Chromium Code Reviews Chromium Code Reviews
Issue 2764363002:
PlzNavigate: sanitize the referrer in NavigationRequest (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/frame_host/navigation_request.h" | 5 #include "content/browser/frame_host/navigation_request.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
| 10 #include "content/browser/appcache/appcache_navigation_handle.h" | 10 #include "content/browser/appcache/appcache_navigation_handle.h" |
| (...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 306 request_params_(request_params), | 306 request_params_(request_params), |
| 307 browser_initiated_(browser_initiated), | 307 browser_initiated_(browser_initiated), |
| 308 state_(NOT_STARTED), | 308 state_(NOT_STARTED), |
| 309 restore_type_(RestoreType::NONE), | 309 restore_type_(RestoreType::NONE), |
| 310 is_view_source_(false), | 310 is_view_source_(false), |
| 311 bindings_(NavigationEntryImpl::kInvalidBindings), | 311 bindings_(NavigationEntryImpl::kInvalidBindings), |
| 312 response_should_be_rendered_(true), | 312 response_should_be_rendered_(true), |
| 313 associated_site_instance_type_(AssociatedSiteInstanceType::NONE), | 313 associated_site_instance_type_(AssociatedSiteInstanceType::NONE), |
| 314 may_transfer_(may_transfer) { | 314 may_transfer_(may_transfer) { |
| 315 DCHECK(!browser_initiated || (entry != nullptr && frame_entry != nullptr)); | 315 DCHECK(!browser_initiated || (entry != nullptr && frame_entry != nullptr)); |
| 316 | |
| 317 // Sanitize the referrer. | |
| 318 common_params_.referrer = | |
| 319 Referrer::SanitizeForRequest(common_params_.url, common_params_.referrer); | |
| 320 | |
| 316 if (may_transfer) { | 321 if (may_transfer) { |
| 317 FrameNavigationEntry* frame_entry = entry->GetFrameEntry(frame_tree_node); | 322 FrameNavigationEntry* frame_entry = entry->GetFrameEntry(frame_tree_node); |
| 318 if (frame_entry) { | 323 if (frame_entry) { |
| 319 source_site_instance_ = frame_entry->source_site_instance(); | 324 source_site_instance_ = frame_entry->source_site_instance(); |
| 320 dest_site_instance_ = frame_entry->site_instance(); | 325 dest_site_instance_ = frame_entry->site_instance(); |
| 321 } | 326 } |
| 322 | 327 |
| 323 restore_type_ = entry->restore_type(); | 328 restore_type_ = entry->restore_type(); |
| 324 is_view_source_ = entry->IsViewSourceMode(); | 329 is_view_source_ = entry->IsViewSourceMode(); |
| 325 bindings_ = entry->bindings(); | 330 bindings_ = entry->bindings(); |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 358 | 363 |
| 359 if (ShouldMakeNetworkRequestForURL(common_params_.url) && | 364 if (ShouldMakeNetworkRequestForURL(common_params_.url) && |
| 360 !navigation_handle_->IsSameDocument()) { | 365 !navigation_handle_->IsSameDocument()) { |
| 361 // It's safe to use base::Unretained because this NavigationRequest owns | 366 // It's safe to use base::Unretained because this NavigationRequest owns |
| 362 // the NavigationHandle where the callback will be stored. | 367 // the NavigationHandle where the callback will be stored. |
| 363 // TODO(clamy): pass the real value for |is_external_protocol| if needed. | 368 // TODO(clamy): pass the real value for |is_external_protocol| if needed. |
| 364 // TODO(clamy): pass the method to the NavigationHandle instead of a | 369 // TODO(clamy): pass the method to the NavigationHandle instead of a |
| 365 // boolean. | 370 // boolean. |
| 366 navigation_handle_->WillStartRequest( | 371 navigation_handle_->WillStartRequest( |
| 367 common_params_.method, common_params_.post_data, | 372 common_params_.method, common_params_.post_data, |
| 368 Referrer::SanitizeForRequest(common_params_.url, | 373 Referrer::SanitizeForRequest(common_params_.url, |
|
wychen
2017/03/22 21:18:05
Do we need to sanitize it here?
jam
2017/03/23 23:35:17
This is done in the constructor.
wychen
2017/03/23 23:48:03
This is exactly what I thought. So we can directly
| |
| 369 common_params_.referrer), | 374 common_params_.referrer), |
| 370 begin_params_.has_user_gesture, common_params_.transition, false, | 375 begin_params_.has_user_gesture, common_params_.transition, false, |
| 371 begin_params_.request_context_type, | 376 begin_params_.request_context_type, |
| 372 begin_params_.mixed_content_context_type, | 377 begin_params_.mixed_content_context_type, |
| 373 base::Bind(&NavigationRequest::OnStartChecksComplete, | 378 base::Bind(&NavigationRequest::OnStartChecksComplete, |
| 374 base::Unretained(this))); | 379 base::Unretained(this))); |
| 375 return; | 380 return; |
| 376 } | 381 } |
| 377 | 382 |
| 378 // There is no need to make a network request for this navigation, so commit | 383 // There is no need to make a network request for this navigation, so commit |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 456 request_params_.navigation_timing.redirect_end = base::TimeTicks::Now(); | 461 request_params_.navigation_timing.redirect_end = base::TimeTicks::Now(); |
| 457 request_params_.navigation_timing.fetch_start = base::TimeTicks::Now(); | 462 request_params_.navigation_timing.fetch_start = base::TimeTicks::Now(); |
| 458 | 463 |
| 459 request_params_.redirect_response.push_back(response->head); | 464 request_params_.redirect_response.push_back(response->head); |
| 460 request_params_.redirect_infos.push_back(redirect_info); | 465 request_params_.redirect_infos.push_back(redirect_info); |
| 461 | 466 |
| 462 request_params_.redirects.push_back(common_params_.url); | 467 request_params_.redirects.push_back(common_params_.url); |
| 463 common_params_.url = redirect_info.new_url; | 468 common_params_.url = redirect_info.new_url; |
| 464 common_params_.method = redirect_info.new_method; | 469 common_params_.method = redirect_info.new_method; |
| 465 common_params_.referrer.url = GURL(redirect_info.new_referrer); | 470 common_params_.referrer.url = GURL(redirect_info.new_referrer); |
| 471 common_params_.referrer = | |
| 472 Referrer::SanitizeForRequest(common_params_.url, common_params_.referrer); | |
| 466 | 473 |
| 467 // For non browser initiated navigations we need to check if the source has | 474 // For non browser initiated navigations we need to check if the source has |
| 468 // access to the URL. We always allow browser initiated requests. | 475 // access to the URL. We always allow browser initiated requests. |
| 469 // TODO(clamy): Kill the renderer if FilterURL fails? | 476 // TODO(clamy): Kill the renderer if FilterURL fails? |
| 470 GURL url = common_params_.url; | 477 GURL url = common_params_.url; |
| 471 if (!browser_initiated_ && source_site_instance()) { | 478 if (!browser_initiated_ && source_site_instance()) { |
| 472 source_site_instance()->GetProcess()->FilterURL(false, &url); | 479 source_site_instance()->GetProcess()->FilterURL(false, &url); |
| 473 // FilterURL sets the URL to about:blank if the CSP checks prevent the | 480 // FilterURL sets the URL to about:blank if the CSP checks prevent the |
| 474 // renderer from accessing it. | 481 // renderer from accessing it. |
| 475 if ((url == url::kAboutBlankURL) && (url != common_params_.url)) { | 482 if ((url == url::kAboutBlankURL) && (url != common_params_.url)) { |
| (...skipping 347 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 823 DCHECK_EQ(request_params_.has_user_gesture, begin_params_.has_user_gesture); | 830 DCHECK_EQ(request_params_.has_user_gesture, begin_params_.has_user_gesture); |
| 824 | 831 |
| 825 render_frame_host->CommitNavigation(response_.get(), std::move(body_), | 832 render_frame_host->CommitNavigation(response_.get(), std::move(body_), |
| 826 common_params_, request_params_, | 833 common_params_, request_params_, |
| 827 is_view_source_); | 834 is_view_source_); |
| 828 | 835 |
| 829 frame_tree_node_->ResetNavigationRequest(true); | 836 frame_tree_node_->ResetNavigationRequest(true); |
| 830 } | 837 } |
| 831 | 838 |
| 832 } // namespace content | 839 } // namespace content |
| OLD | NEW |
