Commit f111676a authored by Cammie Smith Barnes's avatar Cammie Smith Barnes Committed by Commit Bot

Split cache: For PlzDedicatedWorker, walk up frame tree to compute NIK.

We walk up the render frame tree via RenderFrameHostImpl::GetParent()
and then use GetLastCommittedOrigin() of the frame tree's root as
top-frame origin for the network isolation key.  This change is to
address a potential race condition where the root frame tree node may
have been now associated with a different document.

Bug: 986167
Change-Id: I9196f70939f82c6c9ac62d5828329688db97bac7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1741644
Commit-Queue: Cammie Smith Barnes <cammie@chromium.org>
Reviewed-by: default avatarMatt Falkenhagen <falken@chromium.org>
Reviewed-by: default avatarShivani Sharma <shivanisha@chromium.org>
Cr-Commit-Position: refs/heads/master@{#686146}
parent a155bfe4
......@@ -91,26 +91,40 @@ void DedicatedWorkerHost::StartScriptLoad(
auto* storage_partition_impl = static_cast<StoragePartitionImpl*>(
worker_process_host->GetStoragePartition());
// Compute network isolation key.
RenderFrameHostImpl* ancestor_render_frame_host =
// Get nearest ancestor render frame host in order to determine the
// top-frame origin to use for the network isolation key.
RenderFrameHostImpl* nearest_ancestor_render_frame_host =
GetAncestorRenderFrameHost();
if (!ancestor_render_frame_host) {
if (!nearest_ancestor_render_frame_host) {
client_->OnScriptLoadStartFailed();
return;
}
// Get the origin of the frame tree's root to use as top-frame origin.
// TODO(crbug.com/986167): Resolve issue of potential race condition.
url::Origin top_frame_origin(ancestor_render_frame_host->frame_tree_node()
->frame_tree()
->root()
->current_origin());
// Walk up the RenderFrameHostImpl::GetParent() chain to get to the top
// RenderFrameHostImpl, instead of using the frame tree node.
// If the root has already navigated to a different render frame host by
// the time that we get here, the old root render frame host should still
// be around in pending deletion state (i.e. running its unload handler)
// and reachable via this walk even though it's no longer the same as
// root()->current_frame_host(). The old root render frame host will still
// have its old origin in GetLastCommittedOrigin(). See crbug.com/986167
RenderFrameHostImpl* top_frame = nullptr;
for (RenderFrameHostImpl* frame = nearest_ancestor_render_frame_host; frame;
frame = frame->GetParent()) {
top_frame = frame;
}
// Compute the network isolation key using the old root's last committed
// origin as top-frame origin.
url::Origin top_frame_origin(top_frame->GetLastCommittedOrigin());
url::Origin current_frame_origin(
ancestor_render_frame_host->GetLastCommittedOrigin());
nearest_ancestor_render_frame_host->GetLastCommittedOrigin());
network_isolation_key_ =
net::NetworkIsolationKey(top_frame_origin, current_frame_origin);
// Get a storage domain.
SiteInstance* site_instance = ancestor_render_frame_host->GetSiteInstance();
SiteInstance* site_instance =
nearest_ancestor_render_frame_host->GetSiteInstance();
if (!site_instance) {
client_->OnScriptLoadStartFailed();
return;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment