commit | 69b8df685b0429f3e06c22a7a86c6c016abf1a31 | [log] [tgz] |
---|---|---|
author | Lukasz Anforowicz <lukasza@chromium.org> | Thu Feb 21 18:42:04 2019 |
committer | Commit Bot <commit-bot@chromium.org> | Thu Feb 21 18:42:04 2019 |
tree | d18ec383e228f986ae9dcb97edb033bbc8d4be81 | |
parent | e63cac9a818ec6551ebd63dfbe4affefd51f7e12 [diff] |
Extract GetTrustworthyInitiator to remove code duplication in CORB/CORP. This CL extracts a GetTrustworthyInitiator helper function to deduplicate code that used to be present in CrossOriginReadBlocking and CrossOriginResourcePolicy classes. In the short-term future, GetTrustworthyInitiator might be used for making security decisions in other NetworkService features (e.g. in Sec-Fetch-Site - see bugs 872285 and 924204 as well as the spec at https://mikewest.github.io/sec-metadata/#sec-fetch-site-header). In the long-term, we want to ensure that net::URLRequest::initiator itself is trustworthy (e.g. by terminating renderers that request a network::ResourceRequest::request_initiator that is incompatible with request_initiator_site_lock). This can't happen in the short-term, because of compatibility risks associated with HTML Imports (see https://crbug.com/871827#c9). Bug: 871827, 872285, 924204 Change-Id: I7a87fae7b44a82dbd55af448d228ffaad4f6dbb0 Reviewed-on: https://chromium-review.googlesource.com/c/1475877 Commit-Queue: Ćukasz Anforowicz <lukasza@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Cr-Commit-Position: refs/heads/master@{#634273}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .