Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(221)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 600137: Add restriction to ViewHostMsg_GetRawCookies to block access from untrusted r... (Closed)

Created:
10 years, 10 months ago by pfeldman
Modified:
9 years, 7 months ago
Reviewers:
yurys
CC:
chromium-reviews, darin+cc_chromium.org, ukai
Visibility:
Public.

Description

Add restriction to ViewHostMsg_GetRawCookies to block access from untrusted renderers. BUG=35575 Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=39100

Patch Set 1 #

Total comments: 2

Patch Set 2 : '' #

Total comments: 2

Patch Set 3 : '' #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+9 lines, -0 lines) Patch
M chrome/browser/renderer_host/resource_message_filter.cc View 1 2 1 chunk +9 lines, -0 lines 1 comment Download

Messages

Total messages: 8 (0 generated)
pfeldman
10 years, 10 months ago (2010-02-16 15:33:16 UTC) #1
yurys
http://codereview.chromium.org/600137/diff/1/2 File chrome/browser/renderer_host/resource_message_filter.cc (right): http://codereview.chromium.org/600137/diff/1/2#newcode635 chrome/browser/renderer_host/resource_message_filter.cc:635: if (!ChildProcessSecurityPolicy::GetInstance()->CanReadRawCookies(id())) is it ok that you don't send ...
10 years, 10 months ago (2010-02-16 15:38:43 UTC) #2
pfeldman
http://codereview.chromium.org/600137/diff/1/2 File chrome/browser/renderer_host/resource_message_filter.cc (right): http://codereview.chromium.org/600137/diff/1/2#newcode635 chrome/browser/renderer_host/resource_message_filter.cc:635: if (!ChildProcessSecurityPolicy::GetInstance()->CanReadRawCookies(id())) On 2010/02/16 15:38:44, Yury Semikhatsky wrote: > ...
10 years, 10 months ago (2010-02-16 15:44:59 UTC) #3
yurys
LGTM http://codereview.chromium.org/600137/diff/3/1003 File chrome/browser/renderer_host/resource_message_filter.cc (right): http://codereview.chromium.org/600137/diff/3/1003#newcode640 chrome/browser/renderer_host/resource_message_filter.cc:640: if (!ChildProcessSecurityPolicy::GetInstance()->CanReadRawCookies(id())) { Would it be more clear ...
10 years, 10 months ago (2010-02-16 15:48:26 UTC) #4
yurys
http://codereview.chromium.org/600137/diff/3/1003 File chrome/browser/renderer_host/resource_message_filter.cc (right): http://codereview.chromium.org/600137/diff/3/1003#newcode652 chrome/browser/renderer_host/resource_message_filter.cc:652: if (policy == net::ERR_IO_PENDING) btw, if the control flow ...
10 years, 10 months ago (2010-02-16 15:52:47 UTC) #5
pfeldman
Sounds like in case or ERR_IO_PENDING, this callback is being re-scheduled. Looks like it is ...
10 years, 10 months ago (2010-02-16 15:59:26 UTC) #6
pfeldman
On 2010/02/16 15:59:26, pfeldman wrote: > Sounds like in case or ERR_IO_PENDING, this callback is ...
10 years, 10 months ago (2010-02-16 16:03:37 UTC) #7
yurys
10 years, 10 months ago (2010-02-16 16:16:08 UTC) #8 
http://codereview.chromium.org/600137/diff/6002/6003
File chrome/browser/renderer_host/resource_message_filter.cc (right):

http://codereview.chromium.org/600137/diff/6002/6003#newcode636
chrome/browser/renderer_host/resource_message_filter.cc:636: if
(!ChildProcessSecurityPolicy::GetInstance()->CanReadRawCookies(id())) {
lgtm, but I'd recommend you ask someone who better understands this stuff to
look at this change?

Powered by Google App Engine
This is Rietveld 408576698