| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 637 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 648 return false; | 648 return false; |
| 649 } | 649 } |
| 650 | 650 |
| 651 // Blob and filesystem URLs require special treatment, since they embed an | 651 // Blob and filesystem URLs require special treatment, since they embed an |
| 652 // inner origin. | 652 // inner origin. |
| 653 if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) { | 653 if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) { |
| 654 if (IsMalformedBlobUrl(url)) | 654 if (IsMalformedBlobUrl(url)) |
| 655 return false; | 655 return false; |
| 656 | 656 |
| 657 url::Origin origin(url); | 657 url::Origin origin(url); |
| 658 return origin.unique() || IsWebSafeScheme(origin.scheme()) || | 658 return origin.opaque() || IsWebSafeScheme(origin.scheme()) || |
| 659 CanCommitURL(child_id, GURL(origin.Serialize())); | 659 CanCommitURL(child_id, GURL(origin.Serialize())); |
| 660 } | 660 } |
| 661 | 661 |
| 662 if (IsWebSafeScheme(scheme)) | 662 if (IsWebSafeScheme(scheme)) |
| 663 return true; | 663 return true; |
| 664 | 664 |
| 665 // If the process can commit the URL, it can request it. | 665 // If the process can commit the URL, it can request it. |
| 666 if (CanCommitURL(child_id, url)) | 666 if (CanCommitURL(child_id, url)) |
| 667 return true; | 667 return true; |
| 668 | 668 |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 707 if (IsPseudoScheme(scheme)) | 707 if (IsPseudoScheme(scheme)) |
| 708 return url == url::kAboutBlankURL || url == kAboutSrcDocURL; | 708 return url == url::kAboutBlankURL || url == kAboutSrcDocURL; |
| 709 | 709 |
| 710 // Blob and filesystem URLs require special treatment; validate the inner | 710 // Blob and filesystem URLs require special treatment; validate the inner |
| 711 // origin they embed. | 711 // origin they embed. |
| 712 if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) { | 712 if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) { |
| 713 if (IsMalformedBlobUrl(url)) | 713 if (IsMalformedBlobUrl(url)) |
| 714 return false; | 714 return false; |
| 715 | 715 |
| 716 url::Origin origin(url); | 716 url::Origin origin(url); |
| 717 return origin.unique() || CanCommitURL(child_id, GURL(origin.Serialize())); | 717 return origin.opaque() || CanCommitURL(child_id, GURL(origin.Serialize())); |
| 718 } | 718 } |
| 719 | 719 |
| 720 { | 720 { |
| 721 base::AutoLock lock(lock_); | 721 base::AutoLock lock(lock_); |
| 722 | 722 |
| 723 // Most schemes can commit in any process. Note that we check | 723 // Most schemes can commit in any process. Note that we check |
| 724 // schemes_okay_to_commit_in_any_process_ here, which is stricter than | 724 // schemes_okay_to_commit_in_any_process_ here, which is stricter than |
| 725 // IsWebSafeScheme(). | 725 // IsWebSafeScheme(). |
| 726 // | 726 // |
| 727 // TODO(creis, nick): https://crbug.com/515309: in generalized Site | 727 // TODO(creis, nick): https://crbug.com/515309: in generalized Site |
| (...skipping 404 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1132 | 1132 |
| 1133 isolated_origins_.insert(origin); | 1133 isolated_origins_.insert(origin); |
| 1134 } | 1134 } |
| 1135 | 1135 |
| 1136 void ChildProcessSecurityPolicyImpl::AddIsolatedOriginsFromCommandLine( | 1136 void ChildProcessSecurityPolicyImpl::AddIsolatedOriginsFromCommandLine( |
| 1137 const std::string& origin_list) { | 1137 const std::string& origin_list) { |
| 1138 for (const base::StringPiece& origin_piece : | 1138 for (const base::StringPiece& origin_piece : |
| 1139 base::SplitStringPiece(origin_list, ",", base::TRIM_WHITESPACE, | 1139 base::SplitStringPiece(origin_list, ",", base::TRIM_WHITESPACE, |
| 1140 base::SPLIT_WANT_NONEMPTY)) { | 1140 base::SPLIT_WANT_NONEMPTY)) { |
| 1141 url::Origin origin((GURL(origin_piece))); | 1141 url::Origin origin((GURL(origin_piece))); |
| 1142 if (!origin.unique()) | 1142 if (!origin.opaque()) |
| 1143 AddIsolatedOrigin(origin); | 1143 AddIsolatedOrigin(origin); |
| 1144 } | 1144 } |
| 1145 } | 1145 } |
| 1146 | 1146 |
| 1147 bool ChildProcessSecurityPolicyImpl::IsIsolatedOrigin( | 1147 bool ChildProcessSecurityPolicyImpl::IsIsolatedOrigin( |
| 1148 const url::Origin& origin) { | 1148 const url::Origin& origin) { |
| 1149 url::Origin unused_result; | 1149 url::Origin unused_result; |
| 1150 return GetMatchingIsolatedOrigin(origin, &unused_result); | 1150 return GetMatchingIsolatedOrigin(origin, &unused_result); |
| 1151 } | 1151 } |
| 1152 | 1152 |
| (...skipping 21 matching lines...) Expand all Loading... |
| 1174 return found; | 1174 return found; |
| 1175 } | 1175 } |
| 1176 | 1176 |
| 1177 void ChildProcessSecurityPolicyImpl::RemoveIsolatedOriginForTesting( | 1177 void ChildProcessSecurityPolicyImpl::RemoveIsolatedOriginForTesting( |
| 1178 const url::Origin& origin) { | 1178 const url::Origin& origin) { |
| 1179 base::AutoLock lock(lock_); | 1179 base::AutoLock lock(lock_); |
| 1180 isolated_origins_.erase(origin); | 1180 isolated_origins_.erase(origin); |
| 1181 } | 1181 } |
| 1182 | 1182 |
| 1183 } // namespace content | 1183 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2716583003:
Rename Origin.unique() to opaque().
