diff options
| author | dcheng <dcheng@chromium.org> | 2016-03-01 11:15:51 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-03-01 19:17:50 +0000 |
| commit | 9e24bd35f58fff1562b0784be8ab2e612ece6408 (patch) | |
| tree | 981bb6a7b8e8a68ce34ce9232b461ad4fa8f8a6b /extensions/renderer | |
| parent | 372f7658f370076484322aed8e15756cea64ee53 (diff) | |
| download | chromium_src-9e24bd35f58fff1562b0784be8ab2e612ece6408.zip chromium_src-9e24bd35f58fff1562b0784be8ab2e612ece6408.tar.gz chromium_src-9e24bd35f58fff1562b0784be8ab2e612ece6408.tar.bz2 | |
Plumb the correct owner document through DocumentInit::m_owner.
The current code tries to determine the security origin to inherit (if
any) too late in document initialization. This results in strange and
hard to understand behavior.
For example, opener is not set until /after/ the document's security
context is already initialized. To make this work, initSecurityContext()
has a heuristic: if it should have inherited a security origin (e.g. the
URL is about:blank) but there's nothing to inherit from, it initializes
the security origin as unique, but then marks initialization as failed.
When the opener is /actually/ set, it then calls initSecurityContext()
again. Since the security context hasn't been marked as initialized yet,
the reinitialization is allowed to proceed, and now the frame inherits
its opener's security origin.
Rather than going through this elaborate dance, this CL gets rid of it
and proactively plumbs through the correct owner document to use. With
these changes:
- A security context can never be reinitialized. This requires passing
the opener around when creating new windows, so that DocumentLoader
can initialize the owner document correctly.
- javascript: URLs have different inheritance rules: the loading
machinery can now just directly pass in the correct owner document.
- The exception for reusing a Window object when navigating from the
initial empty Document has been removed: now it strictly follows the
spec and reuses it iff it is same-origin to the new Document.
BUG=583445
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
Review URL: https://codereview.chromium.org/1685003002
Cr-Commit-Position: refs/heads/master@{#378508}
Diffstat (limited to 'extensions/renderer')
| -rw-r--r-- | extensions/renderer/app_window_custom_bindings.cc | 14 |
1 files changed, 1 insertions, 13 deletions
diff --git a/extensions/renderer/app_window_custom_bindings.cc b/extensions/renderer/app_window_custom_bindings.cc index 02df633..492731d 100644 --- a/extensions/renderer/app_window_custom_bindings.cc +++ b/extensions/renderer/app_window_custom_bindings.cc @@ -51,25 +51,13 @@ void AppWindowCustomBindings::GetFrame( if (!app_frame) return; - // TODO(jeremya): it doesn't really make sense to set the opener here, but we - // need to make sure the security origin is set up before returning the DOM - // reference. A better way to do this would be to have the browser pass the - // opener through so opener_id is set in RenderViewImpl's constructor. - content::RenderFrame* context_render_frame = context()->GetRenderFrame(); - if (!context_render_frame) - return; - - blink::WebFrame* opener = context_render_frame->GetWebFrame(); - blink::WebLocalFrame* app_web_frame = app_frame->GetWebFrame(); - app_web_frame->setOpener(opener); - if (notify_browser) { content::RenderThread::Get()->Send(new ExtensionHostMsg_AppWindowReady( app_frame->GetRenderView()->GetRoutingID())); } v8::Local<v8::Value> window = - app_web_frame->mainWorldScriptContext()->Global(); + app_frame->GetWebFrame()->mainWorldScriptContext()->Global(); args.GetReturnValue().Set(window); } |