Index: content/browser/webui/url_data_manager_backend.cc |
diff --git a/content/browser/webui/url_data_manager_backend.cc b/content/browser/webui/url_data_manager_backend.cc |
index ff5d602d4225626ca13b2b0a8f099e6024688e2c..c74928dc8268fca28fb70675bd72dd4a9bef8e34 100644 |
--- a/content/browser/webui/url_data_manager_backend.cc |
+++ b/content/browser/webui/url_data_manager_backend.cc |
@@ -269,12 +269,18 @@ void URLRequestChromeJob::Start() { |
request_, &render_process_id, &unused); |
if (!is_renderer_request) |
render_process_id = kNoRenderProcessId; |
- BrowserThread::PostTask( |
- BrowserThread::UI, |
- FROM_HERE, |
- base::Bind(&URLRequestChromeJob::CheckStoragePartitionMatches, |
- render_process_id, request_->url(), |
- weak_factory_.GetWeakPtr())); |
+ |
+ if (!is_renderer_request || request_->url().SchemeIs(kChromeUIScheme)) { |
+ StartAsync(true); |
+ } else { |
+ BrowserThread::PostTask( |
+ BrowserThread::UI, |
+ FROM_HERE, |
+ base::Bind(&URLRequestChromeJob::CheckStoragePartitionMatches, |
+ render_process_id, request_->url(), |
+ weak_factory_.GetWeakPtr())); |
+ } |
+ |
TRACE_EVENT_ASYNC_BEGIN1("browser", "DataManager:Request", this, "URL", |
request_->url().possibly_invalid_spec()); |
} |
@@ -396,25 +402,12 @@ void URLRequestChromeJob::CheckStoragePartitionMatches( |
// exploited renderer pretending to add them as a subframe. We skip this check |
// for resources. |
bool allowed = false; |
- std::vector<std::string> hosts; |
- GetContentClient()-> |
- browser()->GetAdditionalWebUIHostsToIgnoreParititionCheck(&hosts); |
- if (url.SchemeIs(kChromeUIScheme) && |
- (url.SchemeIs(kChromeUIScheme) || |
- std::find(hosts.begin(), hosts.end(), url.host()) != hosts.end())) { |
Dan Beam
2016/05/17 03:24:14
|hosts| was never used because
if (thing && (th
Avi (use Gerrit)
2016/05/17 03:30:20
Right, but what CL introduced this silliness? What
Dan Beam
2016/05/17 03:32:16
https://codereview.chromium.org/183803023/#msg10
Charlie Reis
2016/05/17 21:08:10
Yeah, this code is definitely broken after https:/
|
- allowed = true; |
- } else if (render_process_id == kNoRenderProcessId) { |
- // Request was not issued by renderer. |
- allowed = true; |
- } else { |
- RenderProcessHost* process = RenderProcessHost::FromID(render_process_id); |
- if (process) { |
- StoragePartition* partition = BrowserContext::GetStoragePartitionForSite( |
- process->GetBrowserContext(), url); |
- allowed = partition == process->GetStoragePartition(); |
- } |
+ RenderProcessHost* process = RenderProcessHost::FromID(render_process_id); |
+ if (process) { |
+ StoragePartition* partition = BrowserContext::GetStoragePartitionForSite( |
+ process->GetBrowserContext(), url); |
+ allowed = partition == process->GetStoragePartition(); |
} |
- |
BrowserThread::PostTask( |
BrowserThread::IO, |
FROM_HERE, |