Chromium Code Reviews Chromium Code Reviews
Issue 2831183003:
Fix loading success.html at the end of chrome://chrome-signin flow (Closed)
| Index: extensions/browser/url_request_util.cc |
| diff --git a/extensions/browser/url_request_util.cc b/extensions/browser/url_request_util.cc |
| index 20e32c61b77d19208bb7ce156c7bc4a895d2415c..901dd8d25754e6604779cef6bcd9b4f13648cae1 100644 |
| --- a/extensions/browser/url_request_util.cc |
| +++ b/extensions/browser/url_request_util.cc |
| @@ -155,7 +155,13 @@ bool AllowCrossRendererResourceLoadHelper(bool is_guest, |
| if (is_guest) { |
| // An extension's resources should only be accessible to WebViews owned by |
| // that extension. |
| - if (owner_extension != extension) { |
| + // The only exception is the sign-in extension loaded by |
| + // chrome://chrome-signin, which is allowed to load web-accessible resources |
| + // even if the webview that is loading the resource does not belog to the |
|
Charlie Reis
2017/04/25 16:52:54
nit: belong
msarda
2017/04/26 11:14:35
Done.
|
| + // extension. |
| + bool is_signin_extension = |
| + extension && extension->id() == "mfffpogegjflfpflabcdkioaeobkgjik"; |
|
Charlie Reis
2017/04/25 16:52:54
Is there a constant we can use here rather than a
msarda
2017/04/26 11:14:35
The constant is defined in https://cs.chromium.org
|
| + if (owner_extension != extension && !is_signin_extension) { |
|
Charlie Reis
2017/04/25 16:52:54
Devlin: What do you think about whitelisting signi
Devlin
2017/04/26 01:59:37
Lucas knows more about the history of this check t
msarda
2017/04/26 11:14:34
Lucas: Please advise on whether to keep this code
lfg
2017/04/26 16:24:18
We should use the whitelist approach instead of re
Charlie Reis
2017/04/26 20:10:25
Acknowledged.
|
| *allowed = false; |
| return true; |
| } |
