Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(434)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/renderer/content_settings_observer.cc

Issue 789273006: Make ContentSettingsObserver security checks work with OOPIF. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: git cl format Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/chrome_site_per_process_browsertest.cc ('K') | « chrome/chrome_tests.gypi ('k') | chrome/test/data/iframe.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/renderer/content_settings_observer.cc
diff --git a/chrome/renderer/content_settings_observer.cc b/chrome/renderer/content_settings_observer.cc
index 0f0eff8a6b54100522a5561cbe0947319b2b6b0c..2cd7092495fcb2bb46b0349d90a42c83b8b37110 100644
--- a/chrome/renderer/content_settings_observer.cc
+++ b/chrome/renderer/content_settings_observer.cc
@@ -115,9 +115,12 @@ static bool IsHostInDomain(const std::string& host, const std::string& domain) {
}
GURL GetOriginOrURL(const WebFrame* frame) {
- WebString top_origin = frame->top()->document().securityOrigin().toString();
- // The the |top_origin| is unique ("null") e.g., for file:// URLs. Use the
+ WebString top_origin = frame->top()->securityOrigin().toString();
+ // The |top_origin| is unique ("null") e.g., for file:// URLs. Use the
// document URL as the primary URL in those cases.
+ // TODO(alexmos): This is broken for --site-per-process, since top() can be a
+ // WebRemoteFrame which does not have a document(), and the WebRemoteFrame's
+ // URL is not currently replicated.
Charlie Reis 2014/12/15 20:25:35 nit: Let's remove "currently" to avoid implying th
alexmos 2014/12/15 21:22:18 Done.
if (top_origin == "null")
return frame->top()->document().url();
return GURL(top_origin);
@@ -269,23 +272,23 @@ bool ContentSettingsObserver::allowDatabase(const WebString& name,
const WebString& display_name,
unsigned long estimated_size) {
WebFrame* frame = render_frame()->GetWebFrame();
- if (frame->document().securityOrigin().isUnique() ||
- frame->top()->document().securityOrigin().isUnique())
+ if (frame->securityOrigin().isUnique() ||
+ frame->top()->securityOrigin().isUnique())
return false;
bool result = false;
Send(new ChromeViewHostMsg_AllowDatabase(
- routing_id(), GURL(frame->document().securityOrigin().toString()),
- GURL(frame->top()->document().securityOrigin().toString()),
- name, display_name, &result));
+ routing_id(), GURL(frame->securityOrigin().toString()),
+ GURL(frame->top()->securityOrigin().toString()), name, display_name,
+ &result));
return result;
}
void ContentSettingsObserver::requestFileSystemAccessAsync(
const WebPermissionCallbacks& callbacks) {
WebFrame* frame = render_frame()->GetWebFrame();
- if (frame->document().securityOrigin().isUnique() ||
- frame->top()->document().securityOrigin().isUnique()) {
+ if (frame->securityOrigin().isUnique() ||
+ frame->top()->securityOrigin().isUnique()) {
WebPermissionCallbacks permissionCallbacks(callbacks);
permissionCallbacks.doDeny();
return;
@@ -299,10 +302,9 @@ void ContentSettingsObserver::requestFileSystemAccessAsync(
DCHECK(insert_result.second);
Send(new ChromeViewHostMsg_RequestFileSystemAccessAsync(
- routing_id(),
- current_request_id_,
- GURL(frame->document().securityOrigin().toString()),
- GURL(frame->top()->document().securityOrigin().toString())));
+ routing_id(), current_request_id_,
+ GURL(frame->securityOrigin().toString()),
+ GURL(frame->top()->securityOrigin().toString())));
}
bool ContentSettingsObserver::allowImage(bool enabled_per_settings,
@@ -331,15 +333,14 @@ bool ContentSettingsObserver::allowImage(bool enabled_per_settings,
bool ContentSettingsObserver::allowIndexedDB(const WebString& name,
const WebSecurityOrigin& origin) {
WebFrame* frame = render_frame()->GetWebFrame();
- if (frame->document().securityOrigin().isUnique() ||
- frame->top()->document().securityOrigin().isUnique())
+ if (frame->securityOrigin().isUnique() ||
+ frame->top()->securityOrigin().isUnique())
return false;
bool result = false;
Send(new ChromeViewHostMsg_AllowIndexedDB(
- routing_id(), GURL(frame->document().securityOrigin().toString()),
- GURL(frame->top()->document().securityOrigin().toString()),
- name, &result));
+ routing_id(), GURL(frame->securityOrigin().toString()),
+ GURL(frame->top()->securityOrigin().toString()), name, &result));
return result;
}
@@ -397,8 +398,8 @@ bool ContentSettingsObserver::allowScriptFromSource(
bool ContentSettingsObserver::allowStorage(bool local) {
WebFrame* frame = render_frame()->GetWebFrame();
- if (frame->document().securityOrigin().isUnique() ||
- frame->top()->document().securityOrigin().isUnique())
+ if (frame->securityOrigin().isUnique() ||
+ frame->top()->securityOrigin().isUnique())
return false;
bool result = false;
@@ -410,9 +411,8 @@ bool ContentSettingsObserver::allowStorage(bool local) {
return permissions->second;
Send(new ChromeViewHostMsg_AllowDOMStorage(
- routing_id(), GURL(frame->document().securityOrigin().toString()),
- GURL(frame->top()->document().securityOrigin().toString()),
- local, &result));
+ routing_id(), GURL(frame->securityOrigin().toString()),
+ GURL(frame->top()->securityOrigin().toString()), local, &result));
cached_storage_permissions_[key] = result;
return result;
}
« chrome/browser/chrome_site_per_process_browsertest.cc ('K') | « chrome/chrome_tests.gypi ('k') | chrome/test/data/iframe.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698