OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 637 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
648 return false; | 648 return false; |
649 } | 649 } |
650 | 650 |
651 // Blob and filesystem URLs require special treatment, since they embed an | 651 // Blob and filesystem URLs require special treatment, since they embed an |
652 // inner origin. | 652 // inner origin. |
653 if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) { | 653 if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) { |
654 if (IsMalformedBlobUrl(url)) | 654 if (IsMalformedBlobUrl(url)) |
655 return false; | 655 return false; |
656 | 656 |
657 url::Origin origin(url); | 657 url::Origin origin(url); |
658 return origin.unique() || IsWebSafeScheme(origin.scheme()) || | 658 return origin.opaque() || IsWebSafeScheme(origin.scheme()) || |
659 CanCommitURL(child_id, GURL(origin.Serialize())); | 659 CanCommitURL(child_id, GURL(origin.Serialize())); |
660 } | 660 } |
661 | 661 |
662 if (IsWebSafeScheme(scheme)) | 662 if (IsWebSafeScheme(scheme)) |
663 return true; | 663 return true; |
664 | 664 |
665 // If the process can commit the URL, it can request it. | 665 // If the process can commit the URL, it can request it. |
666 if (CanCommitURL(child_id, url)) | 666 if (CanCommitURL(child_id, url)) |
667 return true; | 667 return true; |
668 | 668 |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
707 if (IsPseudoScheme(scheme)) | 707 if (IsPseudoScheme(scheme)) |
708 return url == url::kAboutBlankURL || url == kAboutSrcDocURL; | 708 return url == url::kAboutBlankURL || url == kAboutSrcDocURL; |
709 | 709 |
710 // Blob and filesystem URLs require special treatment; validate the inner | 710 // Blob and filesystem URLs require special treatment; validate the inner |
711 // origin they embed. | 711 // origin they embed. |
712 if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) { | 712 if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) { |
713 if (IsMalformedBlobUrl(url)) | 713 if (IsMalformedBlobUrl(url)) |
714 return false; | 714 return false; |
715 | 715 |
716 url::Origin origin(url); | 716 url::Origin origin(url); |
717 return origin.unique() || CanCommitURL(child_id, GURL(origin.Serialize())); | 717 return origin.opaque() || CanCommitURL(child_id, GURL(origin.Serialize())); |
718 } | 718 } |
719 | 719 |
720 { | 720 { |
721 base::AutoLock lock(lock_); | 721 base::AutoLock lock(lock_); |
722 | 722 |
723 // Most schemes can commit in any process. Note that we check | 723 // Most schemes can commit in any process. Note that we check |
724 // schemes_okay_to_commit_in_any_process_ here, which is stricter than | 724 // schemes_okay_to_commit_in_any_process_ here, which is stricter than |
725 // IsWebSafeScheme(). | 725 // IsWebSafeScheme(). |
726 // | 726 // |
727 // TODO(creis, nick): https://crbug.com/515309: in generalized Site | 727 // TODO(creis, nick): https://crbug.com/515309: in generalized Site |
(...skipping 404 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1132 | 1132 |
1133 isolated_origins_.insert(origin); | 1133 isolated_origins_.insert(origin); |
1134 } | 1134 } |
1135 | 1135 |
1136 void ChildProcessSecurityPolicyImpl::AddIsolatedOriginsFromCommandLine( | 1136 void ChildProcessSecurityPolicyImpl::AddIsolatedOriginsFromCommandLine( |
1137 const std::string& origin_list) { | 1137 const std::string& origin_list) { |
1138 for (const base::StringPiece& origin_piece : | 1138 for (const base::StringPiece& origin_piece : |
1139 base::SplitStringPiece(origin_list, ",", base::TRIM_WHITESPACE, | 1139 base::SplitStringPiece(origin_list, ",", base::TRIM_WHITESPACE, |
1140 base::SPLIT_WANT_NONEMPTY)) { | 1140 base::SPLIT_WANT_NONEMPTY)) { |
1141 url::Origin origin((GURL(origin_piece))); | 1141 url::Origin origin((GURL(origin_piece))); |
1142 if (!origin.unique()) | 1142 if (!origin.opaque()) |
1143 AddIsolatedOrigin(origin); | 1143 AddIsolatedOrigin(origin); |
1144 } | 1144 } |
1145 } | 1145 } |
1146 | 1146 |
1147 bool ChildProcessSecurityPolicyImpl::IsIsolatedOrigin( | 1147 bool ChildProcessSecurityPolicyImpl::IsIsolatedOrigin( |
1148 const url::Origin& origin) { | 1148 const url::Origin& origin) { |
1149 url::Origin unused_result; | 1149 url::Origin unused_result; |
1150 return GetMatchingIsolatedOrigin(origin, &unused_result); | 1150 return GetMatchingIsolatedOrigin(origin, &unused_result); |
1151 } | 1151 } |
1152 | 1152 |
(...skipping 21 matching lines...) Expand all Loading... |
1174 return found; | 1174 return found; |
1175 } | 1175 } |
1176 | 1176 |
1177 void ChildProcessSecurityPolicyImpl::RemoveIsolatedOriginForTesting( | 1177 void ChildProcessSecurityPolicyImpl::RemoveIsolatedOriginForTesting( |
1178 const url::Origin& origin) { | 1178 const url::Origin& origin) { |
1179 base::AutoLock lock(lock_); | 1179 base::AutoLock lock(lock_); |
1180 isolated_origins_.erase(origin); | 1180 isolated_origins_.erase(origin); |
1181 } | 1181 } |
1182 | 1182 |
1183 } // namespace content | 1183 } // namespace content |
OLD | NEW |