summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpfeldman@chromium.org <pfeldman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-02-16 17:35:08 +0000
committerpfeldman@chromium.org <pfeldman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-02-16 17:35:08 +0000
commit8bee5319d180acb92e62fc62603e873524138bca (patch)
tree515789382285d29a94e6044d38ab3b41b3508270
parent18a882124d9eeb104cf61bde34701efeeb8e813f (diff)
downloadchromium_src-8bee5319d180acb92e62fc62603e873524138bca.zip
chromium_src-8bee5319d180acb92e62fc62603e873524138bca.tar.gz
chromium_src-8bee5319d180acb92e62fc62603e873524138bca.tar.bz2
Add restriction to ViewHostMsg_GetRawCookies to block access from untrusted renderers.
BUG=35575 Review URL: http://codereview.chromium.org/600137 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39100 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat
-rw-r--r--chrome/browser/renderer_host/resource_message_filter.cc9
1 files changed, 9 insertions, 0 deletions
diff --git a/chrome/browser/renderer_host/resource_message_filter.cc b/chrome/browser/renderer_host/resource_message_filter.cc
index 259ed1f..bb57e60 100644
--- a/chrome/browser/renderer_host/resource_message_filter.cc
+++ b/chrome/browser/renderer_host/resource_message_filter.cc
@@ -632,6 +632,15 @@ void ResourceMessageFilter::OnGetRawCookies(
const GURL& url,
const GURL& first_party_for_cookies,
IPC::Message* reply_msg) {
+ // Only return raw cookies to trusted renderers.
+ if (!ChildProcessSecurityPolicy::GetInstance()->CanReadRawCookies(id())) {
+ ViewHostMsg_GetRawCookies::WriteReplyParams(
+ reply_msg,
+ std::vector<webkit_glue::WebCookie>());
+ Send(reply_msg);
+ return;
+ }
+
URLRequestContext* context = GetRequestContextForURL(url);
GetRawCookiesCompletion* callback =
generated by cgit v1.1 at 2025-03-01 12:32:47 +0000