Add password-isolated sites to user prefs to persist them across restarts.
This CL introduces an ability to save password-isolated sites to user
prefs, so that they can be persisted and applied across restarts.
Now, when in kSiteIsolationForPasswordSites mode (used on Android),
when a user types a password on a site, the site will be added to the
site_isolation.user_triggered_isolated_origins pref, in addition to
becoming dynamically isolated in the current browsing session. The
new pref will be loaded and applied on browser startup as soon as a
profile finishes loading its prefs.
For debugging purposes, the current list of saved isolated origins may
be viewed by going to chrome://prefs-internals and searching for the
new pref under "site_isolation". The list isn't yet shown on
chrome://process-internals, but we plan to add this in a future CL.
The list of saved isolated origins is cleared whenever the user clears
browsing data (specifically, when either history, cache, or cookies
are cleared).
Currently, Incognito sessions do not apply saved isolated origins from
the origin profile, and any isolated origins added in Incognito do not
persist.
It is expected that the new list of origins will be fairly small
(likely a few tens of origins); another followup CL will add an UMA to
track the list size and how it changes over time.
Bug: 946581
Change-Id: I9a895970be63370230d3a1a031acfdc78c5fc849
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1575819
Reviewed-by: Christian Dullweber <[email protected]>
Reviewed-by: Martin Šrámek <[email protected]>
Reviewed-by: Mihai Sardarescu <[email protected]>
Reviewed-by: Łukasz Anforowicz <[email protected]>
Reviewed-by: Balazs Engedy <[email protected]>
Commit-Queue: Alex Moshchuk <[email protected]>
Cr-Commit-Position: refs/heads/master@{#654620}
diff --git a/content/browser/site_instance_impl.cc b/content/browser/site_instance_impl.cc
index ca5571f..6abfb486 100644
--- a/content/browser/site_instance_impl.cc
+++ b/content/browser/site_instance_impl.cc
@@ -849,7 +849,14 @@
ChildProcessSecurityPolicyImpl* policy =
ChildProcessSecurityPolicyImpl::GetInstance();
- policy->AddIsolatedOrigins({url::Origin::Create(site)}, context);
+ url::Origin site_origin(url::Origin::Create(site));
+ policy->AddIsolatedOrigins({site_origin}, context);
+
+ // This function currently assumes the new isolated site should persist
+ // across restarts, so ask the embedder to save it, excluding off-the-record
+ // profiles.
+ if (!context->IsOffTheRecord())
+ GetContentClient()->browser()->PersistIsolatedOrigin(context, site_origin);
}
} // namespace content
