Expose RenderFrameHost::GetLastCommittedOrigin().
It is an error to call this unless the RFH is current -- similar to
GetLastCommittedURL, but we actually enforce it.
There are two pending CLs that will want to use this: 1413853005 and 1465533008.
BUG=498580
TBR=abarth@chromium.org
Review URL: https://codereview.chromium.org/1475433002
Cr-Commit-Position: refs/heads/master@{#361722}
diff --git a/content/browser/frame_host/frame_tree_browsertest.cc b/content/browser/frame_host/frame_tree_browsertest.cc
index f64e227..f68b6b4 100644
--- a/content/browser/frame_host/frame_tree_browsertest.cc
+++ b/content/browser/frame_host/frame_tree_browsertest.cc
@@ -19,6 +19,7 @@
#include "net/dns/mock_host_resolver.h"
#include "net/test/embedded_test_server/embedded_test_server.h"
#include "third_party/WebKit/public/web/WebSandboxFlags.h"
+#include "url/url_constants.h"
// For fine-grained suppression on flaky tests.
#if defined(OS_WIN)
@@ -37,6 +38,15 @@
SetupCrossSiteRedirector(embedded_test_server());
}
+ protected:
+ std::string GetOriginFromRenderer(FrameTreeNode* node) {
+ std::string origin;
+ EXPECT_TRUE(ExecuteScriptAndExtractString(
+ node->current_frame_host(),
+ "window.domAutomationController.send(document.origin);", &origin));
+ return origin;
+ }
+
private:
DISALLOW_COPY_AND_ASSIGN(FrameTreeBrowserTest);
};
@@ -205,36 +215,82 @@
// Ensure that origins are correctly set on navigations.
IN_PROC_BROWSER_TEST_F(FrameTreeBrowserTest, OriginSetOnNavigation) {
- GURL main_url(embedded_test_server()->GetURL("/frame_tree/top.html"));
+ GURL about_blank(url::kAboutBlankURL);
+ GURL main_url(
+ embedded_test_server()->GetURL("a.com", "/frame_tree/top.html"));
EXPECT_TRUE(NavigateToURL(shell(), main_url));
+ WebContents* contents = shell()->web_contents();
// It is safe to obtain the root frame tree node here, as it doesn't change.
- FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents())
- ->GetFrameTree()->root();
+ FrameTreeNode* root =
+ static_cast<WebContentsImpl*>(contents)->GetFrameTree()->root();
// Extra '/' is added because the replicated origin is serialized in RFC 6454
// format, which dictates no trailing '/', whereas GURL::GetOrigin does put a
// '/' at the end.
- EXPECT_EQ(root->current_origin().Serialize() + '/',
- main_url.GetOrigin().spec());
+ EXPECT_EQ(main_url.GetOrigin().spec(),
+ root->current_origin().Serialize() + '/');
+ EXPECT_EQ(
+ main_url.GetOrigin().spec(),
+ root->current_frame_host()->GetLastCommittedOrigin().Serialize() + '/');
- GURL frame_url(embedded_test_server()->GetURL("/title1.html"));
+ // The iframe is inititially same-origin.
+ EXPECT_TRUE(
+ root->current_frame_host()->GetLastCommittedOrigin().IsSameOriginWith(
+ root->child_at(0)->current_frame_host()->GetLastCommittedOrigin()));
+ EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root));
+ EXPECT_EQ(root->child_at(0)->current_origin().Serialize(),
+ GetOriginFromRenderer(root->child_at(0)));
+
+ // Navigate the iframe cross-origin.
+ GURL frame_url(embedded_test_server()->GetURL("b.com", "/title1.html"));
NavigateFrameToURL(root->child_at(0), frame_url);
+ EXPECT_EQ(frame_url, root->child_at(0)->current_url());
+ EXPECT_EQ(frame_url.GetOrigin().spec(),
+ root->child_at(0)->current_origin().Serialize() + '/');
+ EXPECT_FALSE(
+ root->current_frame_host()->GetLastCommittedOrigin().IsSameOriginWith(
+ root->child_at(0)->current_frame_host()->GetLastCommittedOrigin()));
+ EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root));
+ EXPECT_EQ(root->child_at(0)->current_origin().Serialize(),
+ GetOriginFromRenderer(root->child_at(0)));
- EXPECT_EQ(root->child_at(0)->current_origin().Serialize() + '/',
- frame_url.GetOrigin().spec());
+ // Parent-initiated about:blank navigation should inherit the parent's a.com
+ // origin.
+ NavigateIframeToURL(contents, "1-1-id", about_blank);
+ EXPECT_EQ(about_blank, root->child_at(0)->current_url());
+ EXPECT_EQ(main_url.GetOrigin().spec(),
+ root->child_at(0)->current_origin().Serialize() + '/');
+ EXPECT_EQ(root->current_frame_host()->GetLastCommittedOrigin().Serialize(),
+ root->child_at(0)
+ ->current_frame_host()
+ ->GetLastCommittedOrigin()
+ .Serialize());
+ EXPECT_TRUE(
+ root->current_frame_host()->GetLastCommittedOrigin().IsSameOriginWith(
+ root->child_at(0)->current_frame_host()->GetLastCommittedOrigin()));
+ EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root));
+ EXPECT_EQ(root->child_at(0)->current_origin().Serialize(),
+ GetOriginFromRenderer(root->child_at(0)));
GURL data_url("data:text/html,foo");
EXPECT_TRUE(NavigateToURL(shell(), data_url));
// Navigating to a data URL should set a unique origin. This is represented
// as "null" per RFC 6454.
- EXPECT_EQ(root->current_origin().Serialize(), "null");
+ EXPECT_EQ("null", root->current_origin().Serialize());
+ EXPECT_TRUE(contents->GetMainFrame()->GetLastCommittedOrigin().unique());
+ EXPECT_EQ("null", GetOriginFromRenderer(root));
// Re-navigating to a normal URL should update the origin.
EXPECT_TRUE(NavigateToURL(shell(), main_url));
- EXPECT_EQ(root->current_origin().Serialize() + '/',
- main_url.GetOrigin().spec());
+ EXPECT_EQ(main_url.GetOrigin().spec(),
+ root->current_origin().Serialize() + '/');
+ EXPECT_EQ(
+ main_url.GetOrigin().spec(),
+ contents->GetMainFrame()->GetLastCommittedOrigin().Serialize() + '/');
+ EXPECT_FALSE(contents->GetMainFrame()->GetLastCommittedOrigin().unique());
+ EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root));
}
// Ensure that sandbox flags are correctly set when child frames are created.
diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc
index 89ba455d..053f5bc 100644
--- a/content/browser/frame_host/render_frame_host_impl.cc
+++ b/content/browser/frame_host/render_frame_host_impl.cc
@@ -313,6 +313,12 @@
return frame_tree_node_->current_url();
}
+url::Origin RenderFrameHostImpl::GetLastCommittedOrigin() {
+ // Origin is stored per-FTN, so it's incorrect to call for a non-current RFH.
+ CHECK(this == frame_tree_node_->current_frame_host());
+ return frame_tree_node_->current_origin();
+}
+
gfx::NativeView RenderFrameHostImpl::GetNativeView() {
RenderWidgetHostView* view = render_view_host_->GetWidget()->GetView();
if (!view)
diff --git a/content/browser/frame_host/render_frame_host_impl.h b/content/browser/frame_host/render_frame_host_impl.h
index dbc227de..8382484 100644
--- a/content/browser/frame_host/render_frame_host_impl.h
+++ b/content/browser/frame_host/render_frame_host_impl.h
@@ -135,6 +135,7 @@
const std::string& GetFrameName() override;
bool IsCrossProcessSubframe() override;
GURL GetLastCommittedURL() override;
+ url::Origin GetLastCommittedOrigin() override;
gfx::NativeView GetNativeView() override;
void AddMessageToConsole(ConsoleMessageLevel level,
const std::string& message) override;
diff --git a/content/public/browser/render_frame_host.h b/content/public/browser/render_frame_host.h
index d26ec27c..0fcb180 100644
--- a/content/public/browser/render_frame_host.h
+++ b/content/public/browser/render_frame_host.h
@@ -16,6 +16,7 @@
#include "ui/gfx/geometry/rect.h"
#include "ui/gfx/native_widget_types.h"
#include "url/gurl.h"
+#include "url/origin.h"
namespace base {
class Value;
@@ -76,8 +77,23 @@
virtual bool IsCrossProcessSubframe() = 0;
// Returns the last committed URL of the frame.
+ //
+ // The URL is only accurate if this RenderFrameHost is current in the frame
+ // tree -- i.e., it would be visited by WebContents::ForEachFrame. In
+ // particular, this method may return a misleading value if called from
+ // WebContentsObserver::RenderFrameCreated, since non-current frames can be
+ // passed to that observer method.
virtual GURL GetLastCommittedURL() = 0;
+ // Returns the last committed origin of the frame.
+ //
+ // The origin is only available if this RenderFrameHost is current in the
+ // frame tree -- i.e., it would be visited by WebContents::ForEachFrame. In
+ // particular, this method may CHECK if called from
+ // WebContentsObserver::RenderFrameCreated, since non-current frames can be
+ // passed to that observer method.
+ virtual url::Origin GetLastCommittedOrigin() = 0;
+
// Returns the associated widget's native view.
virtual gfx::NativeView GetNativeView() = 0;
diff --git a/content/test/data/frame_tree/top.html b/content/test/data/frame_tree/top.html
index 8323189..e1e03fea 100644
--- a/content/test/data/frame_tree/top.html
+++ b/content/test/data/frame_tree/top.html
@@ -33,7 +33,7 @@
Top frame.
<br>
-<iframe src="1-1.html" name="1-1-name"></iframe>
+<iframe src="1-1.html" id="1-1-id" name="1-1-name"></iframe>
<br>
<iframe src="1-2.html" id="1-2-id" name="1-2-name"></iframe>
<br>
diff --git a/url/origin.h b/url/origin.h
index c94c38c..dc2f85f 100644
--- a/url/origin.h
+++ b/url/origin.h
@@ -117,7 +117,7 @@
// matches; and neither is unique.
bool IsSameOriginWith(const Origin& other) const;
- // Allows SchemeHostPort to used as a key in STL (for example, a std::set or
+ // Allows Origin to be used as a key in STL (for example, a std::set or
// std::map).
bool operator<(const Origin& other) const;
diff --git a/url/scheme_host_port.h b/url/scheme_host_port.h
index 6e35a25..3aca558 100644
--- a/url/scheme_host_port.h
+++ b/url/scheme_host_port.h
@@ -116,8 +116,8 @@
// themselves). Unique origins, on the other hand, would not.
bool Equals(const SchemeHostPort& other) const;
- // Allows SchemeHostPort to used as a key in STL (for example, a std::set or
- // std::map).
+ // Allows SchemeHostPort to be used as a key in STL (for example, a std::set
+ // or std::map).
bool operator<(const SchemeHostPort& other) const;
private: