Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(172)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 6478019: Temporarily disable restrictions on who can request chrome-extension:// (Closed)

Created:
9 years, 10 months ago by Aaron Boodman
Modified:
9 years, 6 months ago
Reviewers:
Matt Perry
CC:
chromium-reviews, Erik does not do reviews, Paweł Hajdan Jr., pam+watch_chromium.org, brettw-cc_chromium.org, darin-cc_chromium.org
Visibility:
Public.

Description

Temporarily disable restrictions on who can request chrome-extension://. These checks were causing lots of subtle bugs and fixing them will be difficult to get correct for the upcoming milestone. The checks were originally intended to be an 'extra line of defense' and are not critical for security. I will reintroduce them separately on trunk. BUG=72455, 72407 Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=74511

Patch Set 1 #

Total comments: 2

Patch Set 2 : different approach #

Patch Set 3 : whitespace #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+17 lines, -32 lines) Patch
M chrome/browser/extensions/extension_resource_request_policy_apitest.cc View 1 1 chunk +8 lines, -5 lines 0 comments Download
M chrome/renderer/extensions/extension_resource_request_policy.cc View 1 2 chunks +6 lines, -27 lines 1 comment Download
A chrome/test/data/extensions/api_test/extension_resource_request_policy/non_existent_extension.html View 1 1 chunk +3 lines, -0 lines 0 comments Download

Messages

Total messages: 5 (0 generated)
Aaron Boodman
http://codereview.chromium.org/6478019/diff/1/chrome/common/render_messages_params.cc File chrome/common/render_messages_params.cc (left): http://codereview.chromium.org/6478019/diff/1/chrome/common/render_messages_params.cc#oldcode303 chrome/common/render_messages_params.cc:303: extension_manifest_keys::kApp We were not copying the content_scripts key, which ...
9 years, 10 months ago (2011-02-10 05:25:50 UTC) #1
Aaron Boodman
Ugh, this does not work. Hold off reviewing for now please.
9 years, 10 months ago (2011-02-10 08:07:52 UTC) #2
Aaron Boodman
Ok, this is a different approach that just disables the most complex of the checks ...
9 years, 10 months ago (2011-02-10 19:44:09 UTC) #3
Matt Perry
http://codereview.chromium.org/6478019/diff/12/chrome/renderer/extensions/extension_resource_request_policy.cc File chrome/renderer/extensions/extension_resource_request_policy.cc (left): http://codereview.chromium.org/6478019/diff/12/chrome/renderer/extensions/extension_resource_request_policy.cc#oldcode40 chrome/renderer/extensions/extension_resource_request_policy.cc:40: // Otherwise, pages are allowed to load resources from ...
9 years, 10 months ago (2011-02-10 19:50:57 UTC) #4
Matt Perry
9 years, 10 months ago (2011-02-10 19:55:39 UTC) #5 
lgtm

Powered by Google App Engine
This is Rietveld 408576698