diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-01-20 13:40:20 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-01-22 12:41:23 +0000 |
commit | 7961cea6d1041e3e454dae6a1da660b453efd238 (patch) | |
tree | c0eeb4a9ff9ba32986289c1653d9608e53ccb444 /chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc | |
parent | b7034d0803538058e5c9d904ef03cf5eab34f6ef (diff) | |
download | qtwebengine-chromium-7961cea6d1041e3e454dae6a1da660b453efd238.tar.gz |
BASELINE: Update Chromium to 78.0.3904.130
Change-Id: If185e0c0061b3437531c97c9c8c78f239352a68b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc')
-rw-r--r-- | chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc | 54 |
1 files changed, 52 insertions, 2 deletions
diff --git a/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc b/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc index 006236a5916..52be887a34e 100644 --- a/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc +++ b/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc @@ -159,7 +159,8 @@ SecurityOrigin::SecurityOrigin(const url::Origin::Nonce& nonce, const SecurityOrigin* precursor) : nonce_if_opaque_(nonce), precursor_origin_(precursor) {} -SecurityOrigin::SecurityOrigin(const SecurityOrigin* other) +SecurityOrigin::SecurityOrigin(const SecurityOrigin* other, + ConstructIsolatedCopy) : protocol_(other->protocol_.IsolatedCopy()), host_(other->host_.IsolatedCopy()), domain_(other->domain_.IsolatedCopy()), @@ -173,10 +174,31 @@ SecurityOrigin::SecurityOrigin(const SecurityOrigin* other) other->block_local_access_from_local_origin_), is_opaque_origin_potentially_trustworthy_( other->is_opaque_origin_potentially_trustworthy_), + cross_agent_cluster_access_(other->cross_agent_cluster_access_), + agent_cluster_id_(other->agent_cluster_id_), precursor_origin_(other->precursor_origin_ ? other->precursor_origin_->IsolatedCopy() : nullptr) {} +SecurityOrigin::SecurityOrigin(const SecurityOrigin* other, + ConstructSameThreadCopy) + : protocol_(other->protocol_), + host_(other->host_), + domain_(other->domain_), + port_(other->port_), + effective_port_(other->effective_port_), + nonce_if_opaque_(other->nonce_if_opaque_), + universal_access_(other->universal_access_), + domain_was_set_in_dom_(other->domain_was_set_in_dom_), + can_load_local_resources_(other->can_load_local_resources_), + block_local_access_from_local_origin_( + other->block_local_access_from_local_origin_), + is_opaque_origin_potentially_trustworthy_( + other->is_opaque_origin_potentially_trustworthy_), + cross_agent_cluster_access_(other->cross_agent_cluster_access_), + agent_cluster_id_(other->agent_cluster_id_), + precursor_origin_(other->precursor_origin_) {} + scoped_refptr<SecurityOrigin> SecurityOrigin::CreateWithReferenceOrigin( const KURL& url, const SecurityOrigin* reference_origin) { @@ -262,7 +284,8 @@ url::Origin SecurityOrigin::ToUrlOrigin() const { } scoped_refptr<SecurityOrigin> SecurityOrigin::IsolatedCopy() const { - return base::AdoptRef(new SecurityOrigin(this)); + return base::AdoptRef(new SecurityOrigin( + this, ConstructIsolatedCopy::kConstructIsolatedCopyBit)); } void SecurityOrigin::SetDomainFromDOM(const String& new_domain) { @@ -375,6 +398,14 @@ bool SecurityOrigin::CanAccess(const SecurityOrigin* other, can_access = false; } + // Compare that the clusters are the same. + if (can_access && !cross_agent_cluster_access_ && + !agent_cluster_id_.is_empty() && !other->agent_cluster_id_.is_empty() && + agent_cluster_id_ != other->agent_cluster_id_) { + detail = AccessResultDomainDetail::kDomainNotRelevantAgentClusterMismatch; + can_access = false; + } + return can_access; } @@ -486,6 +517,10 @@ void SecurityOrigin::GrantUniversalAccess() { universal_access_ = true; } +void SecurityOrigin::GrantCrossAgentClusterAccess() { + cross_agent_cluster_access_ = true; +} + void SecurityOrigin::BlockLocalAccessFromLocalOrigin() { DCHECK(IsLocal()); block_local_access_from_local_origin_ = true; @@ -541,11 +576,16 @@ void SecurityOrigin::BuildRawString(StringBuilder& builder) const { } String SecurityOrigin::ToTokenForFastCheck() const { + CHECK(!agent_cluster_id_.is_empty()); if (SerializesAsNull()) return String(); StringBuilder result; BuildRawString(result); + // Append the agent cluster id to the generated token to prevent + // access from two contexts that have the same origin but are + // in different agent clusters. + result.Append(agent_cluster_id_.ToString().c_str()); return result.ToString(); } @@ -657,4 +697,14 @@ String SecurityOrigin::CanonicalizeHost(const String& host, bool* success) { return String::FromUTF8(canon_output.data(), canon_output.length()); } +scoped_refptr<SecurityOrigin> SecurityOrigin::GetOriginForAgentCluster( + const base::UnguessableToken& agent_cluster_id) { + if (agent_cluster_id_ == agent_cluster_id) + return this; + auto result = base::AdoptRef(new SecurityOrigin( + this, ConstructSameThreadCopy::kConstructSameThreadCopyBit)); + result->agent_cluster_id_ = agent_cluster_id; + return result; +} + } // namespace blink |