| Index: extensions/browser/url_request_util.cc
|
| diff --git a/extensions/browser/url_request_util.cc b/extensions/browser/url_request_util.cc
|
| index 467e637c274da32ccc96babd3d6311c632e9e858..c7321eb5f08de5e9ede91c4de06eb7dd316a97b8 100644
|
| --- a/extensions/browser/url_request_util.cc
|
| +++ b/extensions/browser/url_request_util.cc
|
| @@ -10,7 +10,6 @@
|
| #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h"
|
| #include "extensions/browser/info_map.h"
|
| #include "extensions/common/extension.h"
|
| -#include "extensions/common/manifest_constants.h"
|
| #include "extensions/common/manifest_handlers/icons_handler.h"
|
| #include "extensions/common/manifest_handlers/web_accessible_resources_info.h"
|
| #include "extensions/common/manifest_handlers/webview_info.h"
|
| @@ -36,18 +35,15 @@ bool AllowCrossRendererResourceLoad(net::URLRequest* request,
|
| info->GetChildID(), &owner_process_id, &owner_extension_id);
|
| const Extension* owner_extension =
|
| extension_info_map->extensions().GetByID(owner_extension_id);
|
| - const WebviewInfo* webview_info =
|
| - owner_extension
|
| - ? static_cast<const WebviewInfo*>(owner_extension->GetManifestData(
|
| - manifest_keys::kWebviewAccessibleResources))
|
| - : nullptr;
|
| std::string partition_id;
|
| bool is_guest = WebViewRendererState::GetInstance()->GetPartitionID(
|
| info->GetChildID(), &partition_id);
|
| std::string resource_path = request->url().path();
|
| - if (is_guest && webview_info &&
|
| - webview_info->IsResourceWebviewAccessible(extension, partition_id,
|
| - resource_path)) {
|
| + // |owner_extension == extension| needs to be checked because extension
|
| + // resources should only be accessible to WebViews owned by that extension.
|
| + if (is_guest && owner_extension == extension &&
|
| + WebviewInfo::IsResourceWebviewAccessible(extension, partition_id,
|
| + resource_path)) {
|
| *allowed = true;
|
| return true;
|
| }
|
|
|