| Index: chrome/browser/net/chrome_extensions_network_delegate.cc
|
| diff --git a/chrome/browser/net/chrome_extensions_network_delegate.cc b/chrome/browser/net/chrome_extensions_network_delegate.cc
|
| index 0f2f38bc43d83e528e3aa7e19dd57e87c6aef00d..502585cf85702d08e4beb93c5eae6995d59d80d6 100644
|
| --- a/chrome/browser/net/chrome_extensions_network_delegate.cc
|
| +++ b/chrome/browser/net/chrome_extensions_network_delegate.cc
|
| @@ -20,6 +20,7 @@
|
| #include "extensions/browser/api/web_request/web_request_api.h"
|
| #include "extensions/browser/info_map.h"
|
| #include "extensions/browser/process_manager.h"
|
| +#include "extensions/common/constants.h"
|
| #include "net/url_request/url_request.h"
|
|
|
| using content::BrowserThread;
|
| @@ -159,6 +160,21 @@ int ChromeExtensionsNetworkDelegateImpl::OnBeforeURLRequest(
|
| net::URLRequest* request,
|
| const net::CompletionCallback& callback,
|
| GURL* new_url) {
|
| + const content::ResourceRequestInfo* info =
|
| + content::ResourceRequestInfo::ForRequest(request);
|
| + GURL url(request->url());
|
| +
|
| + // Block top-level navigations to blob: or filesystem: URLs with extension
|
| + // origin from non-extension processes. See https://crbug.com/645028.
|
| + bool is_nested_url = url.SchemeIsFileSystem() || url.SchemeIsBlob();
|
| + bool is_navigation =
|
| + info && content::IsResourceTypeFrame(info->GetResourceType());
|
| + if (is_nested_url && is_navigation && info->IsMainFrame() &&
|
| + url::Origin(url).scheme() == extensions::kExtensionScheme &&
|
| + !extension_info_map_->process_map().Contains(info->GetChildID())) {
|
| + return net::ERR_ABORTED;
|
| + }
|
| +
|
| return ExtensionWebRequestEventRouter::GetInstance()->OnBeforeRequest(
|
| profile_, extension_info_map_.get(), request, callback, new_url);
|
| }
|
|
|
Chromium Code Reviews
Issue 2366973002:
Block top-level navigations to nested URLs with extension origins from non-extension processes. (Closed)
