Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(48)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/frame_host/render_frame_host_impl.cc

Issue 2165783003: Grant permission to the base url when loadDataWithBaseURL is called. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: add test Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/frame_host/navigation_controller_impl_browsertest.cc ('K') | « content/browser/frame_host/navigation_controller_impl_browsertest.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/frame_host/render_frame_host_impl.h" 5 #include "content/browser/frame_host/render_frame_host_impl.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 2850 matching lines...) Expand 10 before | Expand all | Expand 10 after
2861 2861
2862 void RenderFrameHostImpl::UpdatePermissionsForNavigation( 2862 void RenderFrameHostImpl::UpdatePermissionsForNavigation(
2863 const CommonNavigationParams& common_params, 2863 const CommonNavigationParams& common_params,
2864 const RequestNavigationParams& request_params) { 2864 const RequestNavigationParams& request_params) {
2865 // Browser plugin guests are not allowed to navigate outside web-safe schemes, 2865 // Browser plugin guests are not allowed to navigate outside web-safe schemes,
2866 // so do not grant them the ability to request additional URLs. 2866 // so do not grant them the ability to request additional URLs.
2867 if (!GetProcess()->IsForGuestsOnly()) { 2867 if (!GetProcess()->IsForGuestsOnly()) {
2868 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( 2868 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
2869 GetProcess()->GetID(), common_params.url); 2869 GetProcess()->GetID(), common_params.url);
2870 if (common_params.url.SchemeIs(url::kDataScheme) && 2870 if (common_params.url.SchemeIs(url::kDataScheme) &&
2871 common_params.base_url_for_data_url.SchemeIs(url::kFileScheme)) { 2871 !common_params.base_url_for_data_url.is_empty()) {
2872 // If 'data:' is used, and we have a 'file:' base url, grant access to 2872 // When there's a base URL specified for the data URL, we also need to
2873 // local files. 2873 // grant access to the base URL. This allows file: and other unexpected
2874 // schemes to be accepted at commit time and during CORS checks (e.g., for
2875 // font requests).
2874 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( 2876 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
2875 GetProcess()->GetID(), common_params.base_url_for_data_url); 2877 GetProcess()->GetID(), common_params.base_url_for_data_url);
2876 } 2878 }
2877 } 2879 }
2878 2880
2879 // We may be returning to an existing NavigationEntry that had been granted 2881 // We may be returning to an existing NavigationEntry that had been granted
2880 // file access. If this is a different process, we will need to grant the 2882 // file access. If this is a different process, we will need to grant the
2881 // access again. Abuse is prevented, because the files listed in the page 2883 // access again. Abuse is prevented, because the files listed in the page
2882 // state are validated earlier, when they are received from the renderer (in 2884 // state are validated earlier, when they are received from the renderer (in
2883 // RenderFrameHostImpl::CanAccessFilesOfPageState). 2885 // RenderFrameHostImpl::CanAccessFilesOfPageState).
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after
3017 // handler after it's destroyed so it can't run after the RFHI is destroyed. 3019 // handler after it's destroyed so it can't run after the RFHI is destroyed.
3018 web_bluetooth_service_->SetClientConnectionErrorHandler(base::Bind( 3020 web_bluetooth_service_->SetClientConnectionErrorHandler(base::Bind(
3019 &RenderFrameHostImpl::DeleteWebBluetoothService, base::Unretained(this))); 3021 &RenderFrameHostImpl::DeleteWebBluetoothService, base::Unretained(this)));
3020 } 3022 }
3021 3023
3022 void RenderFrameHostImpl::DeleteWebBluetoothService() { 3024 void RenderFrameHostImpl::DeleteWebBluetoothService() {
3023 web_bluetooth_service_.reset(); 3025 web_bluetooth_service_.reset();
3024 } 3026 }
3025 3027
3026 } // namespace content 3028 } // namespace content
OLDNEW
« content/browser/frame_host/navigation_controller_impl_browsertest.cc ('K') | « content/browser/frame_host/navigation_controller_impl_browsertest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698