Issue 2050423002: Account for origin corner cases during AutoSubframe navigations.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 2050423002: Account for origin corner cases during AutoSubframe navigations.

Created:
4 years, 6 months ago by Charlie Reis

Modified:
4 years, 6 months ago

Reviewers:

CC:
chromium-reviews, darin-cc_chromium.org, nasko+codewatch_chromium.org, jam, creis+watch_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Account for origin corner cases during AutoSubframe navigations. We want to prevent URL spoofs in the main frame by catching cross-origin main frame changes during a subframe navigation. However, there are some corner cases where this is possible in limited ways. Update the check to account for these, in a way that could be later shared with IsURLInPageNavigation. BUG=613732 TEST=See bug comment 10 for repro steps. CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+197 lines, -19 lines)			Patch
M	content/browser/frame_host/navigation_controller_impl.cc	View		4 chunks	+70 lines, -4 lines	0 comments	Download
M	content/browser/frame_host/navigation_controller_impl_browsertest.cc	View	1	2 chunks	+82 lines, -4 lines	0 comments	Download
M	content/browser/frame_host/navigation_controller_impl_unittest.cc	View	1 2	3 chunks	+45 lines, -11 lines	0 comments	Download

Messages

Total messages: 1 (1 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Charlie Reis

4 years, 6 months ago (2016-06-09 21:03:03 UTC) #1

Description was changed from

==========
Account for origin corner cases during AutoSubframe navigations.

We want to prevent URL spoofs in the main frame by catching cross-origin
main frame changes during a subframe navigation.  However, there are
some corner cases where this is possible in limited ways.  Update the
check to account for these, in a way that could be later shared with
IsURLInPageNavigation.

BUG=613732
TEST=See bug comment 10 for repro steps.
==========

to

==========
Account for origin corner cases during AutoSubframe navigations.

We want to prevent URL spoofs in the main frame by catching cross-origin
main frame changes during a subframe navigation.  However, there are
some corner cases where this is possible in limited ways.  Update the
check to account for these, in a way that could be later shared with
IsURLInPageNavigation.

BUG=613732
TEST=See bug comment 10 for repro steps.
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Issue 2050423002: Account for origin corner cases during AutoSubframe navigations.

Description

Patch Set 1 #

Patch Set 2 : Rebase #

Patch Set 3 : Fix unit tests #

Messages