content/browser/frame_host/navigator_impl.cc - Issue 2506503003: Fix web accessible resource checks in ShouldAllowOpenURL for M55

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/browser/frame_host/navigator_impl.cc

Issue 2506503003: Fix web accessible resource checks in ShouldAllowOpenURL for M55 (Closed)

Patch Set: Remove DWOC headers Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: content/browser/frame_host/navigator_impl.cc

diff --git a/content/browser/frame_host/navigator_impl.cc b/content/browser/frame_host/navigator_impl.cc

index 88db45548466d37fc2fe781e53b7389c6a8fe2e9..d3ae8ea821f2da1c5b6124864883e2bac75c0616 100644

--- a/content/browser/frame_host/navigator_impl.cc

+++ b/content/browser/frame_host/navigator_impl.cc

@@ -720,6 +720,9 @@ void NavigatorImpl::RequestOpenURL(

// redirects. http://crbug.com/311721.

std::vector<GURL> redirect_chain;

+ // Note that unlike RequestTransferURL, this uses the navigating

+ // RenderFrameHost's current SiteInstance, as that's where this navigation

+ // originated.

GURL dest_url(url);

if (!GetContentClient()->browser()->ShouldAllowOpenURL(

current_site_instance, url)) {

@@ -805,9 +808,17 @@ void NavigatorImpl::RequestTransferURL(

Referrer referrer_to_use(referrer);

FrameTreeNode* node = render_frame_host->frame_tree_node();

SiteInstance* current_site_instance = render_frame_host->GetSiteInstance();

- if (!GetContentClient()->browser()->ShouldAllowOpenURL(current_site_instance,

- url)) {

- dest_url = GURL(url::kAboutBlankURL);

+ // It is important to pass in the source_site_instance if it is available

+ // (such as when navigating a proxy). See https://crbug.com/656752.

+ if (!GetContentClient()->browser()->ShouldAllowOpenURL(

+ source_site_instance ? source_site_instance : current_site_instance,

+ url)) {

+ // It is important to return here, rather than rewrite the dest_url to

+ // about:blank. The latter won't actually have any effect when

+ // transferring, as NavigateToEntry will think that the transfer is to the

+ // same RFH that started the navigation and let the existing navigation

+ // (for the disallowed URL) proceed.

+ return;

}

// TODO(creis): Determine if this transfer started as a browser-initiated