content/browser/frame_host/render_frame_host_impl.cc - Issue 2897963003: PlzNavigate: Fixes ChromeOS navigation to google drive files.

Side by Side Diff: content/browser/frame_host/render_frame_host_impl.cc

Issue 2897963003: PlzNavigate: Fixes ChromeOS navigation to google drive files. (Closed)

Patch Set: Grant access to the original url only for the moment Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/frame_host/render_frame_host_impl.h"	5 #include "content/browser/frame_host/render_frame_host_impl.h"

6	6

7 #include <algorithm>	7 #include <algorithm>

8 #include <utility>	8 #include <utility>

9	9

10 #include "base/bind.h"	10 #include "base/bind.h"

(...skipping 3572 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3583 }	3583 }

3584	3584

3585 void RenderFrameHostImpl::UpdatePermissionsForNavigation(	3585 void RenderFrameHostImpl::UpdatePermissionsForNavigation(

3586 const CommonNavigationParams& common_params,	3586 const CommonNavigationParams& common_params,

3587 const RequestNavigationParams& request_params) {	3587 const RequestNavigationParams& request_params) {

3588 // Browser plugin guests are not allowed to navigate outside web-safe schemes,	3588 // Browser plugin guests are not allowed to navigate outside web-safe schemes,

3589 // so do not grant them the ability to request additional URLs.	3589 // so do not grant them the ability to request additional URLs.

3590 if (!GetProcess()->IsForGuestsOnly()) {	3590 if (!GetProcess()->IsForGuestsOnly()) {

3591 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(	3591 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(

3592 GetProcess()->GetID(), common_params.url);	3592 GetProcess()->GetID(), common_params.url);

	3593 // PlzNavigate: The browser have already navigated and some redirects may

	3594 // have occurred. Since https://crrev.com/2653953005, the navigation to the

	3595 // original url and all the redirects will be replayed in the renderer.

	3596 // That's why the access to the full chain of redirects must be granted.

	3597 // To be careful, only the access to the original one is granted for the

	3598 // moment as it solves https://crbug.com/717644.

	3599 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(

	3600 GetProcess()->GetID(), request_params.original_url);
	Charlie Reis 2017/05/24 22:58:01 Nick and I have some concerns about this. The ori Nick and I have some concerns about this. The original_url is the URL before all the redirects. In the case of cross-site redirects that end up in a different process than the original URL would have used, we should not be granting access to the original URL to the new process. (This may also be a way for a compromised renderer to sneak things into GrantRequestURL if we don't have as many security checks on original_url as we do on url.)
3593 if (common_params.url.SchemeIs(url::kDataScheme) &&	3601 if (common_params.url.SchemeIs(url::kDataScheme) &&

3594 !common_params.base_url_for_data_url.is_empty()) {	3602 !common_params.base_url_for_data_url.is_empty()) {

3595 // When there's a base URL specified for the data URL, we also need to	3603 // When there's a base URL specified for the data URL, we also need to

3596 // grant access to the base URL. This allows file: and other unexpected	3604 // grant access to the base URL. This allows file: and other unexpected

3597 // schemes to be accepted at commit time and during CORS checks (e.g., for	3605 // schemes to be accepted at commit time and during CORS checks (e.g., for

3598 // font requests).	3606 // font requests).

3599 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(	3607 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(

3600 GetProcess()->GetID(), common_params.base_url_for_data_url);	3608 GetProcess()->GetID(), common_params.base_url_for_data_url);

3601 }	3609 }

3602 }	3610 }

(...skipping 380 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3983 }	3991 }

3984	3992

3985 void RenderFrameHostImpl::ForwardGetInterfaceToRenderFrame(	3993 void RenderFrameHostImpl::ForwardGetInterfaceToRenderFrame(

3986 const std::string& interface_name,	3994 const std::string& interface_name,

3987 mojo::ScopedMessagePipeHandle pipe) {	3995 mojo::ScopedMessagePipeHandle pipe) {

3988 GetRemoteInterfaces()->GetInterface(interface_name, std::move(pipe));	3996 GetRemoteInterfaces()->GetInterface(interface_name, std::move(pipe));

3989 }	3997 }

3990 #endif	3998 #endif

3991	3999

3992 } // namespace content	4000 } // namespace content

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »