DescriptionAllow 'chrome-extension:' URLs to bypass content settings (1/2)
We changed the behavior of 'Document::firstPartyForCookies' to return an
empty URL in the case where any URL in the ancestor chain doesn't match
the current document's URL. Previously, we'd simply return the top-level
document's URL.
This means that the content-settings bypass check in
'ContentSettingsObserver::IsWhitelistedForContentSettings' sees an empty
URL as opposed to a 'chrome-extension://' URL for cases in which an
extension loads a resource, so content settings are applied as per usual.
This breaks things fairly badly for folks who have turned on third-party
cookie blocking.
In these patches, we introduce a new scheme registry for those schemes
which ought to override Blink's concept of "first-party" when they're
loaded into the top-level browsing context.
Patch 1 (Blink): https://codereview.chromium.org/1305253012
Patch 2 (Chromium): [This patch]
BUG=527963
R=jochen@chromium.org
Committed: https://crrev.com/cfed7a300606c5eedb858433b37db5ffadf3b2cc
Cr-Commit-Position: refs/heads/master@{#348194}
Patch Set 1 #
Total comments: 1
Patch Set 2 : Rebase #Messages
Total messages: 19 (7 generated)
|