OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/frame_host/navigation_request.h" | 5 #include "content/browser/frame_host/navigation_request.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
10 #include "content/browser/appcache/appcache_navigation_handle.h" | 10 #include "content/browser/appcache/appcache_navigation_handle.h" |
(...skipping 19 matching lines...) Expand all Loading... |
30 #include "content/public/browser/browser_thread.h" | 30 #include "content/public/browser/browser_thread.h" |
31 #include "content/public/browser/content_browser_client.h" | 31 #include "content/public/browser/content_browser_client.h" |
32 #include "content/public/browser/global_request_id.h" | 32 #include "content/public/browser/global_request_id.h" |
33 #include "content/public/browser/navigation_controller.h" | 33 #include "content/public/browser/navigation_controller.h" |
34 #include "content/public/browser/navigation_data.h" | 34 #include "content/public/browser/navigation_data.h" |
35 #include "content/public/browser/navigation_ui_data.h" | 35 #include "content/public/browser/navigation_ui_data.h" |
36 #include "content/public/browser/render_view_host.h" | 36 #include "content/public/browser/render_view_host.h" |
37 #include "content/public/browser/storage_partition.h" | 37 #include "content/public/browser/storage_partition.h" |
38 #include "content/public/browser/stream_handle.h" | 38 #include "content/public/browser/stream_handle.h" |
39 #include "content/public/common/appcache_info.h" | 39 #include "content/public/common/appcache_info.h" |
40 #include "content/public/common/child_process_host.h" | |
41 #include "content/public/common/content_client.h" | 40 #include "content/public/common/content_client.h" |
42 #include "content/public/common/origin_util.h" | 41 #include "content/public/common/origin_util.h" |
43 #include "content/public/common/request_context_type.h" | 42 #include "content/public/common/request_context_type.h" |
44 #include "content/public/common/resource_request_body.h" | 43 #include "content/public/common/resource_request_body.h" |
45 #include "content/public/common/resource_response.h" | 44 #include "content/public/common/resource_response.h" |
46 #include "content/public/common/url_constants.h" | 45 #include "content/public/common/url_constants.h" |
47 #include "content/public/common/web_preferences.h" | 46 #include "content/public/common/web_preferences.h" |
48 #include "net/base/load_flags.h" | 47 #include "net/base/load_flags.h" |
49 #include "net/base/net_errors.h" | 48 #include "net/base/net_errors.h" |
50 #include "net/base/url_util.h" | 49 #include "net/base/url_util.h" |
(...skipping 443 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
494 } | 493 } |
495 | 494 |
496 void NavigationRequest::TransferNavigationHandleOwnership( | 495 void NavigationRequest::TransferNavigationHandleOwnership( |
497 RenderFrameHostImpl* render_frame_host) { | 496 RenderFrameHostImpl* render_frame_host) { |
498 render_frame_host->SetNavigationHandle(std::move(navigation_handle_)); | 497 render_frame_host->SetNavigationHandle(std::move(navigation_handle_)); |
499 } | 498 } |
500 | 499 |
501 void NavigationRequest::OnRequestRedirected( | 500 void NavigationRequest::OnRequestRedirected( |
502 const net::RedirectInfo& redirect_info, | 501 const net::RedirectInfo& redirect_info, |
503 const scoped_refptr<ResourceResponse>& response) { | 502 const scoped_refptr<ResourceResponse>& response) { |
504 if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanRedirectToURL( | |
505 redirect_info.new_url)) { | |
506 DVLOG(1) << "Denied redirect for " | |
507 << redirect_info.new_url.possibly_invalid_spec(); | |
508 // TODO(arthursonzogni): Consider switching to net::ERR_UNSAFE_REDIRECT | |
509 // when PlzNavigate is launched. | |
510 navigation_handle_->set_net_error_code(net::ERR_ABORTED); | |
511 frame_tree_node_->ResetNavigationRequest(false, true); | |
512 return; | |
513 } | |
514 | |
515 // For renderer-initiated navigations we need to check if the source has | |
516 // access to the URL. Browser-initiated navigations only rely on the | |
517 // |CanRedirectToURL| test above. | |
518 if (!browser_initiated_ && source_site_instance() && | |
519 !ChildProcessSecurityPolicyImpl::GetInstance()->CanRequestURL( | |
520 source_site_instance()->GetProcess()->GetID(), | |
521 redirect_info.new_url)) { | |
522 DVLOG(1) << "Denied unauthorized redirect for " | |
523 << redirect_info.new_url.possibly_invalid_spec(); | |
524 navigation_handle_->set_net_error_code(net::ERR_ABORTED); | |
525 frame_tree_node_->ResetNavigationRequest(false, true); | |
526 return; | |
527 } | |
528 | |
529 // If a redirect occurs, the original site instance we thought is the | 503 // If a redirect occurs, the original site instance we thought is the |
530 // destination could change. | 504 // destination could change. |
531 dest_site_instance_ = nullptr; | 505 dest_site_instance_ = nullptr; |
532 | 506 |
533 // If the navigation is no longer a POST, the POST data should be reset. | 507 // If the navigation is no longer a POST, the POST data should be reset. |
534 if (redirect_info.new_method != "POST") | 508 if (redirect_info.new_method != "POST") |
535 common_params_.post_data = nullptr; | 509 common_params_.post_data = nullptr; |
536 | 510 |
537 // Mark time for the Navigation Timing API. | 511 // Mark time for the Navigation Timing API. |
538 if (request_params_.navigation_timing.redirect_start.is_null()) { | 512 if (request_params_.navigation_timing.redirect_start.is_null()) { |
(...skipping 18 matching lines...) Expand all Loading... |
557 // otherwise block. | 531 // otherwise block. |
558 if (CheckContentSecurityPolicyFrameSrc(true /* is redirect */) == | 532 if (CheckContentSecurityPolicyFrameSrc(true /* is redirect */) == |
559 CONTENT_SECURITY_POLICY_CHECK_FAILED) { | 533 CONTENT_SECURITY_POLICY_CHECK_FAILED) { |
560 OnRequestFailed(false, net::ERR_BLOCKED_BY_CLIENT); | 534 OnRequestFailed(false, net::ERR_BLOCKED_BY_CLIENT); |
561 | 535 |
562 // DO NOT ADD CODE after this. The previous call to OnRequestFailed has | 536 // DO NOT ADD CODE after this. The previous call to OnRequestFailed has |
563 // destroyed the NavigationRequest. | 537 // destroyed the NavigationRequest. |
564 return; | 538 return; |
565 } | 539 } |
566 | 540 |
| 541 // For non browser initiated navigations we need to check if the source has |
| 542 // access to the URL. We always allow browser initiated requests. |
| 543 // TODO(clamy): Kill the renderer if FilterURL fails? |
| 544 GURL url = common_params_.url; |
| 545 if (!browser_initiated_ && source_site_instance()) { |
| 546 source_site_instance()->GetProcess()->FilterURL(false, &url); |
| 547 // FilterURL sets the URL to about:blank if the CSP checks prevent the |
| 548 // renderer from accessing it. |
| 549 if ((url == url::kAboutBlankURL) && (url != common_params_.url)) { |
| 550 navigation_handle_->set_net_error_code(net::ERR_ABORTED); |
| 551 frame_tree_node_->ResetNavigationRequest(false, true); |
| 552 return; |
| 553 } |
| 554 } |
| 555 |
567 // Compute the SiteInstance to use for the redirect and pass its | 556 // Compute the SiteInstance to use for the redirect and pass its |
568 // RenderProcessHost if it has a process. Keep a reference if it has a | 557 // RenderProcessHost if it has a process. Keep a reference if it has a |
569 // process, so that the SiteInstance and its associated process aren't deleted | 558 // process, so that the SiteInstance and its associated process aren't deleted |
570 // before the navigation is ready to commit. | 559 // before the navigation is ready to commit. |
571 scoped_refptr<SiteInstance> site_instance = | 560 scoped_refptr<SiteInstance> site_instance = |
572 frame_tree_node_->render_manager()->GetSiteInstanceForNavigationRequest( | 561 frame_tree_node_->render_manager()->GetSiteInstanceForNavigationRequest( |
573 *this); | 562 *this); |
574 speculative_site_instance_ = | 563 speculative_site_instance_ = |
575 site_instance->HasProcess() ? site_instance : nullptr; | 564 site_instance->HasProcess() ? site_instance : nullptr; |
576 | 565 |
(...skipping 442 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1019 CSPDirective::FrameSrc, common_params_.url, is_redirect, | 1008 CSPDirective::FrameSrc, common_params_.url, is_redirect, |
1020 common_params_.source_location.value_or(SourceLocation()), | 1009 common_params_.source_location.value_or(SourceLocation()), |
1021 CSPContext::CHECK_ENFORCED_CSP)) { | 1010 CSPContext::CHECK_ENFORCED_CSP)) { |
1022 return CONTENT_SECURITY_POLICY_CHECK_PASSED; | 1011 return CONTENT_SECURITY_POLICY_CHECK_PASSED; |
1023 } | 1012 } |
1024 | 1013 |
1025 return CONTENT_SECURITY_POLICY_CHECK_FAILED; | 1014 return CONTENT_SECURITY_POLICY_CHECK_FAILED; |
1026 } | 1015 } |
1027 | 1016 |
1028 } // namespace content | 1017 } // namespace content |
OLD | NEW |