New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 786505 link

Starred by 5 users
Status: Fixed
Owner:
creis@chromium.org
Closed: Dec 2017
Cc:
nick@chromium.org
michaelsamuel@google.com
nrpeter@chromium.org
creis@chromium.org
palmer@chromium.org
nasko@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 1
Type: Feature

Blocked on:
issue 793881
Blocking:
issue 268640



Sign in to add a comment

Cross-site document blocking for non-exploited renderers

Project Member Reported by creis@chromium.org, Nov 17 2017 
In issue 268640, we plan to prevent renderer processes from receiving responses of correctly labeled cross-site documents, even when the renderer process is exploited.

To gain experience with this blocking logic in the short term, we can launch early versions of it that trust the ResourceType reported by the renderer process.  That would let us build a ResourceThrottle that prevents HTML, XML, or JSON documents from being delivered to image tags, etc.  We can ignore the XHR case, since a non-exploited renderer will enforce CORS.  Doing this first is useful for discovering any compatibility issues that might exist, before we go further and stop trusting the renderer.

A first step toward this might involve turning on the safer parts of the existing renderer-side blocking logic in SiteIsolationStatsGatherer.  That would let the first chunk of the response into the renderer but stop reading after sniffing is complete.  This is mainly useful if we find the context we need isn't present in the browser process yet.

Comment 1 by creis@chromium.org, Nov 17 2017

Owner: nrpeter@chromium.org
Status: Assigned (was: Available)
nrpeter@: Are you still up for taking a look at this?

I'll also list issue 778711 (PPAPI requests) as blocking, but that doesn't need to be part of the first thing we turn on.

Comment 2 by creis@chromium.org, Nov 21 2017

Blockedon: 778711
Very early sketch of this here:
https://chromium-review.googlesource.com/c/chromium/src/+/783826

At the moment it just blocks cross-site responses for images and stylesheets, since I haven't added logic to detect document in particular yet.  We'll also want to find a different way to send a mostly-empty response to the renderer and complete the request, rather than just canceling.

Many TODOs ahead, but it's a start.  I'll continue to work on it as I have time.  nrpeter@, feel free to coordinate with me if you want to take it over or help with some of the other aspects.

Comment 3 by creis@chromium.org, Nov 28 2017

Owner: creis@chromium.org
Status: Started (was: Assigned)
I'm making a bit of progress on it, getting it to be less disruptive, a bit at a time.
Project Member

Comment 4 by bugdroid1@chromium.org, Dec 6 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/358baf47af51727d835c322b572d377d9be494f2

commit 358baf47af51727d835c322b572d377d9be494f2
Author: Charles Reis <creis@chromium.org>
Date: Wed Dec 06 05:30:43 2017

Block cross-site document responses in Site Isolation modes.

When using --isolate-origins=... or  --site-per-process, some or all sites will
be given dedicated processes.  Documents (HTML, XML, and some text
files) and other opaque formats (JSON) from such sites should not be
delivered to cross-site pages in the renderer process unless they are made
available via CORS or another exception.

This CL adds a ResourceHandler to enforce this restriction in the browser
process.  The handler inspects the response headers and decides whether
to block it from reaching the renderer process.  It also sniffs the content to
confirm the response is labeled correctly, to avoid blocking things like
JavaScript mislabeled as HTML or JSON.

Blocked responses are sent back as empty response bodies rather than as
a network error, to ensure existing behavior does not change.  Other
cross-site responses (e.g., images, scripts, etc) are still allowed.

Note that the current approach assumes the renderer process is not
compromised and will not lie about the initiating origin, etc.  The need for
assumption will be removed in future work, for bug 268640.
For more details, see:
http://www.chromium.org/developers/design-documents/blocking-cross-site-documents

BUG= 786505 

Change-Id: Idc2be65fc869604738dc1607c5e7fee191443b9b
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation
Reviewed-on: https://chromium-review.googlesource.com/783826
Commit-Queue: Charlie Reis <creis@chromium.org>
Reviewed-by: Steven Holte <holte@chromium.org>
Reviewed-by: Ilya Sherman <isherman@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Nick Carter <nick@chromium.org>
Reviewed-by: Charlie Harrison <csharrison@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Tsuyoshi Horo <horo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#522016}
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/chrome/browser/chrome_content_browser_client.h
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/chrome/browser/extensions/chrome_content_browser_client_extensions_part.h
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/chrome/test/data/extensions/api_test/webrequest/test_unload5.js
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/browser/BUILD.gn
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/browser/loader/cross_site_document_blocking_browsertest.cc
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/browser/loader/cross_site_document_resource_handler.cc
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/browser/loader/cross_site_document_resource_handler.h
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/browser/loader/cross_site_document_resource_handler_unittest.cc
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/browser/loader/resource_dispatcher_host_impl.cc
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/browser/loader/url_loader_factory_impl_unittest.cc
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/common/cross_site_document_classifier.cc
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/public/browser/content_browser_client.cc
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/public/browser/content_browser_client.h
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/renderer/fetchers/resource_fetcher_browsertest.cc
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/renderer/loader/site_isolation_stats_gatherer_browsertest.cc
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/BUILD.gn
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/cross_site_document_request.html
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/cors.html
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/cors.html.mock-http-headers
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/cors.json
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/cors.json.mock-http-headers
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/cors.txt
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/cors.txt.mock-http-headers
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/cors.xml
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/cors.xml.mock-http-headers
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/jsonp.html
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/jsonp.json
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/jsonp.txt
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/jsonp.xml
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/nosniff.html
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/nosniff.html.mock-http-headers
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/nosniff.json
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/nosniff.json.mock-http-headers
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/nosniff.txt
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/nosniff.txt.mock-http-headers
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/nosniff.xml
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/nosniff.xml.mock-http-headers
[add] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/content/test/data/site_isolation/valid.js
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/third_party/WebKit/LayoutTests/FlagExpectations/site-per-process
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-access-control.php
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/third_party/WebKit/Source/platform/loader/fetch/ResourceFetcher.cpp
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/tools/metrics/histograms/enums.xml
[modify] https://crrev.com/358baf47af51727d835c322b572d377d9be494f2/tools/metrics/histograms/histograms.xml
Project Member

Comment 5 by bugdroid1@chromium.org, Dec 6 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d02cdc58fc41a056086c4a6ebeb8711c89a91968

commit d02cdc58fc41a056086c4a6ebeb8711c89a91968
Author: Matt Falkenhagen <falken@chromium.org>
Date: Wed Dec 06 08:11:26 2017

Network Service: Sheriffing: Some new SiteIsolation tests are failing.

These tests were added/changed in r522016.
-SiteIsolationStatsGathererBrowserTest/SiteIsolationStatsGathererBrowserTest.CrossSiteDocumentBlockingForMimeType/0
-SiteIsolationStatsGathererBrowserTest/SiteIsolationStatsGathererBrowserTest.CrossSiteDocumentBlockingForMimeType/1
-CrossSiteDocumentBlockingTest.BlockDocuments
-CrossSiteDocumentBlockingIsolatedOriginTest.BlockDocumentsFromIsolatedOrigin
-CrossSiteDocumentBlockingTest.RangeRequest

Most failures (even the non-StatsGatherer ones) seem to be about histograms.

Bug:  786505 ,  729848 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: I2302d55d5de41c904c38c675fc57122316ceec15
NOTRY: true
TBR: jam
Reviewed-on: https://chromium-review.googlesource.com/810247
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Commit-Queue: Matt Falkenhagen <falken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#522041}
[modify] https://crrev.com/d02cdc58fc41a056086c4a6ebeb8711c89a91968/testing/buildbot/filters/mojo.fyi.network_content_browsertests.filter

Comment 6 by nick@chromium.org, Dec 6 2017

Blockedon: 792546
Project Member

Comment 7 by bugdroid1@chromium.org, Dec 6 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ccc58b7abd1cbbd8a79faaae9f941ae3a1bc3baa

commit ccc58b7abd1cbbd8a79faaae9f941ae3a1bc3baa
Author: Nick Carter <nick@chromium.org>
Date: Wed Dec 06 20:32:07 2017

Network Service: clarify XSDB comment in network_content_browsertests.filter

Bug:  792546 ,  786505 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: Id8ff7999115ca602c929b8c8e691121894ed94b7
Reviewed-on: https://chromium-review.googlesource.com/811744
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: Nick Carter <nick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#522179}
[modify] https://crrev.com/ccc58b7abd1cbbd8a79faaae9f941ae3a1bc3baa/testing/buildbot/filters/mojo.fyi.network_content_browsertests.filter

Comment 8 by amin...@google.com, Dec 8 2017

Labels: Merge-Approved-64
Approving merge based on chatting with nasko@ and creis@.
Project Member

Comment 9 by bugdroid1@chromium.org, Dec 9 2017

Labels: -merge-approved-64 merge-merged-3282
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/63f1c51353ecec3f171663e04d82dbf5996e83c9

commit 63f1c51353ecec3f171663e04d82dbf5996e83c9
Author: Charles Reis <creis@chromium.org>
Date: Sat Dec 09 00:54:23 2017

Block cross-site document responses in Site Isolation modes.

When using --isolate-origins=... or  --site-per-process, some or all sites will
be given dedicated processes.  Documents (HTML, XML, and some text
files) and other opaque formats (JSON) from such sites should not be
delivered to cross-site pages in the renderer process unless they are made
available via CORS or another exception.

This CL adds a ResourceHandler to enforce this restriction in the browser
process.  The handler inspects the response headers and decides whether
to block it from reaching the renderer process.  It also sniffs the content to
confirm the response is labeled correctly, to avoid blocking things like
JavaScript mislabeled as HTML or JSON.

Blocked responses are sent back as empty response bodies rather than as
a network error, to ensure existing behavior does not change.  Other
cross-site responses (e.g., images, scripts, etc) are still allowed.

Note that the current approach assumes the renderer process is not
compromised and will not lie about the initiating origin, etc.  The need for
assumption will be removed in future work, for bug 268640.
For more details, see:
http://www.chromium.org/developers/design-documents/blocking-cross-site-documents

BUG= 786505 
TBR=creis@chromium.org

(cherry picked from commit 358baf47af51727d835c322b572d377d9be494f2)

Change-Id: Idc2be65fc869604738dc1607c5e7fee191443b9b
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation
Reviewed-on: https://chromium-review.googlesource.com/783826
Commit-Queue: Charlie Reis <creis@chromium.org>
Reviewed-by: Steven Holte <holte@chromium.org>
Reviewed-by: Ilya Sherman <isherman@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Nick Carter <nick@chromium.org>
Reviewed-by: Charlie Harrison <csharrison@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Tsuyoshi Horo <horo@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#522016}
Reviewed-on: https://chromium-review.googlesource.com/818450
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#109}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/chrome/browser/chrome_content_browser_client.h
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/chrome/browser/extensions/chrome_content_browser_client_extensions_part.h
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/chrome/test/data/extensions/api_test/webrequest/test_unload5.js
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/browser/BUILD.gn
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/browser/loader/cross_site_document_blocking_browsertest.cc
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/browser/loader/cross_site_document_resource_handler.cc
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/browser/loader/cross_site_document_resource_handler.h
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/browser/loader/cross_site_document_resource_handler_unittest.cc
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/browser/loader/resource_dispatcher_host_impl.cc
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/browser/loader/url_loader_factory_impl_unittest.cc
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/common/cross_site_document_classifier.cc
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/public/browser/content_browser_client.cc
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/public/browser/content_browser_client.h
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/renderer/fetchers/resource_fetcher_browsertest.cc
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/renderer/loader/site_isolation_stats_gatherer_browsertest.cc
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/BUILD.gn
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/cross_site_document_request.html
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/cors.html
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/cors.html.mock-http-headers
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/cors.json
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/cors.json.mock-http-headers
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/cors.txt
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/cors.txt.mock-http-headers
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/cors.xml
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/cors.xml.mock-http-headers
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/jsonp.html
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/jsonp.json
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/jsonp.txt
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/jsonp.xml
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/nosniff.html
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/nosniff.html.mock-http-headers
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/nosniff.json
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/nosniff.json.mock-http-headers
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/nosniff.txt
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/nosniff.txt.mock-http-headers
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/nosniff.xml
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/nosniff.xml.mock-http-headers
[add] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/content/test/data/site_isolation/valid.js
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/third_party/WebKit/LayoutTests/FlagExpectations/site-per-process
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-access-control.php
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/third_party/WebKit/Source/platform/loader/fetch/ResourceFetcher.cpp
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/tools/metrics/histograms/enums.xml
[modify] https://crrev.com/63f1c51353ecec3f171663e04d82dbf5996e83c9/tools/metrics/histograms/histograms.xml
Project Member

Comment 10 by bugdroid1@chromium.org, Dec 9 2017

Labels: merge-merged-3239_84
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/eff7652786019f8a24edd269867223ee12df7389

commit eff7652786019f8a24edd269867223ee12df7389
Author: Charles Reis <creis@chromium.org>
Date: Sat Dec 09 02:18:58 2017

Block cross-site document responses in Site Isolation modes.

When using --isolate-origins=... or  --site-per-process, some or all sites will
be given dedicated processes.  Documents (HTML, XML, and some text
files) and other opaque formats (JSON) from such sites should not be
delivered to cross-site pages in the renderer process unless they are made
available via CORS or another exception.

This CL adds a ResourceHandler to enforce this restriction in the browser
process.  The handler inspects the response headers and decides whether
to block it from reaching the renderer process.  It also sniffs the content to
confirm the response is labeled correctly, to avoid blocking things like
JavaScript mislabeled as HTML or JSON.

Blocked responses are sent back as empty response bodies rather than as
a network error, to ensure existing behavior does not change.  Other
cross-site responses (e.g., images, scripts, etc) are still allowed.

Note that the current approach assumes the renderer process is not
compromised and will not lie about the initiating origin, etc.  The need for
assumption will be removed in future work, for bug 268640.
For more details, see:
http://www.chromium.org/developers/design-documents/blocking-cross-site-documents

BUG= 786505 
TBR=creis@chromium.org

(cherry picked from commit 358baf47af51727d835c322b572d377d9be494f2)

Change-Id: Idc2be65fc869604738dc1607c5e7fee191443b9b
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation
Reviewed-on: https://chromium-review.googlesource.com/783826
Commit-Queue: Charlie Reis <creis@chromium.org>
Reviewed-by: Steven Holte <holte@chromium.org>
Reviewed-by: Ilya Sherman <isherman@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Nick Carter <nick@chromium.org>
Reviewed-by: Charlie Harrison <csharrison@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Tsuyoshi Horo <horo@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#522016}
Reviewed-on: https://chromium-review.googlesource.com/818491
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/branch-heads/3239_84@{#2}
Cr-Branched-From: 8f51ed0e633e109109762a3deb18a50e8c138819-refs/branch-heads/3239@{#643}
Cr-Branched-From: adb61db19020ed8ecee5e91b1a0ea4c924ae2988-refs/heads/master@{#508578}
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/chrome/browser/chrome_content_browser_client.h
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/chrome/browser/extensions/chrome_content_browser_client_extensions_part.h
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/chrome/test/data/extensions/api_test/webrequest/test_unload5.js
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/browser/BUILD.gn
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/browser/loader/DEPS
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/browser/loader/cross_site_document_blocking_browsertest.cc
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/browser/loader/cross_site_document_resource_handler.cc
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/browser/loader/cross_site_document_resource_handler.h
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/browser/loader/cross_site_document_resource_handler_unittest.cc
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/browser/loader/resource_dispatcher_host_impl.cc
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/browser/loader/url_loader_factory_impl_unittest.cc
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/child/site_isolation_stats_gatherer_browsertest.cc
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/common/cross_site_document_classifier.cc
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/public/browser/content_browser_client.cc
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/public/browser/content_browser_client.h
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/renderer/fetchers/resource_fetcher_browsertest.cc
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/BUILD.gn
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/cross_site_document_request.html
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/cors.html
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/cors.html.mock-http-headers
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/cors.json
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/cors.json.mock-http-headers
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/cors.txt
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/cors.txt.mock-http-headers
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/cors.xml
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/cors.xml.mock-http-headers
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/jsonp.html
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/jsonp.json
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/jsonp.txt
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/jsonp.xml
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/nosniff.html
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/nosniff.html.mock-http-headers
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/nosniff.json
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/nosniff.json.mock-http-headers
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/nosniff.txt
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/nosniff.txt.mock-http-headers
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/nosniff.xml
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/nosniff.xml.mock-http-headers
[add] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/content/test/data/site_isolation/valid.js
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/third_party/WebKit/LayoutTests/FlagExpectations/site-per-process
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-access-control.php
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/third_party/WebKit/Source/platform/loader/fetch/ResourceFetcher.cpp
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/tools/metrics/histograms/enums.xml
[modify] https://crrev.com/eff7652786019f8a24edd269867223ee12df7389/tools/metrics/histograms/histograms.xml
Project Member

Comment 11 by bugdroid1@chromium.org, Dec 9 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7946bba3e91733c1bf8b06e2e84ed614bca95218

commit 7946bba3e91733c1bf8b06e2e84ed614bca95218
Author: Lukasz Anforowicz <lukasza@chromium.org>
Date: Sat Dec 09 04:21:54 2017

Kill switch for cross-site document blocking.

Integrating cross-site document blocking with 2 new content_features.h:

- kCrossSiteDocumentBlockingIfIsolating - kill switch for cross-site
  document blocking.  This feature is enabled by default.

- kCrossSiteDocumentBlockingAlways - a way to force cross-site
  document blocking even if no isolation mode is turned on
  (e.g. even if there is no site-per-process or isolate-origins).
  This feature is disabled by default.

Bug:  786505 
Change-Id: Id0c9a69025fc20f7659b97a96fe70402cc933113
Reviewed-on: https://chromium-review.googlesource.com/818388
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Commit-Queue: Charlie Reis <creis@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#522981}
[modify] https://crrev.com/7946bba3e91733c1bf8b06e2e84ed614bca95218/content/browser/loader/cross_site_document_blocking_browsertest.cc
[modify] https://crrev.com/7946bba3e91733c1bf8b06e2e84ed614bca95218/content/browser/loader/cross_site_document_resource_handler.cc
[modify] https://crrev.com/7946bba3e91733c1bf8b06e2e84ed614bca95218/content/common/site_isolation_policy.cc
[modify] https://crrev.com/7946bba3e91733c1bf8b06e2e84ed614bca95218/content/common/site_isolation_policy.h
[modify] https://crrev.com/7946bba3e91733c1bf8b06e2e84ed614bca95218/content/public/common/content_features.cc
[modify] https://crrev.com/7946bba3e91733c1bf8b06e2e84ed614bca95218/content/public/common/content_features.h

Comment 12 by nasko@chromium.org, Dec 11 2017

Blockedon: 793881
Project Member

Comment 13 by bugdroid1@chromium.org, Dec 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c9fcf0daa075daa038f8fea18947e7b0c47e4673

commit c9fcf0daa075daa038f8fea18947e7b0c47e4673
Author: Nasko Oskov <nasko@chromium.org>
Date: Mon Dec 11 21:16:05 2017

Kill switch for cross-site document blocking.

Integrating cross-site document blocking with 2 new content_features.h:

- kCrossSiteDocumentBlockingIfIsolating - kill switch for cross-site
  document blocking.  This feature is enabled by default.

- kCrossSiteDocumentBlockingAlways - a way to force cross-site
  document blocking even if no isolation mode is turned on
  (e.g. even if there is no site-per-process or isolate-origins).
  This feature is disabled by default.

Bug:  786505 ,  793881 
Change-Id: Id0c9a69025fc20f7659b97a96fe70402cc933113
Reviewed-on: https://chromium-review.googlesource.com/818388
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Commit-Queue: Charlie Reis <creis@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#522981}
Reviewed-on: https://chromium-review.googlesource.com/820452
Cr-Commit-Position: refs/branch-heads/3282@{#148}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
[modify] https://crrev.com/c9fcf0daa075daa038f8fea18947e7b0c47e4673/content/browser/loader/cross_site_document_blocking_browsertest.cc
[modify] https://crrev.com/c9fcf0daa075daa038f8fea18947e7b0c47e4673/content/browser/loader/cross_site_document_resource_handler.cc
[modify] https://crrev.com/c9fcf0daa075daa038f8fea18947e7b0c47e4673/content/common/site_isolation_policy.cc
[modify] https://crrev.com/c9fcf0daa075daa038f8fea18947e7b0c47e4673/content/common/site_isolation_policy.h
[modify] https://crrev.com/c9fcf0daa075daa038f8fea18947e7b0c47e4673/content/public/common/content_features.cc
[modify] https://crrev.com/c9fcf0daa075daa038f8fea18947e7b0c47e4673/content/public/common/content_features.h
Project Member

Comment 14 by bugdroid1@chromium.org, Dec 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3d1bd9af24648379c22b20f061a3bf06bb6dc329

commit 3d1bd9af24648379c22b20f061a3bf06bb6dc329
Author: Nasko Oskov <nasko@chromium.org>
Date: Mon Dec 11 21:22:32 2017

Kill switch for cross-site document blocking.

Integrating cross-site document blocking with 2 new content_features.h:

- kCrossSiteDocumentBlockingIfIsolating - kill switch for cross-site
  document blocking.  This feature is enabled by default.

- kCrossSiteDocumentBlockingAlways - a way to force cross-site
  document blocking even if no isolation mode is turned on
  (e.g. even if there is no site-per-process or isolate-origins).
  This feature is disabled by default.

Bug:  786505 ,  793881 
Change-Id: Id0c9a69025fc20f7659b97a96fe70402cc933113
Reviewed-on: https://chromium-review.googlesource.com/818388
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Commit-Queue: Charlie Reis <creis@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#522981}
Reviewed-on: https://chromium-review.googlesource.com/820673
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Cr-Commit-Position: refs/branch-heads/3239_84@{#4}
Cr-Branched-From: 8f51ed0e633e109109762a3deb18a50e8c138819-refs/branch-heads/3239@{#643}
Cr-Branched-From: adb61db19020ed8ecee5e91b1a0ea4c924ae2988-refs/heads/master@{#508578}
[modify] https://crrev.com/3d1bd9af24648379c22b20f061a3bf06bb6dc329/content/browser/loader/cross_site_document_blocking_browsertest.cc
[modify] https://crrev.com/3d1bd9af24648379c22b20f061a3bf06bb6dc329/content/browser/loader/cross_site_document_resource_handler.cc
[modify] https://crrev.com/3d1bd9af24648379c22b20f061a3bf06bb6dc329/content/common/site_isolation_policy.cc
[modify] https://crrev.com/3d1bd9af24648379c22b20f061a3bf06bb6dc329/content/common/site_isolation_policy.h
[modify] https://crrev.com/3d1bd9af24648379c22b20f061a3bf06bb6dc329/content/public/common/content_features.cc
[modify] https://crrev.com/3d1bd9af24648379c22b20f061a3bf06bb6dc329/content/public/common/content_features.h

Comment 15 by gov...@chromium.org, Dec 13 2017 

Approving merge to M63 branch 3239. Please merge ASAP. Thank you.

Comment 16 by gov...@chromium.org, Dec 13 2017

Labels: Merge-Approved-63
Project Member

Comment 17 by bugdroid1@chromium.org, Dec 13 2017

Labels: -merge-approved-63 merge-merged-3239
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/45d5420f48832386129bffe59ef15e73330bfaae

commit 45d5420f48832386129bffe59ef15e73330bfaae
Author: Charles Reis <creis@chromium.org>
Date: Wed Dec 13 00:32:41 2017

Block cross-site document responses in Site Isolation modes.

When using --isolate-origins=... or  --site-per-process, some or all sites will
be given dedicated processes.  Documents (HTML, XML, and some text
files) and other opaque formats (JSON) from such sites should not be
delivered to cross-site pages in the renderer process unless they are made
available via CORS or another exception.

This CL adds a ResourceHandler to enforce this restriction in the browser
process.  The handler inspects the response headers and decides whether
to block it from reaching the renderer process.  It also sniffs the content to
confirm the response is labeled correctly, to avoid blocking things like
JavaScript mislabeled as HTML or JSON.

Blocked responses are sent back as empty response bodies rather than as
a network error, to ensure existing behavior does not change.  Other
cross-site responses (e.g., images, scripts, etc) are still allowed.

Note that the current approach assumes the renderer process is not
compromised and will not lie about the initiating origin, etc.  The need for
assumption will be removed in future work, for bug 268640.
For more details, see:
http://www.chromium.org/developers/design-documents/blocking-cross-site-documents

BUG= 786505 
TBR=creis@chromium.org

(cherry picked from commit 358baf47af51727d835c322b572d377d9be494f2)

(cherry picked from commit eff7652786019f8a24edd269867223ee12df7389)

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation
Reviewed-on: https://chromium-review.googlesource.com/783826
Commit-Queue: Charlie Reis <creis@chromium.org>
Reviewed-by: Steven Holte <holte@chromium.org>
Reviewed-by: Ilya Sherman <isherman@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Nick Carter <nick@chromium.org>
Reviewed-by: Charlie Harrison <csharrison@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Tsuyoshi Horo <horo@chromium.org>
Cr-Original-Original-Commit-Position: refs/heads/master@{#522016}
Reviewed-on: https://chromium-review.googlesource.com/818491
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/3239_84@{#2}
Cr-Original-Branched-From: 8f51ed0e633e109109762a3deb18a50e8c138819-refs/branch-heads/3239@{#643}
Cr-Original-Branched-From: adb61db19020ed8ecee5e91b1a0ea4c924ae2988-refs/heads/master@{#508578}
Change-Id: I7f7b78714dd36727ccf41be79f666a61f174995c
Reviewed-on: https://chromium-review.googlesource.com/823283
Cr-Commit-Position: refs/branch-heads/3239@{#668}
Cr-Branched-From: adb61db19020ed8ecee5e91b1a0ea4c924ae2988-refs/heads/master@{#508578}
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/chrome/browser/chrome_content_browser_client.h
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/chrome/browser/extensions/chrome_content_browser_client_extensions_part.h
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/chrome/test/data/extensions/api_test/webrequest/test_unload5.js
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/browser/BUILD.gn
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/browser/loader/DEPS
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/browser/loader/cross_site_document_blocking_browsertest.cc
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/browser/loader/cross_site_document_resource_handler.cc
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/browser/loader/cross_site_document_resource_handler.h
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/browser/loader/cross_site_document_resource_handler_unittest.cc
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/browser/loader/resource_dispatcher_host_impl.cc
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/browser/loader/url_loader_factory_impl_unittest.cc
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/child/site_isolation_stats_gatherer_browsertest.cc
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/common/cross_site_document_classifier.cc
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/public/browser/content_browser_client.cc
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/public/browser/content_browser_client.h
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/renderer/fetchers/resource_fetcher_browsertest.cc
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/BUILD.gn
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/cross_site_document_request.html
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/cors.html
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/cors.html.mock-http-headers
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/cors.json
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/cors.json.mock-http-headers
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/cors.txt
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/cors.txt.mock-http-headers
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/cors.xml
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/cors.xml.mock-http-headers
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/jsonp.html
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/jsonp.json
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/jsonp.txt
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/jsonp.xml
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/nosniff.html
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/nosniff.html.mock-http-headers
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/nosniff.json
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/nosniff.json.mock-http-headers
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/nosniff.txt
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/nosniff.txt.mock-http-headers
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/nosniff.xml
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/nosniff.xml.mock-http-headers
[add] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/content/test/data/site_isolation/valid.js
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/third_party/WebKit/LayoutTests/FlagExpectations/site-per-process
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-access-control.php
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/third_party/WebKit/Source/platform/loader/fetch/ResourceFetcher.cpp
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/tools/metrics/histograms/enums.xml
[modify] https://crrev.com/45d5420f48832386129bffe59ef15e73330bfaae/tools/metrics/histograms/histograms.xml
Project Member

Comment 18 by bugdroid1@chromium.org, Dec 13 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2b6ff5ec5d927c2d41a50a63d7cb65b566dcefa4

commit 2b6ff5ec5d927c2d41a50a63d7cb65b566dcefa4
Author: Nasko Oskov <nasko@chromium.org>
Date: Wed Dec 13 00:50:29 2017

Kill switch for cross-site document blocking.

Integrating cross-site document blocking with 2 new content_features.h:

- kCrossSiteDocumentBlockingIfIsolating - kill switch for cross-site
  document blocking.  This feature is enabled by default.

- kCrossSiteDocumentBlockingAlways - a way to force cross-site
  document blocking even if no isolation mode is turned on
  (e.g. even if there is no site-per-process or isolate-origins).
  This feature is disabled by default.

Bug:  786505 ,  793881 
TBR=nasko@chromium.org

Change-Id: Id0c9a69025fc20f7659b97a96fe70402cc933113
Reviewed-on: https://chromium-review.googlesource.com/818388
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Commit-Queue: Charlie Reis <creis@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Original-Original-Commit-Position: refs/heads/master@{#522981}
Reviewed-on: https://chromium-review.googlesource.com/820673
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/3239_84@{#4}
Cr-Original-Branched-From: 8f51ed0e633e109109762a3deb18a50e8c138819-refs/branch-heads/3239@{#643}
Cr-Original-Branched-From: adb61db19020ed8ecee5e91b1a0ea4c924ae2988-refs/heads/master@{#508578}
Reviewed-on: https://chromium-review.googlesource.com/823564
Cr-Commit-Position: refs/branch-heads/3239@{#669}
Cr-Branched-From: adb61db19020ed8ecee5e91b1a0ea4c924ae2988-refs/heads/master@{#508578}
[modify] https://crrev.com/2b6ff5ec5d927c2d41a50a63d7cb65b566dcefa4/content/browser/loader/cross_site_document_blocking_browsertest.cc
[modify] https://crrev.com/2b6ff5ec5d927c2d41a50a63d7cb65b566dcefa4/content/browser/loader/cross_site_document_resource_handler.cc
[modify] https://crrev.com/2b6ff5ec5d927c2d41a50a63d7cb65b566dcefa4/content/common/site_isolation_policy.cc
[modify] https://crrev.com/2b6ff5ec5d927c2d41a50a63d7cb65b566dcefa4/content/common/site_isolation_policy.h
[modify] https://crrev.com/2b6ff5ec5d927c2d41a50a63d7cb65b566dcefa4/content/public/common/content_features.cc
[modify] https://crrev.com/2b6ff5ec5d927c2d41a50a63d7cb65b566dcefa4/content/public/common/content_features.h

Comment 19 by creis@chromium.org, Dec 13 2017

Blockedon: -778711 -792546
Status: Fixed (was: Started)
Verified that document blocking is working in Windows Beta 63.0.3239.90 (from 3239_84 minibranch), with --site-per-process enabled.  Merged to both M64 (branch 3282) and M63 (branch 3239) as well.

Followup work can be tracked underneath issue 268640.
Project Member

Comment 20 by bugdroid1@chromium.org, Mar 21 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/adf21c3544bc15a61b9a30ae519518cee757f8b0

commit adf21c3544bc15a61b9a30ae519518cee757f8b0
Author: Nick Carter <nick@chromium.org>
Date: Wed Mar 21 18:08:50 2018

Delete SiteIsolationStatsGatherer, and deprecate its histograms

CORB -- implemented outside the renderer -- replaces this renderer-based
stats gathering mechanism.

Bug: 268640,  786505 , 771038

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: Ifcc7c48a5173b92098ff3a89f2495b7632af7707
Reviewed-on: https://chromium-review.googlesource.com/964887
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Jesse Doherty <jwd@chromium.org>
Commit-Queue: Nick Carter <nick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#544769}
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/chrome/renderer/chrome_content_renderer_client.cc
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/chrome/renderer/chrome_content_renderer_client.h
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/public/renderer/content_renderer_client.cc
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/public/renderer/content_renderer_client.h
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/renderer/BUILD.gn
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/renderer/loader/request_extra_data.h
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/renderer/loader/resource_dispatcher.cc
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/renderer/loader/resource_dispatcher.h
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/renderer/loader/resource_dispatcher_unittest.cc
[delete] https://crrev.com/33ae92ea9d5db682c5ebe6ff8f2778920330d878/content/renderer/loader/site_isolation_stats_gatherer.cc
[delete] https://crrev.com/33ae92ea9d5db682c5ebe6ff8f2778920330d878/content/renderer/loader/site_isolation_stats_gatherer.h
[delete] https://crrev.com/33ae92ea9d5db682c5ebe6ff8f2778920330d878/content/renderer/loader/site_isolation_stats_gatherer_browsertest.cc
[delete] https://crrev.com/33ae92ea9d5db682c5ebe6ff8f2778920330d878/content/renderer/loader/site_isolation_stats_gatherer_unittest.cc
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/renderer/loader/sync_load_context.cc
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/renderer/loader/sync_load_context.h
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/renderer/loader/url_loader_client_impl_unittest.cc
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/renderer/loader/url_response_body_consumer.cc
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/renderer/loader/url_response_body_consumer_unittest.cc
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/renderer/loader/web_url_loader_impl.cc
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/renderer/loader/web_url_loader_impl_unittest.cc
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/renderer/render_process_impl.cc
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/content/test/BUILD.gn
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/extensions/shell/renderer/shell_content_renderer_client.cc
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/extensions/shell/renderer/shell_content_renderer_client.h
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/testing/buildbot/filters/mojo.fyi.network_content_browsertests.filter
[modify] https://crrev.com/adf21c3544bc15a61b9a30ae519518cee757f8b0/tools/metrics/histograms/histograms.xml

Sign in to add a comment