Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4244)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/renderer_host/resource_message_filter.cc

Issue 600137: Add restriction to ViewHostMsg_GetRawCookies to block access from untrusted r... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 10 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/renderer_host/resource_message_filter.cc
===================================================================
--- chrome/browser/renderer_host/resource_message_filter.cc (revision 39084)
+++ chrome/browser/renderer_host/resource_message_filter.cc (working copy)
@@ -632,6 +632,15 @@
const GURL& url,
const GURL& first_party_for_cookies,
IPC::Message* reply_msg) {
+ // Only return raw cookies to trusted renderers.
+ if (!ChildProcessSecurityPolicy::GetInstance()->CanReadRawCookies(id())) {
yurys 2010/02/16 16:16:08 lgtm, but I'd recommend you ask someone who better
+ ViewHostMsg_GetRawCookies::WriteReplyParams(
+ reply_msg,
+ std::vector<webkit_glue::WebCookie>());
+ Send(reply_msg);
+ return;
+ }
+
URLRequestContext* context = GetRequestContextForURL(url);
GetRawCookiesCompletion* callback =
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698