Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(116)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2187353004: Resource requests from Save-Page-As should go through CanRequestURL checks. (Closed)

Created:
4 years, 4 months ago by Łukasz Anforowicz
Modified:
4 years, 4 months ago
Reviewers:
CC:
chromium-reviews
Base URL:
https://chromium.googlesource.com/chromium/src.git@2785
Target Ref:
refs/pending/branch-heads/2785
Project:
chromium
Visibility:
Public.

Description

Resource requests from Save-Page-As should go through CanRequestURL checks. This CL: - Added checks to ResourceDispatcherHostImpl::BeginSaveFile to verify if the renderer process is authorized to access a given resource. - Removed separate code path for file: URIs that used to be implemented in SaveFileManager::SaveLocalFile. Avoiding a separate code path helps consolidate all authorization checks in one place. BUG=616429 Review-Url: https://codereview.chromium.org/2075273002 Cr-Commit-Position: refs/heads/master@{#408235} (cherry picked from commit eff8e457298d01b437e4fd78194ad6de3c8d7ad6) Committed: https://chromium.googlesource.com/chromium/src/+/0dbf3f74229c711ad91b21bd1ddc722580a7499e

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+202 lines, -106 lines) Patch
M chrome/browser/download/save_page_browsertest.cc View 4 chunks +82 lines, -21 lines 0 comments Download
M chrome/test/data/save_page/frames-objects.htm View 1 chunk +6 lines, -0 lines 0 comments Download
A chrome/test/data/save_page/text.txt View 1 chunk +1 line, -0 lines 0 comments Download
A chrome/test/data/save_page/unauthorized-access.htm View 1 chunk +16 lines, -0 lines 0 comments Download
M content/browser/download/docs/save-page-as.md View 3 chunks +5 lines, -6 lines 0 comments Download
M content/browser/download/save_file_manager.cc View 2 chunks +0 lines, -36 lines 0 comments Download
M content/browser/download/save_file_resource_handler.h View 2 chunks +16 lines, -1 line 0 comments Download
M content/browser/download/save_file_resource_handler.cc View 6 chunks +17 lines, -9 lines 0 comments Download
M content/browser/download/save_item.h View 3 chunks +11 lines, -2 lines 0 comments Download
M content/browser/download/save_item.cc View 1 chunk +3 lines, -1 line 0 comments Download
M content/browser/download/save_package.cc View 5 chunks +30 lines, -25 lines 0 comments Download
M content/browser/download/save_types.h View 1 chunk +0 lines, -3 lines 0 comments Download
M content/browser/loader/resource_dispatcher_host_impl.cc View 1 chunk +15 lines, -2 lines 0 comments Download

Messages

Total messages: 2 (1 generated)
Łukasz Anforowicz
4 years, 4 months ago (2016-07-28 20:27:02 UTC) #2
Message was sent while issue was closed. 
Committed patchset #1 (id:1) manually as
0dbf3f74229c711ad91b21bd1ddc722580a7499e.

Powered by Google App Engine
This is Rietveld 408576698