Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(442)

Issue 1305253012: Allow 'chrome-extension:' URLs to bypass content settings (1/2) (Closed)

Created:
5 years, 3 months ago by Mike West
Modified:
5 years, 3 months ago
CC:
blink-reviews, blink-reviews-dom_chromium.org, dglazkov+blink, eae+blinkwatch, rwlbuis, sof
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

Allow 'chrome-extension:' URLs to bypass content settings (1/2) We changed the behavior of 'Document::firstPartyForCookies' to return an empty URL in the case where any URL in the ancestor chain doesn't match the current document's URL. Previously, we'd simply return the top-level document's URL. This means that the content-settings bypass check in 'ContentSettingsObserver::IsWhitelistedForContentSettings' sees an empty URL as opposed to a 'chrome-extension://' URL for cases in which an extension loads a resource, so content settings are applied as per usual. This breaks things fairly badly for folks who have turned on third-party cookie blocking. In these patches, we introduce a new scheme registry for those schemes which ought to override Blink's concept of "first-party" when they're loaded into the top-level browsing context. Patch 1 (Blink): [This patch] Patch 2 (Chromium): https://codereview.chromium.org/1332563006 BUG=527963 R=jochen@chromium.org Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=201964

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+49 lines, -1 line) Patch
M Source/core/dom/Document.cpp View 1 chunk +3 lines, -0 lines 0 comments Download
M Source/platform/weborigin/SchemeRegistry.h View 1 chunk +4 lines, -0 lines 0 comments Download
M Source/platform/weborigin/SchemeRegistry.cpp View 2 chunks +21 lines, -0 lines 0 comments Download
M Source/web/WebSecurityPolicy.cpp View 1 chunk +5 lines, -0 lines 0 comments Download
M Source/web/tests/WebDocumentTest.cpp View 2 chunks +13 lines, -1 line 0 comments Download
M public/web/WebSecurityPolicy.h View 1 chunk +3 lines, -0 lines 0 comments Download

Messages

Total messages: 8 (3 generated)
Mike West
Mind taking a look, Jochen?
5 years, 3 months ago (2015-09-09 07:36:18 UTC) #1
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1305253012/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1305253012/1
5 years, 3 months ago (2015-09-09 07:36:45 UTC) #3
jochen (gone - plz use gerrit)
lgtm
5 years, 3 months ago (2015-09-09 07:41:55 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1305253012/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1305253012/1
5 years, 3 months ago (2015-09-09 08:13:08 UTC) #7
commit-bot: I haz the power
5 years, 3 months ago (2015-09-09 09:46:00 UTC) #8
Message was sent while issue was closed.
Committed patchset #1 (id:1) as
https://src.chromium.org/viewvc/blink?view=rev&revision=201964

Powered by Google App Engine
This is Rietveld 408576698