Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1004)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/api/identity/web_auth_flow.cc

Issue 2919943003: Avoid treating the load of about:blank as a failure in the web auth flow. (Closed)
Patch Set: Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/api/identity/web_auth_flow.cc
diff --git a/chrome/browser/extensions/api/identity/web_auth_flow.cc b/chrome/browser/extensions/api/identity/web_auth_flow.cc
index 4bad1dadb17ed64e75b925a6e98a02c53e63ea7a..7b326e7aa3b6c7cd070ba0fc926db27ae2c61ab1 100644
--- a/chrome/browser/extensions/api/identity/web_auth_flow.cc
+++ b/chrome/browser/extensions/api/identity/web_auth_flow.cc
@@ -36,6 +36,7 @@
#include "extensions/browser/extension_system.h"
#include "net/http/http_response_headers.h"
#include "url/gurl.h"
+#include "url/url_constants.h"
using content::RenderViewHost;
using content::ResourceRedirectDetails;
@@ -207,10 +208,30 @@ void WebAuthFlow::DidFinishNavigation(
bool failed = false;
if (navigation_handle->GetNetErrorCode() != net::OK) {
- failed = true;
- TRACE_EVENT_ASYNC_STEP_PAST1("identity", "WebAuthFlow", this,
- "DidFinishNavigationFailure", "error_code",
- navigation_handle->GetNetErrorCode());
+ if (navigation_handle->GetURL().spec() == url::kAboutBlankURL) {
+ // As part of the OAUth 2.0 protocol with GAIA, at the end of the web
+ // authorization flow, GAIA redirects to a custom scheme URL of type
+ // |com.googleusercontent.apps.123:/<extension_id>|, where
+ // |com.googleusercontent.apps.123| is the reverse DNS notation of the
+ // client ID of the extension that started the web sign-in flow. (The
+ // intent of this weird URL scheme was to make sure it couldn't be loaded
+ // anywhere at all as this makes it much harder to pull off a cross-site
+ // attack that could leak the returned oauth token to a malicious script
+ // or site.)
+ //
+ // This URL is not an accessible URL from within a Guest WebView, so
+ // during its load of this URL, Chrome changes it to |about:blank| and
+ // then the Identity Scope Approval Dialog extension fails to load it.
+ // Failing to load |about:blank| must not be treated as a failure of
+ // the web auth flow.
+ DCHECK_EQ(net::ERR_UNKNOWN_URL_SCHEME,
+ navigation_handle->GetNetErrorCode());
+ } else {
+ failed = true;
+ TRACE_EVENT_ASYNC_STEP_PAST1("identity", "WebAuthFlow", this,
+ "DidFinishNavigationFailure", "error_code",
+ navigation_handle->GetNetErrorCode());
+ }
} else if (navigation_handle->IsInMainFrame() &&
navigation_handle->GetResponseHeaders() &&
navigation_handle->GetResponseHeaders()->response_code() >= 400) {
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698