Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(490)

Unified Diff: content/browser/frame_host/render_frame_host_impl.cc

Issue 2165783003: Grant permission to the base url when loadDataWithBaseURL is called. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: add test Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/browser/frame_host/render_frame_host_impl.cc
diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc
index 0ddb1ac7e7caa856f94f07924b0e0b86460f8fac..6205cafb5e24c836cef1071056c3b957cfdcd162 100644
--- a/content/browser/frame_host/render_frame_host_impl.cc
+++ b/content/browser/frame_host/render_frame_host_impl.cc
@@ -2868,9 +2868,11 @@ void RenderFrameHostImpl::UpdatePermissionsForNavigation(
ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
GetProcess()->GetID(), common_params.url);
if (common_params.url.SchemeIs(url::kDataScheme) &&
- common_params.base_url_for_data_url.SchemeIs(url::kFileScheme)) {
- // If 'data:' is used, and we have a 'file:' base url, grant access to
- // local files.
+ !common_params.base_url_for_data_url.is_empty()) {
+ // When there's a base URL specified for the data URL, we also need to
+ // grant access to the base URL. This allows file: and other unexpected
+ // schemes to be accepted at commit time and during CORS checks (e.g., for
+ // font requests).
ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
GetProcess()->GetID(), common_params.base_url_for_data_url);
}

Powered by Google App Engine
This is Rietveld 408576698