Chromium Code Reviews| Index: content/browser/frame_host/render_frame_host_impl.cc |
| diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc |
| index cd3a864d50d0e1a705539d3bfec517dfd39ce22b..4d85a84221eca1860d358587e71e2420e9a94ca9 100644 |
| --- a/content/browser/frame_host/render_frame_host_impl.cc |
| +++ b/content/browser/frame_host/render_frame_host_impl.cc |
| @@ -3588,6 +3588,10 @@ void RenderFrameHostImpl::UpdatePermissionsForNavigation( |
| // Browser plugin guests are not allowed to navigate outside web-safe schemes, |
| // so do not grant them the ability to request additional URLs. |
| if (!GetProcess()->IsForGuestsOnly()) { |
| + for (const GURL& url : request_params.redirects) { |
| + ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( |
| + GetProcess()->GetID(), url); |
|
nasko
2017/05/23 04:39:34
It seems a bit more prudent to grant access to the
|
| + } |
| ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( |
| GetProcess()->GetID(), common_params.url); |
| if (common_params.url.SchemeIs(url::kDataScheme) && |