| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/frame_host/render_frame_message_filter.h" | 5 #include "content/browser/frame_host/render_frame_message_filter.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/macros.h" | 8 #include "base/macros.h" |
| 9 #include "base/metrics/field_trial.h" | |
| 10 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
| 11 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| 12 #include "content/browser/bad_message.h" | 11 #include "content/browser/bad_message.h" |
| 13 #include "content/browser/blob_storage/chrome_blob_storage_context.h" | 12 #include "content/browser/blob_storage/chrome_blob_storage_context.h" |
| 14 #include "content/browser/child_process_security_policy_impl.h" | 13 #include "content/browser/child_process_security_policy_impl.h" |
| 15 #include "content/browser/download/download_stats.h" | 14 #include "content/browser/download/download_stats.h" |
| 16 #include "content/browser/frame_host/render_frame_host_impl.h" | 15 #include "content/browser/frame_host/render_frame_host_impl.h" |
| 17 #include "content/browser/gpu/gpu_data_manager_impl.h" | 16 #include "content/browser/gpu/gpu_data_manager_impl.h" |
| 18 #include "content/browser/renderer_host/render_widget_helper.h" | 17 #include "content/browser/renderer_host/render_widget_helper.h" |
| 19 #include "content/browser/resource_context_impl.h" | 18 #include "content/browser/resource_context_impl.h" |
| 20 #include "content/common/content_constants_internal.h" | 19 #include "content/common/content_constants_internal.h" |
| 21 #include "content/common/frame_messages.h" | 20 #include "content/common/frame_messages.h" |
| 22 #include "content/common/frame_owner_properties.h" | 21 #include "content/common/frame_owner_properties.h" |
| 23 #include "content/common/view_messages.h" | 22 #include "content/common/view_messages.h" |
| 24 #include "content/public/browser/browser_context.h" | 23 #include "content/public/browser/browser_context.h" |
| 25 #include "content/public/browser/browser_thread.h" | 24 #include "content/public/browser/browser_thread.h" |
| 26 #include "content/public/browser/download_manager.h" | 25 #include "content/public/browser/download_manager.h" |
| 27 #include "content/public/browser/download_url_parameters.h" | 26 #include "content/public/browser/download_url_parameters.h" |
| 28 #include "content/public/common/content_constants.h" | 27 #include "content/public/common/content_constants.h" |
| 29 #include "content/public/common/content_switches.h" | |
| 30 #include "gpu/GLES2/gl2extchromium.h" | 28 #include "gpu/GLES2/gl2extchromium.h" |
| 31 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" | 29 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
| 32 #include "net/cookies/cookie_options.h" | 30 #include "net/cookies/cookie_options.h" |
| 33 #include "net/cookies/cookie_store.h" | 31 #include "net/cookies/cookie_store.h" |
| 34 #include "net/url_request/url_request_context.h" | 32 #include "net/url_request/url_request_context.h" |
| 35 #include "net/url_request/url_request_context_getter.h" | 33 #include "net/url_request/url_request_context_getter.h" |
| 36 #include "ppapi/features/features.h" | 34 #include "ppapi/features/features.h" |
| 37 #include "storage/browser/blob/blob_storage_context.h" | 35 #include "storage/browser/blob/blob_storage_context.h" |
| 38 #include "url/gurl.h" | 36 #include "url/gurl.h" |
| 39 #include "url/origin.h" | 37 #include "url/origin.h" |
| (...skipping 10 matching lines...) Expand all Loading... |
| 50 #endif | 48 #endif |
| 51 | 49 |
| 52 namespace content { | 50 namespace content { |
| 53 | 51 |
| 54 namespace { | 52 namespace { |
| 55 | 53 |
| 56 #if BUILDFLAG(ENABLE_PLUGINS) | 54 #if BUILDFLAG(ENABLE_PLUGINS) |
| 57 const int kPluginsRefreshThresholdInSeconds = 3; | 55 const int kPluginsRefreshThresholdInSeconds = 3; |
| 58 #endif | 56 #endif |
| 59 | 57 |
| 60 const char kEnforceStrictSecureExperiment[] = "StrictSecureCookies"; | |
| 61 | |
| 62 void CreateChildFrameOnUI(int process_id, | 58 void CreateChildFrameOnUI(int process_id, |
| 63 int parent_routing_id, | 59 int parent_routing_id, |
| 64 blink::WebTreeScopeType scope, | 60 blink::WebTreeScopeType scope, |
| 65 const std::string& frame_name, | 61 const std::string& frame_name, |
| 66 const std::string& frame_unique_name, | 62 const std::string& frame_unique_name, |
| 67 blink::WebSandboxFlags sandbox_flags, | 63 blink::WebSandboxFlags sandbox_flags, |
| 68 const FrameOwnerProperties& frame_owner_properties, | 64 const FrameOwnerProperties& frame_owner_properties, |
| 69 int new_routing_id) { | 65 int new_routing_id) { |
| 70 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 66 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 71 RenderFrameHostImpl* render_frame_host = | 67 RenderFrameHostImpl* render_frame_host = |
| (...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 389 const std::string& cookie) { | 385 const std::string& cookie) { |
| 390 ChildProcessSecurityPolicyImpl* policy = | 386 ChildProcessSecurityPolicyImpl* policy = |
| 391 ChildProcessSecurityPolicyImpl::GetInstance(); | 387 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 392 if (!policy->CanAccessDataForOrigin(render_process_id_, url)) { | 388 if (!policy->CanAccessDataForOrigin(render_process_id_, url)) { |
| 393 bad_message::ReceivedBadMessage(this, | 389 bad_message::ReceivedBadMessage(this, |
| 394 bad_message::RFMF_SET_COOKIE_BAD_ORIGIN); | 390 bad_message::RFMF_SET_COOKIE_BAD_ORIGIN); |
| 395 return; | 391 return; |
| 396 } | 392 } |
| 397 | 393 |
| 398 net::CookieOptions options; | 394 net::CookieOptions options; |
| 399 bool experimental_web_platform_features_enabled = | |
| 400 base::CommandLine::ForCurrentProcess()->HasSwitch( | |
| 401 switches::kEnableExperimentalWebPlatformFeatures); | |
| 402 const std::string enforce_strict_secure_group = | |
| 403 base::FieldTrialList::FindFullName(kEnforceStrictSecureExperiment); | |
| 404 if (experimental_web_platform_features_enabled || | |
| 405 base::StartsWith(enforce_strict_secure_group, "Enabled", | |
| 406 base::CompareCase::INSENSITIVE_ASCII)) { | |
| 407 options.set_enforce_strict_secure(); | |
| 408 } | |
| 409 if (GetContentClient()->browser()->AllowSetCookie( | 395 if (GetContentClient()->browser()->AllowSetCookie( |
| 410 url, first_party_for_cookies, cookie, resource_context_, | 396 url, first_party_for_cookies, cookie, resource_context_, |
| 411 render_process_id_, render_frame_id, options)) { | 397 render_process_id_, render_frame_id, options)) { |
| 412 net::URLRequestContext* context = GetRequestContextForURL(url); | 398 net::URLRequestContext* context = GetRequestContextForURL(url); |
| 413 // Pass a null callback since we don't care about when the 'set' completes. | 399 // Pass a null callback since we don't care about when the 'set' completes. |
| 414 context->cookie_store()->SetCookieWithOptionsAsync( | 400 context->cookie_store()->SetCookieWithOptionsAsync( |
| 415 url, cookie, options, net::CookieStore::SetCookiesCallback()); | 401 url, cookie, options, net::CookieStore::SetCookiesCallback()); |
| 416 } | 402 } |
| 417 } | 403 } |
| 418 | 404 |
| (...skipping 185 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 604 net::URLRequestContext* context = | 590 net::URLRequestContext* context = |
| 605 GetContentClient()->browser()->OverrideRequestContextForURL( | 591 GetContentClient()->browser()->OverrideRequestContextForURL( |
| 606 url, resource_context_); | 592 url, resource_context_); |
| 607 if (!context) | 593 if (!context) |
| 608 context = request_context_->GetURLRequestContext(); | 594 context = request_context_->GetURLRequestContext(); |
| 609 | 595 |
| 610 return context; | 596 return context; |
| 611 } | 597 } |
| 612 | 598 |
| 613 } // namespace content | 599 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2633663003:
Implements strict secure cookies as the default behavior in //net (Closed)
