diff options
| author | Michael BrĂ¼ning <michael.bruning@qt.io> | 2019-12-04 13:24:23 +0100 |
|---|---|---|
| committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2019-12-05 13:24:35 +0000 |
| commit | d62c0b33564162e62506adfe519700a11e7d5628 (patch) | |
| tree | 5cbe5270cc3ecc970b2f968c136b0d8d40aec32d | |
| parent | e76f8b22419403db7ab4bb43cc6c165c11088484 (diff) | |
| download | qtwebengine-chromium-d62c0b33564162e62506adfe519700a11e7d5628.tar.gz | |
[Backport] CVE-2019-13692
Manual backport.
Require dedicated process for all WebUI schemes.
This changes SiteInstanceImpl::DoesSiteURLRequireDedicatedProcess() to
return true for all WebUI schemes instead of just singling out the
chrome: scheme. This ensures that these URLs get placed in dedicated
processes even if site isolation is disabled.
(cherry picked from commit 7be7426134cc4978a253f3be6dcdbf77ee25702f)
Bug: 991153,991888
Cr-Branched-From: 0cdcc6158160790658d1f033d3db873603250124-refs/heads/master@{#681094}
Change-Id: I9862363c6bb7d78957819f5dfd89e37e8cb489d3
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| -rw-r--r-- | chromium/content/browser/site_instance_impl.cc | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/chromium/content/browser/site_instance_impl.cc b/chromium/content/browser/site_instance_impl.cc index 7980783a7d3..23224d0acfb 100644 --- a/chromium/content/browser/site_instance_impl.cc +++ b/chromium/content/browser/site_instance_impl.cc @@ -379,10 +379,18 @@ bool SiteInstanceImpl::DoesSiteRequireDedicatedProcess( if (SiteIsolationPolicy::UseDedicatedProcessesForAllSites()) return true; + GURL site_url = GetSiteForURL(browser_context, url); + std::vector<std::string> additional_webui_schemes; + additional_webui_schemes.push_back(kChromeUIScheme); + GetContentClient()->browser()->GetAdditionalWebUISchemes(&additional_webui_schemes); + for (const auto& webui_scheme : additional_webui_schemes) { + if (site_url.SchemeIs(webui_scheme)) + return true; + } + // Let the content embedder enable site isolation for specific URLs. Use the // canonical site url for this check, so that schemes with nested origins // (blob and filesystem) work properly. - GURL site_url = GetSiteForURL(browser_context, url); if (GetContentClient()->IsSupplementarySiteIsolationModeEnabled() && GetContentClient()->browser()->DoesSiteRequireDedicatedProcess( browser_context, site_url)) { |