diff options
Diffstat (limited to 'chromium/content/browser/devtools/devtools_http_handler.cc')
-rw-r--r-- | chromium/content/browser/devtools/devtools_http_handler.cc | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/chromium/content/browser/devtools/devtools_http_handler.cc b/chromium/content/browser/devtools/devtools_http_handler.cc index 78e4d0a6b13..6da55042282 100644 --- a/chromium/content/browser/devtools/devtools_http_handler.cc +++ b/chromium/content/browser/devtools/devtools_http_handler.cc @@ -10,6 +10,7 @@ #include <utility> #include "base/bind.h" +#include "base/command_line.h" #include "base/compiler_specific.h" #include "base/files/file_util.h" #include "base/guid.h" @@ -38,6 +39,7 @@ #include "content/public/browser/devtools_manager_delegate.h" #include "content/public/browser/devtools_socket_factory.h" #include "content/public/common/content_client.h" +#include "content/public/common/content_switches.h" #include "content/public/common/url_constants.h" #include "content/public/common/user_agent.h" #include "net/base/io_buffer.h" @@ -752,6 +754,13 @@ void DevToolsHttpHandler::OnWebSocketRequest( if (!thread_) return; + if (request.headers.count("origin") && + !remote_allow_origins_.count(request.headers.at("origin")) && + !remote_allow_origins_.count("*")) { + Send403(connection_id); + return; + } + if (base::StartsWith(request.path, browser_guid_, base::CompareCase::SENSITIVE)) { scoped_refptr<DevToolsAgentHost> browser_agent = @@ -823,6 +832,14 @@ DevToolsHttpHandler::DevToolsHttpHandler( output_directory, debug_frontend_dir, browser_guid_, delegate_->HasBundledFrontendResources())); } + std::string remote_allow_origins = base::ToLowerASCII( + base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII( + switches::kRemoteAllowOrigins)); + + auto origins = + base::SplitString(remote_allow_origins, ",", base::TRIM_WHITESPACE, + base::SPLIT_WANT_NONEMPTY); + remote_allow_origins_.insert(origins.begin(), origins.end()); } void DevToolsHttpHandler::ServerStarted( @@ -882,6 +899,18 @@ void DevToolsHttpHandler::Send404(int connection_id) { base::Unretained(server_wrapper_.get()), connection_id)); } +void DevToolsHttpHandler::Send403(int connection_id) { + if (!thread_) { + return; + } + net::HttpServerResponseInfo response(net::HTTP_FORBIDDEN); + response.SetBody(std::string(), "text/html"); + thread_->task_runner()->PostTask( + FROM_HERE, base::BindOnce(&ServerWrapper::SendResponse, + base::Unretained(server_wrapper_.get()), + connection_id, response)); +} + void DevToolsHttpHandler::Send500(int connection_id, const std::string& message) { if (!thread_) |