content/browser/site_instance_impl.cc - Issue 2831683002: Introduce support for origins that require process isolation.

Unified Diff: content/browser/site_instance_impl.cc

Issue 2831683002: Introduce support for origins that require process isolation. (Closed)

Patch Set: Rebase Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« content/browser/site_instance_impl.h ('K') | « content/browser/site_instance_impl.h ('k') | content/browser/site_instance_impl_unittest.cc » ('j') | content/browser/site_instance_impl_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/browser/site_instance_impl.cc

diff --git a/content/browser/site_instance_impl.cc b/content/browser/site_instance_impl.cc

index 0dd62877d2ec961eacf4adb5fd4d41bd92ba66df..19df31e0d7d5ea2daff6113dbaace5b34c92a1b1 100644

--- a/content/browser/site_instance_impl.cc

+++ b/content/browser/site_instance_impl.cc

@@ -4,6 +4,7 @@

#include "content/browser/site_instance_impl.h"

+#include "base/macros.h"

#include "base/memory/ptr_util.h"

#include "content/browser/browsing_instance.h"

#include "content/browser/child_process_security_policy_impl.h"

@@ -405,7 +406,18 @@ bool SiteInstance::IsSameWebSite(BrowserContext* browser_context,

if (dest_url == blank_page)

return true;

+ // If either URL has an isolated origin, compare origins rather than sites.

+ url::Origin src_origin(src_url);

Charlie Reis 2017/05/05 23:18:51 Fun. src_url is an effective URL, so it may be a

alexmos 2017/05/16 17:26:37 Thanks for pointing this out. I agree that isolat

Charlie Reis 2017/05/19 00:10:18 I like that idea-- seems like it will help us be m

+ url::Origin dest_origin(dest_url);

+ if (SiteInstanceImpl::IsIsolatedOrigin(src_origin) ||

+ SiteInstanceImpl::IsIsolatedOrigin(dest_origin))

+ return src_origin == dest_origin;

// If the schemes differ, they aren't part of the same site.

+ //

+ // Note that this happens after the isolated origin check, since blob or

+ // filesystem URLs will fail this check even though they might have the

+ // same origin.

if (src_url.scheme() != dest_url.scheme())

return false;

@@ -423,7 +435,11 @@ GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context,

return real_url;

GURL url = SiteInstanceImpl::GetEffectiveURL(browser_context, real_url);

+ // Isolated origins should use the full origin as their site URL.

url::Origin origin(url);

+ if (SiteInstanceImpl::IsIsolatedOrigin(origin))

+ return origin.GetURL();

// If the url has a host, then determine the site.

if (!origin.host().empty()) {

@@ -462,10 +478,15 @@ bool SiteInstanceImpl::DoesSiteRequireDedicatedProcess(

if (SiteIsolationPolicy::UseDedicatedProcessesForAllSites())

return true;

+ // For now, always require a dedicated process for isolated origins.

+ // TODO(alexmos): revisit this for Isolate-Me.

+ GURL site_url = GetSiteForURL(browser_context, url);

+ if (IsIsolatedOrigin(url::Origin(site_url)))

+ return true;

// Let the content embedder enable site isolation for specific URLs. Use the

// canonical site url for this check, so that schemes with nested origins

// (blob and filesystem) work properly.

- GURL site_url = GetSiteForURL(browser_context, url);

if (GetContentClient()->IsSupplementarySiteIsolationModeEnabled() &&

GetContentClient()->browser()->DoesSiteRequireDedicatedProcess(

browser_context, site_url)) {

@@ -475,6 +496,36 @@ bool SiteInstanceImpl::DoesSiteRequireDedicatedProcess(

return false;

}

+// static

+void SiteInstanceImpl::AddIsolatedOrigin(const url::Origin& origin) {

Charlie Reis 2017/05/05 23:18:51 Might be worth putting a UI thread check in each o

alexmos 2017/05/16 17:26:37 That was a really good idea, and it made me realiz

+ DCHECK(!origin.unique());

+ DCHECK(!IsIsolatedOrigin(origin));

+ GetIsolatedOrigins()->insert(origin);

+void SiteInstanceImpl::AddIsolatedOriginsFromCommandLine(

+ const std::string& origin_list) {

+ for (const base::StringPiece& origin_piece :

+ base::SplitStringPiece(origin_list, ",", base::TRIM_WHITESPACE,

+ base::SPLIT_WANT_NONEMPTY)) {

+ url::Origin origin((GURL(origin_piece)));

+ if (!origin.unique())

+ SiteInstanceImpl::AddIsolatedOrigin(origin);

+ }

+// static

+bool SiteInstanceImpl::IsIsolatedOrigin(const url::Origin& origin) {

+ return GetIsolatedOrigins()->find(origin) != GetIsolatedOrigins()->end();

+// static

+SiteInstanceImpl::IsolatedOriginSet* SiteInstanceImpl::GetIsolatedOrigins() {

+ CR_DEFINE_STATIC_LOCAL(IsolatedOriginSet, isolated_origins, ());

+ return &isolated_origins;

void SiteInstanceImpl::RenderProcessHostDestroyed(RenderProcessHost* host) {

DCHECK_EQ(process_, host);

process_->RemoveObserver(this);