Index: content/browser/download/url_downloader.cc |
diff --git a/content/browser/download/url_downloader.cc b/content/browser/download/url_downloader.cc |
index aea18cc02d4f3f35f68a2cf22862c77c7aaa603b..165fe7b453cf15c1156a323e5a46dbbfa8e37bf8 100644 |
--- a/content/browser/download/url_downloader.cc |
+++ b/content/browser/download/url_downloader.cc |
@@ -116,7 +116,15 @@ void UrlDownloader::OnReceivedRedirect(net::URLRequest* request, |
const net::RedirectInfo& redirect_info, |
bool* defer_redirect) { |
DVLOG(1) << "OnReceivedRedirect: " << request_->url().spec(); |
- request_->CancelWithError(net::ERR_ABORTED); |
+ |
+ // We are going to block redirects even if DownloadRequestCore allows it. No |
+ // redirects are expected for download requests that are made without a |
+ // renderer, which are currently exclusively resumption requests. Since there |
+ // is no security policy being applied here, it's safer to block redirects and |
+ // revisit if some previously unknown legitimate use case arises for redirects |
+ // while resuming. |
+ core_.OnWillAbort(DOWNLOAD_INTERRUPT_REASON_SERVER_UNREACHABLE); |
+ request_->CancelWithError(net::ERR_UNSAFE_REDIRECT); |
} |
void UrlDownloader::OnResponseStarted(net::URLRequest* request) { |