Fix in-page logic for allow_universal_access_from_files.

content/browser/frame_host/navigation_controller_impl.cc

Index: content/browser/frame_host/navigation_controller_impl.cc
diff --git a/content/browser/frame_host/navigation_controller_impl.cc b/content/browser/frame_host/navigation_controller_impl.cc
index ce13a1605d44d5078abbbaa310eb403700cf2e61..194a0e87499083a111e4e0f7db41cbe078dba168 100644
--- a/content/browser/frame_host/navigation_controller_impl.cc
+++ b/content/browser/frame_host/navigation_controller_impl.cc
@@ -1382,6 +1382,9 @@ bool NavigationControllerImpl::IsURLInPageNavigation(
   }
 
   WebPreferences prefs = rfh->GetRenderViewHost()->GetWebkitPreferences();
+  const url::Origin& committed_origin = static_cast<RenderFrameHostImpl*>(rfh)
+                                            ->frame_tree_node()
+                                            ->current_origin();
   bool is_same_origin = last_committed_url.is_empty() ||
                         // TODO(japhet): We should only permit navigations
                         // originating from about:blank to be in-page if the
@@ -1393,7 +1396,7 @@ bool NavigationControllerImpl::IsURLInPageNavigation(
                         last_committed_url.GetOrigin() == url.GetOrigin() ||

[Charlie Reis, 2015/11/19 23:10:13]

I thought about updating this to use committed_origin as well, but that seems
risky-- GetOrigin() returns a GURL, not an Origin.  I don't think they'll agree
in all cases.

[alexmos, 2015/11/20 18:07:36]

Acknowledged.

                         !prefs.web_security_enabled ||
                         (prefs.allow_universal_access_from_file_urls &&
-                         last_committed_url.SchemeIs(url::kFileScheme));
+                         committed_origin.scheme() == url::kFileScheme);
   if (!is_same_origin && renderer_says_in_page) {
     bad_message::ReceivedBadMessage(rfh->GetProcess(),
                                     bad_message::NC_IN_PAGE_NAVIGATION);