| Index: content/browser/child_process_security_policy_impl.cc
|
| diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
|
| index 210a3c3c7cb5c9e7c2c9ab5e7c957a6a69c6cbc9..4fe2718a165d936809eb15f2f1f5f8a630f27a94 100644
|
| --- a/content/browser/child_process_security_policy_impl.cc
|
| +++ b/content/browser/child_process_security_policy_impl.cc
|
| @@ -17,6 +17,7 @@
|
| #include "base/strings/string_split.h"
|
| #include "base/strings/string_util.h"
|
| #include "build/build_config.h"
|
| +#include "content/browser/isolated_origin_util.h"
|
| #include "content/browser/site_instance_impl.h"
|
| #include "content/common/resource_request_body_impl.h"
|
| #include "content/common/site_isolation_policy.h"
|
| @@ -1092,12 +1093,12 @@ bool ChildProcessSecurityPolicyImpl::CanSendMidiSysExMessage(int child_id) {
|
|
|
| void ChildProcessSecurityPolicyImpl::AddIsolatedOrigin(
|
| const url::Origin& origin) {
|
| - CHECK(!origin.unique())
|
| - << "Cannot register a unique origin as an isolated origin.";
|
| - CHECK(!IsIsolatedOrigin(origin))
|
| - << "Duplicate isolated origin: " << origin.Serialize();
|
| + CHECK(IsolatedOriginUtil::IsValidIsolatedOrigin(origin));
|
|
|
| base::AutoLock lock(lock_);
|
| + CHECK(!isolated_origins_.count(origin))
|
| + << "Duplicate isolated origin: " << origin.Serialize();
|
| +
|
| isolated_origins_.insert(origin);
|
| }
|
|
|
| @@ -1114,8 +1115,38 @@ void ChildProcessSecurityPolicyImpl::AddIsolatedOriginsFromCommandLine(
|
|
|
| bool ChildProcessSecurityPolicyImpl::IsIsolatedOrigin(
|
| const url::Origin& origin) {
|
| + url::Origin unused_result;
|
| + return GetMatchingIsolatedOrigin(origin, &unused_result);
|
| +}
|
| +
|
| +bool ChildProcessSecurityPolicyImpl::GetMatchingIsolatedOrigin(
|
| + const url::Origin& origin,
|
| + url::Origin* result) {
|
| + *result = url::Origin();
|
| + base::AutoLock lock(lock_);
|
| +
|
| + // If multiple isolated origins are registered with a common domain suffix,
|
| + // return the most specific one. For example, if foo.isolated.com and
|
| + // isolated.com are both isolated origins, bar.foo.isolated.com should return
|
| + // foo.isolated.com.
|
| + bool found = false;
|
| + for (auto isolated_origin : isolated_origins_) {
|
| + if (IsolatedOriginUtil::DoesOriginMatchIsolatedOrigin(origin,
|
| + isolated_origin)) {
|
| + if (!found || result->host().length() < isolated_origin.host().length()) {
|
| + *result = isolated_origin;
|
| + found = true;
|
| + }
|
| + }
|
| + }
|
| +
|
| + return found;
|
| +}
|
| +
|
| +void ChildProcessSecurityPolicyImpl::RemoveIsolatedOriginForTesting(
|
| + const url::Origin& origin) {
|
| base::AutoLock lock(lock_);
|
| - return isolated_origins_.find(origin) != isolated_origins_.end();
|
| + isolated_origins_.erase(origin);
|
| }
|
|
|
| } // namespace content
|
|
|
Chromium Code Reviews
Issue 2891443002:
Keep subdomains of an isolated origin in the isolated origin's SiteInstance. (Closed)
