Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1216)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/public/browser/child_process_security_policy.h

Issue 2973433003: Block redirects to renderer-debug urls. (Closed)
Patch Set: Nit: Charlie Harrison Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/frame_host/navigation_request.cc ('K') | « content/browser/frame_host/navigation_request.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "content/common/content_export.h" 10 #include "content/common/content_export.h"
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after
80 virtual void GrantCopyInto(int child_id, const base::FilePath& dir) = 0; 80 virtual void GrantCopyInto(int child_id, const base::FilePath& dir) = 0;
81 81
82 // This permission grants delete permission for |dir|. 82 // This permission grants delete permission for |dir|.
83 virtual void GrantDeleteFrom(int child_id, const base::FilePath& dir) = 0; 83 virtual void GrantDeleteFrom(int child_id, const base::FilePath& dir) = 0;
84 84
85 // Determine whether the process has the capability to request the URL. 85 // Determine whether the process has the capability to request the URL.
86 // Before servicing a child process's request for a URL, the content layer 86 // Before servicing a child process's request for a URL, the content layer
87 // calls this method to determine whether it is safe. 87 // calls this method to determine whether it is safe.
88 virtual bool CanRequestURL(int child_id, const GURL& url) = 0; 88 virtual bool CanRequestURL(int child_id, const GURL& url) = 0;
89 89
90 // Determine whether a redirect is allowed to proceed.
Charlie Reis 2017/07/07 17:13:00 Please clarify why this needs to be different than
arthursonzogni 2017/07/10 16:07:04 Done.
91 virtual bool CanRedirectToURL(const GURL& url) = 0;
Charlie Reis 2017/07/07 17:13:00 This doesn't appear to be used outside content/, s
arthursonzogni 2017/07/10 16:07:04 Done.
92
90 // Whether the process is allowed to commit a document from the given URL. 93 // Whether the process is allowed to commit a document from the given URL.
91 // This is more restrictive than CanRequestURL, since CanRequestURL allows 94 // This is more restrictive than CanRequestURL, since CanRequestURL allows
92 // requests that might lead to cross-process navigations or external protocol 95 // requests that might lead to cross-process navigations or external protocol
93 // handlers. 96 // handlers.
94 virtual bool CanCommitURL(int child_id, const GURL& url) = 0; 97 virtual bool CanCommitURL(int child_id, const GURL& url) = 0;
95 98
96 // These methods verify whether or not the child process has been granted 99 // These methods verify whether or not the child process has been granted
97 // permissions perform these functions on |file|. 100 // permissions perform these functions on |file|.
98 101
99 // Before servicing a child process's request to upload a file to the web, the 102 // Before servicing a child process's request to upload a file to the web, the
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after
206 // <webview> guest process has permission to request blob URLs in its 209 // <webview> guest process has permission to request blob URLs in its
207 // embedder's origin on the IO thread. This should be removed once that 210 // embedder's origin on the IO thread. This should be removed once that
208 // check is superseded by a UI thread check. See https://crbug.com/656752. 211 // check is superseded by a UI thread check. See https://crbug.com/656752.
209 virtual bool HasSpecificPermissionForOrigin(int child_id, 212 virtual bool HasSpecificPermissionForOrigin(int child_id,
210 const url::Origin& origin) = 0; 213 const url::Origin& origin) = 0;
211 }; 214 };
212 215
213 } // namespace content 216 } // namespace content
214 217
215 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 218 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
OLDNEW
« content/browser/frame_host/navigation_request.cc ('K') | « content/browser/frame_host/navigation_request.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698