Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(84)

Issue 2108873002: Don't commit the blocked URL when a frame is blocked by XFrameOptions. (Closed)

Created:
4 years, 5 months ago by alexmos
Modified:
4 years, 5 months ago
Reviewers:
CC:
chromium-reviews
Base URL:
https://chromium.googlesource.com/chromium/src.git@2743
Target Ref:
refs/pending/branch-heads/2743
Project:
chromium
Visibility:
Public.

Description

Don't commit the blocked URL when a frame is blocked by XFrameOptions. Previously, when a load was blocked by XFO or frame-ancestors, we committed a blank page and left the original URL as the committed URL. In some cases, this led to the browser process thinking that the renderer actually committed a real load for the blocked URL and killing the renderer if that load was disallowed (e.g., for loading Chrome Web Store in a frame). mkwst@ is working on a CL (https://codereview.chromium.org/1617043002/) that will ultimately fix this by moving XFO enforcement to the browser process and committing an error page when a load is blocked. Until then, this is a short-term fix to change the committed URL for the blocked (blank) page to urlWithUniqueSecurityOrigin (data:,). BUG=622385 Review-Url: https://codereview.chromium.org/2096453002 Cr-Commit-Position: refs/heads/master@{#401664} (cherry picked from commit 30535f7116c9073705a155c7cf4b0146a28f7293) Committed: https://chromium.googlesource.com/chromium/src/+/d4a487bdca9a78e5fd9c6c149faf45a49c83d6b6

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+16 lines, -2 lines) Patch
M content/browser/site_per_process_browsertest.cc View 1 chunk +5 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/core/loader/DocumentLoader.cpp View 1 chunk +11 lines, -2 lines 0 comments Download

Messages

Total messages: 2 (1 generated)
alexmos
4 years, 5 months ago (2016-06-28 20:04:59 UTC) #2
Message was sent while issue was closed.
Committed patchset #1 (id:1) manually as
d4a487bdca9a78e5fd9c6c149faf45a49c83d6b6 (tree was closed).

Powered by Google App Engine
This is Rietveld 408576698