diff options
| author | darin@chromium.org <darin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-03-27 18:42:21 +0000 |
|---|---|---|
| committer | darin@chromium.org <darin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-03-27 18:42:21 +0000 |
| commit | 5b0ae24406c5cf0e587b05592256629e5aae31f2 (patch) | |
| tree | e4329e9467359c593bfe3898141be19a2b2d4796 | |
| parent | d538c88b79c25e77f1449091238a7065bf2bf6a8 (diff) | |
| download | chromium_src-5b0ae24406c5cf0e587b05592256629e5aae31f2.zip chromium_src-5b0ae24406c5cf0e587b05592256629e5aae31f2.tar.gz chromium_src-5b0ae24406c5cf0e587b05592256629e5aae31f2.tar.bz2 | |
Fix renderer hang caused when a synchronous XHR is disallowed for security
reasons (via ShouldServiceReqeuest).
BUG=8401
R=jam
Review URL: http://codereview.chromium.org/56016
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12675 0039d316-1c4b-4281-b951-d872f2087c98
5 files changed, 68 insertions, 8 deletions
diff --git a/chrome/browser/renderer_host/resource_dispatcher_host.cc b/chrome/browser/renderer_host/resource_dispatcher_host.cc index da28df4..998850d5 100644 --- a/chrome/browser/renderer_host/resource_dispatcher_host.cc +++ b/chrome/browser/renderer_host/resource_dispatcher_host.cc @@ -274,13 +274,21 @@ void ResourceDispatcherHost::BeginRequest( if (is_shutdown_ || !ShouldServiceRequest(process_type, process_id, request_data)) { - // Tell the renderer that this request was disallowed. - receiver_->Send(new ViewMsg_Resource_RequestComplete( - route_id, - request_id, - URLRequestStatus(URLRequestStatus::FAILED, net::ERR_ABORTED), - std::string())); // No security info needed, connection was not - // established. + URLRequestStatus status(URLRequestStatus::FAILED, net::ERR_ABORTED); + if (sync_result) { + SyncLoadResult result; + result.status = status; + ViewHostMsg_SyncLoad::WriteReplyParams(sync_result, result); + receiver_->Send(sync_result); + } else { + // Tell the renderer that this request was disallowed. + receiver_->Send(new ViewMsg_Resource_RequestComplete( + route_id, + request_id, + status, + std::string())); // No security info needed, connection was not + // established. + } return; } diff --git a/chrome/browser/renderer_host/resource_dispatcher_host_uitest.cc b/chrome/browser/renderer_host/resource_dispatcher_host_uitest.cc index dce2e1d..d44080f 100644 --- a/chrome/browser/renderer_host/resource_dispatcher_host_uitest.cc +++ b/chrome/browser/renderer_host/resource_dispatcher_host_uitest.cc @@ -107,10 +107,30 @@ TEST_F(ResourceDispatcherTest, SyncXMLHttpRequest) { EXPECT_TRUE(success); } +TEST_F(ResourceDispatcherTest, SyncXMLHttpRequest_Disallowed) { + const wchar_t kDocRoot[] = L"chrome/test/data"; + scoped_refptr<HTTPTestServer> server = + HTTPTestServer::CreateServer(kDocRoot, NULL); + ASSERT_TRUE(NULL != server.get()); + + scoped_ptr<BrowserProxy> browser_proxy(automation()->GetBrowserWindow(0)); + EXPECT_TRUE(browser_proxy.get()); + scoped_ptr<TabProxy> tab(browser_proxy->GetActiveTab()); + tab->NavigateToURL(server->TestServerPageW( + L"files/sync_xmlhttprequest_disallowed.html")); + + // Let's check the XMLHttpRequest ran successfully. + bool success = false; + EXPECT_TRUE(tab->ExecuteAndExtractBool(L"", + L"window.domAutomationController.send(DidSucceed());", + &success)); + EXPECT_TRUE(success); +} + // Test for bug #1159553 -- A synchronous xhr (whose content-type is // downloadable) would trigger download and hang the renderer process, // if executed while navigating to a new page. -TEST_F(ResourceDispatcherTest, SyncXMLHttpRequestDuringUnload) { +TEST_F(ResourceDispatcherTest, SyncXMLHttpRequest_DuringUnload) { const wchar_t kDocRoot[] = L"chrome/test/data"; scoped_refptr<HTTPTestServer> server = HTTPTestServer::CreateServer(kDocRoot, NULL); diff --git a/chrome/browser/renderer_host/resource_handler.h b/chrome/browser/renderer_host/resource_handler.h index 2b843f9..df1b8a6 100644 --- a/chrome/browser/renderer_host/resource_handler.h +++ b/chrome/browser/renderer_host/resource_handler.h @@ -25,6 +25,8 @@ class IOBuffer; // Parameters for a resource response header. struct ResourceResponseHead : webkit_glue::ResourceLoaderBridge::ResponseInfo { + ResourceResponseHead() : filter_policy(FilterPolicy::DONT_FILTER) {} + // The response status. URLRequestStatus status; diff --git a/chrome/test/data/sync_xmlhttprequest_disallowed.html b/chrome/test/data/sync_xmlhttprequest_disallowed.html new file mode 100644 index 0000000..130533f --- /dev/null +++ b/chrome/test/data/sync_xmlhttprequest_disallowed.html @@ -0,0 +1,29 @@ +<html> +<head> +<script> +var success = false; + +function OnLoad() { + try { + var request = new XMLHttpRequest(); + request.open("GET", "file:///c:/foo.txt", false); + request.send(null); + } catch (e) { + success = true; + } + document.getElementById("console").appendChild( + document.createTextNode(success ? "SUCCESS" : "FAILURE")); +} + +function DidSucceed() { + return success; +} + +</script> +</head> +<body onload="OnLoad();"> +This page sends a synchronous XMLHttpRequest to fetch a local file, which +should not be allowed. +<div id="console"></div> +</body> +</html> diff --git a/webkit/glue/resource_loader_bridge.cc b/webkit/glue/resource_loader_bridge.cc index 266b518..882f892 100644 --- a/webkit/glue/resource_loader_bridge.cc +++ b/webkit/glue/resource_loader_bridge.cc @@ -12,6 +12,7 @@ namespace webkit_glue { ResourceLoaderBridge::ResponseInfo::ResponseInfo() { + content_length = -1; #if defined(OS_WIN) response_data_file = base::kInvalidPlatformFileValue; #elif defined(OS_POSIX) |