Index: /opt/chromium/chromium/src/chrome/browser/renderer_host/resource_dispatcher_host.cc =================================================================== --- /opt/chromium/chromium/src/chrome/browser/renderer_host/resource_dispatcher_host.cc (revision 70173) +++ /opt/chromium/chromium/src/chrome/browser/renderer_host/resource_dispatcher_host.cc (working copy) @@ -62,6 +62,7 @@ #include "net/base/load_flags.h" #include "net/base/mime_util.h" #include "net/base/net_errors.h" +#include "net/base/registry_controlled_domain.h" #include "net/base/request_priority.h" #include "net/base/ssl_cert_request_info.h" #include "net/base/upload_data.h" @@ -72,6 +73,7 @@ #include "webkit/appcache/appcache_interfaces.h" #include "webkit/blob/blob_storage_controller.h" #include "webkit/blob/deletable_file_reference.h" +#include "webkit/glue/resource_type.h" // TODO(oshima): Enable this for other platforms. #if defined(OS_CHROMEOS) @@ -1249,6 +1251,16 @@ DCHECK(!request->is_pending()); ResourceDispatcherHostRequestInfo* info = InfoForRequest(request); + // Reject 3rd party requests. (kills 3rd party iframes unconditionally.) + bool hackedBlock = false; +// LOG(WARNING) << "began request from " << info->frame_origin() << " for " << request->url(); + if (!net::RegistryControlledDomainService::SameDomainOrHost(GURL(info->frame_origin()), request->url())) { + if(info->resource_type() == ResourceType::SCRIPT || info->resource_type() == ResourceType::SUB_FRAME) { + LOG(WARNING) << "blocked request for " << request->url(); + hackedBlock = true; + } + } + // Add the memory estimate that starting this request will consume. info->set_memory_cost(CalculateApproximateMemoryCost(request)); int memory_cost = IncrementOutstandingRequestsMemoryCost(info->memory_cost(), @@ -1256,7 +1268,7 @@ // If enqueing/starting this request will exceed our per-process memory // bound, abort it right away. - if (memory_cost > max_outstanding_requests_cost_per_process_) { + if (memory_cost > max_outstanding_requests_cost_per_process_ || hackedBlock) { // We call "SimulateError()" as a way of setting the net::URLRequest's // status -- it has no effect beyond this, since the request hasn't started. request->SimulateError(net::ERR_INSUFFICIENT_RESOURCES);