| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/site_isolation_policy.h" | 5 #include "content/child/site_isolation_policy.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
| (...skipping 29 matching lines...) Expand all Loading... |
| 40 const char kAppXml[] = "application/xml"; | 40 const char kAppXml[] = "application/xml"; |
| 41 const char kAppJson[] = "application/json"; | 41 const char kAppJson[] = "application/json"; |
| 42 const char kTextJson[] = "text/json"; | 42 const char kTextJson[] = "text/json"; |
| 43 const char kTextXjson[] = "text/x-json"; | 43 const char kTextXjson[] = "text/x-json"; |
| 44 const char kTextPlain[] = "text/plain"; | 44 const char kTextPlain[] = "text/plain"; |
| 45 | 45 |
| 46 } // anonymous namespace | 46 } // anonymous namespace |
| 47 | 47 |
| 48 SiteIsolationPolicy::ResponseMetaData::ResponseMetaData() {} | 48 SiteIsolationPolicy::ResponseMetaData::ResponseMetaData() {} |
| 49 | 49 |
| 50 // The cross-site document blocking/UMA data collection is deactivated by |
| 51 // default, and only activated in renderer processes. |
| 52 bool SiteIsolationPolicy::g_policy_enabled = false; |
| 53 |
| 54 void SiteIsolationPolicy::SetPolicyEnabled(bool enabled) { |
| 55 g_policy_enabled = enabled; |
| 56 } |
| 57 |
| 50 void SiteIsolationPolicy::OnReceivedResponse( | 58 void SiteIsolationPolicy::OnReceivedResponse( |
| 51 int request_id, | 59 int request_id, |
| 52 GURL& frame_origin, | 60 GURL& frame_origin, |
| 53 GURL& response_url, | 61 GURL& response_url, |
| 54 ResourceType::Type resource_type, | 62 ResourceType::Type resource_type, |
| 63 int origin_pid, |
| 55 const webkit_glue::ResourceResponseInfo& info) { | 64 const webkit_glue::ResourceResponseInfo& info) { |
| 65 if (!g_policy_enabled) |
| 66 return; |
| 67 |
| 68 // if |origin_pid| is non-zero, it means that this response is for a plugin |
| 69 // spawned from this renderer process. We exclude responses for plugins for |
| 70 // now, but eventually, we're going to make plugin processes directly talk to |
| 71 // the browser process so that we don't apply cross-site document blocking to |
| 72 // them. |
| 73 if (origin_pid) |
| 74 return; |
| 75 |
| 56 UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1); | 76 UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1); |
| 57 | 77 |
| 58 // See if this is for navigation. If it is, don't block it, under the | 78 // See if this is for navigation. If it is, don't block it, under the |
| 59 // assumption that we will put it in an appropriate process. | 79 // assumption that we will put it in an appropriate process. |
| 60 if (ResourceType::IsFrame(resource_type)) | 80 if (ResourceType::IsFrame(resource_type)) |
| 61 return; | 81 return; |
| 62 | 82 |
| 63 if (!IsBlockableScheme(response_url)) | 83 if (!IsBlockableScheme(response_url)) |
| 64 return; | 84 return; |
| 65 | 85 |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 149 } else { \ | 169 } else { \ |
| 150 SITE_ISOLATION_POLICY_COUNT_NOTBLOCK(BUCKET_PREFIX) \ | 170 SITE_ISOLATION_POLICY_COUNT_NOTBLOCK(BUCKET_PREFIX) \ |
| 151 } \ | 171 } \ |
| 152 } | 172 } |
| 153 | 173 |
| 154 bool SiteIsolationPolicy::ShouldBlockResponse( | 174 bool SiteIsolationPolicy::ShouldBlockResponse( |
| 155 int request_id, | 175 int request_id, |
| 156 const char* data, | 176 const char* data, |
| 157 int length, | 177 int length, |
| 158 std::string* alternative_data) { | 178 std::string* alternative_data) { |
| 179 if (!g_policy_enabled) |
| 180 return false; |
| 181 |
| 159 RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap(); | 182 RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap(); |
| 160 RequestIdToResultMap* result_map = GetRequestIdToResultMap(); | 183 RequestIdToResultMap* result_map = GetRequestIdToResultMap(); |
| 161 | 184 |
| 162 // If there's an entry for |request_id| in blocked_map, this request's first | 185 // If there's an entry for |request_id| in blocked_map, this request's first |
| 163 // data packet has already been examined. We can return the result here. | 186 // data packet has already been examined. We can return the result here. |
| 164 if (result_map->count(request_id) != 0) { | 187 if (result_map->count(request_id) != 0) { |
| 165 if ((*result_map)[request_id]) { | 188 if ((*result_map)[request_id]) { |
| 166 // Here, the blocking result has been set for the previous run of | 189 // Here, the blocking result has been set for the previous run of |
| 167 // ShouldBlockResponse(), so we set alternative data to an empty string so | 190 // ShouldBlockResponse(), so we set alternative data to an empty string so |
| 168 // that ResourceDispatcher doesn't call its peer's onReceivedData() with | 191 // that ResourceDispatcher doesn't call its peer's onReceivedData() with |
| (...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 263 if (!command_line.HasSwitch(switches::kBlockCrossSiteDocuments)) | 286 if (!command_line.HasSwitch(switches::kBlockCrossSiteDocuments)) |
| 264 result = false; | 287 result = false; |
| 265 (*result_map)[request_id] = result; | 288 (*result_map)[request_id] = result; |
| 266 | 289 |
| 267 if (result) { | 290 if (result) { |
| 268 alternative_data->erase(); | 291 alternative_data->erase(); |
| 269 alternative_data->insert(0, " "); | 292 alternative_data->insert(0, " "); |
| 270 LOG(ERROR) << resp_data.response_url | 293 LOG(ERROR) << resp_data.response_url |
| 271 << " is blocked as an illegal cross-site document from " | 294 << " is blocked as an illegal cross-site document from " |
| 272 << resp_data.frame_origin; | 295 << resp_data.frame_origin; |
| 273 | |
| 274 } | 296 } |
| 275 return result; | 297 return result; |
| 276 } | 298 } |
| 277 | 299 |
| 278 #undef SITE_ISOLATION_POLICY_COUNT_NOTBLOCK | 300 #undef SITE_ISOLATION_POLICY_COUNT_NOTBLOCK |
| 279 #undef SITE_ISOLATION_POLICY_SNIFF_AND_COUNT | 301 #undef SITE_ISOLATION_POLICY_SNIFF_AND_COUNT |
| 280 #undef SITE_ISOLATION_POLICY_COUNT_BLOCK | 302 #undef SITE_ISOLATION_POLICY_COUNT_BLOCK |
| 281 | 303 |
| 282 void SiteIsolationPolicy::OnRequestComplete(int request_id) { | 304 void SiteIsolationPolicy::OnRequestComplete(int request_id) { |
| 305 if (!g_policy_enabled) |
| 306 return; |
| 283 RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap(); | 307 RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap(); |
| 284 RequestIdToResultMap* result_map = GetRequestIdToResultMap(); | 308 RequestIdToResultMap* result_map = GetRequestIdToResultMap(); |
| 285 metadata_map->erase(request_id); | 309 metadata_map->erase(request_id); |
| 286 result_map->erase(request_id); | 310 result_map->erase(request_id); |
| 287 } | 311 } |
| 288 | 312 |
| 289 SiteIsolationPolicy::ResponseMetaData::CanonicalMimeType | 313 SiteIsolationPolicy::ResponseMetaData::CanonicalMimeType |
| 290 SiteIsolationPolicy::GetCanonicalMimeType(const std::string& mime_type) { | 314 SiteIsolationPolicy::GetCanonicalMimeType(const std::string& mime_type) { |
| 291 if (LowerCaseEqualsASCII(mime_type, kTextHtml)) { | 315 if (LowerCaseEqualsASCII(mime_type, kTextHtml)) { |
| 292 return SiteIsolationPolicy::ResponseMetaData::HTML; | 316 return SiteIsolationPolicy::ResponseMetaData::HTML; |
| (...skipping 259 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 552 return &metadata_map_; | 576 return &metadata_map_; |
| 553 } | 577 } |
| 554 | 578 |
| 555 SiteIsolationPolicy::RequestIdToResultMap* | 579 SiteIsolationPolicy::RequestIdToResultMap* |
| 556 SiteIsolationPolicy::GetRequestIdToResultMap() { | 580 SiteIsolationPolicy::GetRequestIdToResultMap() { |
| 557 CR_DEFINE_STATIC_LOCAL(RequestIdToResultMap, result_map_, ()); | 581 CR_DEFINE_STATIC_LOCAL(RequestIdToResultMap, result_map_, ()); |
| 558 return &result_map_; | 582 return &result_map_; |
| 559 } | 583 } |
| 560 | 584 |
| 561 } // namespace content | 585 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 23842002:
Whitelisting exts and plugins from cross-site document blocking (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@lkgr