-
Alex Moshchuk authored
Previously, hosted apps were exempt from LockToOrigin() even in --site-per-process mode. That meant that hosted apps were not subject to enforcements such as not allowing access to cookies, passwords, or local storage of other sites. Worse, it meant that hosted apps could arbitrarily share a process (e.g., when over process limit), even if they covered different web sites with --site-per-process. This CL starts locking hosted apps to their underlying web origin. If a frame commits a navigation to URL http://foo.com, which is part of a hosted app X's web extent, the process for that frame will be locked to http://foo.com. Note that the SiteInstance for this frame will still use a site URL based on the effective URL (i.e., chrome-extension://<ext_id_for_X>/), but the origin lock will not be based on effective URLs. This requires plumbing to compute the origin lock as a site URL that does not use an effective URL, and to plumb it into various places that make process model decisions, such as RPHI::IsSuitableHost(). Bug: 811939, 794315, 791796 Change-Id: Icc9b3c0a04253e581ea35953f3c566308305db59 Reviewed-on: https://chromium-review.googlesource.com/959346 Commit-Queue: Alex Moshchuk <alexmos@chromium.org> Reviewed-by:
Devlin <rdevlin.cronin@chromium.org> Reviewed-by:
Charlie Reis <creis@chromium.org> Cr-Commit-Position: refs/heads/master@{#583895}
71426a90
