Disable web payments API on blob: and data: schemes.

components/payments/content/payment_request.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/payments/content/payment_request.h"
 
 #include <string>
 #include <utility>
 
 #include "base/memory/ptr_util.h"
@@ skipping 30 matching lines @@
 
 PaymentRequest::~PaymentRequest() {}
 
 void PaymentRequest::Init(mojom::PaymentRequestClientPtr client,
                           std::vector<mojom::PaymentMethodDataPtr> method_data,
                           mojom::PaymentDetailsPtr details,
                           mojom::PaymentOptionsPtr options) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   client_ = std::move(client);
 
-  if (!OriginSecurityChecker::IsOriginSecure(
-          delegate_->GetLastCommittedURL())) {
+  const GURL last_committed_url = delegate_->GetLastCommittedURL();
+  if (!OriginSecurityChecker::IsOriginSecure(last_committed_url)) {
     LOG(ERROR) << "Not in a secure origin";
     OnConnectionTerminated();
     return;
   }
 
-  if (OriginSecurityChecker::IsSchemeCryptographic(
-          delegate_->GetLastCommittedURL()) &&
-      !delegate_->IsSslCertificateValid()) {
+  bool allowed_origin =
+      OriginSecurityChecker::IsSchemeCryptographic(last_committed_url) ||
+      OriginSecurityChecker::IsOriginLocalhostOrFile(last_committed_url);
+  if (!allowed_origin) {
+    LOG(ERROR) << "Only localhost, file://, and cryptographic scheme origins "
+                  "allowed";
+  }
+
+  bool invalid_ssl =
+      OriginSecurityChecker::IsSchemeCryptographic(last_committed_url) &&
+      !delegate_->IsSslCertificateValid();
+  if (invalid_ssl)
     LOG(ERROR) << "SSL certificate is not valid";
+
+  if (!allowed_origin || invalid_ssl) {
     // Don't show UI. Resolve .canMakepayment() with "false". Reject .show()
     // with "NotSupportedError".
     spec_ = base::MakeUnique<PaymentRequestSpec>(
         mojom::PaymentOptions::New(), mojom::PaymentDetails::New(),
         std::vector<mojom::PaymentMethodDataPtr>(), this,
         delegate_->GetApplicationLocale());
     state_ = base::MakeUnique<PaymentRequestState>(
         spec_.get(), this, delegate_->GetApplicationLocale(),
         delegate_->GetPersonalDataManager(), delegate_.get());
     return;
@@ skipping 111 matching lines @@
 
   journey_logger_.RecordJourneyStatsHistograms(
       JourneyLogger::COMPLETION_STATUS_USER_ABORTED);
 
   // This sends an error to the renderer, which informs the API user.
   client_->OnError(mojom::PaymentErrorReason::USER_CANCEL);
 
   // We close all bindings and ask to be destroyed.
   client_.reset();
   binding_.Close();
+  if (observer_for_testing_)
+    observer_for_testing_->OnConnectionTerminated();
   manager_->DestroyRequest(this);
 }
 
 void PaymentRequest::OnConnectionTerminated() {
   // We are here because of a browser-side error, or likely as a result of the
   // connection_error_handler on |binding_|, which can mean that the renderer
   // has decided to close the pipe for various reasons (see all uses of
   // PaymentRequest::clearResolversAndCloseMojoConnection() in Blink). We close
   // the binding and the dialog, and ask to be deleted.
   client_.reset();
   binding_.Close();
   delegate_->CloseDialog();
+  if (observer_for_testing_)
+    observer_for_testing_->OnConnectionTerminated();
   manager_->DestroyRequest(this);
 }
 
 void PaymentRequest::Pay() {
   state_->GeneratePaymentResponse();
 }
 
 }  // namespace payments