Google Git
Sign in
chromium / chromium / src.git / c1df004861ab704945d31a0d207bb7f4c205e60c
commitc1df004861ab704945d31a0d207bb7f4c205e60c[log] [tgz]
authorTakeshi Yoshino <tyoshino@chromium.org>Mon Feb 19 05:25:55 2018
committerCommit Bot <commit-bot@chromium.org>Mon Feb 19 05:25:55 2018
treecc5eafc706313a7b43bdac00b2e48d7cff99ae75
parentd356217626d029ab76d4355e0fdfe5f744266a35 [diff]
Stop reusing MemoryCache entries for requests with a different source origin.

ResourceFetcher/ResourceLoader now saves the result of the CORS check on
the Resource object. Though the result of the CORS check varies
depending on the source origin, reusing an existing resource fetched by
a different source origin is allowed by mistake.

This patch introduces a logic to prevent MemoryCache entries from being
reused for requests with a different source (requestor) origin by saving
the source origin on the Resource object and comparing that with the new
source origin in Resource::CanReuse(), so that the result of the CORS
check is reused only when the source origin is the same.

An alternative possibly-better approach is to isolate MemoryCache for
different origins by changing the cache identifier to take into account
the source origin of requests. However, to keep the patch small and fix
the issue quickly, this patch just prevents reuse.

Bug: 799477, 809350
Change-Id: Ib96c9e728abe969a53f3d80519118a83392067b4
Reviewed-on: https://chromium-review.googlesource.com/897040
Commit-Queue: Takeshi Yoshino <tyoshino@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#537580}
15 files changed
tree: cc5eafc706313a7b43bdac00b2e48d7cff99ae75
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. blink/
  6. build/
  7. build_overrides/
  8. cc/
  9. chrome/
  10. chrome_cleaner/
  11. chrome_elf/
  12. chromecast/
  13. chromeos/
  14. cloud_print/
  15. components/
  16. content/
  17. courgette/
  18. crypto/
  19. dbus/
  20. device/
  21. docs/
  22. extensions/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. jingle/
  32. mash/
  33. media/
  34. mojo/
  35. native_client_sdk/
  36. net/
  37. notification_helper/
  38. pdf/
  39. ppapi/
  40. printing/
  41. remoting/
  42. rlz/
  43. sandbox/
  44. services/
  45. skia/
  46. sql/
  47. storage/
  48. styleguide/
  49. testing/
  50. third_party/
  51. tools/
  52. ui/
  53. url/
  54. .clang-format
  55. .eslintrc.js
  56. .git-blame-ignore-revs
  57. .gitattributes
  58. .gitignore
  59. .gn
  60. .vpython
  61. AUTHORS
  62. BUILD.gn
  63. CODE_OF_CONDUCT.md
  64. codereview.settings
  65. DEPS
  66. ENG_REVIEW_OWNERS
  67. LICENSE
  68. LICENSE.chromium_os
  69. OWNERS
  70. PRESUBMIT.py
  71. PRESUBMIT_test.py
  72. PRESUBMIT_test_mocks.py
  73. README.md
  74. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .