Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(59)

Side by Side Diff: content/browser/frame_host/render_frame_host_impl.cc

Issue 2165783003: Grant permission to the base url when loadDataWithBaseURL is called. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/frame_host/render_frame_host_impl.h" 5 #include "content/browser/frame_host/render_frame_host_impl.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 2791 matching lines...) Expand 10 before | Expand all | Expand 10 after
2802 2802
2803 void RenderFrameHostImpl::UpdatePermissionsForNavigation( 2803 void RenderFrameHostImpl::UpdatePermissionsForNavigation(
2804 const CommonNavigationParams& common_params, 2804 const CommonNavigationParams& common_params,
2805 const RequestNavigationParams& request_params) { 2805 const RequestNavigationParams& request_params) {
2806 // Browser plugin guests are not allowed to navigate outside web-safe schemes, 2806 // Browser plugin guests are not allowed to navigate outside web-safe schemes,
2807 // so do not grant them the ability to request additional URLs. 2807 // so do not grant them the ability to request additional URLs.
2808 if (!GetProcess()->IsForGuestsOnly()) { 2808 if (!GetProcess()->IsForGuestsOnly()) {
2809 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( 2809 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
2810 GetProcess()->GetID(), common_params.url); 2810 GetProcess()->GetID(), common_params.url);
2811 if (common_params.url.SchemeIs(url::kDataScheme) && 2811 if (common_params.url.SchemeIs(url::kDataScheme) &&
2812 common_params.base_url_for_data_url.SchemeIs(url::kFileScheme)) { 2812 !common_params.base_url_for_data_url.is_empty()) {
2813 // If 'data:' is used, and we have a 'file:' base url, grant access to 2813 // Need to grant permission to the base url because bse url will be used
2814 // local files. 2814 // as the origin for font requests.
Charlie Reis 2016/07/22 18:31:49 Let's update the comment, because CORS is not just
hush (inactive) 2016/07/26 02:42:54 Done.
2815 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( 2815 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
2816 GetProcess()->GetID(), common_params.base_url_for_data_url); 2816 GetProcess()->GetID(), common_params.base_url_for_data_url);
2817 } 2817 }
2818 } 2818 }
2819 2819
2820 // We may be returning to an existing NavigationEntry that had been granted 2820 // We may be returning to an existing NavigationEntry that had been granted
2821 // file access. If this is a different process, we will need to grant the 2821 // file access. If this is a different process, we will need to grant the
2822 // access again. Abuse is prevented, because the files listed in the page 2822 // access again. Abuse is prevented, because the files listed in the page
2823 // state are validated earlier, when they are received from the renderer (in 2823 // state are validated earlier, when they are received from the renderer (in
2824 // RenderFrameHostImpl::CanAccessFilesOfPageState). 2824 // RenderFrameHostImpl::CanAccessFilesOfPageState).
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after
2958 // handler after it's destroyed so it can't run after the RFHI is destroyed. 2958 // handler after it's destroyed so it can't run after the RFHI is destroyed.
2959 web_bluetooth_service_->SetClientConnectionErrorHandler(base::Bind( 2959 web_bluetooth_service_->SetClientConnectionErrorHandler(base::Bind(
2960 &RenderFrameHostImpl::DeleteWebBluetoothService, base::Unretained(this))); 2960 &RenderFrameHostImpl::DeleteWebBluetoothService, base::Unretained(this)));
2961 } 2961 }
2962 2962
2963 void RenderFrameHostImpl::DeleteWebBluetoothService() { 2963 void RenderFrameHostImpl::DeleteWebBluetoothService() {
2964 web_bluetooth_service_.reset(); 2964 web_bluetooth_service_.reset();
2965 } 2965 }
2966 2966
2967 } // namespace content 2967 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698