 4228 extra_data->set_transition_type(transition_type);
4229 extra_data->set_should_replace_current_entry(should_replace_current_entry); 4229 extra_data->set_should_replace_current_entry(should_replace_current_entry);
4230 // TODO(lukasza): https://crbug.com/656179: Navigational things (e.g.
4231 // StartNavigationParams) should not apply to subresource requests.
4232 extra_data->set_transferred_request_child_id(
4233 navigation_state->start_params().transferred_request_child_id);
4234 extra_data->set_transferred_request_request_id(
4235 navigation_state->start_params().transferred_request_request_id);
4236 extra_data->set_service_worker_provider_id(provider_id); 4230 extra_data->set_service_worker_provider_id(provider_id);
4237 extra_data->set_stream_override(std::move(stream_override)); 4231 extra_data->set_stream_override(std::move(stream_override));
4238 bool is_prefetch = 4232 bool is_prefetch =
4239 GetContentClient()->renderer()->IsPrefetchOnly(this, request); 4233 GetContentClient()->renderer()->IsPrefetchOnly(this, request);
4240 extra_data->set_is_prefetch(is_prefetch); 4234 extra_data->set_is_prefetch(is_prefetch);
4241 extra_data->set_download_to_network_cache_only( 4235 extra_data->set_download_to_network_cache_only(
4242 is_prefetch && 4236 is_prefetch &&
4243 WebURLRequestToResourceType(request) != RESOURCE_TYPE_MAIN_FRAME); 4237 WebURLRequestToResourceType(request) != RESOURCE_TYPE_MAIN_FRAME);
4244 WebString error; 4238 WebString error;
4245 extra_data->set_initiated_in_secure_context( 4239 extra_data->set_initiated_in_secure_context(
4246 frame->document().isSecureContext(error)); 4240 frame->document().isSecureContext(error));
4241
4242 // Renderer process transfers apply only to navigational requests.
4243 bool is_navigational_request =
4244 request.getFrameType() != WebURLRequest::FrameTypeNone;
4245 if (is_navigational_request) {
4246 extra_data->set_transferred_request_child_id(
4247 navigation_state->start_params().transferred_request_child_id);
4248 extra_data->set_transferred_request_request_id(
4249 navigation_state->start_params().transferred_request_request_id);
4250 }
4251
4247 request.setExtraData(extra_data); 4252 request.setExtraData(extra_data);
4248 4253
4249 if (request.getLoFiState() == WebURLRequest::LoFiUnspecified) { 4254 if (request.getLoFiState() == WebURLRequest::LoFiUnspecified) {
4250 if (is_main_frame_ && !navigation_state->request_committed()) { 4255 if (is_main_frame_ && !navigation_state->request_committed()) {
4251 request.setLoFiState(static_cast<WebURLRequest::LoFiState>( 4256 request.setLoFiState(static_cast<WebURLRequest::LoFiState>(
4252 navigation_state->common_params().lofi_state)); 4257 navigation_state->common_params().lofi_state));
4253 } else { 4258 } else {
4254 request.setLoFiState( 4259 request.setLoFiState(
4255 is_using_lofi_ ? WebURLRequest::LoFiOn : WebURLRequest::LoFiOff); 4260 is_using_lofi_ ? WebURLRequest::LoFiOn : WebURLRequest::LoFiOff);
4256 } 4261 }
4257 } 4262 }
4258 4263
4259 // This is an instance where we embed a copy of the routing id 4264 // This is an instance where we embed a copy of the routing id
4260 // into the data portion of the message. This can cause problems if we 4265 // into the data portion of the message. This can cause problems if we
4261 // don't register this id on the browser side, since the download manager 4266 // don't register this id on the browser side, since the download manager
4262 // expects to find a RenderViewHost based off the id. 4267 // expects to find a RenderViewHost based off the id.
4263 request.setRequestorID(render_view_->GetRoutingID()); 4268 request.setRequestorID(render_view_->GetRoutingID());
4264 request.setHasUserGesture(WebUserGestureIndicator::isProcessingUserGesture()); 4269 request.setHasUserGesture(WebUserGestureIndicator::isProcessingUserGesture());
4265 4270
4266 // StartNavigationParams should only apply to navigational requests (and not 4271 // StartNavigationParams should only apply to navigational requests (and not
4267 // to subresource requests). For example - Content-Type header provided via 4272 // to subresource requests). For example - Content-Type header provided via
4268 // OpenURLParams::extra_headers should only be applied to the original POST 4273 // OpenURLParams::extra_headers should only be applied to the original POST
4269 // navigation request (and not to subresource requests). 4274 // navigation request (and not to subresource requests).
4270 if (!navigation_state->start_params().extra_headers.empty() && 4275 if (is_navigational_request &&
4271 request.getFrameType() != WebURLRequest::FrameTypeNone) { 4276 !navigation_state->start_params().extra_headers.empty()) {
4272 for (net::HttpUtil::HeadersIterator i( 4277 for (net::HttpUtil::HeadersIterator i(
4273 navigation_state->start_params().extra_headers.begin(), 4278 navigation_state->start_params().extra_headers.begin(),
4274 navigation_state->start_params().extra_headers.end(), "\n"); 4279 navigation_state->start_params().extra_headers.end(), "\n");
4275 i.GetNext();) { 4280 i.GetNext();) {
4276 if (base::LowerCaseEqualsASCII(i.name(), "referer")) { 4281 if (base::LowerCaseEqualsASCII(i.name(), "referer")) {
4277 WebString referrer = WebSecurityPolicy::generateReferrerHeader( 4282 WebString referrer = WebSecurityPolicy::generateReferrerHeader(
4278 blink::WebReferrerPolicyDefault, 4283 blink::WebReferrerPolicyDefault,
4279 request.url(), 4284 request.url(),
4280 WebString::fromUTF8(i.values())); 4285 WebString::fromUTF8(i.values()));
4281 request.setHTTPReferrer(referrer, blink::WebReferrerPolicyDefault); 4286 request.setHTTPReferrer(referrer, blink::WebReferrerPolicyDefault);
(...skipping 2292 matching lines...) Expand 10 before | Expand all | Expand 10 after
6574 // event target. Potentially a Pepper plugin will receive the event. 6579 // event target. Potentially a Pepper plugin will receive the event.
6575 // In order to tell whether a plugin gets the last mouse event and which it 6580 // In order to tell whether a plugin gets the last mouse event and which it
6576 // is, we set |pepper_last_mouse_event_target_| to null here. If a plugin gets 6581 // is, we set |pepper_last_mouse_event_target_| to null here. If a plugin gets
6577 // the event, it will notify us via DidReceiveMouseEvent() and set itself as 6582 // the event, it will notify us via DidReceiveMouseEvent() and set itself as
6578 // |pepper_last_mouse_event_target_|. 6583 // |pepper_last_mouse_event_target_|.
6579 pepper_last_mouse_event_target_ = nullptr; 6584 pepper_last_mouse_event_target_ = nullptr;
6580 #endif 6585 #endif
6581 } 6586 }
6582 6587
6583 } // namespace content 6588 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/loader/resource_dispatcher_host_impl.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698