Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(519)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/dom/RemoteSecurityContext.cpp

Issue 520213002: Make SecurityContext available in RemoteFrames. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Review feedback from Daniel, expose securityOrigin() from WebFrame Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/core/dom/RemoteSecurityContext.h ('k') | Source/core/frame/Frame.h » ('j') | Source/core/frame/RemoteFrame.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/dom/RemoteSecurityContext.cpp
diff --git a/Source/core/dom/RemoteSecurityContext.cpp b/Source/core/dom/RemoteSecurityContext.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..149877e51e1c8f64e2e7c156fa3baae084fe833c
--- /dev/null
+++ b/Source/core/dom/RemoteSecurityContext.cpp
@@ -0,0 +1,51 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "config.h"
+#include "core/dom/RemoteSecurityContext.h"
+
+#include "core/frame/csp/ContentSecurityPolicy.h"
+#include "platform/weborigin/SecurityOrigin.h"
+
+namespace blink {
+
+RemoteSecurityContext::RemoteSecurityContext()
+ : SecurityContext()
+{
+}
+
+PassRefPtr<RemoteSecurityContext> RemoteSecurityContext::create()
+{
+ RefPtr<RemoteSecurityContext> securityContext =
+ adoptRef(new RemoteSecurityContext());
+
+ // RemoteSecurityContext's origin is expected to stay uninitialized until
+ // we set it using replicated origin data from the browser process.
+ ASSERT(!securityContext->haveInitializedSecurityOrigin());
+
+ // CSP will not be replicated for RemoteSecurityContexts, as it is moving
+ // to the browser process. For now, initialize CSP to a default
+ // locked-down policy.
+ securityContext->setContentSecurityPolicy(ContentSecurityPolicy::create());
dcheng 2014/11/18 23:31:40 I'd probably move lines 23-30 to the constructor a
alexmos 2014/11/19 00:33:04 Done.
+
+ // TODO(alexmos): Document::initSecurityContext has a few other things we
+ // may eventually want here, such as enforcing a setting to
+ // grantUniversalAccess().
+
+ return securityContext.release();
+}
+
+void RemoteSecurityContext::setReplicatedOrigin(PassRefPtr<SecurityOrigin> origin)
+{
+ // FIXME(alexmos): currently, replicated security origins are passed only
+ // at RemoteFrame creation time. Eventually, this class will also need to
+ // handle origin updates to handle cases like setting document.domain, but
+ // for now, check that this is the first and only time we are setting the
+ // origin.
+ ASSERT(!haveInitializedSecurityOrigin());
+ setSecurityOrigin(origin);
+}
+
+
+} // namespace blink
« no previous file with comments | « Source/core/dom/RemoteSecurityContext.h ('k') | Source/core/frame/Frame.h » ('j') | Source/core/frame/RemoteFrame.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698