OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/frame_host/navigation_request.h" | 5 #include "content/browser/frame_host/navigation_request.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
10 #include "content/browser/appcache/appcache_navigation_handle.h" | 10 #include "content/browser/appcache/appcache_navigation_handle.h" |
(...skipping 19 matching lines...) Expand all Loading... | |
30 #include "content/public/browser/browser_thread.h" | 30 #include "content/public/browser/browser_thread.h" |
31 #include "content/public/browser/content_browser_client.h" | 31 #include "content/public/browser/content_browser_client.h" |
32 #include "content/public/browser/global_request_id.h" | 32 #include "content/public/browser/global_request_id.h" |
33 #include "content/public/browser/navigation_controller.h" | 33 #include "content/public/browser/navigation_controller.h" |
34 #include "content/public/browser/navigation_data.h" | 34 #include "content/public/browser/navigation_data.h" |
35 #include "content/public/browser/navigation_ui_data.h" | 35 #include "content/public/browser/navigation_ui_data.h" |
36 #include "content/public/browser/render_view_host.h" | 36 #include "content/public/browser/render_view_host.h" |
37 #include "content/public/browser/storage_partition.h" | 37 #include "content/public/browser/storage_partition.h" |
38 #include "content/public/browser/stream_handle.h" | 38 #include "content/public/browser/stream_handle.h" |
39 #include "content/public/common/appcache_info.h" | 39 #include "content/public/common/appcache_info.h" |
40 #include "content/public/common/child_process_host.h" | |
40 #include "content/public/common/content_client.h" | 41 #include "content/public/common/content_client.h" |
41 #include "content/public/common/origin_util.h" | 42 #include "content/public/common/origin_util.h" |
42 #include "content/public/common/request_context_type.h" | 43 #include "content/public/common/request_context_type.h" |
43 #include "content/public/common/resource_request_body.h" | 44 #include "content/public/common/resource_request_body.h" |
44 #include "content/public/common/resource_response.h" | 45 #include "content/public/common/resource_response.h" |
45 #include "content/public/common/url_constants.h" | 46 #include "content/public/common/url_constants.h" |
46 #include "content/public/common/web_preferences.h" | 47 #include "content/public/common/web_preferences.h" |
47 #include "net/base/load_flags.h" | 48 #include "net/base/load_flags.h" |
48 #include "net/base/net_errors.h" | 49 #include "net/base/net_errors.h" |
49 #include "net/base/url_util.h" | 50 #include "net/base/url_util.h" |
(...skipping 443 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
493 } | 494 } |
494 | 495 |
495 void NavigationRequest::TransferNavigationHandleOwnership( | 496 void NavigationRequest::TransferNavigationHandleOwnership( |
496 RenderFrameHostImpl* render_frame_host) { | 497 RenderFrameHostImpl* render_frame_host) { |
497 render_frame_host->SetNavigationHandle(std::move(navigation_handle_)); | 498 render_frame_host->SetNavigationHandle(std::move(navigation_handle_)); |
498 } | 499 } |
499 | 500 |
500 void NavigationRequest::OnRequestRedirected( | 501 void NavigationRequest::OnRequestRedirected( |
501 const net::RedirectInfo& redirect_info, | 502 const net::RedirectInfo& redirect_info, |
502 const scoped_refptr<ResourceResponse>& response) { | 503 const scoped_refptr<ResourceResponse>& response) { |
504 if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanRedirectToURL( | |
505 redirect_info.new_url)) { | |
506 DVLOG(1) << "Denied redirect for " | |
507 << redirect_info.new_url.possibly_invalid_spec(); | |
508 // TODO(arthursonzogni): Consider switching to net::ERR_UNSAFE_REDIRECT | |
509 // when PlzNavigate is launched. | |
510 navigation_handle_->set_net_error_code(net::ERR_ABORTED); | |
511 frame_tree_node_->ResetNavigationRequest(false, true); | |
512 return; | |
513 } | |
514 | |
515 // For non browser initiated navigations we need to check if the source has | |
516 // access to the URL. We always allow browser initiated requests. | |
Charlie Reis
2017/07/10 21:16:22
nit: Rephrase last sentence, since browser-initiat
arthursonzogni
2017/07/11 16:21:31
Done.
| |
517 if (!browser_initiated_ && source_site_instance() && | |
518 !ChildProcessSecurityPolicyImpl::GetInstance()->CanRequestURL( | |
519 source_site_instance()->GetProcess()->GetID(), | |
520 redirect_info.new_url)) { | |
521 DVLOG(1) << "Denied unauthorized redirect for " | |
522 << redirect_info.new_url.possibly_invalid_spec(); | |
523 navigation_handle_->set_net_error_code(net::ERR_ABORTED); | |
524 frame_tree_node_->ResetNavigationRequest(false, true); | |
Charlie Reis
2017/07/10 21:16:22
Don't forget to return early! :)
arthursonzogni
2017/07/11 16:21:31
:) Done.
| |
525 } | |
526 | |
503 // If a redirect occurs, the original site instance we thought is the | 527 // If a redirect occurs, the original site instance we thought is the |
504 // destination could change. | 528 // destination could change. |
505 dest_site_instance_ = nullptr; | 529 dest_site_instance_ = nullptr; |
506 | 530 |
507 // If the navigation is no longer a POST, the POST data should be reset. | 531 // If the navigation is no longer a POST, the POST data should be reset. |
508 if (redirect_info.new_method != "POST") | 532 if (redirect_info.new_method != "POST") |
509 common_params_.post_data = nullptr; | 533 common_params_.post_data = nullptr; |
510 | 534 |
511 // Mark time for the Navigation Timing API. | 535 // Mark time for the Navigation Timing API. |
512 if (request_params_.navigation_timing.redirect_start.is_null()) { | 536 if (request_params_.navigation_timing.redirect_start.is_null()) { |
(...skipping 18 matching lines...) Expand all Loading... | |
531 // otherwise block. | 555 // otherwise block. |
532 if (CheckContentSecurityPolicyFrameSrc(true /* is redirect */) == | 556 if (CheckContentSecurityPolicyFrameSrc(true /* is redirect */) == |
533 CONTENT_SECURITY_POLICY_CHECK_FAILED) { | 557 CONTENT_SECURITY_POLICY_CHECK_FAILED) { |
534 OnRequestFailed(false, net::ERR_BLOCKED_BY_CLIENT); | 558 OnRequestFailed(false, net::ERR_BLOCKED_BY_CLIENT); |
535 | 559 |
536 // DO NOT ADD CODE after this. The previous call to OnRequestFailed has | 560 // DO NOT ADD CODE after this. The previous call to OnRequestFailed has |
537 // destroyed the NavigationRequest. | 561 // destroyed the NavigationRequest. |
538 return; | 562 return; |
539 } | 563 } |
540 | 564 |
541 // For non browser initiated navigations we need to check if the source has | |
542 // access to the URL. We always allow browser initiated requests. | |
543 // TODO(clamy): Kill the renderer if FilterURL fails? | |
544 GURL url = common_params_.url; | |
545 if (!browser_initiated_ && source_site_instance()) { | |
546 source_site_instance()->GetProcess()->FilterURL(false, &url); | |
547 // FilterURL sets the URL to about:blank if the CSP checks prevent the | |
548 // renderer from accessing it. | |
549 if ((url == url::kAboutBlankURL) && (url != common_params_.url)) { | |
550 navigation_handle_->set_net_error_code(net::ERR_ABORTED); | |
551 frame_tree_node_->ResetNavigationRequest(false, true); | |
552 return; | |
553 } | |
554 } | |
555 | |
556 // Compute the SiteInstance to use for the redirect and pass its | 565 // Compute the SiteInstance to use for the redirect and pass its |
557 // RenderProcessHost if it has a process. Keep a reference if it has a | 566 // RenderProcessHost if it has a process. Keep a reference if it has a |
558 // process, so that the SiteInstance and its associated process aren't deleted | 567 // process, so that the SiteInstance and its associated process aren't deleted |
559 // before the navigation is ready to commit. | 568 // before the navigation is ready to commit. |
560 scoped_refptr<SiteInstance> site_instance = | 569 scoped_refptr<SiteInstance> site_instance = |
561 frame_tree_node_->render_manager()->GetSiteInstanceForNavigationRequest( | 570 frame_tree_node_->render_manager()->GetSiteInstanceForNavigationRequest( |
562 *this); | 571 *this); |
563 speculative_site_instance_ = | 572 speculative_site_instance_ = |
564 site_instance->HasProcess() ? site_instance : nullptr; | 573 site_instance->HasProcess() ? site_instance : nullptr; |
565 | 574 |
(...skipping 442 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1008 CSPDirective::FrameSrc, common_params_.url, is_redirect, | 1017 CSPDirective::FrameSrc, common_params_.url, is_redirect, |
1009 common_params_.source_location.value_or(SourceLocation()), | 1018 common_params_.source_location.value_or(SourceLocation()), |
1010 CSPContext::CHECK_ENFORCED_CSP)) { | 1019 CSPContext::CHECK_ENFORCED_CSP)) { |
1011 return CONTENT_SECURITY_POLICY_CHECK_PASSED; | 1020 return CONTENT_SECURITY_POLICY_CHECK_PASSED; |
1012 } | 1021 } |
1013 | 1022 |
1014 return CONTENT_SECURITY_POLICY_CHECK_FAILED; | 1023 return CONTENT_SECURITY_POLICY_CHECK_FAILED; |
1015 } | 1024 } |
1016 | 1025 |
1017 } // namespace content | 1026 } // namespace content |
OLD | NEW |