Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(679)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/frame_host/render_frame_host_impl.cc

Issue 2869423002: PlzNavigate: Do not disclose urls between cross-origin renderers. (Closed)
Patch Set: Add [ Failure ] for virtual/off-main-thread-fetch/[...]/onload-detach-during-csp-frame-src-none.html Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/frame_host/render_frame_host_impl.h ('k') | content/common/content_security_policy/content_security_policy.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/render_frame_host_impl.cc
diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc
index 4b35a18caf4cf2822ef5984ae939dbae9cce6855..d3ef60a7c28338837f0d86655e09a904fea0957a 100644
--- a/content/browser/frame_host/render_frame_host_impl.cc
+++ b/content/browser/frame_host/render_frame_host_impl.cc
@@ -120,6 +120,7 @@
#include "ui/accessibility/ax_tree_update.h"
#include "ui/gfx/geometry/quad_f.h"
#include "url/gurl.h"
+#include "url/origin.h"
#if defined(OS_ANDROID)
#include "content/browser/android/java_interfaces_impl.h"
@@ -974,6 +975,41 @@ void RenderFrameHostImpl::ReportContentSecurityPolicyViolation(
violation_params));
}
+void RenderFrameHostImpl::SanitizeDataForUseInCspViolation(
+ bool is_redirect,
+ CSPDirective::Name directive,
+ GURL* blocked_url,
+ SourceLocation* source_location) const {
+ DCHECK(blocked_url);
+ DCHECK(source_location);
+ GURL source_location_url(source_location->url);
+
+ // The main goal of this is to avoid leaking information between potentially
+ // separate renderers, in the event of one of them being compromised.
+ // See https://crbug.com/633306.
+ bool sanitize_blocked_url = true;
+ bool sanitize_source_location = true;
+
+ // There is no need to sanitize data when it is same-origin with the current
+ // url of the renderer.
+ if (url::Origin(*blocked_url).IsSameOriginWith(last_committed_origin_))
+ sanitize_blocked_url = false;
+ if (url::Origin(source_location_url).IsSameOriginWith(last_committed_origin_))
+ sanitize_source_location = false;
+
+ // When a renderer tries to do a form submission, it already knows the url of
+ // the blocked url, except when it is redirected.
+ if (!is_redirect && directive == CSPDirective::FormAction)
+ sanitize_blocked_url = false;
+
+ if (sanitize_blocked_url)
+ *blocked_url = blocked_url->GetOrigin();
+ if (sanitize_source_location) {
+ *source_location =
+ SourceLocation(source_location_url.GetOrigin().spec(), 0u, 0u);
+ }
+}
+
bool RenderFrameHostImpl::SchemeShouldBypassCSP(
const base::StringPiece& scheme) {
// Blink uses its SchemeRegistry to check if a scheme should be bypassed.
« no previous file with comments | « content/browser/frame_host/render_frame_host_impl.h ('k') | content/common/content_security_policy/content_security_policy.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698