Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: bypass CORB when web security is disabled #15737

Merged
merged 2 commits into from Nov 21, 2018
Merged

fix: bypass CORB when web security is disabled #15737

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b2e9e2a
fix: extend content layer hook to bypass corb when web security is di…
deepak1556 Nov 15, 2018
6f15379
chore: add patch to disable CORB
deepak1556 Nov 15, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
15 changes: 15 additions & 0 deletions atom/browser/atom_browser_client.cc
View file
Open in desktop
Expand Up @@ -223,28 +223,34 @@ bool AtomBrowserClient::ShouldCreateNewSiteInstance(
void AtomBrowserClient::AddProcessPreferences(
int process_id,
AtomBrowserClient::ProcessPreferences prefs) {
base::AutoLock auto_lock(process_preferences_lock_);
process_preferences_[process_id] = prefs;
}

void AtomBrowserClient::RemoveProcessPreferences(int process_id) {
base::AutoLock auto_lock(process_preferences_lock_);
process_preferences_.erase(process_id);
}

bool AtomBrowserClient::IsProcessObserved(int process_id) {
base::AutoLock auto_lock(process_preferences_lock_);
return process_preferences_.find(process_id) != process_preferences_.end();
}

bool AtomBrowserClient::IsRendererSandboxed(int process_id) {
base::AutoLock auto_lock(process_preferences_lock_);
auto it = process_preferences_.find(process_id);
return it != process_preferences_.end() && it->second.sandbox;
}

bool AtomBrowserClient::RendererUsesNativeWindowOpen(int process_id) {
base::AutoLock auto_lock(process_preferences_lock_);
auto it = process_preferences_.find(process_id);
return it != process_preferences_.end() && it->second.native_window_open;
}

bool AtomBrowserClient::RendererDisablesPopups(int process_id) {
base::AutoLock auto_lock(process_preferences_lock_);
auto it = process_preferences_.find(process_id);
return it != process_preferences_.end() && it->second.disable_popups;
}
Expand Down Expand Up @@ -274,6 +280,8 @@ void AtomBrowserClient::RenderProcessWillLaunch(
prefs.native_window_open =
web_preferences->IsEnabled(options::kNativeWindowOpen);
prefs.disable_popups = web_preferences->IsEnabled("disablePopups");
prefs.web_security = web_preferences->IsEnabled(options::kWebSecurity,
true /* default value */);
}
AddProcessPreferences(host->GetID(), prefs);
// ensure the ProcessPreferences is removed later
Expand Down Expand Up @@ -778,6 +786,13 @@ void AtomBrowserClient::OnNetworkServiceCreated(
network_service);
}

bool AtomBrowserClient::ShouldBypassCORB(int render_process_id) {
// This is called on the network thread.
base::AutoLock auto_lock(process_preferences_lock_);
auto it = process_preferences_.find(render_process_id);
return it != process_preferences_.end() && !it->second.web_security;
}

std::string AtomBrowserClient::GetApplicationLocale() {
if (BrowserThread::CurrentlyOn(BrowserThread::IO))
return g_io_thread_application_locale.Get();
Expand Down
7 changes: 6 additions & 1 deletion atom/browser/atom_browser_client.h
View file
Open in desktop
Expand Up @@ -11,6 +11,7 @@
#include <string>
#include <vector>

#include "base/synchronization/lock.h"
#include "content/public/browser/content_browser_client.h"
#include "content/public/browser/render_process_host_observer.h"
#include "net/ssl/client_cert_identity.h"
Expand Down Expand Up @@ -143,6 +144,7 @@ class AtomBrowserClient : public content::ContentBrowserClient,
GetSystemSharedURLLoaderFactory() override;
void OnNetworkServiceCreated(
network::mojom::NetworkService* network_service) override;
bool ShouldBypassCORB(int render_process_id) override;

// content::RenderProcessHostObserver:
void RenderProcessHostDestroyed(content::RenderProcessHost* host) override;
Expand All @@ -164,6 +166,7 @@ class AtomBrowserClient : public content::ContentBrowserClient,
bool sandbox = false;
bool native_window_open = false;
bool disable_popups = false;
bool web_security = true;
};

bool ShouldCreateNewSiteInstance(content::RenderFrameHost* render_frame_host,
Expand All @@ -180,7 +183,6 @@ class AtomBrowserClient : public content::ContentBrowserClient,
// pending_render_process => web contents.
std::map<int, content::WebContents*> pending_processes_;

std::map<int, ProcessPreferences> process_preferences_;
std::map<int, base::ProcessId> render_process_host_pids_;

// list of site per affinity. weak_ptr to prevent instance locking
Expand All @@ -194,6 +196,9 @@ class AtomBrowserClient : public content::ContentBrowserClient,

Delegate* delegate_ = nullptr;

base::Lock process_preferences_lock_;
std::map<int, ProcessPreferences> process_preferences_;

DISALLOW_COPY_AND_ASSIGN(AtomBrowserClient);
};

Expand Down
1 change: 1 addition & 0 deletions patches/common/chromium/.patches
View file
Open in desktop
Expand Up @@ -75,3 +75,4 @@ verbose_generate_breakpad_symbols.patch
fix_zoom_display.patch
chrome_process_finder.patch
customizable_app_indicator_id_prefix.patch
cross_site_document_resource_handler.patch
52 changes: 52 additions & 0 deletions patches/common/chromium/cross_site_document_resource_handler.patch
View file
Open in desktop
@@ -0,0 +1,52 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: deepak1556 <hop2deep@gmail.com>
Date: Thu, 15 Nov 2018 22:04:34 +0530
Subject: cross_site_document_resource_handler.patch

Add a content layer hook to disable CORB for a renderer process,
this patch can be removed once we switch to network service,
where the embedders have a chance to design their URLLoaders.

diff --git a/content/browser/loader/cross_site_document_resource_handler.cc b/content/browser/loader/cross_site_document_resource_handler.cc
index 907922701280b589bf11691342de0ec95cdec6a1..eaf8bac18f8e3a2735ce7ded606199092a3746d3 100644
--- a/content/browser/loader/cross_site_document_resource_handler.cc
+++ b/content/browser/loader/cross_site_document_resource_handler.cc
@@ -593,6 +593,9 @@ bool CrossSiteDocumentResourceHandler::ShouldBlockBasedOnHeaders(
return false;
}

+ if (GetContentClient()->browser()->ShouldBypassCORB(info->GetChildID()))
+ return false;
+
return true;
}

diff --git a/content/public/browser/content_browser_client.cc b/content/public/browser/content_browser_client.cc
index bb54b89bef5c6f32e7b4a056336c85494e2a04de..f069dfc4d2823b22eb0d90d28bc20236aeeddd04 100644
--- a/content/public/browser/content_browser_client.cc
+++ b/content/public/browser/content_browser_client.cc
@@ -47,6 +47,10 @@ void OverrideOnBindInterface(const service_manager::BindSourceInfo& remote_info,
handle);
}

+bool ContentBrowserClient::ShouldBypassCORB(int render_process_id) {
+ return false;
+}
+
BrowserMainParts* ContentBrowserClient::CreateBrowserMainParts(
const MainFunctionParams& parameters) {
return nullptr;
diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h
index 2c22cb1cfe0dddc97c00e5f4ff89de6b18bc232f..a7b59095a887d566af9e74a646443fb49ea23bfc 100644
--- a/content/public/browser/content_browser_client.h
+++ b/content/public/browser/content_browser_client.h
@@ -205,6 +205,9 @@ class CONTENT_EXPORT ContentBrowserClient {
SiteInstance* candidate_site_instance,
SiteInstance** new_instance) {}

+ // Electron: Allows bypassing CORB checks for a renderer process.
+ virtual bool ShouldBypassCORB(int render_process_id);
+
// Allows the embedder to set any number of custom BrowserMainParts
// implementations for the browser startup code. See comments in
// browser_main_parts.h.