Chromium Code Reviews Chromium Code Reviews
Issue 2831683002:
Introduce support for origins that require process isolation. (Closed)
| Index: content/browser/site_instance_impl.cc |
| diff --git a/content/browser/site_instance_impl.cc b/content/browser/site_instance_impl.cc |
| index b8ea39e292be8c462159e93e05522a450e26e180..c6034f8d9d65115b7bf9c688383b33dea82f3a42 100644 |
| --- a/content/browser/site_instance_impl.cc |
| +++ b/content/browser/site_instance_impl.cc |
| @@ -4,6 +4,7 @@ |
| #include "content/browser/site_instance_impl.h" |
| +#include "base/macros.h" |
| #include "base/memory/ptr_util.h" |
| #include "content/browser/browsing_instance.h" |
| #include "content/browser/child_process_security_policy_impl.h" |
| @@ -308,7 +309,21 @@ bool SiteInstance::IsSameWebSite(BrowserContext* browser_context, |
| if (dest_url == blank_page) |
| return true; |
| + // If either URL has an isolated origin, compare origins rather than sites. |
| + // This must be done before the GetEffectiveURL resolution, as isolated |
|
Charlie Reis
2017/05/19 00:10:19
nit: We're not doing it before the GetEffectiveURL
alexmos
2017/05/24 00:28:33
This no longer applies now that I've modified GetE
|
| + // origins take precedence over hosted apps. |
| + url::Origin src_origin(real_src_url); |
| + url::Origin dest_origin(real_dest_url); |
| + auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); |
| + if (policy->IsIsolatedOrigin(src_origin) || |
| + policy->IsIsolatedOrigin(dest_origin)) |
| + return src_origin == dest_origin; |
| + |
| // If the schemes differ, they aren't part of the same site. |
| + // |
| + // Note that this happens after the isolated origin check, since blob or |
| + // filesystem URLs will fail this check even though they might have the |
| + // same origin. |
| if (src_url.scheme() != dest_url.scheme()) |
| return false; |
| @@ -325,6 +340,14 @@ GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context, |
| if (real_url.SchemeIs(kGuestScheme)) |
| return real_url; |
| + // Isolated origins should use the full origin as their site URL. This is |
| + // intentionally checked before resolving the URL with GetEffectiveURL, as |
| + // isolated origins must take precedence over hosted apps. |
| + auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); |
| + url::Origin real_origin(real_url); |
| + if (policy->IsIsolatedOrigin(real_origin)) |
| + return real_origin.GetURL(); |
| + |
| GURL url = SiteInstanceImpl::GetEffectiveURL(browser_context, real_url); |
| url::Origin origin(url); |
| @@ -365,10 +388,16 @@ bool SiteInstanceImpl::DoesSiteRequireDedicatedProcess( |
| if (SiteIsolationPolicy::UseDedicatedProcessesForAllSites()) |
| return true; |
| + // For now, always require a dedicated process for isolated origins. |
| + // TODO(alexmos): revisit this for Isolate-Me. |
|
Charlie Reis
2017/05/19 00:10:19
I may just be forgetting, but why would an Isolate
alexmos
2017/05/24 00:28:33
I was just thinking about the discussion that isol
Charlie Reis
2017/05/25 01:54:37
I see. Yeah, I think there's some flexibility in
alexmos
2017/05/25 16:58:49
Yes - I removed the comment given that this place
|
| + GURL site_url = GetSiteForURL(browser_context, url); |
| + auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); |
| + if (policy->IsIsolatedOrigin(url::Origin(site_url))) |
| + return true; |
| + |
| // Let the content embedder enable site isolation for specific URLs. Use the |
| // canonical site url for this check, so that schemes with nested origins |
| // (blob and filesystem) work properly. |
| - GURL site_url = GetSiteForURL(browser_context, url); |
| if (GetContentClient()->IsSupplementarySiteIsolationModeEnabled() && |
| GetContentClient()->browser()->DoesSiteRequireDedicatedProcess( |
| browser_context, site_url)) { |
