Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(482)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/child_process_security_policy_impl.h

Issue 2973433003: Block redirects to renderer-debug urls. (Closed)
Patch Set: Addressed comments. Add CanRequestURL again. Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/captive_portal/captive_portal_tab_helper.cc ('k') | content/browser/child_process_security_policy_impl.cc » ('j') | content/browser/child_process_security_policy_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ 5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_
6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ 6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_
7 7
8 #include <map> 8 #include <map>
9 #include <memory> 9 #include <memory>
10 #include <set> 10 #include <set>
(...skipping 252 matching lines...) Expand 10 before | Expand all | Expand 10 after
263 // https://unisolated.com/ --> (unique origin) 263 // https://unisolated.com/ --> (unique origin)
264 bool GetMatchingIsolatedOrigin(const url::Origin& origin, 264 bool GetMatchingIsolatedOrigin(const url::Origin& origin,
265 url::Origin* result); 265 url::Origin* result);
266 266
267 // Removes a previously added isolated origin, currently only used in tests. 267 // Removes a previously added isolated origin, currently only used in tests.
268 // 268 //
269 // TODO(alexmos): Exposing this more generally will require extra care, such 269 // TODO(alexmos): Exposing this more generally will require extra care, such
270 // as ensuring that there are no active SiteInstances in that origin. 270 // as ensuring that there are no active SiteInstances in that origin.
271 void RemoveIsolatedOriginForTesting(const url::Origin& origin); 271 void RemoveIsolatedOriginForTesting(const url::Origin& origin);
272 272
273 // Returns false for redirects that must be blocked no matter which renderer
274 // process initiated the request (if any).
275 // Note: Checking CanRedirectToURL is not enough. CanRequestURL(child_id, url)
276 // represents a stricter subset. It must be used when appropriate (i.e.
Charlie Reis 2017/07/10 21:16:22 Slight rephrase: It must also be used for renderer
arthursonzogni 2017/07/11 16:21:31 Done.
277 // for renderer initiated navigations).
278 bool CanRedirectToURL(const GURL& url);
279
273 private: 280 private:
274 friend class ChildProcessSecurityPolicyInProcessBrowserTest; 281 friend class ChildProcessSecurityPolicyInProcessBrowserTest;
275 friend class ChildProcessSecurityPolicyTest; 282 friend class ChildProcessSecurityPolicyTest;
276 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyInProcessBrowserTest, 283 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyInProcessBrowserTest,
277 NoLeak); 284 NoLeak);
278 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest, FilePermissions); 285 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest, FilePermissions);
279 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest, 286 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest,
280 IsolateOriginsFromCommandLine); 287 IsolateOriginsFromCommandLine);
281 288
282 class SecurityState; 289 class SecurityState;
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after
367 // eTLD+1. Each of these origins requires a dedicated process. This set is 374 // eTLD+1. Each of these origins requires a dedicated process. This set is
368 // protected by |lock_|. 375 // protected by |lock_|.
369 std::set<url::Origin> isolated_origins_; 376 std::set<url::Origin> isolated_origins_;
370 377
371 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl); 378 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl);
372 }; 379 };
373 380
374 } // namespace content 381 } // namespace content
375 382
376 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ 383 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_
OLDNEW
« no previous file with comments | « chrome/browser/captive_portal/captive_portal_tab_helper.cc ('k') | content/browser/child_process_security_policy_impl.cc » ('j') | content/browser/child_process_security_policy_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698