Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(292)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2859613002: Disable web payments API on blob: and data: schemes. (Closed)

Created:
3 years, 7 months ago by please use gerrit instead
Modified:
3 years, 7 months ago
Reviewers:
meacer
CC:
chromium-reviews, jam, gogerald+paymentswatch_chromium.org, rouslan+payments_chromium.org, darin-cc_chromium.org, agrieve+watch_chromium.org, mahmadi+paymentswatch_chromium.org, sebsg+paymentswatch_chromium.org
Target Ref:
refs/heads/master
Project:
chromium
Visibility:
Public.

Description

Disable web payments API on blob: and data: schemes. This patch makes PaymentRequest.show() always reject with NotSupportedError and PaymentRequest.canMakePayments() always return false on origins that are not either localhost, file://, or cryptographic scheme. BUG=717476 Review-Url: https://codereview.chromium.org/2859613002 Cr-Commit-Position: refs/heads/master@{#469991} Committed: https://chromium.googlesource.com/chromium/src/+/b28f4539b767b634d9257964f04e72b8987910b5

Patch Set 1 #

Total comments: 5

Patch Set 2 : Tests #

Patch Set 3 : Fix desktop tests #

Patch Set 4 : Fixup tests #

Patch Set 5 : Fix up Android test #

Unified diffs Side-by-side diffs Delta from patch set Stats (+323 lines, -65 lines) Patch
M chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java View 1 2 1 chunk +10 lines, -0 lines 0 comments Download
M chrome/android/java_sources.gni View 1 2 3 4 2 chunks +2 lines, -0 lines 0 comments Download
A chrome/android/javatests/src/org/chromium/chrome/browser/payments/PaymentRequestBlobUrlTest.java View 1 2 3 4 1 chunk +32 lines, -0 lines 0 comments Download
A chrome/android/javatests/src/org/chromium/chrome/browser/payments/PaymentRequestDataUrlTest.java View 1 1 chunk +39 lines, -0 lines 0 comments Download
M chrome/android/javatests/src/org/chromium/chrome/browser/payments/PaymentRequestTestBase.java View 1 3 chunks +15 lines, -3 lines 0 comments Download
A chrome/browser/ui/views/payments/payment_request_blob_url_browsertest.cc View 1 2 1 chunk +27 lines, -0 lines 0 comments Download
M chrome/browser/ui/views/payments/payment_request_browsertest_base.h View 1 2 3 8 chunks +30 lines, -33 lines 0 comments Download
M chrome/browser/ui/views/payments/payment_request_browsertest_base.cc View 1 2 3 7 chunks +76 lines, -9 lines 0 comments Download
A chrome/browser/ui/views/payments/payment_request_data_url_browsertest.cc View 1 1 chunk +35 lines, -0 lines 0 comments Download
M chrome/browser/ui/views/payments/test_chrome_payment_request_delegate.h View 1 2 3 chunks +0 lines, -6 lines 0 comments Download
M chrome/browser/ui/views/payments/test_chrome_payment_request_delegate.cc View 1 2 2 chunks +0 lines, -9 lines 0 comments Download
M chrome/test/BUILD.gn View 1 2 3 4 1 chunk +2 lines, -0 lines 0 comments Download
A chrome/test/data/payments/blob_url.js View 1 2 3 4 1 chunk +17 lines, -0 lines 0 comments Download
A chrome/test/data/payments/payment_request_blob_url_test.html View 1 1 chunk +17 lines, -0 lines 0 comments Download
M components/payments/content/payment_request.h View 1 2 3 1 chunk +1 line, -0 lines 0 comments Download
M components/payments/content/payment_request.cc View 1 2 3 3 chunks +20 lines, -5 lines 0 comments Download

Messages

Total messages: 30 (22 generated)
please use gerrit instead
Mustafa, ptal.
3 years, 7 months ago (2017-05-02 19:57:12 UTC) #4
meacer
Thanks for the quick CL! Can you add unit tests for data and blob? https://codereview.chromium.org/2859613002/diff/1/components/payments/content/payment_request.cc ...
3 years, 7 months ago (2017-05-02 21:21:54 UTC) #7
please use gerrit instead
Ptal patch 2. https://codereview.chromium.org/2859613002/diff/1/components/payments/content/payment_request.cc File components/payments/content/payment_request.cc (right): https://codereview.chromium.org/2859613002/diff/1/components/payments/content/payment_request.cc#newcode48 components/payments/content/payment_request.cc:48: GURL last_committed_url = delegate_->GetLastCommittedURL(); On 2017/05/02 ...
3 years, 7 months ago (2017-05-03 20:53:52 UTC) #10
meacer
LGTM, thanks! https://codereview.chromium.org/2859613002/diff/1/components/payments/content/payment_request.cc File components/payments/content/payment_request.cc (right): https://codereview.chromium.org/2859613002/diff/1/components/payments/content/payment_request.cc#newcode49 components/payments/content/payment_request.cc:49: if (!OriginSecurityChecker::IsOriginSecure(last_committed_url)) { On 2017/05/03 20:53:51, ಠ_ಠ ...
3 years, 7 months ago (2017-05-03 21:08:53 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2859613002/20001
3 years, 7 months ago (2017-05-03 21:12:15 UTC) #14
commit-bot: I haz the power
Try jobs failed on following builders: linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_chromeos_rel_ng/builds/418076)
3 years, 7 months ago (2017-05-03 22:25:45 UTC) #16
commit-bot: I haz the power
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2859613002/80001
3 years, 7 months ago (2017-05-08 13:15:39 UTC) #27
commit-bot: I haz the power
3 years, 7 months ago (2017-05-08 15:42:03 UTC) #30
Message was sent while issue was closed. 
Committed patchset #5 (id:80001) as
https://chromium.googlesource.com/chromium/src/+/b28f4539b767b634d9257964f04e...

Powered by Google App Engine
This is Rietveld 408576698