Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2897963003:
PlzNavigate: Fixes ChromeOS navigation to google drive files. (Closed)
|
Created:
3 years, 7 months ago by arthursonzogni Modified:
3 years, 6 months ago CC:
chromium-reviews, jam, nasko+codewatch_chromium.org, darin-cc_chromium.org, creis+watch_chromium.org, Charlie Reis, clamy, ncarter (slow) Target Ref:
refs/heads/master Project:
chromium Visibility:
Public. |
DescriptionPlzNavigate: Fixes ChromeOS navigation to google drive files.
How navigations to google drive files are working with ChromeOS?
----------------------------------------------------------------
1) A browser initiated navigation happens. The url is
externalfile:drive-<user-email>/root/<drive-file-path>
2) The access to common_params.url's scheme (="externalfile") is granted to the
renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation.
3) The renderer asks the browser to fetch the ressource.
4) In the network stack, ExternalFileURLRequestJob redirects to
https://docs.google.com/documents/d/<document-id>...
What happens with PlzNavigate?
-------------------------------
1) A browser initiated navigation happens. The url is
externalfile:drive-<user-email>/root/<drive-file-path>
2) In the network stack, ExternalFileURLRequestJob redirects to
https://docs.google.com/documents/d/<document-id>...
3) The access to common_params.url's scheme (="https") is granted to the
renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation.
**Please note that "externalfile" scheme access is not granted**
4) The renderer is asked to navigate to
common_params.original_url (=externalfile:drive-<user-email>[...])
The redirect will be replayed latter. See https://crrev.com/2653953005.
5) The renderer asks the browser to fetch the ressource, but the browser
forbids the load because "externalfile" scheme is not allowed.
What does this CL?
------------------
It grants access to the original url scheme too.
BUG=717644
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_browser_side_navigation_rel;master.tryserver.chromium.linux:linux_site_isolation
Patch Set 1 #
Total comments: 1
Patch Set 2 : Grant access to the original url only for the moment #
Total comments: 1
Messages
Total messages: 32 (25 generated)
Description was changed from ========== PlzNavigate: Fixes ChromeOS navigation to google drive files. How navigations to google drive files are working with ChromeOS? ---------------------------------------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) The access to common_params.url's scheme (=externalfile) is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. 3) The renderer asks the browser to fetch the ressource. 4) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... What happened with PlzNavigate? ------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... 2) The access to common_params.url's scheme (=https) is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. **Please note that "externalfile" scheme access is not granted** 4) The renderer is asked to navigate to common_params.original_url (=externalfile:...) The redirect will be replayed latter, please see https://crrev.com/705217. 5) The renderer asks the browser to fetch the ressource, but the browser forbids the load because "externalfile" scheme is not allowed. What does this CL? ------------------ It grants access to every redirected urls scheme instead of only the final one. BUG=717644 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_browser_side_navigation_rel ========== to ========== PlzNavigate: Fixes ChromeOS navigation to google drive files. How navigations to google drive files are working with ChromeOS? ---------------------------------------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) The access to common_params.url's scheme (=externalfile) is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. 3) The renderer asks the browser to fetch the ressource. 4) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... What happened with PlzNavigate? ------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... 2) The access to common_params.url's scheme (=https) is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. **Please note that "externalfile" scheme access is not granted** 4) The renderer is asked to navigate to common_params.original_url (=externalfile:...) The redirect will be replayed latter, please see https://crrev.com/705217. 5) The renderer asks the browser to fetch the ressource, but the browser forbids the load because "externalfile" scheme is not allowed. What does this CL? ------------------ It grants access to every redirected urls scheme instead of only the final one. BUG=717644 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_browser_side_navigation_rel;master.tryserver.chromium.linux:linux_site_isolation ==========
The CQ bit was checked by arthursonzogni@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Description was changed from ========== PlzNavigate: Fixes ChromeOS navigation to google drive files. How navigations to google drive files are working with ChromeOS? ---------------------------------------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) The access to common_params.url's scheme (=externalfile) is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. 3) The renderer asks the browser to fetch the ressource. 4) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... What happened with PlzNavigate? ------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... 2) The access to common_params.url's scheme (=https) is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. **Please note that "externalfile" scheme access is not granted** 4) The renderer is asked to navigate to common_params.original_url (=externalfile:...) The redirect will be replayed latter, please see https://crrev.com/705217. 5) The renderer asks the browser to fetch the ressource, but the browser forbids the load because "externalfile" scheme is not allowed. What does this CL? ------------------ It grants access to every redirected urls scheme instead of only the final one. BUG=717644 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_browser_side_navigation_rel;master.tryserver.chromium.linux:linux_site_isolation ========== to ========== PlzNavigate: Fixes ChromeOS navigation to google drive files. How navigations to google drive files are working with ChromeOS? ---------------------------------------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) The access to common_params.url's scheme (="externalfile") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. 3) The renderer asks the browser to fetch the ressource. 4) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... What happens with PlzNavigate? ------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... 2) The access to common_params.url's scheme (="https") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. **Please note that "externalfile" scheme access is not granted** 4) The renderer is asked to navigate to common_params.original_url (=externalfile:...) The redirect will be replayed latter, please see https://crrev.com/705217. 5) The renderer asks the browser to fetch the ressource, but the browser forbids the load because "externalfile" scheme is not allowed. What does this CL? ------------------ It grants access to every redirected urls scheme instead of only the final one. BUG=717644 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_browser_side_navigation_rel;master.tryserver.chromium.linux:linux_site_isolation ==========
Description was changed from ========== PlzNavigate: Fixes ChromeOS navigation to google drive files. How navigations to google drive files are working with ChromeOS? ---------------------------------------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) The access to common_params.url's scheme (="externalfile") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. 3) The renderer asks the browser to fetch the ressource. 4) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... What happens with PlzNavigate? ------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... 2) The access to common_params.url's scheme (="https") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. **Please note that "externalfile" scheme access is not granted** 4) The renderer is asked to navigate to common_params.original_url (=externalfile:...) The redirect will be replayed latter, please see https://crrev.com/705217. 5) The renderer asks the browser to fetch the ressource, but the browser forbids the load because "externalfile" scheme is not allowed. What does this CL? ------------------ It grants access to every redirected urls scheme instead of only the final one. BUG=717644 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_browser_side_navigation_rel;master.tryserver.chromium.linux:linux_site_isolation ========== to ========== PlzNavigate: Fixes ChromeOS navigation to google drive files. How navigations to google drive files are working with ChromeOS? ---------------------------------------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) The access to common_params.url's scheme (="externalfile") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. 3) The renderer asks the browser to fetch the ressource. 4) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... What happens with PlzNavigate? ------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... 3) The access to common_params.url's scheme (="https") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. **Please note that "externalfile" scheme access is not granted** 4) The renderer is asked to navigate to common_params.original_url (=externalfile:...) The redirect will be replayed latter, please see https://crrev.com/705217. 5) The renderer asks the browser to fetch the ressource, but the browser forbids the load because "externalfile" scheme is not allowed. What does this CL? ------------------ It grants access to every redirected urls scheme instead of only the final one. BUG=717644 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_browser_side_navigation_rel;master.tryserver.chromium.linux:linux_site_isolation ==========
Description was changed from ========== PlzNavigate: Fixes ChromeOS navigation to google drive files. How navigations to google drive files are working with ChromeOS? ---------------------------------------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) The access to common_params.url's scheme (="externalfile") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. 3) The renderer asks the browser to fetch the ressource. 4) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... What happens with PlzNavigate? ------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... 3) The access to common_params.url's scheme (="https") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. **Please note that "externalfile" scheme access is not granted** 4) The renderer is asked to navigate to common_params.original_url (=externalfile:...) The redirect will be replayed latter, please see https://crrev.com/705217. 5) The renderer asks the browser to fetch the ressource, but the browser forbids the load because "externalfile" scheme is not allowed. What does this CL? ------------------ It grants access to every redirected urls scheme instead of only the final one. BUG=717644 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_browser_side_navigation_rel;master.tryserver.chromium.linux:linux_site_isolation ========== to ========== PlzNavigate: Fixes ChromeOS navigation to google drive files. How navigations to google drive files are working with ChromeOS? ---------------------------------------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) The access to common_params.url's scheme (="externalfile") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. 3) The renderer asks the browser to fetch the ressource. 4) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... What happens with PlzNavigate? ------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... 3) The access to common_params.url's scheme (="https") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. **Please note that "externalfile" scheme access is not granted** 4) The renderer is asked to navigate to common_params.original_url (=externalfile:drive-<user-email>[...]) The redirect will be replayed latter, please see https://crrev.com/705217. 5) The renderer asks the browser to fetch the ressource, but the browser forbids the load because "externalfile" scheme is not allowed. What does this CL? ------------------ It grants access to every redirected urls scheme instead of only the final one. BUG=717644 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_browser_side_navigation_rel;master.tryserver.chromium.linux:linux_site_isolation ==========
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
Description was changed from ========== PlzNavigate: Fixes ChromeOS navigation to google drive files. How navigations to google drive files are working with ChromeOS? ---------------------------------------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) The access to common_params.url's scheme (="externalfile") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. 3) The renderer asks the browser to fetch the ressource. 4) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... What happens with PlzNavigate? ------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... 3) The access to common_params.url's scheme (="https") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. **Please note that "externalfile" scheme access is not granted** 4) The renderer is asked to navigate to common_params.original_url (=externalfile:drive-<user-email>[...]) The redirect will be replayed latter, please see https://crrev.com/705217. 5) The renderer asks the browser to fetch the ressource, but the browser forbids the load because "externalfile" scheme is not allowed. What does this CL? ------------------ It grants access to every redirected urls scheme instead of only the final one. BUG=717644 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_browser_side_navigation_rel;master.tryserver.chromium.linux:linux_site_isolation ========== to ========== PlzNavigate: Fixes ChromeOS navigation to google drive files. How navigations to google drive files are working with ChromeOS? ---------------------------------------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) The access to common_params.url's scheme (="externalfile") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. 3) The renderer asks the browser to fetch the ressource. 4) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... What happens with PlzNavigate? ------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... 3) The access to common_params.url's scheme (="https") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. **Please note that "externalfile" scheme access is not granted** 4) The renderer is asked to navigate to common_params.original_url (=externalfile:drive-<user-email>[...]) The redirect will be replayed latter. See https://crrev.com/2653953005. 5) The renderer asks the browser to fetch the ressource, but the browser forbids the load because "externalfile" scheme is not allowed. What does this CL? ------------------ It grants access to every redirected urls scheme instead of only the final one. BUG=717644 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_browser_side_navigation_rel;master.tryserver.chromium.linux:linux_site_isolation ==========
arthursonzogni@chromium.org changed reviewers: + nasko@chromium.org
Hi Nasko, Please can you take a look? This CL explains why the BUG(717644) happens. Please note that I am not 100% sure that the fix I made doesn't have any bad consequences from a security point of view. What do you think? +CC creis@, clamy@.
https://codereview.chromium.org/2897963003/diff/1/content/browser/frame_host/... File content/browser/frame_host/render_frame_host_impl.cc (right): https://codereview.chromium.org/2897963003/diff/1/content/browser/frame_host/... content/browser/frame_host/render_frame_host_impl.cc:3593: GetProcess()->GetID(), url); It seems a bit more prudent to grant access to the original_url. I'm not sure if granting access to the full redirect chain is a reasonable thing. Let's start with original_url, which should allow for the CromeOS issue to be resolved.
The CQ bit was checked by arthursonzogni@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_browser_side_navigation_rel on master.tryserver.chromium.linux (JOB_FAILED, build has not started yet; builder either lacks capacity or does not exist (misspelled?))
Description was changed from ========== PlzNavigate: Fixes ChromeOS navigation to google drive files. How navigations to google drive files are working with ChromeOS? ---------------------------------------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) The access to common_params.url's scheme (="externalfile") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. 3) The renderer asks the browser to fetch the ressource. 4) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... What happens with PlzNavigate? ------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... 3) The access to common_params.url's scheme (="https") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. **Please note that "externalfile" scheme access is not granted** 4) The renderer is asked to navigate to common_params.original_url (=externalfile:drive-<user-email>[...]) The redirect will be replayed latter. See https://crrev.com/2653953005. 5) The renderer asks the browser to fetch the ressource, but the browser forbids the load because "externalfile" scheme is not allowed. What does this CL? ------------------ It grants access to every redirected urls scheme instead of only the final one. BUG=717644 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_browser_side_navigation_rel;master.tryserver.chromium.linux:linux_site_isolation ========== to ========== PlzNavigate: Fixes ChromeOS navigation to google drive files. How navigations to google drive files are working with ChromeOS? ---------------------------------------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) The access to common_params.url's scheme (="externalfile") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. 3) The renderer asks the browser to fetch the ressource. 4) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... What happens with PlzNavigate? ------------------------------- 1) A browser initiated navigation happens. The url is externalfile:drive-<user-email>/root/<drive-file-path> 2) In the network stack, ExternalFileURLRequestJob redirects to https://docs.google.com/documents/d/<document-id>... 3) The access to common_params.url's scheme (="https") is granted to the renderer in RenderFrameHostImpl::UpdatePermissionsForNavigation. **Please note that "externalfile" scheme access is not granted** 4) The renderer is asked to navigate to common_params.original_url (=externalfile:drive-<user-email>[...]) The redirect will be replayed latter. See https://crrev.com/2653953005. 5) The renderer asks the browser to fetch the ressource, but the browser forbids the load because "externalfile" scheme is not allowed. What does this CL? ------------------ It grants access to the original url scheme too. BUG=717644 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_browser_side_navigation_rel;master.tryserver.chromium.linux:linux_site_isolation ==========
The CQ bit was checked by arthursonzogni@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
Thanks! In the second patch, I grant access to only the original url instead of the full redirect chain. I have also added a comment making clearer what we are doing here.
The CQ bit was checked by nasko@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by nasko@chromium.org
LGTM
The CQ bit was checked by nasko@chromium.org
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by creis@chromium.org
creis@chromium.org changed reviewers: + creis@chromium.org
Sorry, not LGTM based on a conversation with Nick. I agree with your investigation, but I think we need to find a different way to fix the bug. https://codereview.chromium.org/2897963003/diff/20001/content/browser/frame_h... File content/browser/frame_host/render_frame_host_impl.cc (right): https://codereview.chromium.org/2897963003/diff/20001/content/browser/frame_h... content/browser/frame_host/render_frame_host_impl.cc:3600: GetProcess()->GetID(), request_params.original_url); Nick and I have some concerns about this. The original_url is the URL before all the redirects. In the case of cross-site redirects that end up in a different process than the original URL would have used, we should not be granting access to the original URL to the new process. (This may also be a way for a compromised renderer to sneak things into GrantRequestURL if we don't have as many security checks on original_url as we do on url.)
I close this issue, since https://codereview.chromium.org/2908593002/ is a replacement fix. |
