content/browser/isolated_origin_util.cc - Issue 2891443002: Keep subdomains of an isolated origin in the isolated origin's SiteInstance.

Side by Side Diff: content/browser/isolated_origin_util.cc

Issue 2891443002: Keep subdomains of an isolated origin in the isolated origin's SiteInstance. (Closed)

Patch Set: Addressing Nick's comments Created 3 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
(Empty)
	1 // Copyright (c) 2017 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "content/browser/isolated_origin_util.h"

	6

	7 #include "base/strings/string_util.h"

	8 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"

	9 #include "url/gurl.h"

	10

	11 namespace content {

	12

	13 // static

	14 bool IsolatedOriginUtil::DoesOriginMatchIsolatedOrigin(

	15 const url::Origin& origin,

	16 const url::Origin& isolated_origin) {

	17 // Don't match subdomains if the isolated origin is an IP address.

	18 if (isolated_origin.GetURL().HostIsIPAddress())

	19 return origin == isolated_origin;

	20

	21 if (origin.scheme() != isolated_origin.scheme())

	22 return false;

	23

	24 if (origin.port() != isolated_origin.port())

	25 return false;

	26

	27 // Subdomains of an isolated origin are considered to be in the same isolated

	28 // origin.

	29 return origin.DomainIs(isolated_origin.host());

	30 }

	31

	32 // static

	33 bool IsolatedOriginUtil::IsValidIsolatedOrigin(const url::Origin& origin) {

	34 if (origin.unique())

	35 return false;

	36

	37 // Isolated origins should have HTTP or HTTPS schemes. Hosts in other

	38 // schemes may not be compatible with subdomain matching.

	39 GURL origin_gurl = origin.GetURL();

	40 if (!origin_gurl.SchemeIsHTTPOrHTTPS())

	41 return false;

	42

	43 // IP addresses are allowed.

	44 if (origin_gurl.HostIsIPAddress())

	45 return true;

	46

	47 // Disallow hosts such as http://co.uk/, which don't have a valid

	48 // registry-controlled domain. This prevents subdomain matching from

	49 // grouping unrelated sites on a registry into the same origin.

	50 const bool has_registry_domain =

	51 net::registry_controlled_domains::HostHasRegistryControlledDomain(
	ncarter (slow) 2017/06/30 22:00:56 This variant will redo the canonicalization intern This variant will redo the canonicalization internally, but it's the most readable option. If this won't be called often (I suspect not), this is probably fine. If performance matters we can use GetCanonicalHostRegistryLength. alexmos 2017/06/30 23:30:02 Acknowledged. This is only called when adding iso Show quoted text On 2017/06/30 22:00:56, ncarter (slow) wrote: > This variant will redo the canonicalization internally, but it's the most > readable option. If this won't be called often (I suspect not), this is probably > fine. If performance matters we can use GetCanonicalHostRegistryLength. Acknowledged. This is only called when adding isolated origins right now, so perf probably won't matter until we start adding lots of isolated origins.
	52 origin.host(),

	53 net::registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES,

	54 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);

	55 if (!has_registry_domain)

	56 return false;

	57

	58 // For now, disallow hosts with a trailing dot.

	59 // TODO(alexmos): Enabling this would require carefully thinking about

	60 // whether hosts without a trailing dot should match it.

	61 if (origin.host().back() == '.')

	62 return false;

	63

	64 return true;

	65 }

	66

	67 } // namespace content

OLD	NEW

« no previous file with comments | « content/browser/isolated_origin_util.h ('k') | content/browser/site_instance_impl.cc » ('j') | content/browser/site_instance_impl.cc » ('J')