Prevent cross-site pages if the --site-per-process flag is passed
BUG=159215
Review URL: https://chromiumcodereview.appspot.com/11416121
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@172403 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/content/browser/loader/resource_loader.cc b/content/browser/loader/resource_loader.cc
index 2d35482..4c49590 100644
--- a/content/browser/loader/resource_loader.cc
+++ b/content/browser/loader/resource_loader.cc
@@ -4,6 +4,7 @@
#include "content/browser/loader/resource_loader.h"
+#include "base/command_line.h"
#include "base/message_loop.h"
#include "base/time.h"
#include "content/browser/child_process_security_policy_impl.h"
@@ -15,6 +16,8 @@
#include "content/common/ssl_status_serialization.h"
#include "content/public/browser/cert_store.h"
#include "content/public/browser/resource_dispatcher_host_login_delegate.h"
+#include "content/public/common/content_client.h"
+#include "content/public/common/content_switches.h"
#include "content/public/common/resource_response.h"
#include "net/base/load_flags.h"
#include "net/http/http_response_headers.h"
@@ -303,6 +306,19 @@
VLOG(1) << "OnResponseStarted: " << request_->url().spec();
+ // The CanLoadPage check should take place after any server redirects have
+ // finished, at the point in time that we know a page will commit in the
+ // renderer process.
+ ResourceRequestInfoImpl* info = GetRequestInfo();
+ ChildProcessSecurityPolicyImpl* policy =
+ ChildProcessSecurityPolicyImpl::GetInstance();
+ if (!policy->CanLoadPage(info->GetChildID(),
+ request_->url(),
+ info->GetResourceType())) {
+ Cancel();
+ return;
+ }
+
if (!request_->status().is_success()) {
ResponseCompleted();
return;
