OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/site_instance_impl.h" | 5 #include "content/browser/site_instance_impl.h" |
6 | 6 |
7 #include "base/macros.h" | 7 #include "base/macros.h" |
8 #include "base/memory/ptr_util.h" | 8 #include "base/memory/ptr_util.h" |
9 #include "content/browser/browsing_instance.h" | 9 #include "content/browser/browsing_instance.h" |
10 #include "content/browser/child_process_security_policy_impl.h" | 10 #include "content/browser/child_process_security_policy_impl.h" |
(...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
311 | 311 |
312 // If either URL has an isolated origin, compare origins rather than sites. | 312 // If either URL has an isolated origin, compare origins rather than sites. |
313 url::Origin src_origin(src_url); | 313 url::Origin src_origin(src_url); |
314 url::Origin dest_origin(dest_url); | 314 url::Origin dest_origin(dest_url); |
315 auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); | 315 auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); |
316 if (policy->IsIsolatedOrigin(src_origin) || | 316 if (policy->IsIsolatedOrigin(src_origin) || |
317 policy->IsIsolatedOrigin(dest_origin)) | 317 policy->IsIsolatedOrigin(dest_origin)) |
318 return src_origin == dest_origin; | 318 return src_origin == dest_origin; |
319 | 319 |
320 // If the schemes differ, they aren't part of the same site. | 320 // If the schemes differ, they aren't part of the same site. |
321 // | 321 if (src_origin.scheme() != dest_origin.scheme()) |
322 // Note that this happens after the isolated origin check, since blob or | |
323 // filesystem URLs will fail this check even though they might have the | |
324 // same origin. | |
325 // | |
326 // TODO(alexmos): This check seems broken for nested URLs involving | |
327 // non-isolated origins too. See https://crbug.com/726370. | |
328 if (src_url.scheme() != dest_url.scheme()) | |
329 return false; | 322 return false; |
330 | 323 |
331 return net::registry_controlled_domains::SameDomainOrHost( | 324 return net::registry_controlled_domains::SameDomainOrHost( |
332 src_url, | 325 src_origin, dest_origin, |
333 dest_url, | |
334 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); | 326 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); |
335 } | 327 } |
336 | 328 |
337 // static | 329 // static |
338 GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context, | 330 GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context, |
339 const GURL& real_url) { | 331 const GURL& real_url) { |
340 // TODO(fsamuel, creis): For some reason appID is not recognized as a host. | 332 // TODO(fsamuel, creis): For some reason appID is not recognized as a host. |
341 if (real_url.SchemeIs(kGuestScheme)) | 333 if (real_url.SchemeIs(kGuestScheme)) |
342 return real_url; | 334 return real_url; |
343 | 335 |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
458 browsing_instance_->browser_context(), site_)) | 450 browsing_instance_->browser_context(), site_)) |
459 return; | 451 return; |
460 | 452 |
461 ChildProcessSecurityPolicyImpl* policy = | 453 ChildProcessSecurityPolicyImpl* policy = |
462 ChildProcessSecurityPolicyImpl::GetInstance(); | 454 ChildProcessSecurityPolicyImpl::GetInstance(); |
463 policy->LockToOrigin(process_->GetID(), site_); | 455 policy->LockToOrigin(process_->GetID(), site_); |
464 } | 456 } |
465 } | 457 } |
466 | 458 |
467 } // namespace content | 459 } // namespace content |
OLD | NEW |