diff options
author | dcheng <dcheng@chromium.org> | 2016-03-01 11:15:51 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-03-01 19:17:50 +0000 |
commit | 9e24bd35f58fff1562b0784be8ab2e612ece6408 (patch) | |
tree | 981bb6a7b8e8a68ce34ce9232b461ad4fa8f8a6b /extensions/browser/app_window | |
parent | 372f7658f370076484322aed8e15756cea64ee53 (diff) | |
download | chromium_src-9e24bd35f58fff1562b0784be8ab2e612ece6408.zip chromium_src-9e24bd35f58fff1562b0784be8ab2e612ece6408.tar.gz chromium_src-9e24bd35f58fff1562b0784be8ab2e612ece6408.tar.bz2 |
Plumb the correct owner document through DocumentInit::m_owner.
The current code tries to determine the security origin to inherit (if
any) too late in document initialization. This results in strange and
hard to understand behavior.
For example, opener is not set until /after/ the document's security
context is already initialized. To make this work, initSecurityContext()
has a heuristic: if it should have inherited a security origin (e.g. the
URL is about:blank) but there's nothing to inherit from, it initializes
the security origin as unique, but then marks initialization as failed.
When the opener is /actually/ set, it then calls initSecurityContext()
again. Since the security context hasn't been marked as initialized yet,
the reinitialization is allowed to proceed, and now the frame inherits
its opener's security origin.
Rather than going through this elaborate dance, this CL gets rid of it
and proactively plumbs through the correct owner document to use. With
these changes:
- A security context can never be reinitialized. This requires passing
the opener around when creating new windows, so that DocumentLoader
can initialize the owner document correctly.
- javascript: URLs have different inheritance rules: the loading
machinery can now just directly pass in the correct owner document.
- The exception for reusing a Window object when navigating from the
initial empty Document has been removed: now it strictly follows the
spec and reuses it iff it is same-origin to the new Document.
BUG=583445
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
Review URL: https://codereview.chromium.org/1685003002
Cr-Commit-Position: refs/heads/master@{#378508}
Diffstat (limited to 'extensions/browser/app_window')
6 files changed, 19 insertions, 8 deletions
diff --git a/extensions/browser/app_window/app_window.cc b/extensions/browser/app_window/app_window.cc index 0c0a45b..7294d6f 100644 --- a/extensions/browser/app_window/app_window.cc +++ b/extensions/browser/app_window/app_window.cc @@ -261,10 +261,11 @@ AppWindow::AppWindow(BrowserContext* context, void AppWindow::Init(const GURL& url, AppWindowContents* app_window_contents, + content::RenderFrameHost* creator_frame, const CreateParams& params) { // Initialize the render interface and web contents app_window_contents_.reset(app_window_contents); - app_window_contents_->Initialize(browser_context(), url); + app_window_contents_->Initialize(browser_context(), creator_frame, url); initial_url_ = url; diff --git a/extensions/browser/app_window/app_window.h b/extensions/browser/app_window/app_window.h index 6917c4d..e41575d 100644 --- a/extensions/browser/app_window/app_window.h +++ b/extensions/browser/app_window/app_window.h @@ -34,6 +34,7 @@ class DictionaryValue; namespace content { class BrowserContext; +class RenderFrameHost; class WebContents; } @@ -58,6 +59,7 @@ class AppWindowContents { // Called to initialize the WebContents, before the app window is created. virtual void Initialize(content::BrowserContext* context, + content::RenderFrameHost* creator_frame, const GURL& url) = 0; // Called to load the contents, after the app window is created. @@ -219,6 +221,7 @@ class AppWindow : public content::WebContentsDelegate, // |app_window_contents| will become owned by AppWindow. void Init(const GURL& url, AppWindowContents* app_window_contents, + content::RenderFrameHost* creator_frame, const CreateParams& params); const std::string& window_key() const { return window_key_; } diff --git a/extensions/browser/app_window/app_window_contents.cc b/extensions/browser/app_window/app_window_contents.cc index 7f1a7a1..3cb0cb8 100644 --- a/extensions/browser/app_window/app_window_contents.cc +++ b/extensions/browser/app_window/app_window_contents.cc @@ -27,12 +27,15 @@ AppWindowContentsImpl::AppWindowContentsImpl(AppWindow* host) AppWindowContentsImpl::~AppWindowContentsImpl() {} void AppWindowContentsImpl::Initialize(content::BrowserContext* context, + content::RenderFrameHost* creator_frame, const GURL& url) { url_ = url; - web_contents_.reset( - content::WebContents::Create(content::WebContents::CreateParams( - context, content::SiteInstance::CreateForURL(context, url_)))); + content::WebContents::CreateParams create_params( + context, creator_frame->GetSiteInstance()); + create_params.opener_render_process_id = creator_frame->GetProcess()->GetID(); + create_params.opener_render_frame_id = creator_frame->GetRoutingID(); + web_contents_.reset(content::WebContents::Create(create_params)); Observe(web_contents_.get()); web_contents_->GetMutableRendererPrefs()-> diff --git a/extensions/browser/app_window/app_window_contents.h b/extensions/browser/app_window/app_window_contents.h index 37a4027..732197c 100644 --- a/extensions/browser/app_window/app_window_contents.h +++ b/extensions/browser/app_window/app_window_contents.h @@ -32,7 +32,9 @@ class AppWindowContentsImpl : public AppWindowContents, ~AppWindowContentsImpl() override; // AppWindowContents - void Initialize(content::BrowserContext* context, const GURL& url) override; + void Initialize(content::BrowserContext* context, + content::RenderFrameHost* creator_frame, + const GURL& url) override; void LoadContents(int32_t creator_process_id) override; void NativeWindowChanged(NativeAppWindow* native_app_window) override; void NativeWindowClosed() override; diff --git a/extensions/browser/app_window/test_app_window_contents.cc b/extensions/browser/app_window/test_app_window_contents.cc index 8d3f227..5613a20 100644 --- a/extensions/browser/app_window/test_app_window_contents.cc +++ b/extensions/browser/app_window/test_app_window_contents.cc @@ -16,8 +16,8 @@ TestAppWindowContents::~TestAppWindowContents() { } void TestAppWindowContents::Initialize(content::BrowserContext* context, - const GURL& url) { -} + content::RenderFrameHost* creator_frame, + const GURL& url) {} void TestAppWindowContents::LoadContents(int32_t creator_process_id) {} diff --git a/extensions/browser/app_window/test_app_window_contents.h b/extensions/browser/app_window/test_app_window_contents.h index f93b682..c118fe6 100644 --- a/extensions/browser/app_window/test_app_window_contents.h +++ b/extensions/browser/app_window/test_app_window_contents.h @@ -24,7 +24,9 @@ class TestAppWindowContents : public AppWindowContents { ~TestAppWindowContents() override; // apps:AppWindowContents: - void Initialize(content::BrowserContext* context, const GURL& url) override; + void Initialize(content::BrowserContext* context, + content::RenderFrameHost* creator_frame, + const GURL& url) override; void LoadContents(int32_t creator_process_id) override; void NativeWindowChanged(NativeAppWindow* native_app_window) override; void NativeWindowClosed() override; |