Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(403)

Issue 2165783003: Grant permission to the base url when loadDataWithBaseURL is called. (Closed)

Created:
4 years, 5 months ago by hush (inactive)
Modified:
4 years, 4 months ago
Reviewers:
clamy, Charlie Reis, nasko
CC:
chromium-reviews, darin-cc_chromium.org, nasko+codewatch_chromium.org, jam, creis+watch_chromium.org, sgurun-gerrit only
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Grant permission to the base url when loadDataWithBaseURL is called. When there's a base URL specified for the data URL, we also need to grant access to the base URL. This allows file: and other unexpected schemes to be accepted at commit time and during CORS checks (e.g., for font requests). BUG=627564 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation Committed: https://crrev.com/4bdb4f88f8197bebe32ce3480a3851201f648a8b Cr-Commit-Position: refs/heads/master@{#407867}

Patch Set 1 #

Total comments: 2

Patch Set 2 : add test #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+42 lines, -3 lines) Patch
M content/browser/frame_host/navigation_controller_impl_browsertest.cc View 1 1 chunk +37 lines, -0 lines 1 comment Download
M content/browser/frame_host/render_frame_host_impl.cc View 1 1 chunk +5 lines, -3 lines 0 comments Download

Messages

Total messages: 27 (16 generated)
hush (inactive)
PTAL
4 years, 5 months ago (2016-07-19 21:57:09 UTC) #3
hush (inactive)
ping?
4 years, 5 months ago (2016-07-21 17:50:04 UTC) #4
clamy
@nasko: PTAL. This touches child process permissions, so it needs security review.
4 years, 5 months ago (2016-07-22 14:12:28 UTC) #7
nasko
Hey Charlie, Can you take this one? I think you are way more familiar with ...
4 years, 5 months ago (2016-07-22 18:17:55 UTC) #9
Charlie Reis
Thanks, I'm happy with this. Can you update the CL description similarly to the request ...
4 years, 5 months ago (2016-07-22 18:31:49 UTC) #10
hush (inactive)
PTAL
4 years, 5 months ago (2016-07-26 02:42:29 UTC) #14
hush (inactive)
https://codereview.chromium.org/2165783003/diff/1/content/browser/frame_host/render_frame_host_impl.cc File content/browser/frame_host/render_frame_host_impl.cc (right): https://codereview.chromium.org/2165783003/diff/1/content/browser/frame_host/render_frame_host_impl.cc#newcode2814 content/browser/frame_host/render_frame_host_impl.cc:2814: // as the origin for font requests. On 2016/07/22 ...
4 years, 5 months ago (2016-07-26 02:42:54 UTC) #15
Charlie Reis
Thanks for the test! LGTM with an observation below. https://codereview.chromium.org/2165783003/diff/60001/content/browser/frame_host/navigation_controller_impl_browsertest.cc File content/browser/frame_host/navigation_controller_impl_browsertest.cc (right): https://codereview.chromium.org/2165783003/diff/60001/content/browser/frame_host/navigation_controller_impl_browsertest.cc#newcode231 content/browser/frame_host/navigation_controller_impl_browsertest.cc:231: ...
4 years, 4 months ago (2016-07-26 17:57:13 UTC) #21
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2165783003/60001
4 years, 4 months ago (2016-07-26 18:05:57 UTC) #23
commit-bot: I haz the power
Committed patchset #2 (id:60001)
4 years, 4 months ago (2016-07-26 18:56:44 UTC) #25
commit-bot: I haz the power
4 years, 4 months ago (2016-07-26 18:59:47 UTC) #27
Message was sent while issue was closed.
Patchset 2 (id:??) landed as
https://crrev.com/4bdb4f88f8197bebe32ce3480a3851201f648a8b
Cr-Commit-Position: refs/heads/master@{#407867}

Powered by Google App Engine
This is Rietveld 408576698