DescriptionAllow 'chrome-extension:' URLs to bypass content settings (1/2)
We changed the behavior of 'Document::firstPartyForCookies' to return an
empty URL in the case where any URL in the ancestor chain doesn't match
the current document's URL. Previously, we'd simply return the top-level
document's URL.
This means that the content-settings bypass check in
'ContentSettingsObserver::IsWhitelistedForContentSettings' sees an empty
URL as opposed to a 'chrome-extension://' URL for cases in which an
extension loads a resource, so content settings are applied as per usual.
This breaks things fairly badly for folks who have turned on third-party
cookie blocking.
In these patches, we introduce a new scheme registry for those schemes
which ought to override Blink's concept of "first-party" when they're
loaded into the top-level browsing context.
Patch 1 (Blink): [This patch]
Patch 2 (Chromium): https://codereview.chromium.org/1332563006
BUG=527963
R=jochen@chromium.org
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=201964
Patch Set 1 #
Messages
Total messages: 8 (3 generated)
|