content/browser/site_instance_impl.cc - Issue 2891443002: Keep subdomains of an isolated origin in the isolated origin's SiteInstance.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/browser/site_instance_impl.cc

Issue 2891443002: Keep subdomains of an isolated origin in the isolated origin's SiteInstance. (Closed)

Patch Set: More cleanup Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/browser/site_instance_impl.cc

diff --git a/content/browser/site_instance_impl.cc b/content/browser/site_instance_impl.cc

index 0e47c20885ad4e5e8b7396062cf192290c32b3fb..4a6424a9ce96b9d347b7f170d150fb72f97e68d0 100644

--- a/content/browser/site_instance_impl.cc

+++ b/content/browser/site_instance_impl.cc

@@ -309,13 +309,25 @@ bool SiteInstance::IsSameWebSite(BrowserContext* browser_context,

if (dest_url == blank_page)

return true;

- // If either URL has an isolated origin, compare origins rather than sites.

+ // If either URL matches an isolated origin, compare origins rather than

+ // sites.

url::Origin src_origin(src_url);

url::Origin dest_origin(dest_url);

auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();

- if (policy->IsIsolatedOrigin(src_origin) ||

- policy->IsIsolatedOrigin(dest_origin))

- return src_origin == dest_origin;

+ url::Origin src_isolated_origin;

+ url::Origin dest_isolated_origin;

+ bool src_origin_is_isolated =

+ policy->TryGetMostSpecificMatchForIsolatedOrigin(src_origin,

+ &src_isolated_origin);

+ bool dest_origin_is_isolated =

+ policy->TryGetMostSpecificMatchForIsolatedOrigin(dest_origin,

+ &dest_isolated_origin);

+ if (src_origin_is_isolated || dest_origin_is_isolated) {

+ // Compare most specific matching origins to ensure that a subdomain of an

+ // isolated origin (e.g., https://subdomain.isolated.foo.com) also matches

+ // the isolated origin's site URL (e.g., https://isolated.foo.com).

+ return src_isolated_origin == dest_isolated_origin;

+ }

// If the schemes differ, they aren't part of the same site.

if (src_origin.scheme() != dest_origin.scheme())

@@ -336,10 +348,14 @@ GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context,

GURL url = SiteInstanceImpl::GetEffectiveURL(browser_context, real_url);

url::Origin origin(url);

- // Isolated origins should use the full origin as their site URL.

+ // Isolated origins should use the full origin as their site URL. A subdomain

+ // of an isolated origin should also use that isolated origin's site URL.

auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();

- if (policy->IsIsolatedOrigin(origin))

- return origin.GetURL();

+ url::Origin isolated_origin;

+ if (policy->TryGetMostSpecificMatchForIsolatedOrigin(url::Origin(real_url),

+ &isolated_origin)) {

+ return isolated_origin.GetURL();

+ }

// If the url has a host, then determine the site.

if (!origin.host().empty()) {

« content/browser/isolated_origin_util.cc ('K') | « content/browser/isolated_origin_util.cc ('k') | content/browser/site_instance_impl_unittest.cc » ('j') | no next file with comments »