Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2249423002:
Do not immediately block cross-renderer extension resource loads for non-web-triggered transitions (Closed)
|
Created:
4 years, 4 months ago by robwu Modified:
4 years, 1 month ago CC:
chromium-reviews, chromium-apps-reviews_chromium.org, extensions-reviews_chromium.org Base URL:
https://chromium.googlesource.com/chromium/src.git@master Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionDo not immediately block cross-renderer extension resource loads for non-web-triggered transitions
This is a very conservative fix designed to fix the regression.
The page transition logic was and is not in sync with the renderer-side check, see https://crbug.com/633963#c14.
BUG=633963
TEST=manually using steps from bug report
Committed: https://crrev.com/45ec6fecc32bff5541c237c98228122f3252902e
Cr-Commit-Position: refs/heads/master@{#413258}
Patch Set 1 #Patch Set 2 : Skip extension-specific checks for webviews. #
Total comments: 4
Patch Set 3 : Make fix less invasive, fix nullptr dereference #
Total comments: 3
Messages
Total messages: 31 (20 generated)
The CQ bit was checked by rob@robwu.nl to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
rob@robwu.nl changed reviewers: + nasko@chromium.org, rdevlin.cronin@chromium.org
rob@robwu.nl changed required reviewers: + rdevlin.cronin@chromium.org
Devlin: PTAL Nasko: FYI
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by rob@robwu.nl to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
https://codereview.chromium.org/2249423002/diff/20001/extensions/browser/url_... File extensions/browser/url_request_util.cc (left): https://codereview.chromium.org/2249423002/diff/20001/extensions/browser/url_... extensions/browser/url_request_util.cc:52: if (!ui::PageTransitionIsWebTriggerable(info->GetPageTransition())) { As per my response in the bug, I think this should be moved at the end of all the checks, not completely removed. https://codereview.chromium.org/2249423002/diff/20001/extensions/browser/url_... File extensions/browser/url_request_util.cc (right): https://codereview.chromium.org/2249423002/diff/20001/extensions/browser/url_... extensions/browser/url_request_util.cc:47: return false; Why this rewrite in this patch? I think the goal is to have it backported to M53 before it hits stable, which means it should be minimally invasive.
The CQ bit was checked by rob@robwu.nl to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Description was changed from ========== Do not block cross-renderer extension resource loads for non-web-triggered transitions See https://crbug.com/633963#c14 for why this change makes sense. BUG=633963 TEST=manually using steps from bug report ========== to ========== Do not immediately block cross-renderer extension resource loads for non-web-triggered transitions This is a very conservative fix designed to fix the regression. The page transition logic was and is not in sync with the renderer-side check, see https://crbug.com/633963#c14. BUG=633963 TEST=manually using steps from bug report ==========
https://codereview.chromium.org/2249423002/diff/20001/extensions/browser/url_... File extensions/browser/url_request_util.cc (left): https://codereview.chromium.org/2249423002/diff/20001/extensions/browser/url_... extensions/browser/url_request_util.cc:52: if (!ui::PageTransitionIsWebTriggerable(info->GetPageTransition())) { On 2016/08/17 16:31:44, nasko (out until 08-30) wrote: > As per my response in the bug, I think this should be moved at the end of all > the checks, not completely removed. I restored this check and moved it to the end out of caution, but I do believe that this check should be removed. Or, if the check is to be kept, then the renderer-side check should be adjusted to match the logic here. https://codereview.chromium.org/2249423002/diff/20001/extensions/browser/url_... File extensions/browser/url_request_util.cc (right): https://codereview.chromium.org/2249423002/diff/20001/extensions/browser/url_... extensions/browser/url_request_util.cc:47: return false; On 2016/08/17 16:31:44, nasko (out until 08-30) wrote: > Why this rewrite in this patch? I think the goal is to have it backported to M53 > before it hits stable, which means it should be minimally invasive. Without this change, the following test would fail when I remove the page transition check: WebViewTests/WebViewTest.Shim_TestLoadAbortChromeExtensionURLWrongPartition WebViewTests/WebViewPluginTest.TestLoadPluginInternalResource The transition in these tests is PAGE_TRANSITION_AUTO_TOPLEVEL, which explains why the requests were previously rejected. If I follow your suggestion of moving the transition check to the end of the method, then these tests fail again. So I've restored the check, but limited it to when |is_guest| is true.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
(taking over for nasko since he's ooo) https://codereview.chromium.org/2249423002/diff/40001/extensions/browser/url_... File extensions/browser/url_request_util.cc (right): https://codereview.chromium.org/2249423002/diff/40001/extensions/browser/url_... extensions/browser/url_request_util.cc:52: if (is_guest && we should add a comment explaining this. https://codereview.chromium.org/2249423002/diff/40001/extensions/browser/url_... extensions/browser/url_request_util.cc:53: !ui::PageTransitionIsWebTriggerable(info->GetPageTransition())) { let's cache this in bool is_web_triggerable_transition. https://codereview.chromium.org/2249423002/diff/40001/extensions/browser/url_... extensions/browser/url_request_util.cc:122: if (!ui::PageTransitionIsWebTriggerable(info->GetPageTransition())) { and a comment/todo for this (especially if you think it should be removed).
LGTM so this isn't blocked (was waiting to see the wording of the comments, but we can work that out in follow-ups if needed)
I can't update the patch right now, so I'll tick the commit box to land it and get some bake time. The commit message includes an explanation for why those checks exist. The page transition check is inexpensive (and most commonly not even checked twice) so not addressing the nit is not that big of an issue. On Aug 18, 2016 6:33 PM, <rdevlin.cronin@chromium.org> wrote: > LGTM so this isn't blocked (was waiting to see the wording of the > comments, but > we can work that out in follow-ups if needed) > > https://codereview.chromium.org/2249423002/ > -- You received this message because you are subscribed to the Google Groups "Chromium-reviews" group. To unsubscribe from this group and stop receiving emails from it, send an email to chromium-reviews+unsubscribe@chromium.org.
The CQ bit was checked by rob@robwu.nl
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: win_chromium_x64_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_...)
The CQ bit was checked by rob@robwu.nl
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Message was sent while issue was closed.
Description was changed from ========== Do not immediately block cross-renderer extension resource loads for non-web-triggered transitions This is a very conservative fix designed to fix the regression. The page transition logic was and is not in sync with the renderer-side check, see https://crbug.com/633963#c14. BUG=633963 TEST=manually using steps from bug report ========== to ========== Do not immediately block cross-renderer extension resource loads for non-web-triggered transitions This is a very conservative fix designed to fix the regression. The page transition logic was and is not in sync with the renderer-side check, see https://crbug.com/633963#c14. BUG=633963 TEST=manually using steps from bug report ==========
Message was sent while issue was closed.
Committed patchset #3 (id:40001)
Message was sent while issue was closed.
Description was changed from ========== Do not immediately block cross-renderer extension resource loads for non-web-triggered transitions This is a very conservative fix designed to fix the regression. The page transition logic was and is not in sync with the renderer-side check, see https://crbug.com/633963#c14. BUG=633963 TEST=manually using steps from bug report ========== to ========== Do not immediately block cross-renderer extension resource loads for non-web-triggered transitions This is a very conservative fix designed to fix the regression. The page transition logic was and is not in sync with the renderer-side check, see https://crbug.com/633963#c14. BUG=633963 TEST=manually using steps from bug report Committed: https://crrev.com/45ec6fecc32bff5541c237c98228122f3252902e Cr-Commit-Position: refs/heads/master@{#413258} ==========
Message was sent while issue was closed.
Patchset 3 (id:??) landed as https://crrev.com/45ec6fecc32bff5541c237c98228122f3252902e Cr-Commit-Position: refs/heads/master@{#413258} |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
