diff options
| author | japhet@chromium.org <japhet@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-06-04 09:00:39 +0000 |
|---|---|---|
| committer | japhet@chromium.org <japhet@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-06-04 09:00:39 +0000 |
| commit | 8d5cb21f876a51c4fddcb90954e0dd819a09a7a5 (patch) | |
| tree | 0005719b9fbf9fd1757f5d028f557215487d1645 /content/browser/frame_host/navigation_controller_impl.h | |
| parent | ce3651bc735d21ca677642616c454cf2e97797ca (diff) | |
| download | chromium_src-8d5cb21f876a51c4fddcb90954e0dd819a09a7a5.zip chromium_src-8d5cb21f876a51c4fddcb90954e0dd819a09a7a5.tar.gz chromium_src-8d5cb21f876a51c4fddcb90954e0dd819a09a7a5.tar.bz2 | |
Trust the renderer's same-document navigation flag if it is a same-origin nav.
Currently in AreURLsInPageNavigation, we only trust renderer_says_in_page if
the before and after urls are identical. This prevents us from correctly
classifying history.pushState and history.replaceState navigations as in-page.
Navigations via the history API are required to be same-origin, but can differ
by more than just the ref component, so we get the correct behavior without
the renderer process being able to lie about a cross-origin navigation.
BUG=138324
TEST=Added cases to NavigationControllerTest.IsInPageNavigation
Review URL: https://codereview.chromium.org/304763002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@274734 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/browser/frame_host/navigation_controller_impl.h')
| -rw-r--r-- | content/browser/frame_host/navigation_controller_impl.h | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/content/browser/frame_host/navigation_controller_impl.h b/content/browser/frame_host/navigation_controller_impl.h index 7ec82f3..7a06ba66 100644 --- a/content/browser/frame_host/navigation_controller_impl.h +++ b/content/browser/frame_host/navigation_controller_impl.h @@ -159,15 +159,11 @@ class CONTENT_EXPORT NavigationControllerImpl // whether a navigation happened without loading anything, the same URL could // be a reload, while only a different ref would be in-page (pages can't clear // refs without reload, only change to "#" which we don't count as empty). - bool IsURLInPageNavigation(const GURL& url) const { - return IsURLInPageNavigation(url, false, NAVIGATION_TYPE_UNKNOWN); - } - + // // The situation is made murkier by history.replaceState(), which could // provide the same URL as part of an in-page navigation, not a reload. So - // we need this form which lets the (untrustworthy) renderer resolve the - // ambiguity, but only when the URLs are equal. This should be safe since the - // origin isn't changing. + // we need to let the (untrustworthy) renderer resolve the ambiguity, but + // only when the URLs are on the same origin. bool IsURLInPageNavigation( const GURL& url, bool renderer_says_in_page, |