Chromium Code Reviews Chromium Code Reviews
Issue 2947413002:
Restrict CM API interface request and message dispatch. (Closed)
| Index: chrome/browser/password_manager/chrome_password_manager_client.cc |
| diff --git a/chrome/browser/password_manager/chrome_password_manager_client.cc b/chrome/browser/password_manager/chrome_password_manager_client.cc |
| index 19e3d7e39e71d8f6abe01bd81df5fc9b6e961bd2..7c4f84e3a2bd0e3799820bb5876312056b6e869e 100644 |
| --- a/chrome/browser/password_manager/chrome_password_manager_client.cc |
| +++ b/chrome/browser/password_manager/chrome_password_manager_client.cc |
| @@ -373,6 +373,7 @@ void ChromePasswordManagerClient::NotifyStorePasswordCalled() { |
| // If a site stores a credential the autofill password manager shouldn't kick |
| // in. |
| password_manager_.DropFormManagers(); |
| + was_store_ever_called_ = true; |
| } |
| void ChromePasswordManagerClient::AutomaticPasswordSave( |
| @@ -454,8 +455,6 @@ ukm::SourceId ChromePasswordManagerClient::GetUkmSourceId() { |
| return *ukm_source_id_; |
| } |
| -// TODO(crbug.com/706392): Fix password reuse detection for Android. |
| -#if !defined(OS_ANDROID) |
| void ChromePasswordManagerClient::DidFinishNavigation( |
| content::NavigationHandle* navigation_handle) { |
| if (!navigation_handle->IsInMainFrame() || !navigation_handle->HasCommitted()) |
| @@ -464,6 +463,14 @@ void ChromePasswordManagerClient::DidFinishNavigation( |
| if (!navigation_handle->IsSameDocument()) |
| ukm_source_id_.reset(); |
| + // From this point on, the CredentialManagerImpl will service API calls in the |
| + // context of the new WebContents::GetLastCommittedURL, which may very well be |
| + // cross-origin. Disconnect existing client, and drop pending requests. |
| + if (!navigation_handle->IsSameDocument()) |
| + credential_manager_impl_.DisconnectBinding(); |
| + |
| +// TODO(crbug.com/706392): Fix password reuse detection for Android. |
| +#if !defined(OS_ANDROID) |
| password_reuse_detection_manager_.DidNavigateMainFrame(GetMainFrameURL()); |
| // After some navigations RenderViewHost persists and just adding the observer |
| // will cause multiple call of OnInputEvent. Since Widget API doesn't allow to |
| @@ -472,8 +479,10 @@ void ChromePasswordManagerClient::DidFinishNavigation( |
| web_contents()->GetRenderViewHost()->GetWidget()->RemoveInputEventObserver( |
| this); |
| web_contents()->GetRenderViewHost()->GetWidget()->AddInputEventObserver(this); |
| +#endif |
| } |
| +#if !defined(OS_ANDROID) |
| void ChromePasswordManagerClient::OnInputEvent( |
| const blink::WebInputEvent& event) { |
| if (event.GetType() != blink::WebInputEvent::kChar) |
| @@ -714,8 +723,7 @@ const password_manager::LogManager* ChromePasswordManagerClient::GetLogManager() |
| // static |
| void ChromePasswordManagerClient::BindCredentialManager( |
| - const service_manager::BindSourceInfo& source_info, |
| - password_manager::mojom::CredentialManagerRequest request, |
| + password_manager::mojom::CredentialManagerAssociatedRequest request, |
| content::RenderFrameHost* render_frame_host) { |
| // Only valid for the main frame. |
| if (render_frame_host->GetParent()) |
| @@ -725,6 +733,11 @@ void ChromePasswordManagerClient::BindCredentialManager( |
| content::WebContents::FromRenderFrameHost(render_frame_host); |
| DCHECK(web_contents); |
| + // Only valid for the currently committed RenderFrameHost, and not, e.g. old |
| + // zombie RFH's being swapped out following cross-origin navigations. |
|
dcheng
2017/07/03 09:23:33
Hmm... I feel like something at a higher-level is
engedy
2017/07/03 09:43:34
Yes, I agree that this is a bit weird, but note th
|
| + if (web_contents->GetMainFrame() != render_frame_host) |
| + return; |
| + |
| ChromePasswordManagerClient* instance = |
| ChromePasswordManagerClient::FromWebContents(web_contents); |
