Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(530)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/frame_host/render_frame_host_impl.cc

Issue 745053002: Grant access to files in PageState, which have already been validated. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Formatting Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/sessions/session_restore.cc ('K') | « chrome/browser/sessions/session_restore.cc ('k') | content/browser/frame_host/render_frame_host_manager_browsertest.cc » ('j') | content/browser/web_contents/web_contents_impl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/frame_host/render_frame_host_impl.h" 5 #include "content/browser/frame_host/render_frame_host_impl.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/command_line.h" 8 #include "base/command_line.h"
9 #include "base/containers/hash_tables.h" 9 #include "base/containers/hash_tables.h"
10 #include "base/lazy_instance.h" 10 #include "base/lazy_instance.h"
(...skipping 1302 matching lines...) Expand 10 before | Expand all | Expand 10 after
1313 GetProcess()->GetID(), params.common_params.url); 1313 GetProcess()->GetID(), params.common_params.url);
1314 if (params.common_params.url.SchemeIs(url::kDataScheme) && 1314 if (params.common_params.url.SchemeIs(url::kDataScheme) &&
1315 params.base_url_for_data_url.SchemeIs(url::kFileScheme)) { 1315 params.base_url_for_data_url.SchemeIs(url::kFileScheme)) {
1316 // If 'data:' is used, and we have a 'file:' base url, grant access to 1316 // If 'data:' is used, and we have a 'file:' base url, grant access to
1317 // local files. 1317 // local files.
1318 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( 1318 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
1319 GetProcess()->GetID(), params.base_url_for_data_url); 1319 GetProcess()->GetID(), params.base_url_for_data_url);
1320 } 1320 }
1321 } 1321 }
1322 1322
1323 // We may be returning to an existing NavigationEntry that had been granted
1324 // file access. If this is a different process, we will need to grant the
1325 // access again. The files listed in the page state are validated when they
1326 // are received from the renderer to prevent abuse.
1327 if (params.commit_params.page_state.IsValid()) {
1328 render_view_host_->GrantFileAccessFromPageState(
1329 params.commit_params.page_state);
1330 }
1331
1323 // Only send the message if we aren't suspended at the start of a cross-site 1332 // Only send the message if we aren't suspended at the start of a cross-site
1324 // request. 1333 // request.
1325 if (navigations_suspended_) { 1334 if (navigations_suspended_) {
1326 // Shouldn't be possible to have a second navigation while suspended, since 1335 // Shouldn't be possible to have a second navigation while suspended, since
1327 // navigations will only be suspended during a cross-site request. If a 1336 // navigations will only be suspended during a cross-site request. If a
1328 // second navigation occurs, RenderFrameHostManager will cancel this pending 1337 // second navigation occurs, RenderFrameHostManager will cancel this pending
1329 // RFH and create a new pending RFH. 1338 // RFH and create a new pending RFH.
1330 DCHECK(!suspended_nav_params_.get()); 1339 DCHECK(!suspended_nav_params_.get());
1331 suspended_nav_params_.reset(new FrameMsg_Navigate_Params(params)); 1340 suspended_nav_params_.reset(new FrameMsg_Navigate_Params(params));
1332 } else { 1341 } else {
(...skipping 351 matching lines...) Expand 10 before | Expand all | Expand 10 after
1684 void RenderFrameHostImpl::DidUseGeolocationPermission() { 1693 void RenderFrameHostImpl::DidUseGeolocationPermission() {
1685 RenderFrameHost* top_frame = frame_tree_node()->frame_tree()->GetMainFrame(); 1694 RenderFrameHost* top_frame = frame_tree_node()->frame_tree()->GetMainFrame();
1686 GetContentClient()->browser()->RegisterPermissionUsage( 1695 GetContentClient()->browser()->RegisterPermissionUsage(
1687 PERMISSION_GEOLOCATION, 1696 PERMISSION_GEOLOCATION,
1688 delegate_->GetAsWebContents(), 1697 delegate_->GetAsWebContents(),
1689 GetLastCommittedURL().GetOrigin(), 1698 GetLastCommittedURL().GetOrigin(),
1690 top_frame->GetLastCommittedURL().GetOrigin()); 1699 top_frame->GetLastCommittedURL().GetOrigin());
1691 } 1700 }
1692 1701
1693 } // namespace content 1702 } // namespace content
OLDNEW
« chrome/browser/sessions/session_restore.cc ('K') | « chrome/browser/sessions/session_restore.cc ('k') | content/browser/frame_host/render_frame_host_manager_browsertest.cc » ('j') | content/browser/web_contents/web_contents_impl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698