Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(624)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/ui/login/login_prompt.cc

Issue 410373003: Fix cross origin check when deciding to show the HTTP auth interstitial. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Change test name Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/net/websocket_browsertest.cc ('k') | chrome/browser/ui/login/login_prompt_browsertest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/ui/login/login_prompt.h" 5 #include "chrome/browser/ui/login/login_prompt.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 491 matching lines...) Expand 10 before | Expand all | Expand 10 after
502 DCHECK_CURRENTLY_ON(BrowserThread::UI); 502 DCHECK_CURRENTLY_ON(BrowserThread::UI);
503 WebContents* parent_contents = handler->GetWebContentsForLogin(); 503 WebContents* parent_contents = handler->GetWebContentsForLogin();
504 if (!parent_contents || handler->WasAuthHandled()) { 504 if (!parent_contents || handler->WasAuthHandled()) {
505 // The request may have been cancelled, or it may be for a renderer 505 // The request may have been cancelled, or it may be for a renderer
506 // not hosted by a tab (e.g. an extension). Cancel just in case 506 // not hosted by a tab (e.g. an extension). Cancel just in case
507 // (cancelling twice is a no-op). 507 // (cancelling twice is a no-op).
508 handler->CancelAuth(); 508 handler->CancelAuth();
509 return; 509 return;
510 } 510 }
511 511
512 // Check if the request is cross origin. There are two different ways the
513 // navigation can occur:
514 // 1- The user enters the resource URL in the omnibox.
515 // 2- The page redirects to the resource.
516 // In both cases, the last committed URL is different than the resource URL,
517 // so checking it is sufficient.
518 // Note that (1) will not be true once site isolation is enabled, as any
519 // navigation could cause a cross-process swap, including link clicks.
512 if (is_main_frame && 520 if (is_main_frame &&
513 parent_contents->GetVisibleURL().GetOrigin() != request_url.GetOrigin()) { 521 parent_contents->GetLastCommittedURL().GetOrigin() !=
522 request_url.GetOrigin()) {
514 // Show a blank interstitial for main-frame, cross origin requests 523 // Show a blank interstitial for main-frame, cross origin requests
515 // so that the correct URL is shown in the omnibox. 524 // so that the correct URL is shown in the omnibox.
516 base::Closure callback = base::Bind(&ShowLoginPrompt, 525 base::Closure callback = base::Bind(&ShowLoginPrompt,
517 request_url, 526 request_url,
518 make_scoped_refptr(auth_info), 527 make_scoped_refptr(auth_info),
519 make_scoped_refptr(handler)); 528 make_scoped_refptr(handler));
520 // This is owned by the interstitial it creates. 529 // This is owned by the interstitial it creates.
521 new LoginInterstitialDelegate(parent_contents, 530 new LoginInterstitialDelegate(parent_contents,
522 request_url, 531 request_url,
523 callback); 532 callback);
(...skipping 11 matching lines...) Expand all
535 net::URLRequest* request) { 544 net::URLRequest* request) {
536 bool is_main_frame = (request->load_flags() & net::LOAD_MAIN_FRAME) != 0; 545 bool is_main_frame = (request->load_flags() & net::LOAD_MAIN_FRAME) != 0;
537 LoginHandler* handler = LoginHandler::Create(auth_info, request); 546 LoginHandler* handler = LoginHandler::Create(auth_info, request);
538 BrowserThread::PostTask( 547 BrowserThread::PostTask(
539 BrowserThread::UI, FROM_HERE, 548 BrowserThread::UI, FROM_HERE,
540 base::Bind(&LoginDialogCallback, request->url(), 549 base::Bind(&LoginDialogCallback, request->url(),
541 make_scoped_refptr(auth_info), make_scoped_refptr(handler), 550 make_scoped_refptr(auth_info), make_scoped_refptr(handler),
542 is_main_frame)); 551 is_main_frame));
543 return handler; 552 return handler;
544 } 553 }
OLDNEW
« no previous file with comments | « chrome/browser/net/websocket_browsertest.cc ('k') | chrome/browser/ui/login/login_prompt_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698