Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(137)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 169053005: Allow cross-origin XHR in unblessed extension context (Closed)

Created:
6 years, 10 months ago by robwu
Modified:
6 years, 9 months ago
CC:
chromium-reviews, chromium-apps-reviews_chromium.org, extensions-reviews_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Visibility:
Public.

Description

Allow cross-origin XHR in unblessed extension context Allow non-sandboxed extension pages in a non-extension process to use cross-origin XHR when the extension has the correct permissions. Removed duplicate XHR origin whitelisting logic. Now the XHR origin logic for content scripts is identical to the extension's. Contributed by Rob Wu <rob@robwu.nl>; BUG=302548 TEST=Follow the steps-to-reproduce in the linked bug. Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=254951

Patch Set 1 #

Total comments: 1

Patch Set 2 : Refactor content script origin logic #

Total comments: 1

Patch Set 3 : Combine origin whitelist logic #

Patch Set 4 : disable chrome://extension-icon for non-extension contexts #

Total comments: 1

Patch Set 5 : remove curly braces #

Unified diffs Side-by-side diffs Delta from patch set Stats (+10 lines, -35 lines) Patch
M chrome/renderer/extensions/dispatcher.h View 1 2 3 1 chunk +2 lines, -1 line 0 comments Download
M chrome/renderer/extensions/dispatcher.cc View 1 2 3 4 4 chunks +8 lines, -5 lines 0 comments Download
M chrome/renderer/extensions/user_script_slave.h View 1 1 chunk +0 lines, -3 lines 0 comments Download
M chrome/renderer/extensions/user_script_slave.cc View 1 2 chunks +0 lines, -26 lines 0 comments Download

Messages

Total messages: 16 (0 generated)
robwu
This fix allows framed extensions pages to use XHR with the extensions host permissions. It ...
6 years, 10 months ago (2014-02-19 00:12:55 UTC) #1
Matt Perry
I've added a comment on the bug. Please take a look there.
6 years, 10 months ago (2014-02-19 01:56:15 UTC) #2
not at google - send to devlin
https://codereview.chromium.org/169053005/diff/1/chrome/renderer/extensions/dispatcher.cc File chrome/renderer/extensions/dispatcher.cc (right): https://codereview.chromium.org/169053005/diff/1/chrome/renderer/extensions/dispatcher.cc#newcode1141 chrome/renderer/extensions/dispatcher.cc:1141: } if you extend this to all extension contexts ...
6 years, 10 months ago (2014-02-19 17:10:51 UTC) #3
robwu
On 2014/02/19 17:10:51, kalman wrote: > https://codereview.chromium.org/169053005/diff/1/chrome/renderer/extensions/dispatcher.cc > File chrome/renderer/extensions/dispatcher.cc (right): > > https://codereview.chromium.org/169053005/diff/1/chrome/renderer/extensions/dispatcher.cc#newcode1141 > ...
6 years, 10 months ago (2014-02-19 18:06:14 UTC) #4
not at google - send to devlin
https://codereview.chromium.org/169053005/diff/60001/chrome/renderer/extensions/dispatcher.cc File chrome/renderer/extensions/dispatcher.cc (right): https://codereview.chromium.org/169053005/diff/60001/chrome/renderer/extensions/dispatcher.cc#newcode1136 chrome/renderer/extensions/dispatcher.cc:1136: if (context_type == Feature::CONTENT_SCRIPT_CONTEXT || did "if (extension)" not ...
6 years, 10 months ago (2014-02-19 18:28:20 UTC) #5
robwu
On 2014/02/19 18:28:20, kalman wrote: > https://codereview.chromium.org/169053005/diff/60001/chrome/renderer/extensions/dispatcher.cc > File chrome/renderer/extensions/dispatcher.cc (right): > > https://codereview.chromium.org/169053005/diff/60001/chrome/renderer/extensions/dispatcher.cc#newcode1136 > ...
6 years, 10 months ago (2014-02-19 21:34:27 UTC) #6
robwu
Ping @kalman
6 years, 9 months ago (2014-03-02 15:02:40 UTC) #7
not at google - send to devlin
lgtm https://codereview.chromium.org/169053005/diff/160001/chrome/renderer/extensions/dispatcher.cc File chrome/renderer/extensions/dispatcher.cc (right): https://codereview.chromium.org/169053005/diff/160001/chrome/renderer/extensions/dispatcher.cc#newcode1137 chrome/renderer/extensions/dispatcher.cc:1137: } nit: no curlies.
6 years, 9 months ago (2014-03-03 19:57:48 UTC) #8
robwu
The CQ bit was checked by rob@robwu.nl
6 years, 9 months ago (2014-03-04 09:53:39 UTC) #9
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/rob@robwu.nl/169053005/200001
6 years, 9 months ago (2014-03-04 10:09:13 UTC) #10
commit-bot: I haz the power
The CQ bit was unchecked by commit-bot@chromium.org
6 years, 9 months ago (2014-03-04 17:57:48 UTC) #11
commit-bot: I haz the power
The commit queue went berserk retrying too often for a seemingly flaky test on builder ...
6 years, 9 months ago (2014-03-04 17:57:49 UTC) #12
robwu
The CQ bit was checked by rob@robwu.nl
6 years, 9 months ago (2014-03-04 23:39:54 UTC) #13
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/rob@robwu.nl/169053005/200001
6 years, 9 months ago (2014-03-04 23:40:44 UTC) #14
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/rob@robwu.nl/169053005/200001
6 years, 9 months ago (2014-03-05 01:19:24 UTC) #15
commit-bot: I haz the power
6 years, 9 months ago (2014-03-05 06:03:45 UTC) #16
Message was sent while issue was closed. 
Change committed as 254951

Powered by Google App Engine
This is Rietveld 408576698