| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/site_instance_impl.h" | 5 #include "content/browser/site_instance_impl.h" |
| 6 | 6 |
| 7 #include "base/macros.h" | 7 #include "base/macros.h" |
| 8 #include "base/memory/ptr_util.h" | 8 #include "base/memory/ptr_util.h" |
| 9 #include "content/browser/browsing_instance.h" | 9 #include "content/browser/browsing_instance.h" |
| 10 #include "content/browser/child_process_security_policy_impl.h" | 10 #include "content/browser/child_process_security_policy_impl.h" |
| (...skipping 291 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 302 // If either URL is invalid, they aren't part of the same site. | 302 // If either URL is invalid, they aren't part of the same site. |
| 303 if (!src_url.is_valid() || !dest_url.is_valid()) | 303 if (!src_url.is_valid() || !dest_url.is_valid()) |
| 304 return false; | 304 return false; |
| 305 | 305 |
| 306 // If the destination url is just a blank page, we treat them as part of the | 306 // If the destination url is just a blank page, we treat them as part of the |
| 307 // same site. | 307 // same site. |
| 308 GURL blank_page(url::kAboutBlankURL); | 308 GURL blank_page(url::kAboutBlankURL); |
| 309 if (dest_url == blank_page) | 309 if (dest_url == blank_page) |
| 310 return true; | 310 return true; |
| 311 | 311 |
| 312 // If either URL has an isolated origin, compare origins rather than sites. | 312 // If either URL matches an isolated origin, compare origins rather than |
| 313 // sites. |
| 313 url::Origin src_origin(src_url); | 314 url::Origin src_origin(src_url); |
| 314 url::Origin dest_origin(dest_url); | 315 url::Origin dest_origin(dest_url); |
| 315 auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); | 316 auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); |
| 316 if (policy->IsIsolatedOrigin(src_origin) || | 317 url::Origin src_isolated_origin; |
| 317 policy->IsIsolatedOrigin(dest_origin)) | 318 url::Origin dest_isolated_origin; |
| 318 return src_origin == dest_origin; | 319 bool src_origin_is_isolated = |
| 320 policy->TryGetMostSpecificMatchForIsolatedOrigin(src_origin, |
| 321 &src_isolated_origin); |
| 322 bool dest_origin_is_isolated = |
| 323 policy->TryGetMostSpecificMatchForIsolatedOrigin(dest_origin, |
| 324 &dest_isolated_origin); |
| 325 if (src_origin_is_isolated || dest_origin_is_isolated) { |
| 326 // Compare most specific matching origins to ensure that a subdomain of an |
| 327 // isolated origin (e.g., https://subdomain.isolated.foo.com) also matches |
| 328 // the isolated origin's site URL (e.g., https://isolated.foo.com). |
| 329 return src_isolated_origin == dest_isolated_origin; |
| 330 } |
| 319 | 331 |
| 320 // If the schemes differ, they aren't part of the same site. | 332 // If the schemes differ, they aren't part of the same site. |
| 321 if (src_origin.scheme() != dest_origin.scheme()) | 333 if (src_origin.scheme() != dest_origin.scheme()) |
| 322 return false; | 334 return false; |
| 323 | 335 |
| 324 return net::registry_controlled_domains::SameDomainOrHost( | 336 return net::registry_controlled_domains::SameDomainOrHost( |
| 325 src_origin, dest_origin, | 337 src_origin, dest_origin, |
| 326 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); | 338 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); |
| 327 } | 339 } |
| 328 | 340 |
| 329 // static | 341 // static |
| 330 GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context, | 342 GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context, |
| 331 const GURL& real_url) { | 343 const GURL& real_url) { |
| 332 // TODO(fsamuel, creis): For some reason appID is not recognized as a host. | 344 // TODO(fsamuel, creis): For some reason appID is not recognized as a host. |
| 333 if (real_url.SchemeIs(kGuestScheme)) | 345 if (real_url.SchemeIs(kGuestScheme)) |
| 334 return real_url; | 346 return real_url; |
| 335 | 347 |
| 336 GURL url = SiteInstanceImpl::GetEffectiveURL(browser_context, real_url); | 348 GURL url = SiteInstanceImpl::GetEffectiveURL(browser_context, real_url); |
| 337 url::Origin origin(url); | 349 url::Origin origin(url); |
| 338 | 350 |
| 339 // Isolated origins should use the full origin as their site URL. | 351 // Isolated origins should use the full origin as their site URL. A subdomain |
| 352 // of an isolated origin should also use that isolated origin's site URL. |
| 340 auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); | 353 auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); |
| 341 if (policy->IsIsolatedOrigin(origin)) | 354 url::Origin isolated_origin; |
| 342 return origin.GetURL(); | 355 if (policy->TryGetMostSpecificMatchForIsolatedOrigin(url::Origin(real_url), |
| 356 &isolated_origin)) { |
| 357 return isolated_origin.GetURL(); |
| 358 } |
| 343 | 359 |
| 344 // If the url has a host, then determine the site. | 360 // If the url has a host, then determine the site. |
| 345 if (!origin.host().empty()) { | 361 if (!origin.host().empty()) { |
| 346 // Only keep the scheme and registered domain of |origin|. | 362 // Only keep the scheme and registered domain of |origin|. |
| 347 std::string domain = net::registry_controlled_domains::GetDomainAndRegistry( | 363 std::string domain = net::registry_controlled_domains::GetDomainAndRegistry( |
| 348 origin.host(), | 364 origin.host(), |
| 349 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); | 365 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); |
| 350 std::string site = origin.scheme(); | 366 std::string site = origin.scheme(); |
| 351 site += url::kStandardSchemeSeparator; | 367 site += url::kStandardSchemeSeparator; |
| 352 site += domain.empty() ? origin.host() : domain; | 368 site += domain.empty() ? origin.host() : domain; |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 450 browsing_instance_->browser_context(), site_)) | 466 browsing_instance_->browser_context(), site_)) |
| 451 return; | 467 return; |
| 452 | 468 |
| 453 ChildProcessSecurityPolicyImpl* policy = | 469 ChildProcessSecurityPolicyImpl* policy = |
| 454 ChildProcessSecurityPolicyImpl::GetInstance(); | 470 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 455 policy->LockToOrigin(process_->GetID(), site_); | 471 policy->LockToOrigin(process_->GetID(), site_); |
| 456 } | 472 } |
| 457 } | 473 } |
| 458 | 474 |
| 459 } // namespace content | 475 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2891443002:
Keep subdomains of an isolated origin in the isolated origin's SiteInstance. (Closed)
