diff options
| author | creis@google.com <creis@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-26 00:16:51 +0000 |
|---|---|---|
| committer | creis@google.com <creis@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-26 00:16:51 +0000 |
| commit | 6705b23f96dc6953abe9911907a8d25d924e5e7f (patch) | |
| tree | 01d12f8da8fabc7d541e90fa5a27b8bbe77cc825 /chrome/browser/site_instance.cc | |
| parent | 8a304074522d7c710298bb24ae55fb4a60143ba6 (diff) | |
| download | chromium_src-6705b23f96dc6953abe9911907a8d25d924e5e7f.zip chromium_src-6705b23f96dc6953abe9911907a8d25d924e5e7f.tar.gz chromium_src-6705b23f96dc6953abe9911907a8d25d924e5e7f.tar.bz2 | |
Don't create separate SiteInstances for pages from the same domain and scheme
but from different ports. (These pages can still access each other.)
(This is copied from http://codereview.chromium.org/12443, which has already
been reviewed by darin and abarth. Just had to commit from a different
checked out codebase.)
BUG=4792
R=darin,abarth
Review URL: http://codereview.chromium.org/12451
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@6014 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/site_instance.cc')
| -rw-r--r-- | chrome/browser/site_instance.cc | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/chrome/browser/site_instance.cc b/chrome/browser/site_instance.cc index a42c790..63517d8 100644 --- a/chrome/browser/site_instance.cc +++ b/chrome/browser/site_instance.cc @@ -85,9 +85,17 @@ GURL SiteInstance::GetSiteForURL(const GURL& url) { // If the url has a host, then determine the site. if (url.has_host()) { - // Only keep the scheme, registered domain, and port as given by GetOrigin. + // Only keep the scheme and registered domain as given by GetOrigin. This + // may also include a port, which we need to drop. site = url.GetOrigin(); + // Remove port, if any. + if (site.has_port()) { + GURL::Replacements rep; + rep.ClearPort(); + site = site.ReplaceComponents(rep); + } + // If this URL has a registered domain, we only want to remember that part. std::string domain = net::RegistryControlledDomainService::GetDomainAndRegistry(url); @@ -103,7 +111,9 @@ GURL SiteInstance::GetSiteForURL(const GURL& url) { /*static*/ bool SiteInstance::IsSameWebSite(const GURL& url1, const GURL& url2) { // We infer web site boundaries based on the registered domain name of the - // top-level page, as well as the scheme and the port. + // top-level page and the scheme. We do not pay attention to the port if + // one is present, because pages served from different ports can still + // access each other if they change their document.domain variable. // We must treat javascript: URLs as part of the same site, regardless of // the site. @@ -125,8 +135,8 @@ bool SiteInstance::IsSameWebSite(const GURL& url1, const GURL& url2) { return false; } - // If the scheme or port differ, they aren't part of the same site. - if (url1.scheme() != url2.scheme() || url1.port() != url2.port()) { + // If the schemes differ, they aren't part of the same site. + if (url1.scheme() != url2.scheme()) { return false; } |