mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Remove iframe related security code

Browse source
This commit is contained in:
Cheng Zhao 2014-10-25 19:08:21 +08:00
parent e7825da0f8
commit 81170d81b3
9 changed files with 1 additions and 197 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
atom.gyp
View file

@ -103,8 +103,6 @@
'atom/browser/atom_browser_main_parts_mac.mm', 'atom/browser/atom_browser_main_parts_mac.mm',
'atom/browser/atom_javascript_dialog_manager.cc', 'atom/browser/atom_javascript_dialog_manager.cc',
'atom/browser/atom_javascript_dialog_manager.h', 'atom/browser/atom_javascript_dialog_manager.h',
'atom/browser/atom_resource_dispatcher_host_delegate.cc',
'atom/browser/atom_resource_dispatcher_host_delegate.h',
'atom/browser/atom_speech_recognition_manager_delegate.cc', 'atom/browser/atom_speech_recognition_manager_delegate.cc',
'atom/browser/atom_speech_recognition_manager_delegate.h', 'atom/browser/atom_speech_recognition_manager_delegate.h',
'atom/browser/browser.cc', 'atom/browser/browser.cc',

7
atom/browser/atom_browser_client.cc
View file

@ -7,7 +7,6 @@
#include "atom/browser/atom_access_token_store.h" #include "atom/browser/atom_access_token_store.h"
#include "atom/browser/atom_browser_context.h" #include "atom/browser/atom_browser_context.h"
#include "atom/browser/atom_browser_main_parts.h" #include "atom/browser/atom_browser_main_parts.h"
#include "atom/browser/atom_resource_dispatcher_host_delegate.h"
#include "atom/browser/atom_speech_recognition_manager_delegate.h" #include "atom/browser/atom_speech_recognition_manager_delegate.h"
#include "atom/browser/native_window.h" #include "atom/browser/native_window.h"
#include "atom/browser/window_list.h" #include "atom/browser/window_list.h"
@ -59,12 +58,6 @@ void AtomBrowserClient::RenderProcessWillLaunch(
host->AddFilter(new TtsMessageFilter(id, host->GetBrowserContext())); host->AddFilter(new TtsMessageFilter(id, host->GetBrowserContext()));
} }
void AtomBrowserClient::ResourceDispatcherHostCreated() {
resource_dispatcher_delegate_.reset(new AtomResourceDispatcherHostDelegate);
content::ResourceDispatcherHost::Get()->SetDelegate(
resource_dispatcher_delegate_.get());
}
content::SpeechRecognitionManagerDelegate* content::SpeechRecognitionManagerDelegate*
AtomBrowserClient::GetSpeechRecognitionManagerDelegate() { AtomBrowserClient::GetSpeechRecognitionManagerDelegate() {
return new AtomSpeechRecognitionManagerDelegate; return new AtomSpeechRecognitionManagerDelegate;

5
atom/browser/atom_browser_client.h
View file

@ -11,8 +11,6 @@
namespace atom { namespace atom {
class AtomResourceDispatcherHostDelegate;
class AtomBrowserClient : public brightray::BrowserClient { class AtomBrowserClient : public brightray::BrowserClient {
public: public:
AtomBrowserClient(); AtomBrowserClient();
@ -22,7 +20,6 @@ class AtomBrowserClient : public brightray::BrowserClient {
// content::ContentBrowserClient: // content::ContentBrowserClient:
virtual void RenderProcessWillLaunch( virtual void RenderProcessWillLaunch(
content::RenderProcessHost* host) OVERRIDE; content::RenderProcessHost* host) OVERRIDE;
virtual void ResourceDispatcherHostCreated() OVERRIDE;
virtual content::SpeechRecognitionManagerDelegate* virtual content::SpeechRecognitionManagerDelegate*
GetSpeechRecognitionManagerDelegate() override; GetSpeechRecognitionManagerDelegate() override;
virtual content::AccessTokenStore* CreateAccessTokenStore() OVERRIDE; virtual content::AccessTokenStore* CreateAccessTokenStore() OVERRIDE;
@ -41,8 +38,6 @@ class AtomBrowserClient : public brightray::BrowserClient {
virtual brightray::BrowserMainParts* OverrideCreateBrowserMainParts( virtual brightray::BrowserMainParts* OverrideCreateBrowserMainParts(
const content::MainFunctionParams&) OVERRIDE; const content::MainFunctionParams&) OVERRIDE;
scoped_ptr<AtomResourceDispatcherHostDelegate> resource_dispatcher_delegate_;
// The render process which would be swapped out soon. // The render process which would be swapped out soon.
content::RenderProcessHost* dying_render_process_; content::RenderProcessHost* dying_render_process_;

50
atom/browser/atom_resource_dispatcher_host_delegate.cc
View file

@ -1,50 +0,0 @@
// Copyright (c) 2014 GitHub, Inc. All rights reserved.
// Use of this source code is governed by the MIT license that can be
// found in the LICENSE file.
#include "atom/browser/atom_resource_dispatcher_host_delegate.h"
#include <string>
#include "base/logging.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/resource_request_info.h"
#include "net/http/http_response_headers.h"
#include "net/url_request/url_request.h"
namespace atom {
namespace {
const char* kDisableXFrameOptions = "disable-x-frame-options";
} // namespace
AtomResourceDispatcherHostDelegate::AtomResourceDispatcherHostDelegate() {
}
AtomResourceDispatcherHostDelegate::~AtomResourceDispatcherHostDelegate() {
}
void AtomResourceDispatcherHostDelegate::OnResponseStarted(
net::URLRequest* request,
content::ResourceContext* resource_context,
content::ResourceResponse* response,
IPC::Sender* sender) {
// Check if frame's name contains "disable-x-frame-options"
int p, f;
if (!content::ResourceRequestInfo::GetRenderFrameForRequest(request, &p, &f))
return;
content::RenderFrameHost* frame = content::RenderFrameHost::FromID(p, f);
if (!frame)
return;
if (frame->GetFrameName().find(kDisableXFrameOptions) == std::string::npos)
return;
// Remove the "X-Frame-Options" from response headers.
net::HttpResponseHeaders* response_headers = request->response_headers();
if (response_headers && response_headers->HasHeader("x-frame-options"))
response_headers->RemoveHeader("x-frame-options");
}
} // namespace atom

31
atom/browser/atom_resource_dispatcher_host_delegate.h
View file

@ -1,31 +0,0 @@
// Copyright (c) 2014 GitHub, Inc. All rights reserved.
// Use of this source code is governed by the MIT license that can be
// found in the LICENSE file.
#ifndef ATOM_BROWSER_ATOM_RESOURCE_DISPATCHER_HOST_DELEGATE_H_
#define ATOM_BROWSER_ATOM_RESOURCE_DISPATCHER_HOST_DELEGATE_H_
#include "base/compiler_specific.h"
#include "content/public/browser/resource_dispatcher_host_delegate.h"
namespace atom {
class AtomResourceDispatcherHostDelegate
: public content::ResourceDispatcherHostDelegate {
public:
AtomResourceDispatcherHostDelegate();
virtual ~AtomResourceDispatcherHostDelegate();
// content::ResourceDispatcherHostDelegate:
virtual void OnResponseStarted(net::URLRequest* request,
content::ResourceContext* resource_context,
content::ResourceResponse* response,
IPC::Sender* sender) OVERRIDE;
private:
DISALLOW_COPY_AND_ASSIGN(AtomResourceDispatcherHostDelegate);
};
} // namespace atom
#endif // ATOM_BROWSER_ATOM_RESOURCE_DISPATCHER_HOST_DELEGATE_H_

6
docs/api/browser-window.md
View file

@ -18,9 +18,6 @@ win.show();
You can also create a window without chrome by using You can also create a window without chrome by using
[Frameless Window](frameless-window.md) API. [Frameless Window](frameless-window.md) API.
Security strategy of web pages showed by `BrowserWindow` is a bit different from
normal browsers, see [Web Security](web-security.md) for more.
## Class: BrowserWindow ## Class: BrowserWindow
`BrowserWindow` is an `BrowserWindow` is an
@ -55,8 +52,7 @@ normal browsers, see [Web Security](web-security.md) for more.
* `frame` Boolean - Specify `false` to create a * `frame` Boolean - Specify `false` to create a
[Frameless Window](frameless-window.md) [Frameless Window](frameless-window.md)
* `node-integration` String - Default value is `except-iframe`, can also be * `node-integration` String - Default value is `except-iframe`, can also be
`all`, `manual-enable-iframe` or `disable`, see `all`, `manual-enable-iframe` or `disable`.
[Web Security](web-security.md) for more informations.
* `accept-first-mouse` Boolean - Whether the web view accepts a single * `accept-first-mouse` Boolean - Whether the web view accepts a single
mouse-down event that simultaneously activates the window mouse-down event that simultaneously activates the window
* `auto-hide-menu-bar` Boolean - Auto hide the menu bar unless the `Alt` * `auto-hide-menu-bar` Boolean - Auto hide the menu bar unless the `Alt`

62
docs/api/web-security.md
View file

@ -1,62 +0,0 @@
# Web Security
Because atom-shell has added node integration to normal web pages, there are
some security adjustments that made atom-shell both more safe and more
convenient.
## Overriding `X-Frame-Options` header
May websites (including Google and Youtube) use the
[X-Frame-Options][x-frame-options] header to disable access to their websites
in `iframe`s. In atom-shell you can add a `disable-x-frame-options` string in
the `iframe`'s name to disable this:
```html
<!-- Refused to display -->
<iframe name="google" src="https://google.com"></iframe>
<!-- Loads as expected -->
<iframe name="google-disable-x-frame-options" src="https://google.com"></iframe>
```
## Frames are sandboxed by default
In normal browsers, `iframe`s are not sandboxed by default, which means a remote
page in `iframe` can easily access its parent's JavaScript context.
In atom-shell because the parent frame may have the power to access native
resources, this could cause security problems. In order to fix it, `iframe`s
in atom-shell are sandboxed with all permissions except the `allow-same-origin`
by default.
If you want to enable things like `parent.window.process.exit()` in `iframe`s,
you need to explicitly add `allow-same-origin` to the `sandbox` attribute, or
just set `sandbox` to `none`:
```html
<iframe sandbox="none" src="https://github.com"></iframe>
```
## Node integration in frames
The `node-integration` option of [BrowserWindow](browser-window.md) controls
whether node integration is enabled in web page and its `iframe`s.
By default the `node-integration` option is `except-iframe`, which means node
integration is disabled in all `iframe`s. You can also set it to `all`, with
which node integration is available to the main page and all its `iframe`s, or
`manual-enable-iframe`, which is like `except-iframe`, but enables `iframe`s
whose name contains string `enable-node-integration`. And setting to `disable`
would disable the node integration in both the main page and its `iframe`s.
An example of enable node integration in `iframe` with `node-integration` set to
`manual-enable-iframe`:
```html
<!-- iframe with node integration enabled -->
<iframe name="gh-enable-node-integration" src="https://github.com"></iframe>
<!-- iframe with node integration disabled -->
<iframe src="http://jandan.net"></iframe>
```
[x-frame-options]: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

28
spec/chromium-spec.coffee
View file

@ -37,34 +37,6 @@ describe 'chromium feature', ->
assert.equal b.constructor.name, 'BrowserWindow' assert.equal b.constructor.name, 'BrowserWindow'
b.destroy() b.destroy()
describe 'iframe', ->
page = path.join fixtures, 'pages', 'change-parent.html'
beforeEach ->
global.changedByIframe = false
it 'can not modify parent by default', (done) ->
iframe = $('<iframe>')
iframe.hide()
iframe.attr 'src', "file://#{page}"
iframe.appendTo 'body'
isChanged = ->
iframe.remove()
assert.equal global.changedByIframe, false
done()
setTimeout isChanged, 30
it 'can modify parent when sanbox is set to none', (done) ->
iframe = $('<iframe sandbox="none">')
iframe.hide()
iframe.attr 'src', "file://#{page}"
iframe.appendTo 'body'
isChanged = ->
iframe.remove()
assert.equal global.changedByIframe, true
done()
setTimeout isChanged, 30
describe 'creating a Uint8Array under browser side', -> describe 'creating a Uint8Array under browser side', ->
it 'does not crash', -> it 'does not crash', ->
RUint8Array = require('remote').getGlobal 'Uint8Array' RUint8Array = require('remote').getGlobal 'Uint8Array'

7
spec/fixtures/pages/change-parent.html vendored
View file

@ -1,7 +0,0 @@
<html>
<body>
<script type="text/javascript" charset="utf-8">
window.parent.changedByIframe = true;
</script>
</body>
</html>