Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(355)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/site_instance_impl.cc

Issue 2891443002: Keep subdomains of an isolated origin in the isolated origin's SiteInstance. (Closed)
Patch Set: Reorder checks in SiteInstance::IsSameWebSite Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/isolated_origin_util.cc ('k') | content/browser/site_instance_impl_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/site_instance_impl.h" 5 #include "content/browser/site_instance_impl.h"
6 6
7 #include "base/macros.h" 7 #include "base/macros.h"
8 #include "base/memory/ptr_util.h" 8 #include "base/memory/ptr_util.h"
9 #include "content/browser/browsing_instance.h" 9 #include "content/browser/browsing_instance.h"
10 #include "content/browser/child_process_security_policy_impl.h" 10 #include "content/browser/child_process_security_policy_impl.h"
(...skipping 301 matching lines...) Expand 10 before | Expand all | Expand 10 after
312 // If either URL is invalid, they aren't part of the same site. 312 // If either URL is invalid, they aren't part of the same site.
313 if (!src_url.is_valid() || !dest_url.is_valid()) 313 if (!src_url.is_valid() || !dest_url.is_valid())
314 return false; 314 return false;
315 315
316 // If the destination url is just a blank page, we treat them as part of the 316 // If the destination url is just a blank page, we treat them as part of the
317 // same site. 317 // same site.
318 GURL blank_page(url::kAboutBlankURL); 318 GURL blank_page(url::kAboutBlankURL);
319 if (dest_url == blank_page) 319 if (dest_url == blank_page)
320 return true; 320 return true;
321 321
322 // If either URL has an isolated origin, compare origins rather than sites.
323 url::Origin src_origin(src_url); 322 url::Origin src_origin(src_url);
324 url::Origin dest_origin(dest_url); 323 url::Origin dest_origin(dest_url);
325 auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();
326 if (policy->IsIsolatedOrigin(src_origin) ||
327 policy->IsIsolatedOrigin(dest_origin))
328 return src_origin == dest_origin;
329 324
330 // If the schemes differ, they aren't part of the same site. 325 // If the schemes differ, they aren't part of the same site.
331 if (src_origin.scheme() != dest_origin.scheme()) 326 if (src_origin.scheme() != dest_origin.scheme())
332 return false; 327 return false;
333 328
334 return net::registry_controlled_domains::SameDomainOrHost( 329 if (!net::registry_controlled_domains::SameDomainOrHost(
335 src_origin, dest_origin, 330 src_origin, dest_origin,
336 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); 331 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)) {
332 return false;
333 }
334
335 // If the sites are the same, check isolated origins. If either URL matches
336 // an isolated origin, compare origins rather than sites.
337 auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();
338 url::Origin src_isolated_origin;
339 url::Origin dest_isolated_origin;
340 bool src_origin_is_isolated =
341 policy->GetMatchingIsolatedOrigin(src_origin, &src_isolated_origin);
342 bool dest_origin_is_isolated =
343 policy->GetMatchingIsolatedOrigin(dest_origin, &dest_isolated_origin);
344 if (src_origin_is_isolated || dest_origin_is_isolated) {
345 // Compare most specific matching origins to ensure that a subdomain of an
346 // isolated origin (e.g., https://subdomain.isolated.foo.com) also matches
347 // the isolated origin's site URL (e.g., https://isolated.foo.com).
348 return src_isolated_origin == dest_isolated_origin;
349 }
350
351 return true;
337 } 352 }
338 353
339 // static 354 // static
340 GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context, 355 GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context,
341 const GURL& real_url) { 356 const GURL& real_url) {
342 // TODO(fsamuel, creis): For some reason appID is not recognized as a host. 357 // TODO(fsamuel, creis): For some reason appID is not recognized as a host.
343 if (real_url.SchemeIs(kGuestScheme)) 358 if (real_url.SchemeIs(kGuestScheme))
344 return real_url; 359 return real_url;
345 360
346 GURL url = SiteInstanceImpl::GetEffectiveURL(browser_context, real_url); 361 GURL url = SiteInstanceImpl::GetEffectiveURL(browser_context, real_url);
347 url::Origin origin(url); 362 url::Origin origin(url);
348 363
349 // Isolated origins should use the full origin as their site URL. 364 // Isolated origins should use the full origin as their site URL. A subdomain
365 // of an isolated origin should also use that isolated origin's site URL.
350 auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); 366 auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();
351 if (policy->IsIsolatedOrigin(origin)) 367 url::Origin isolated_origin;
352 return origin.GetURL(); 368 if (policy->GetMatchingIsolatedOrigin(url::Origin(real_url),
369 &isolated_origin)) {
370 return isolated_origin.GetURL();
371 }
353 372
354 // If the url has a host, then determine the site. 373 // If the url has a host, then determine the site.
355 if (!origin.host().empty()) { 374 if (!origin.host().empty()) {
356 // Only keep the scheme and registered domain of |origin|. 375 // Only keep the scheme and registered domain of |origin|.
357 std::string domain = net::registry_controlled_domains::GetDomainAndRegistry( 376 std::string domain = net::registry_controlled_domains::GetDomainAndRegistry(
358 origin.host(), 377 origin.host(),
359 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); 378 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);
360 std::string site = origin.scheme(); 379 std::string site = origin.scheme();
361 site += url::kStandardSchemeSeparator; 380 site += url::kStandardSchemeSeparator;
362 site += domain.empty() ? origin.host() : domain; 381 site += domain.empty() ? origin.host() : domain;
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after
484 // prevent the non-isolated sites from requesting resources for isolated 503 // prevent the non-isolated sites from requesting resources for isolated
485 // sites. https://crbug.com/509125 504 // sites. https://crbug.com/509125
486 if (ShouldLockToOrigin(GetBrowserContext(), site_)) { 505 if (ShouldLockToOrigin(GetBrowserContext(), site_)) {
487 ChildProcessSecurityPolicyImpl* policy = 506 ChildProcessSecurityPolicyImpl* policy =
488 ChildProcessSecurityPolicyImpl::GetInstance(); 507 ChildProcessSecurityPolicyImpl::GetInstance();
489 policy->LockToOrigin(process_->GetID(), site_); 508 policy->LockToOrigin(process_->GetID(), site_);
490 } 509 }
491 } 510 }
492 511
493 } // namespace content 512 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/isolated_origin_util.cc ('k') | content/browser/site_instance_impl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698