Fix for "chrome://" links in PDFs.

chrome/browser/extensions/chrome_extension_web_contents_observer.cc

Index: chrome/browser/extensions/chrome_extension_web_contents_observer.cc
diff --git a/chrome/browser/extensions/chrome_extension_web_contents_observer.cc b/chrome/browser/extensions/chrome_extension_web_contents_observer.cc
index b692dfbb0e01fcb1cc9de515061cfef4a3cda176..3c6aa49f0c29243a0ae2bc0119e92eb642ee086a 100644
--- a/chrome/browser/extensions/chrome_extension_web_contents_observer.cc
+++ b/chrome/browser/extensions/chrome_extension_web_contents_observer.cc
@@ -8,7 +8,9 @@
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/window_controller.h"
 #include "chrome/common/extensions/chrome_extension_messages.h"
+#include "chrome/common/url_constants.h"
 #include "content/public/browser/browser_context.h"
+#include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
@@ -34,6 +36,37 @@ void ChromeExtensionWebContentsObserver::RenderViewCreated(
     content::RenderViewHost* render_view_host) {
   ReloadIfTerminated(render_view_host);
   ExtensionWebContentsObserver::RenderViewCreated(render_view_host);
+
+  const Extension* extension = GetExtension(render_view_host);
+  if (!extension)
+    return;
+
+  int process_id = render_view_host->GetProcess()->GetID();
+  auto policy = content::ChildProcessSecurityPolicy::GetInstance();
+
+  // Components of chrome that are implemented as extensions are allowed to use
+  // chrome://resources/ URLs.
+  if (extension->is_extension() &&
+      Manifest::IsComponentLocation(extension->location())) {
+    std::string origin_url;
+    base::SStringPrintf(&origin_url, "%s://%s/", content::kChromeUIScheme,

[Devlin, 2015/09/29 19:06:30]

And, both those said, I actually wouldn't be opposed to just adding a
chrome::kChromeUIResourcesURL, but I'll defer to other people's opinions there.

[Devlin, 2015/09/29 19:06:30]

nit: Why SStringPrintf, instead of just StringPrintf?

[Devlin, 2015/09/29 19:06:30]

nit: Also kStandardSchemeSeparator

[Charlie Reis, 2015/09/29 22:15:53]

I'd be happy with that, similar to kChromeUINetworkViewCacheURL and 
kChromeUINetworkViewCacheHost.

[paulmeyer, 2015/09/30 14:21:31]

Done.

[paulmeyer, 2015/09/30 14:21:31]

No particular reason, but I'm taking it out anyways.

[paulmeyer, 2015/09/30 14:21:31]

Done.

[paulmeyer, 2015/09/30 14:21:31]

Acknowledged.

+                        content::kChromeUIResourcesHost);
+    policy->GrantOrigin(process_id, url::Origin(GURL(origin_url)));
+  }
+
+  // Extensions, legacy packaged apps, and component platform apps are allowed
+  // to use chrome://favicon/ and chrome://extension-icon/ URLs. Hosted apps are
+  // not allowed because they are served via web servers (and are generally
+  // never given access to Chrome APIs).
+  if (extension->is_extension() ||
+      extension->is_legacy_packaged_app() ||
+      (extension->is_platform_app() &&
+       Manifest::IsComponentLocation(extension->location()))) {
+    policy->GrantOrigin(process_id,
+                        url::Origin(GURL(chrome::kChromeUIFaviconURL)));
+    policy->GrantOrigin(process_id,
+                        url::Origin(GURL(chrome::kChromeUIExtensionIconURL)));
+  }
 }
 
 bool ChromeExtensionWebContentsObserver::OnMessageReceived(