OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 653 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
664 | 664 |
665 // If the process can commit the URL, it can request it. | 665 // If the process can commit the URL, it can request it. |
666 if (CanCommitURL(child_id, url)) | 666 if (CanCommitURL(child_id, url)) |
667 return true; | 667 return true; |
668 | 668 |
669 // Also allow URLs destined for ShellExecute and not the browser itself. | 669 // Also allow URLs destined for ShellExecute and not the browser itself. |
670 return !GetContentClient()->browser()->IsHandledURL(url) && | 670 return !GetContentClient()->browser()->IsHandledURL(url) && |
671 !net::URLRequest::IsHandledURL(url); | 671 !net::URLRequest::IsHandledURL(url); |
672 } | 672 } |
673 | 673 |
674 bool ChildProcessSecurityPolicyImpl::CanRedirectToURL(const GURL& url) { | |
675 if (!url.is_valid()) | |
676 return false; // Can't redirect to invalid URLs. | |
677 | |
678 const std::string& scheme = url.scheme(); | |
679 | |
680 if (IsPseudoScheme(scheme)) { | |
681 // Redirects to a pseudo scheme (about, javascript, view-source, ...) are | |
682 // not allowed. An exception is made for <about:blank> and its variations. | |
683 return url.IsAboutBlank(); | |
684 } | |
685 | |
686 // Note about redirects and some special URLs: | |
clamy
2017/07/12 14:19:57
s/some/
arthursonzogni
2017/07/12 14:27:38
Done.
| |
687 // * data-url: Blocked by net::DataProtocolHandler::IsSafeRedirectTarget(). | |
688 // * blob-url: Not necessary blocked, but a 'file not found' response will be | |
clamy
2017/07/12 14:19:56
* Move the Depending... paragraph above this line.
arthursonzogni
2017/07/12 14:27:38
Done.
| |
689 // generated in net::BlobURLRequestJob::DidStart(). | |
690 // * filesystem-url: Not necessary blocked and the response can be displayed. | |
691 // | |
692 // Depending on their inner origins and if the request is browser-initiated or | |
693 // renderer-initiated, blob-urls and filesystem-urls might get blocked by | |
694 // CanCommitURL or in DocumentLoader::RedirectReceived. | |
695 | |
696 return true; | |
697 } | |
698 | |
674 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id, | 699 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id, |
675 const GURL& url) { | 700 const GURL& url) { |
676 if (!url.is_valid()) | 701 if (!url.is_valid()) |
677 return false; // Can't commit invalid URLs. | 702 return false; // Can't commit invalid URLs. |
678 | 703 |
679 const std::string& scheme = url.scheme(); | 704 const std::string& scheme = url.scheme(); |
680 | 705 |
681 // Of all the pseudo schemes, only about:blank and about:srcdoc are allowed to | 706 // Of all the pseudo schemes, only about:blank and about:srcdoc are allowed to |
682 // commit. | 707 // commit. |
683 if (IsPseudoScheme(scheme)) | 708 if (IsPseudoScheme(scheme)) |
(...skipping 466 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1150 return found; | 1175 return found; |
1151 } | 1176 } |
1152 | 1177 |
1153 void ChildProcessSecurityPolicyImpl::RemoveIsolatedOriginForTesting( | 1178 void ChildProcessSecurityPolicyImpl::RemoveIsolatedOriginForTesting( |
1154 const url::Origin& origin) { | 1179 const url::Origin& origin) { |
1155 base::AutoLock lock(lock_); | 1180 base::AutoLock lock(lock_); |
1156 isolated_origins_.erase(origin); | 1181 isolated_origins_.erase(origin); |
1157 } | 1182 } |
1158 | 1183 |
1159 } // namespace content | 1184 } // namespace content |
OLD | NEW |