Do not immediately block cross-renderer extension resource loads for non-web-triggered transitions

extensions/browser/url_request_util.cc

Index: extensions/browser/url_request_util.cc
diff --git a/extensions/browser/url_request_util.cc b/extensions/browser/url_request_util.cc
index 2450fa3e32eae6287d72999f3eee7b32c30a133b..39f6f847743732371773708bd4d535615f624194 100644
--- a/extensions/browser/url_request_util.cc
+++ b/extensions/browser/url_request_util.cc
@@ -40,17 +40,13 @@ bool AllowCrossRendererResourceLoad(net::URLRequest* request,
       info->GetChildID(), &partition_id);
   std::string resource_path = request->url().path();
 
-  // |owner_extension == extension| needs to be checked because extension
-  // resources should only be accessible to WebViews owned by that extension.
-  if (is_guest && owner_extension == extension &&
-      WebviewInfo::IsResourceWebviewAccessible(extension, partition_id,
-                                               resource_path)) {
-    *allowed = true;
-    return true;
-  }
-
-  if (!ui::PageTransitionIsWebTriggerable(info->GetPageTransition())) {

[nasko, 2016/08/17 16:31:44]

As per my response in the bug, I think this should be moved at the end of all
the checks, not completely removed.

[robwu, 2016/08/18 08:09:58]

I restored this check and moved it to the end out of caution, but I do believe
that this check should be removed.
Or, if the check is to be kept, then the renderer-side check should be adjusted
to match the logic here.

-    *allowed = false;
+  if (is_guest) {
+    // Extension resources should only be accessible to WebViews owned by that
+    // extension.
+    if (owner_extension != extension)
+      return false;

[nasko, 2016/08/17 16:31:44]

Why this rewrite in this patch? I think the goal is to have it backported to M53
before it hits stable, which means it should be minimally invasive.

[robwu, 2016/08/18 08:09:58]

Without this change, the following test would fail when I remove the page
transition check:
WebViewTests/WebViewTest.Shim_TestLoadAbortChromeExtensionURLWrongPartition
WebViewTests/WebViewPluginTest.TestLoadPluginInternalResource

The transition in these tests is PAGE_TRANSITION_AUTO_TOPLEVEL, which explains
why the requests were previously rejected.

If I follow your suggestion of moving the transition check to the end of the
method, then these tests fail again. So I've restored the check, but limited it
to when |is_guest| is true.

+    *allowed = WebviewInfo::IsResourceWebviewAccessible(extension, partition_id,
+                                                        resource_path);
     return true;
   }