| Index: chrome/browser/signin/signin_header_helper.cc
|
| diff --git a/chrome/browser/signin/signin_header_helper.cc b/chrome/browser/signin/signin_header_helper.cc
|
| index 134a0173b158bcd85e4905be8c685a73d83bae95..21b5420907be06ef87fa17729c09b19837038033 100644
|
| --- a/chrome/browser/signin/signin_header_helper.cc
|
| +++ b/chrome/browser/signin/signin_header_helper.cc
|
| @@ -15,6 +15,7 @@
|
| #include "components/google/core/browser/google_util.h"
|
| #include "components/signin/core/common/profile_management_switches.h"
|
| #include "content/public/browser/browser_thread.h"
|
| +#include "content/public/browser/resource_request_info.h"
|
| #include "content/public/browser/web_contents.h"
|
| #include "google_apis/gaia/gaia_auth_util.h"
|
| #include "net/http/http_response_headers.h"
|
| @@ -253,6 +254,11 @@ void ProcessMirrorResponseHeaderIfExists(
|
| if (!gaia::IsGaiaSignonRealm(request->url().GetOrigin()))
|
| return;
|
|
|
| + const content::ResourceRequestInfo* info =
|
| + content::ResourceRequestInfo::ForRequest(request);
|
| + if (!(info && info->IsMainFrame() && info->HasUserGesture()))
|
| + return;
|
| +
|
| std::string header_value;
|
| if (!request->response_headers()->GetNormalizedHeader(
|
| kChromeManageAccountsHeader, &header_value)) {
|
|
|
Chromium Code Reviews
Issue 488163003:
Ensures Chrome only honors x-chrome-manage-accounts header on user initiated top frame requests. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src