OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ |
6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ |
7 | 7 |
8 #include <map> | 8 #include <map> |
9 #include <memory> | 9 #include <memory> |
10 #include <set> | 10 #include <set> |
(...skipping 252 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
263 // https://unisolated.com/ --> (unique origin) | 263 // https://unisolated.com/ --> (unique origin) |
264 bool GetMatchingIsolatedOrigin(const url::Origin& origin, | 264 bool GetMatchingIsolatedOrigin(const url::Origin& origin, |
265 url::Origin* result); | 265 url::Origin* result); |
266 | 266 |
267 // Removes a previously added isolated origin, currently only used in tests. | 267 // Removes a previously added isolated origin, currently only used in tests. |
268 // | 268 // |
269 // TODO(alexmos): Exposing this more generally will require extra care, such | 269 // TODO(alexmos): Exposing this more generally will require extra care, such |
270 // as ensuring that there are no active SiteInstances in that origin. | 270 // as ensuring that there are no active SiteInstances in that origin. |
271 void RemoveIsolatedOriginForTesting(const url::Origin& origin); | 271 void RemoveIsolatedOriginForTesting(const url::Origin& origin); |
272 | 272 |
273 // Returns false for redirects that must be blocked no matter which renderer | |
274 // process initiated the request (if any). | |
275 // Note: Checking CanRedirectToURL is not enough. CanRequestURL(child_id, url) | |
276 // represents a stricter subset. It must be used when appropriate (i.e. | |
Charlie Reis
2017/07/10 21:16:22
Slight rephrase: It must also be used for renderer
arthursonzogni
2017/07/11 16:21:31
Done.
| |
277 // for renderer initiated navigations). | |
278 bool CanRedirectToURL(const GURL& url); | |
279 | |
273 private: | 280 private: |
274 friend class ChildProcessSecurityPolicyInProcessBrowserTest; | 281 friend class ChildProcessSecurityPolicyInProcessBrowserTest; |
275 friend class ChildProcessSecurityPolicyTest; | 282 friend class ChildProcessSecurityPolicyTest; |
276 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyInProcessBrowserTest, | 283 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyInProcessBrowserTest, |
277 NoLeak); | 284 NoLeak); |
278 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest, FilePermissions); | 285 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest, FilePermissions); |
279 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest, | 286 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest, |
280 IsolateOriginsFromCommandLine); | 287 IsolateOriginsFromCommandLine); |
281 | 288 |
282 class SecurityState; | 289 class SecurityState; |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
367 // eTLD+1. Each of these origins requires a dedicated process. This set is | 374 // eTLD+1. Each of these origins requires a dedicated process. This set is |
368 // protected by |lock_|. | 375 // protected by |lock_|. |
369 std::set<url::Origin> isolated_origins_; | 376 std::set<url::Origin> isolated_origins_; |
370 | 377 |
371 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl); | 378 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl); |
372 }; | 379 }; |
373 | 380 |
374 } // namespace content | 381 } // namespace content |
375 | 382 |
376 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 383 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ |
OLD | NEW |