diff options
| author | tsepez@chromium.org <tsepez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-13 16:45:12 +0000 |
|---|---|---|
| committer | tsepez@chromium.org <tsepez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-13 16:45:12 +0000 |
| commit | 2fb95db2941727bb10a6eedaee3a1bef0af00a1c (patch) | |
| tree | db6ada547274d0ccb5a571ced56f6283d97f5f05 /content/browser | |
| parent | 6a8f51186bb732bbeb40ef39eb87fb2ba7d882bb (diff) | |
| download | chromium_src-2fb95db2941727bb10a6eedaee3a1bef0af00a1c.zip chromium_src-2fb95db2941727bb10a6eedaee3a1bef0af00a1c.tar.gz chromium_src-2fb95db2941727bb10a6eedaee3a1bef0af00a1c.tar.bz2 | |
Block HTTP basic auth from cross-orgin third-party content.
BUG=81251
TEST=browser_tests
Review URL: http://codereview.chromium.org/6918001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@85281 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/browser')
| -rw-r--r-- | content/browser/renderer_host/resource_dispatcher_host.cc | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/content/browser/renderer_host/resource_dispatcher_host.cc b/content/browser/renderer_host/resource_dispatcher_host.cc index fac9a705..aeee6e6 100644 --- a/content/browser/renderer_host/resource_dispatcher_host.cc +++ b/content/browser/renderer_host/resource_dispatcher_host.cc @@ -68,6 +68,7 @@ #include "net/base/load_flags.h" #include "net/base/mime_util.h" #include "net/base/net_errors.h" +#include "net/base/registry_controlled_domain.h" #include "net/base/request_priority.h" #include "net/base/ssl_cert_request_info.h" #include "net/base/upload_data.h" @@ -236,6 +237,32 @@ void RemoveDownloadFileFromChildSecurityPolicy(int child_id, #pragma warning(default: 4748) #endif +// Relationship of resource being authenticated with the top level page. +enum HttpAuthResourceType { + HTTP_AUTH_RESOURCE_TOP, // Top-level page itself + HTTP_AUTH_RESOURCE_SAME_DOMAIN, // Sub-content from same domain + HTTP_AUTH_RESOURCE_BLOCKED_CROSS, // Blocked Sub-content from cross domain + HTTP_AUTH_RESOURCE_ALLOWED_CROSS, // Allowed Sub-content per command line + HTTP_AUTH_RESOURCE_LAST +}; + +HttpAuthResourceType HttpAuthResourceTypeOf(net::URLRequest* request) { + // Use the same critera as for cookies to determine the sub-resource type + // that is requesting to be authenticated. + if (!request->first_party_for_cookies().is_valid()) + return HTTP_AUTH_RESOURCE_TOP; + + if (net::RegistryControlledDomainService::SameDomainOrHost( + request->first_party_for_cookies(), request->url())) + return HTTP_AUTH_RESOURCE_SAME_DOMAIN; + + if (CommandLine::ForCurrentProcess()->HasSwitch( + switches::kAllowCrossOriginAuthPrompt)) + return HTTP_AUTH_RESOURCE_ALLOWED_CROSS; + + return HTTP_AUTH_RESOURCE_BLOCKED_CROSS; +} + } // namespace ResourceDispatcherHost::ResourceDispatcherHost( @@ -1089,6 +1116,23 @@ void ResourceDispatcherHost::OnAuthRequired( request->CancelAuth(); return; } + + // Prevent third-party content from prompting for login, unless it is + // a proxy that is trying to authenticate. This is often the foundation + // of a scam to extract credentials for another domain from the user. + if (!auth_info->is_proxy) { + HttpAuthResourceType resource_type = HttpAuthResourceTypeOf(request); + UMA_HISTOGRAM_ENUMERATION("Net.HttpAuthResource", + resource_type, + HTTP_AUTH_RESOURCE_LAST); + + if (resource_type == HTTP_AUTH_RESOURCE_BLOCKED_CROSS) { + request->CancelAuth(); + return; + } + } + + // Create a login dialog on the UI thread to get authentication data, // or pull from cache and continue on the IO thread. // TODO(mpcomplete): We should block the parent tab while waiting for |