diff options
| -rw-r--r-- | chrome/browser/chrome_content_browser_client.cc | 10 | ||||
| -rw-r--r-- | content/browser/renderer_host/browser_render_process_host.cc | 1 | ||||
| -rw-r--r-- | content/public/common/content_switches.cc | 4 | ||||
| -rw-r--r-- | content/public/common/content_switches.h | 1 | ||||
| -rw-r--r-- | content/renderer/render_view_impl.cc | 13 |
5 files changed, 29 insertions, 0 deletions
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc index 80720469..9789afd 100644 --- a/chrome/browser/chrome_content_browser_client.cc +++ b/chrome/browser/chrome_content_browser_client.cc @@ -354,6 +354,16 @@ bool ChromeContentBrowserClient::IsSuitableHost( if (!extension_process_manager || !service) return true; + // Experimental: + // If --enable-strict-site-isolation is enabled, do not allow non-WebUI pages + // to share a renderer process. (We could allow pages from the same site or + // extensions of the same type to share, if we knew what the given process + // was dedicated to. Allowing no sharing is simpler for now.) This may + // cause resource exhaustion issues if too many sites are open at once. + const CommandLine& command_line = *CommandLine::ForCurrentProcess(); + if (command_line.HasSwitch(switches::kEnableStrictSiteIsolation)) + return false; + return GetProcessPrivilege(process_host, extension_process_manager) == GetPrivilegeRequiredByUrl(site_url, service); } diff --git a/content/browser/renderer_host/browser_render_process_host.cc b/content/browser/renderer_host/browser_render_process_host.cc index f9c79fc..645b5d5 100644 --- a/content/browser/renderer_host/browser_render_process_host.cc +++ b/content/browser/renderer_host/browser_render_process_host.cc @@ -572,6 +572,7 @@ void BrowserRenderProcessHost::PropagateBrowserCommandLineToRenderer( switches::kEnableGPUClientLogging, switches::kEnableLogging, switches::kEnableMediaStream, + switches::kEnableStrictSiteIsolation, switches::kDisableFullScreen, switches::kEnablePepperTesting, #if defined(OS_MACOSX) diff --git a/content/public/common/content_switches.cc b/content/public/common/content_switches.cc index dccdfe1..ba5e9b5 100644 --- a/content/public/common/content_switches.cc +++ b/content/public/common/content_switches.cc @@ -232,6 +232,10 @@ const char kEnableSeccompSandbox[] = "enable-seccomp-sandbox"; // Enables StatsTable, logging statistics to a global named shared memory table. const char kEnableStatsTable[] = "enable-stats-table"; +// Experimentally ensure each renderer process has pages from only one site. +// This is expected to break compatibility with many pages for now. +const char kEnableStrictSiteIsolation[] = "enable-strict-site-isolation"; + // Enable multithreaded GPU compositing of web content. const char kEnableThreadedCompositing[] = "enable-threaded-compositing"; diff --git a/content/public/common/content_switches.h b/content/public/common/content_switches.h index 1b6fdf9..4167faa 100644 --- a/content/public/common/content_switches.h +++ b/content/public/common/content_switches.h @@ -81,6 +81,7 @@ extern const char kEnableSSLCachedInfo[]; extern const char kEnableSandboxLogging[]; extern const char kEnableSeccompSandbox[]; CONTENT_EXPORT extern const char kEnableStatsTable[]; +extern const char kEnableStrictSiteIsolation[]; CONTENT_EXPORT extern const char kEnableThreadedCompositing[]; CONTENT_EXPORT extern const char kEnableTcpFastOpen[]; extern const char kEnableVideoFullscreen[]; diff --git a/content/renderer/render_view_impl.cc b/content/renderer/render_view_impl.cc index 083dd0b..a0840fbc7 100644 --- a/content/renderer/render_view_impl.cc +++ b/content/renderer/render_view_impl.cc @@ -2019,6 +2019,19 @@ WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation( NavigationState::FromDataSource(frame->provisionalDataSource())-> is_content_initiated(); + // Experimental: + // If --enable-strict-site-isolation is enabled, send all top-level + // navigations to the browser to let it swap processes when crossing site + // boundaries. This is currently expected to break some script calls and + // navigations, such as form submissions. + const CommandLine& command_line = *CommandLine::ForCurrentProcess(); + if (!frame->parent() && (is_content_initiated || is_redirect) && + command_line.HasSwitch(switches::kEnableStrictSiteIsolation)) { + GURL referrer(request.httpHeaderField(WebString::fromUTF8("Referer"))); + OpenURL(frame, url, referrer, default_policy); + return WebKit::WebNavigationPolicyIgnore; + } + // If the browser is interested, then give it a chance to look at top level // navigations. if (is_content_initiated && |