Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(452)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/loader/resource_dispatcher_host_impl.cc

Issue 2905763002: Deduplicating CanReadRequestBody code. (Closed)
Patch Set: Tweaking content/browser/loader/DEPS Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/loader/DEPS ('K') | « content/browser/loader/DEPS ('k') | content/browser/resource_request_body_browser_utils.h » ('j') | content/browser/resource_request_body_browser_utils.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/loader/resource_dispatcher_host_impl.cc
diff --git a/content/browser/loader/resource_dispatcher_host_impl.cc b/content/browser/loader/resource_dispatcher_host_impl.cc
index e9178424ff40acb438828b73b743ab27da641473..debe8fd4a56fbe28662867761d2c722feebf2153 100644
--- a/content/browser/loader/resource_dispatcher_host_impl.cc
+++ b/content/browser/loader/resource_dispatcher_host_impl.cc
@@ -64,6 +64,7 @@
#include "content/browser/loader/upload_data_stream_builder.h"
#include "content/browser/loader/wake_lock_resource_throttle.h"
#include "content/browser/resource_context_impl.h"
+#include "content/browser/resource_request_body_browser_utils.h"
#include "content/browser/service_worker/foreign_fetch_request_handler.h"
#include "content/browser/service_worker/link_header_support.h"
#include "content/browser/service_worker/service_worker_context_wrapper.h"
@@ -2633,30 +2634,12 @@ bool ResourceDispatcherHostImpl::ShouldServiceRequest(
}
// Check if the renderer is permitted to upload the requested files.
- if (request_data.request_body.get()) {
- const std::vector<ResourceRequestBodyImpl::Element>* uploads =
- request_data.request_body->elements();
- std::vector<ResourceRequestBodyImpl::Element>::const_iterator iter;
- for (iter = uploads->begin(); iter != uploads->end(); ++iter) {
- if (iter->type() == ResourceRequestBodyImpl::Element::TYPE_FILE &&
- !policy->CanReadFile(child_id, iter->path())) {
- NOTREACHED() << "Denied unauthorized upload of "
- << iter->path().value();
- return false;
- }
- if (iter->type() ==
- ResourceRequestBodyImpl::Element::TYPE_FILE_FILESYSTEM) {
- storage::FileSystemURL url =
- requester_info->file_system_context()->CrackURL(
- iter->filesystem_url());
- if (!policy->CanReadFileSystemFile(child_id, url)) {
- NOTREACHED() << "Denied unauthorized upload of "
- << iter->filesystem_url().spec();
- return false;
- }
- }
- }
+ if (!CanReadRequestBody(child_id, requester_info->file_system_context(),
+ request_data.request_body)) {
+ NOTREACHED() << "Denied unauthorized upload";
+ return false;
}
+
return true;
}
« content/browser/loader/DEPS ('K') | « content/browser/loader/DEPS ('k') | content/browser/resource_request_body_browser_utils.h » ('j') | content/browser/resource_request_body_browser_utils.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698