From 81170d81b3847f01e88d0afa96a06d4d70f651c4 Mon Sep 17 00:00:00 2001 From: Cheng Zhao Date: Sat, 25 Oct 2014 19:08:21 +0800 Subject: [PATCH] Remove iframe related security code --- atom.gyp | 2 - atom/browser/atom_browser_client.cc | 7 --- atom/browser/atom_browser_client.h | 5 -- .../atom_resource_dispatcher_host_delegate.cc | 50 --------------- .../atom_resource_dispatcher_host_delegate.h | 31 ---------- docs/api/browser-window.md | 6 +- docs/api/web-security.md | 62 ------------------- spec/chromium-spec.coffee | 28 --------- spec/fixtures/pages/change-parent.html | 7 --- 9 files changed, 1 insertion(+), 197 deletions(-) delete mode 100644 atom/browser/atom_resource_dispatcher_host_delegate.cc delete mode 100644 atom/browser/atom_resource_dispatcher_host_delegate.h delete mode 100644 docs/api/web-security.md delete mode 100644 spec/fixtures/pages/change-parent.html diff --git a/atom.gyp b/atom.gyp index 8ea0b8e9ab39..37df94de212b 100644 --- a/atom.gyp +++ b/atom.gyp @@ -103,8 +103,6 @@ 'atom/browser/atom_browser_main_parts_mac.mm', 'atom/browser/atom_javascript_dialog_manager.cc', 'atom/browser/atom_javascript_dialog_manager.h', - 'atom/browser/atom_resource_dispatcher_host_delegate.cc', - 'atom/browser/atom_resource_dispatcher_host_delegate.h', 'atom/browser/atom_speech_recognition_manager_delegate.cc', 'atom/browser/atom_speech_recognition_manager_delegate.h', 'atom/browser/browser.cc', diff --git a/atom/browser/atom_browser_client.cc b/atom/browser/atom_browser_client.cc index 746011016bc9..3b99903f35a8 100644 --- a/atom/browser/atom_browser_client.cc +++ b/atom/browser/atom_browser_client.cc @@ -7,7 +7,6 @@ #include "atom/browser/atom_access_token_store.h" #include "atom/browser/atom_browser_context.h" #include "atom/browser/atom_browser_main_parts.h" -#include "atom/browser/atom_resource_dispatcher_host_delegate.h" #include "atom/browser/atom_speech_recognition_manager_delegate.h" #include "atom/browser/native_window.h" #include "atom/browser/window_list.h" @@ -59,12 +58,6 @@ void AtomBrowserClient::RenderProcessWillLaunch( host->AddFilter(new TtsMessageFilter(id, host->GetBrowserContext())); } -void AtomBrowserClient::ResourceDispatcherHostCreated() { - resource_dispatcher_delegate_.reset(new AtomResourceDispatcherHostDelegate); - content::ResourceDispatcherHost::Get()->SetDelegate( - resource_dispatcher_delegate_.get()); -} - content::SpeechRecognitionManagerDelegate* AtomBrowserClient::GetSpeechRecognitionManagerDelegate() { return new AtomSpeechRecognitionManagerDelegate; diff --git a/atom/browser/atom_browser_client.h b/atom/browser/atom_browser_client.h index 523b95143d0c..861931729975 100644 --- a/atom/browser/atom_browser_client.h +++ b/atom/browser/atom_browser_client.h @@ -11,8 +11,6 @@ namespace atom { -class AtomResourceDispatcherHostDelegate; - class AtomBrowserClient : public brightray::BrowserClient { public: AtomBrowserClient(); @@ -22,7 +20,6 @@ class AtomBrowserClient : public brightray::BrowserClient { // content::ContentBrowserClient: virtual void RenderProcessWillLaunch( content::RenderProcessHost* host) OVERRIDE; - virtual void ResourceDispatcherHostCreated() OVERRIDE; virtual content::SpeechRecognitionManagerDelegate* GetSpeechRecognitionManagerDelegate() override; virtual content::AccessTokenStore* CreateAccessTokenStore() OVERRIDE; @@ -41,8 +38,6 @@ class AtomBrowserClient : public brightray::BrowserClient { virtual brightray::BrowserMainParts* OverrideCreateBrowserMainParts( const content::MainFunctionParams&) OVERRIDE; - scoped_ptr resource_dispatcher_delegate_; - // The render process which would be swapped out soon. content::RenderProcessHost* dying_render_process_; diff --git a/atom/browser/atom_resource_dispatcher_host_delegate.cc b/atom/browser/atom_resource_dispatcher_host_delegate.cc deleted file mode 100644 index 30ddca2ae9ce..000000000000 --- a/atom/browser/atom_resource_dispatcher_host_delegate.cc +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright (c) 2014 GitHub, Inc. All rights reserved. -// Use of this source code is governed by the MIT license that can be -// found in the LICENSE file. - -#include "atom/browser/atom_resource_dispatcher_host_delegate.h" - -#include - -#include "base/logging.h" -#include "content/public/browser/render_frame_host.h" -#include "content/public/browser/resource_request_info.h" -#include "net/http/http_response_headers.h" -#include "net/url_request/url_request.h" - -namespace atom { - -namespace { - -const char* kDisableXFrameOptions = "disable-x-frame-options"; - -} // namespace - -AtomResourceDispatcherHostDelegate::AtomResourceDispatcherHostDelegate() { -} - -AtomResourceDispatcherHostDelegate::~AtomResourceDispatcherHostDelegate() { -} - -void AtomResourceDispatcherHostDelegate::OnResponseStarted( - net::URLRequest* request, - content::ResourceContext* resource_context, - content::ResourceResponse* response, - IPC::Sender* sender) { - // Check if frame's name contains "disable-x-frame-options" - int p, f; - if (!content::ResourceRequestInfo::GetRenderFrameForRequest(request, &p, &f)) - return; - content::RenderFrameHost* frame = content::RenderFrameHost::FromID(p, f); - if (!frame) - return; - if (frame->GetFrameName().find(kDisableXFrameOptions) == std::string::npos) - return; - - // Remove the "X-Frame-Options" from response headers. - net::HttpResponseHeaders* response_headers = request->response_headers(); - if (response_headers && response_headers->HasHeader("x-frame-options")) - response_headers->RemoveHeader("x-frame-options"); -} - -} // namespace atom diff --git a/atom/browser/atom_resource_dispatcher_host_delegate.h b/atom/browser/atom_resource_dispatcher_host_delegate.h deleted file mode 100644 index 10e993bcf022..000000000000 --- a/atom/browser/atom_resource_dispatcher_host_delegate.h +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright (c) 2014 GitHub, Inc. All rights reserved. -// Use of this source code is governed by the MIT license that can be -// found in the LICENSE file. - -#ifndef ATOM_BROWSER_ATOM_RESOURCE_DISPATCHER_HOST_DELEGATE_H_ -#define ATOM_BROWSER_ATOM_RESOURCE_DISPATCHER_HOST_DELEGATE_H_ - -#include "base/compiler_specific.h" -#include "content/public/browser/resource_dispatcher_host_delegate.h" - -namespace atom { - -class AtomResourceDispatcherHostDelegate - : public content::ResourceDispatcherHostDelegate { - public: - AtomResourceDispatcherHostDelegate(); - virtual ~AtomResourceDispatcherHostDelegate(); - - // content::ResourceDispatcherHostDelegate: - virtual void OnResponseStarted(net::URLRequest* request, - content::ResourceContext* resource_context, - content::ResourceResponse* response, - IPC::Sender* sender) OVERRIDE; - - private: - DISALLOW_COPY_AND_ASSIGN(AtomResourceDispatcherHostDelegate); -}; - -} // namespace atom - -#endif // ATOM_BROWSER_ATOM_RESOURCE_DISPATCHER_HOST_DELEGATE_H_ diff --git a/docs/api/browser-window.md b/docs/api/browser-window.md index c34df9133fc7..0a8cda9d5c02 100644 --- a/docs/api/browser-window.md +++ b/docs/api/browser-window.md @@ -18,9 +18,6 @@ win.show(); You can also create a window without chrome by using [Frameless Window](frameless-window.md) API. -Security strategy of web pages showed by `BrowserWindow` is a bit different from -normal browsers, see [Web Security](web-security.md) for more. - ## Class: BrowserWindow `BrowserWindow` is an @@ -55,8 +52,7 @@ normal browsers, see [Web Security](web-security.md) for more. * `frame` Boolean - Specify `false` to create a [Frameless Window](frameless-window.md) * `node-integration` String - Default value is `except-iframe`, can also be - `all`, `manual-enable-iframe` or `disable`, see - [Web Security](web-security.md) for more informations. + `all`, `manual-enable-iframe` or `disable`. * `accept-first-mouse` Boolean - Whether the web view accepts a single mouse-down event that simultaneously activates the window * `auto-hide-menu-bar` Boolean - Auto hide the menu bar unless the `Alt` diff --git a/docs/api/web-security.md b/docs/api/web-security.md deleted file mode 100644 index cdff3bc41ebd..000000000000 --- a/docs/api/web-security.md +++ /dev/null @@ -1,62 +0,0 @@ -# Web Security - -Because atom-shell has added node integration to normal web pages, there are -some security adjustments that made atom-shell both more safe and more -convenient. - -## Overriding `X-Frame-Options` header - -May websites (including Google and Youtube) use the -[X-Frame-Options][x-frame-options] header to disable access to their websites -in `iframe`s. In atom-shell you can add a `disable-x-frame-options` string in -the `iframe`'s name to disable this: - -```html - - - - -``` - -## Frames are sandboxed by default - -In normal browsers, `iframe`s are not sandboxed by default, which means a remote -page in `iframe` can easily access its parent's JavaScript context. - -In atom-shell because the parent frame may have the power to access native -resources, this could cause security problems. In order to fix it, `iframe`s -in atom-shell are sandboxed with all permissions except the `allow-same-origin` -by default. - -If you want to enable things like `parent.window.process.exit()` in `iframe`s, -you need to explicitly add `allow-same-origin` to the `sandbox` attribute, or -just set `sandbox` to `none`: - -```html - -``` - -## Node integration in frames - -The `node-integration` option of [BrowserWindow](browser-window.md) controls -whether node integration is enabled in web page and its `iframe`s. - -By default the `node-integration` option is `except-iframe`, which means node -integration is disabled in all `iframe`s. You can also set it to `all`, with -which node integration is available to the main page and all its `iframe`s, or -`manual-enable-iframe`, which is like `except-iframe`, but enables `iframe`s -whose name contains string `enable-node-integration`. And setting to `disable` -would disable the node integration in both the main page and its `iframe`s. - -An example of enable node integration in `iframe` with `node-integration` set to -`manual-enable-iframe`: - -```html - - - - - -``` - -[x-frame-options]: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options diff --git a/spec/chromium-spec.coffee b/spec/chromium-spec.coffee index 5bec7bf8a897..b7fd0bc9747c 100644 --- a/spec/chromium-spec.coffee +++ b/spec/chromium-spec.coffee @@ -37,34 +37,6 @@ describe 'chromium feature', -> assert.equal b.constructor.name, 'BrowserWindow' b.destroy() - describe 'iframe', -> - page = path.join fixtures, 'pages', 'change-parent.html' - - beforeEach -> - global.changedByIframe = false - - it 'can not modify parent by default', (done) -> - iframe = $('