New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 649893 link

Starred by 2 users
Status: Fixed
Owner:
jww@chromium.org
Last visit > 30 days ago
Closed: Oct 2016
Cc:
nick@chromium.org
creis@chromium.org
nasko@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Teach url/origin.h about suborigins

Project Member Reported by jww@chromium.org, Sep 24 2016 
For the browser process to reason about suborigins (https://w3c.github.io/webappsec-suborigins/), url/origin.h needs to be updated to know about suborigins and how the SOP applies with them in place. This includes updating utility functions, such as DefaultPortForScheme in url/url_canon_stdurl.cc as well.
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 25 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e

commit 0448040f47ea1ba6a5c6ee03c82eff41854f0e0e
Author: jww <jww@chromium.org>
Date: Tue Oct 25 02:50:33 2016

Add suborigin logic to url::Origin

In order for the browser to correctly reason about suborigins, this adds
support to url::Origin to parse and understand suborigins. It separates
requests for hosts and schemes from the embedded suborigin
serialization, while keeping the same-origin policy checks intact so a
suborigin is a different origin from other suborigins at the same
physical origin.

This updates url/origin.* so that given a suborigin encoded in a GURL,
will correctly deserialize the suborigin and store it accordingly, while
the scheme/host/port tuple is left with the real scheme/host/port.
Additionally, removes the content/public/common/origin_util.h functions
for using suborigins since url::Origin should now be used in their
stead.

BUG= 336894 , 649893 

Review-Url: https://codereview.chromium.org/2403713002
Cr-Commit-Position: refs/heads/master@{#427254}

[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/chrome/browser/browsing_data/browsing_data_local_storage_helper.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/chrome/browser/browsing_data/browsing_data_local_storage_helper.h
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/chrome/browser/browsing_data/browsing_data_local_storage_helper_unittest.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/chrome/browser/browsing_data/cookies_tree_model.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/browser/child_process_security_policy_impl.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/browser/child_process_security_policy_unittest.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/browser/dom_storage/dom_storage_context_impl.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/browser/dom_storage/dom_storage_context_impl.h
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/browser/dom_storage/dom_storage_context_impl_unittest.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/browser/dom_storage/dom_storage_context_wrapper.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/browser/dom_storage/dom_storage_context_wrapper.h
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/browser/storage_partition_impl.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/common/origin_util.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/common/origin_util_unittest.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/common/url_schemes.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/public/browser/dom_storage_context.h
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/public/common/origin_util.h
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/public/common/url_constants.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/content/public/common/url_constants.h
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/url/gurl.h
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/url/gurl_unittest.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/url/origin.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/url/origin.h
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/url/origin_unittest.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/url/url_canon_stdurl.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/url/url_canon_unittest.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/url/url_constants.cc
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/url/url_constants.h
[modify] https://crrev.com/0448040f47ea1ba6a5c6ee03c82eff41854f0e0e/url/url_util.cc

Comment 2 by jww@chromium.org, Oct 26 2016

Status: Fixed (was: Assigned)
url::Origin now has a basic understanding of origins. There's more work to be done in updating call-sites and such, but this basic functionality now exists.

Sign in to add a comment