[HBD] Blanket BLOCK on all non-HTTP(s) and non-FILE URLs for Flash.

chrome/browser/plugins/chrome_plugin_service_filter.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/plugins/chrome_plugin_service_filter.h"
 
 #include <utility>
 
 #include "base/bind.h"
 #include "base/strings/utf_string_conversions.h"
@@ skipping 10 matching lines @@
 #include "components/content_settings/content/common/content_settings_messages.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/plugin_service.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/resource_context.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/content_constants.h"
-#include "url/gurl.h"
 
 using content::BrowserThread;
 using content::PluginService;
 
 namespace {
 
 class ProfileContentSettingObserver : public content_settings::Observer {
  public:
   explicit ProfileContentSettingObserver(Profile* profile)
       : profile_(profile) {}
@@ skipping 118 matching lines @@
     web_contents->SendToAllFrames(new ChromeViewMsg_LoadBlockedPlugins(
         MSG_ROUTING_NONE, identifier));
   }
 }
 
 bool ChromePluginServiceFilter::IsPluginAvailable(
     int render_process_id,
     int render_frame_id,
     const void* context,
     const GURL& plugin_content_url,
-    const GURL& main_url,
+    const url::Origin& main_frame_origin,
     content::WebPluginInfo* plugin) {
   base::AutoLock auto_lock(lock_);
   const ProcessDetails* details = GetProcess(render_process_id);
 
   // Check whether the plugin is overridden.
   if (details) {
     for (const auto& plugin_override : details->overridden_plugins) {
       if (plugin_override.render_frame_id == render_frame_id &&
           (plugin_override.url.is_empty() ||
            plugin_override.url == plugin_content_url)) {
@@ skipping 16 matching lines @@
   const ContextInfo* context_info = context_info_it->second.get();
   if (!context_info->plugin_prefs.get()->IsPluginEnabled(*plugin))
     return false;
 
   // If PreferHtmlOverPlugins is enabled and the plugin is Flash, we do
   // additional checks.
   if (plugin->name == base::ASCIIToUTF16(content::kFlashPluginName) &&
       base::FeatureList::IsEnabled(features::kPreferHtmlOverPlugins)) {
     // Check the content setting first, and always respect the ALLOW or BLOCK
     // state. When IsPluginAvailable() is called to check whether a plugin
-    // should be advertised, |url| has the same value of |policy_url| (i.e. the
-    //  main frame origin). The intended behavior is that Flash is advertised
-    // only if a Flash embed hosted on the same origin as the main frame origin
-    // is allowed to run.
+    // should be advertised, |url| has the same origin as |main_frame_origin|.
+    // The intended behavior is that Flash is advertised only if a Flash embed
+    // hosted on the same origin as the main frame origin is allowed to run.
     bool is_managed = false;
     HostContentSettingsMap* settings_map =
         context_info_it->second->host_content_settings_map.get();
     ContentSetting flash_setting = PluginUtils::GetFlashPluginContentSetting(
-        settings_map, main_url, plugin_content_url, &is_managed);
+        settings_map, main_frame_origin, plugin_content_url, &is_managed);
     flash_setting = PluginsFieldTrial::EffectiveContentSetting(
         CONTENT_SETTINGS_TYPE_PLUGINS, flash_setting);
     if (flash_setting == CONTENT_SETTING_ALLOW)
       return true;
     else if (flash_setting == CONTENT_SETTING_BLOCK)
       return false;
 
     // The content setting is neither ALLOW or BLOCK. Check whether the site
     // meets the engagement cutoff for making Flash available without a prompt.
     // This should only happen if the setting isn't being enforced by an
     // enterprise policy.
     if (is_managed ||
-        SiteEngagementService::GetScoreFromSettings(settings_map, main_url) <
+        SiteEngagementService::GetScoreFromSettings(
+            settings_map, GURL(main_frame_origin.Serialize())) <

[nasko, 2016/10/05 21:14:31]

main_frame_origin.GetURL()

[tommycli, 2016/10/05 21:41:22]

Done. I was wondering how I missed that method, but checking git blame, it only
landed two days ago!

             PluginsFieldTrial::GetSiteEngagementThresholdForFlash()) {
       return false;
     }
   }
 
   return true;
 }
 
 bool ChromePluginServiceFilter::CanLoadPlugin(int render_process_id,
                                               const base::FilePath& path) {
@@ skipping 58 matching lines @@
 
 const ChromePluginServiceFilter::ProcessDetails*
 ChromePluginServiceFilter::GetProcess(
     int render_process_id) const {
   std::map<int, ProcessDetails>::const_iterator it =
       plugin_details_.find(render_process_id);
   if (it == plugin_details_.end())
     return NULL;
   return &it->second;
 }