Resource requests from Save-Page-As should go through CanRequestURL checks.

content/browser/download/save_file_resource_handler.h

Index: content/browser/download/save_file_resource_handler.h
diff --git a/content/browser/download/save_file_resource_handler.h b/content/browser/download/save_file_resource_handler.h
index 2ab8b2f7f5f54a46b0f2861a44409eca806f12e0..4994dcf6e182c6286c933ff2858c262e4d7acd22 100644
--- a/content/browser/download/save_file_resource_handler.h
+++ b/content/browser/download/save_file_resource_handler.h
@@ -73,6 +73,18 @@ class SaveFileResourceHandler : public ResourceHandler {
     content_disposition_ = content_disposition;
   }
 
+  // Marks the request as unauthorized.
+  //
+  // This has to be called before the request has started.
+  // This will cause the request to be cancelled from OnWillStart callback.
+  //
+  // This way of handling unauthorized requests allows unified handling of all
+  // SaveFile requests - communicating the failure to OnResponseCompleted
+  // happens in a generic, typical way, reusing common infrastructure code
+  // (rather than forcing an ad-hoc, Save-File-specific call to
+  // OnResponseCompleted from ResourceDispatcherHostImpl::BeginSaveFile).
+  void MarkAsUnauthorized();
+
  private:
   SaveItemId save_item_id_;
   SavePackageId save_package_id_;
@@ -85,6 +97,8 @@ class SaveFileResourceHandler : public ResourceHandler {
   int64_t content_length_;
   SaveFileManager* save_manager_;
 
+  bool is_authorized_;
+
   static const int kReadBufSize = 32768;  // bytes
 
   DISALLOW_COPY_AND_ASSIGN(SaveFileResourceHandler);