Index: components/payments/content/payment_request.cc |
diff --git a/components/payments/content/payment_request.cc b/components/payments/content/payment_request.cc |
index 68da7ff714a86963414c53c99fe4d04bb5fcbb54..7c9b49ab02588ffbd778570d6772efe4f126174a 100644 |
--- a/components/payments/content/payment_request.cc |
+++ b/components/payments/content/payment_request.cc |
@@ -48,17 +48,28 @@ void PaymentRequest::Init(mojom::PaymentRequestClientPtr client, |
DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
client_ = std::move(client); |
- if (!OriginSecurityChecker::IsOriginSecure( |
- delegate_->GetLastCommittedURL())) { |
+ const GURL last_committed_url = delegate_->GetLastCommittedURL(); |
+ if (!OriginSecurityChecker::IsOriginSecure(last_committed_url)) { |
LOG(ERROR) << "Not in a secure origin"; |
OnConnectionTerminated(); |
return; |
} |
- if (OriginSecurityChecker::IsSchemeCryptographic( |
- delegate_->GetLastCommittedURL()) && |
- !delegate_->IsSslCertificateValid()) { |
+ bool allowed_origin = |
+ OriginSecurityChecker::IsSchemeCryptographic(last_committed_url) || |
+ OriginSecurityChecker::IsOriginLocalhostOrFile(last_committed_url); |
+ if (!allowed_origin) { |
+ LOG(ERROR) << "Only localhost, file://, and cryptographic scheme origins " |
+ "allowed"; |
+ } |
+ |
+ bool invalid_ssl = |
+ OriginSecurityChecker::IsSchemeCryptographic(last_committed_url) && |
+ !delegate_->IsSslCertificateValid(); |
+ if (invalid_ssl) |
LOG(ERROR) << "SSL certificate is not valid"; |
+ |
+ if (!allowed_origin || invalid_ssl) { |
// Don't show UI. Resolve .canMakepayment() with "false". Reject .show() |
// with "NotSupportedError". |
spec_ = base::MakeUnique<PaymentRequestSpec>( |
@@ -190,6 +201,8 @@ void PaymentRequest::UserCancelled() { |
// We close all bindings and ask to be destroyed. |
client_.reset(); |
binding_.Close(); |
+ if (observer_for_testing_) |
+ observer_for_testing_->OnConnectionTerminated(); |
manager_->DestroyRequest(this); |
} |
@@ -202,6 +215,8 @@ void PaymentRequest::OnConnectionTerminated() { |
client_.reset(); |
binding_.Close(); |
delegate_->CloseDialog(); |
+ if (observer_for_testing_) |
+ observer_for_testing_->OnConnectionTerminated(); |
manager_->DestroyRequest(this); |
} |