Index: content/browser/webui/url_data_manager_backend.cc |
diff --git a/content/browser/webui/url_data_manager_backend.cc b/content/browser/webui/url_data_manager_backend.cc |
index ff5d602d4225626ca13b2b0a8f099e6024688e2c..30721555a8a707ffb845c97d3f024a77e9d96b3a 100644 |
--- a/content/browser/webui/url_data_manager_backend.cc |
+++ b/content/browser/webui/url_data_manager_backend.cc |
@@ -57,7 +57,6 @@ const char kChromeURLContentSecurityPolicyHeaderBase[] = |
const char kChromeURLXFrameOptionsHeader[] = "X-Frame-Options: DENY"; |
static const char kNetworkErrorKey[] = "netError"; |
-const int kNoRenderProcessId = -1; |
bool SchemeIsInSchemes(const std::string& scheme, |
const std::vector<std::string>& schemes) { |
@@ -267,16 +266,34 @@ void URLRequestChromeJob::Start() { |
int render_process_id, unused; |
bool is_renderer_request = ResourceRequestInfo::GetRenderFrameForRequest( |
request_, &render_process_id, &unused); |
- if (!is_renderer_request) |
- render_process_id = kNoRenderProcessId; |
+ |
+ if (!is_renderer_request) { |
+ StartAsync(true); |
+ return; |
+ } |
+ |
+ const GURL url = request_->url(); |
+ |
+ if (url.SchemeIs(kChromeUIScheme)) { |
+ std::vector<std::string> hosts; |
+ hosts.push_back(content::kChromeUIResourcesHost); |
Dan Beam
2016/05/19 03:57:43
fixes this issue: https://codereview.chromium.org/
|
+ GetContentClient()-> |
+ browser()->GetAdditionalWebUIHostsToIgnoreParititionCheck(&hosts); |
+ if (std::find(hosts.begin(), hosts.end(), url.host()) != hosts.end()) { |
+ StartAsync(true); |
+ return; |
+ } |
+ } |
+ |
BrowserThread::PostTask( |
BrowserThread::UI, |
FROM_HERE, |
base::Bind(&URLRequestChromeJob::CheckStoragePartitionMatches, |
- render_process_id, request_->url(), |
+ render_process_id, url, |
weak_factory_.GetWeakPtr())); |
+ |
TRACE_EVENT_ASYNC_BEGIN1("browser", "DataManager:Request", this, "URL", |
Dan Beam
2016/05/19 06:46:26
btw, I'll move this to the top of the method tomor
|
- request_->url().possibly_invalid_spec()); |
+ url.possibly_invalid_spec()); |
} |
void URLRequestChromeJob::Kill() { |
@@ -396,25 +413,12 @@ void URLRequestChromeJob::CheckStoragePartitionMatches( |
// exploited renderer pretending to add them as a subframe. We skip this check |
// for resources. |
bool allowed = false; |
- std::vector<std::string> hosts; |
- GetContentClient()-> |
- browser()->GetAdditionalWebUIHostsToIgnoreParititionCheck(&hosts); |
- if (url.SchemeIs(kChromeUIScheme) && |
- (url.SchemeIs(kChromeUIScheme) || |
- std::find(hosts.begin(), hosts.end(), url.host()) != hosts.end())) { |
- allowed = true; |
- } else if (render_process_id == kNoRenderProcessId) { |
- // Request was not issued by renderer. |
- allowed = true; |
- } else { |
- RenderProcessHost* process = RenderProcessHost::FromID(render_process_id); |
- if (process) { |
- StoragePartition* partition = BrowserContext::GetStoragePartitionForSite( |
- process->GetBrowserContext(), url); |
- allowed = partition == process->GetStoragePartition(); |
- } |
+ RenderProcessHost* process = RenderProcessHost::FromID(render_process_id); |
+ if (process) { |
+ StoragePartition* partition = BrowserContext::GetStoragePartitionForSite( |
+ process->GetBrowserContext(), url); |
+ allowed = partition == process->GetStoragePartition(); |
} |
- |
BrowserThread::PostTask( |
BrowserThread::IO, |
FROM_HERE, |