Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(8307)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/renderer_host/resource_dispatcher_host.cc

Issue 3133016: Support retrieval of raw headers from network stack (Closed) Base URL: http://src.chromium.org/svn/trunk/src/
Patch Set: nits picked Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/renderer_host/async_resource_handler.cc ('k') | chrome/browser/renderer_host/sync_resource_handler.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/renderer_host/resource_dispatcher_host.cc
diff --git a/chrome/browser/renderer_host/resource_dispatcher_host.cc b/chrome/browser/renderer_host/resource_dispatcher_host.cc
index 9126eb987a8fb358d3830e4479e69847d89eef17..2db9124544061598853e0d3e280ac2ebe25b3dc7 100644
--- a/chrome/browser/renderer_host/resource_dispatcher_host.cc
+++ b/chrome/browser/renderer_host/resource_dispatcher_host.cc
@@ -457,6 +457,15 @@ void ResourceDispatcherHost::BeginRequest(
} else if (request_data.resource_type == ResourceType::SUB_FRAME) {
load_flags |= net::LOAD_SUB_FRAME;
}
+ // Raw headers are sensitive, as they inclide Cookie/Set-Cookie, so only
+ // allow requesting them if requestor has ReadRawCookies permission.
+ if ((load_flags & net::LOAD_REPORT_RAW_HEADERS)
+ && !ChildProcessSecurityPolicy::GetInstance()->
+ CanReadRawCookies(child_id)) {
+ LOG(INFO) << "Denied unathorized request for raw headers";
+ load_flags &= ~net::LOAD_REPORT_RAW_HEADERS;
+ }
+
request->set_load_flags(load_flags);
request->set_context(context);
request->set_priority(DetermineRequestPriority(request_data.resource_type));
« no previous file with comments | « chrome/browser/renderer_host/async_resource_handler.cc ('k') | chrome/browser/renderer_host/sync_resource_handler.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698