Chromium Code Reviews Chromium Code Reviews
Issue 2831683002:
Introduce support for origins that require process isolation. (Closed)
| Index: content/browser/site_instance_impl.cc |
| diff --git a/content/browser/site_instance_impl.cc b/content/browser/site_instance_impl.cc |
| index a68c0d7acfb0fc1c84dc26dbd3950fb2f7cd9fdb..513b1ed7c886f4ec6b891443639c96d09cb139e7 100644 |
| --- a/content/browser/site_instance_impl.cc |
| +++ b/content/browser/site_instance_impl.cc |
| @@ -4,6 +4,7 @@ |
| #include "content/browser/site_instance_impl.h" |
| +#include "base/macros.h" |
|
Charlie Reis
2017/05/25 01:54:37
Is this still needed?
alexmos
2017/05/25 16:58:49
No - removed.
|
| #include "base/memory/ptr_util.h" |
| #include "content/browser/browsing_instance.h" |
| #include "content/browser/child_process_security_policy_impl.h" |
| @@ -308,7 +309,19 @@ bool SiteInstance::IsSameWebSite(BrowserContext* browser_context, |
| if (dest_url == blank_page) |
| return true; |
| + // If either URL has an isolated origin, compare origins rather than sites. |
| + url::Origin src_origin(src_url); |
| + url::Origin dest_origin(dest_url); |
| + auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); |
| + if (policy->IsIsolatedOrigin(src_origin) || |
| + policy->IsIsolatedOrigin(dest_origin)) |
| + return src_origin == dest_origin; |
| + |
| // If the schemes differ, they aren't part of the same site. |
| + // |
| + // Note that this happens after the isolated origin check, since blob or |
| + // filesystem URLs will fail this check even though they might have the |
| + // same origin. |
|
Charlie Reis
2017/05/25 01:54:37
Now that you mention this, is this scheme check ev
alexmos
2017/05/25 16:58:49
Yes, indeed, I think it's a bug and I need to inve
|
| if (src_url.scheme() != dest_url.scheme()) |
| return false; |
| @@ -328,6 +341,11 @@ GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context, |
| GURL url = SiteInstanceImpl::GetEffectiveURL(browser_context, real_url); |
| url::Origin origin(url); |
| + // Isolated origins should use the full origin as their site URL. |
| + auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); |
| + if (policy->IsIsolatedOrigin(origin)) |
| + return origin.GetURL(); |
| + |
| // If the url has a host, then determine the site. |
| if (!origin.host().empty()) { |
| // Only keep the scheme and registered domain of |origin|. |
| @@ -353,6 +371,12 @@ GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context, |
| // static |
| GURL SiteInstanceImpl::GetEffectiveURL(BrowserContext* browser_context, |
| const GURL& url) { |
| + // Don't resolve URLs corresponding to isolated origins, as isolated origins |
| + // take precedence over hosted apps. |
| + auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); |
| + if (policy->IsIsolatedOrigin(url::Origin(url))) |
| + return url; |
| + |
| return GetContentClient()->browser()-> |
| GetEffectiveURL(browser_context, url); |
| } |
| @@ -365,10 +389,16 @@ bool SiteInstanceImpl::DoesSiteRequireDedicatedProcess( |
| if (SiteIsolationPolicy::UseDedicatedProcessesForAllSites()) |
| return true; |
| + // For now, always require a dedicated process for isolated origins. |
| + // TODO(alexmos): revisit this for Isolate-Me. |
| + GURL site_url = GetSiteForURL(browser_context, url); |
| + auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); |
| + if (policy->IsIsolatedOrigin(url::Origin(site_url))) |
| + return true; |
| + |
| // Let the content embedder enable site isolation for specific URLs. Use the |
| // canonical site url for this check, so that schemes with nested origins |
| // (blob and filesystem) work properly. |
| - GURL site_url = GetSiteForURL(browser_context, url); |
| if (GetContentClient()->IsSupplementarySiteIsolationModeEnabled() && |
| GetContentClient()->browser()->DoesSiteRequireDedicatedProcess( |
| browser_context, site_url)) { |
