OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/frame_host/navigation_request.h" | 5 #include "content/browser/frame_host/navigation_request.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
10 #include "content/browser/appcache/appcache_navigation_handle.h" | 10 #include "content/browser/appcache/appcache_navigation_handle.h" |
(...skipping 19 matching lines...) Expand all Loading... | |
30 #include "content/public/browser/browser_thread.h" | 30 #include "content/public/browser/browser_thread.h" |
31 #include "content/public/browser/content_browser_client.h" | 31 #include "content/public/browser/content_browser_client.h" |
32 #include "content/public/browser/global_request_id.h" | 32 #include "content/public/browser/global_request_id.h" |
33 #include "content/public/browser/navigation_controller.h" | 33 #include "content/public/browser/navigation_controller.h" |
34 #include "content/public/browser/navigation_data.h" | 34 #include "content/public/browser/navigation_data.h" |
35 #include "content/public/browser/navigation_ui_data.h" | 35 #include "content/public/browser/navigation_ui_data.h" |
36 #include "content/public/browser/render_view_host.h" | 36 #include "content/public/browser/render_view_host.h" |
37 #include "content/public/browser/storage_partition.h" | 37 #include "content/public/browser/storage_partition.h" |
38 #include "content/public/browser/stream_handle.h" | 38 #include "content/public/browser/stream_handle.h" |
39 #include "content/public/common/appcache_info.h" | 39 #include "content/public/common/appcache_info.h" |
40 #include "content/public/common/child_process_host.h" | |
40 #include "content/public/common/content_client.h" | 41 #include "content/public/common/content_client.h" |
41 #include "content/public/common/origin_util.h" | 42 #include "content/public/common/origin_util.h" |
42 #include "content/public/common/request_context_type.h" | 43 #include "content/public/common/request_context_type.h" |
43 #include "content/public/common/resource_request_body.h" | 44 #include "content/public/common/resource_request_body.h" |
44 #include "content/public/common/resource_response.h" | 45 #include "content/public/common/resource_response.h" |
45 #include "content/public/common/url_constants.h" | 46 #include "content/public/common/url_constants.h" |
46 #include "content/public/common/web_preferences.h" | 47 #include "content/public/common/web_preferences.h" |
47 #include "net/base/load_flags.h" | 48 #include "net/base/load_flags.h" |
48 #include "net/base/net_errors.h" | 49 #include "net/base/net_errors.h" |
49 #include "net/base/url_util.h" | 50 #include "net/base/url_util.h" |
(...skipping 443 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
493 } | 494 } |
494 | 495 |
495 void NavigationRequest::TransferNavigationHandleOwnership( | 496 void NavigationRequest::TransferNavigationHandleOwnership( |
496 RenderFrameHostImpl* render_frame_host) { | 497 RenderFrameHostImpl* render_frame_host) { |
497 render_frame_host->SetNavigationHandle(std::move(navigation_handle_)); | 498 render_frame_host->SetNavigationHandle(std::move(navigation_handle_)); |
498 } | 499 } |
499 | 500 |
500 void NavigationRequest::OnRequestRedirected( | 501 void NavigationRequest::OnRequestRedirected( |
501 const net::RedirectInfo& redirect_info, | 502 const net::RedirectInfo& redirect_info, |
502 const scoped_refptr<ResourceResponse>& response) { | 503 const scoped_refptr<ResourceResponse>& response) { |
504 if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanRedirectToURL( | |
505 redirect_info.new_url)) { | |
506 DVLOG(1) << "Denied unauthorized request (redirect) for " | |
507 << redirect_info.new_url.possibly_invalid_spec(); | |
508 // TODO(arthursonzogni): Consider switching to net::ERR_UNSAFE_REDIRECT | |
509 // when PlzNavigate is launched. | |
510 navigation_handle_->set_net_error_code(net::ERR_ABORTED); | |
511 frame_tree_node_->ResetNavigationRequest(false, true); | |
512 return; | |
513 } | |
514 | |
503 // If a redirect occurs, the original site instance we thought is the | 515 // If a redirect occurs, the original site instance we thought is the |
504 // destination could change. | 516 // destination could change. |
505 dest_site_instance_ = nullptr; | 517 dest_site_instance_ = nullptr; |
506 | 518 |
507 // If the navigation is no longer a POST, the POST data should be reset. | 519 // If the navigation is no longer a POST, the POST data should be reset. |
508 if (redirect_info.new_method != "POST") | 520 if (redirect_info.new_method != "POST") |
509 common_params_.post_data = nullptr; | 521 common_params_.post_data = nullptr; |
510 | 522 |
511 // Mark time for the Navigation Timing API. | 523 // Mark time for the Navigation Timing API. |
512 if (request_params_.navigation_timing.redirect_start.is_null()) { | 524 if (request_params_.navigation_timing.redirect_start.is_null()) { |
(...skipping 18 matching lines...) Expand all Loading... | |
531 // otherwise block. | 543 // otherwise block. |
532 if (CheckContentSecurityPolicyFrameSrc(true /* is redirect */) == | 544 if (CheckContentSecurityPolicyFrameSrc(true /* is redirect */) == |
533 CONTENT_SECURITY_POLICY_CHECK_FAILED) { | 545 CONTENT_SECURITY_POLICY_CHECK_FAILED) { |
534 OnRequestFailed(false, net::ERR_BLOCKED_BY_CLIENT); | 546 OnRequestFailed(false, net::ERR_BLOCKED_BY_CLIENT); |
535 | 547 |
536 // DO NOT ADD CODE after this. The previous call to OnRequestFailed has | 548 // DO NOT ADD CODE after this. The previous call to OnRequestFailed has |
537 // destroyed the NavigationRequest. | 549 // destroyed the NavigationRequest. |
538 return; | 550 return; |
539 } | 551 } |
540 | 552 |
541 // For non browser initiated navigations we need to check if the source has | |
542 // access to the URL. We always allow browser initiated requests. | |
543 // TODO(clamy): Kill the renderer if FilterURL fails? | |
544 GURL url = common_params_.url; | |
545 if (!browser_initiated_ && source_site_instance()) { | |
546 source_site_instance()->GetProcess()->FilterURL(false, &url); | |
Charlie Reis
2017/07/07 17:13:00
I don't see how it's ok to remove the FilterURL ca
arthursonzogni
2017/07/10 16:07:04
I think we should do both:
* CanRedirectToURL(url)
Charlie Reis
2017/07/10 21:16:21
Thanks! This sounds reasonable to me.
| |
547 // FilterURL sets the URL to about:blank if the CSP checks prevent the | |
548 // renderer from accessing it. | |
549 if ((url == url::kAboutBlankURL) && (url != common_params_.url)) { | |
550 navigation_handle_->set_net_error_code(net::ERR_ABORTED); | |
551 frame_tree_node_->ResetNavigationRequest(false, true); | |
552 return; | |
553 } | |
554 } | |
555 | |
556 // Compute the SiteInstance to use for the redirect and pass its | 553 // Compute the SiteInstance to use for the redirect and pass its |
557 // RenderProcessHost if it has a process. Keep a reference if it has a | 554 // RenderProcessHost if it has a process. Keep a reference if it has a |
558 // process, so that the SiteInstance and its associated process aren't deleted | 555 // process, so that the SiteInstance and its associated process aren't deleted |
559 // before the navigation is ready to commit. | 556 // before the navigation is ready to commit. |
560 scoped_refptr<SiteInstance> site_instance = | 557 scoped_refptr<SiteInstance> site_instance = |
561 frame_tree_node_->render_manager()->GetSiteInstanceForNavigationRequest( | 558 frame_tree_node_->render_manager()->GetSiteInstanceForNavigationRequest( |
562 *this); | 559 *this); |
563 speculative_site_instance_ = | 560 speculative_site_instance_ = |
564 site_instance->HasProcess() ? site_instance : nullptr; | 561 site_instance->HasProcess() ? site_instance : nullptr; |
565 | 562 |
(...skipping 442 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1008 CSPDirective::FrameSrc, common_params_.url, is_redirect, | 1005 CSPDirective::FrameSrc, common_params_.url, is_redirect, |
1009 common_params_.source_location.value_or(SourceLocation()), | 1006 common_params_.source_location.value_or(SourceLocation()), |
1010 CSPContext::CHECK_ENFORCED_CSP)) { | 1007 CSPContext::CHECK_ENFORCED_CSP)) { |
1011 return CONTENT_SECURITY_POLICY_CHECK_PASSED; | 1008 return CONTENT_SECURITY_POLICY_CHECK_PASSED; |
1012 } | 1009 } |
1013 | 1010 |
1014 return CONTENT_SECURITY_POLICY_CHECK_FAILED; | 1011 return CONTENT_SECURITY_POLICY_CHECK_FAILED; |
1015 } | 1012 } |
1016 | 1013 |
1017 } // namespace content | 1014 } // namespace content |
OLD | NEW |