Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(207)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/site_instance_impl.cc

Issue 2913443002: Fix scheme check in SiteInstance::IsSameWebSite for nested URLs. (Closed)
Patch Set: Nick's comments Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/browser/site_instance_impl_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/site_instance_impl.h" 5 #include "content/browser/site_instance_impl.h"
6 6
7 #include "base/macros.h" 7 #include "base/macros.h"
8 #include "base/memory/ptr_util.h" 8 #include "base/memory/ptr_util.h"
9 #include "content/browser/browsing_instance.h" 9 #include "content/browser/browsing_instance.h"
10 #include "content/browser/child_process_security_policy_impl.h" 10 #include "content/browser/child_process_security_policy_impl.h"
(...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after
311 311
312 // If either URL has an isolated origin, compare origins rather than sites. 312 // If either URL has an isolated origin, compare origins rather than sites.
313 url::Origin src_origin(src_url); 313 url::Origin src_origin(src_url);
314 url::Origin dest_origin(dest_url); 314 url::Origin dest_origin(dest_url);
315 auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); 315 auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();
316 if (policy->IsIsolatedOrigin(src_origin) || 316 if (policy->IsIsolatedOrigin(src_origin) ||
317 policy->IsIsolatedOrigin(dest_origin)) 317 policy->IsIsolatedOrigin(dest_origin))
318 return src_origin == dest_origin; 318 return src_origin == dest_origin;
319 319
320 // If the schemes differ, they aren't part of the same site. 320 // If the schemes differ, they aren't part of the same site.
321 // 321 if (src_origin.scheme() != dest_origin.scheme())
322 // Note that this happens after the isolated origin check, since blob or
323 // filesystem URLs will fail this check even though they might have the
324 // same origin.
325 //
326 // TODO(alexmos): This check seems broken for nested URLs involving
327 // non-isolated origins too. See https://crbug.com/726370.
328 if (src_url.scheme() != dest_url.scheme())
329 return false; 322 return false;
330 323
331 return net::registry_controlled_domains::SameDomainOrHost( 324 return net::registry_controlled_domains::SameDomainOrHost(
332 src_url, 325 src_origin, dest_origin,
333 dest_url,
334 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); 326 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);
335 } 327 }
336 328
337 // static 329 // static
338 GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context, 330 GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context,
339 const GURL& real_url) { 331 const GURL& real_url) {
340 // TODO(fsamuel, creis): For some reason appID is not recognized as a host. 332 // TODO(fsamuel, creis): For some reason appID is not recognized as a host.
341 if (real_url.SchemeIs(kGuestScheme)) 333 if (real_url.SchemeIs(kGuestScheme))
342 return real_url; 334 return real_url;
343 335
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after
458 browsing_instance_->browser_context(), site_)) 450 browsing_instance_->browser_context(), site_))
459 return; 451 return;
460 452
461 ChildProcessSecurityPolicyImpl* policy = 453 ChildProcessSecurityPolicyImpl* policy =
462 ChildProcessSecurityPolicyImpl::GetInstance(); 454 ChildProcessSecurityPolicyImpl::GetInstance();
463 policy->LockToOrigin(process_->GetID(), site_); 455 policy->LockToOrigin(process_->GetID(), site_);
464 } 456 }
465 } 457 }
466 458
467 } // namespace content 459 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | content/browser/site_instance_impl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698