Chromium Code Reviews Chromium Code Reviews
Issue 890183002:
Allow Signin page to open other chrome:// URLs if login content in <webview> (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chrome_content_browser_client.h" | 5 #include "chrome/browser/chrome_content_browser_client.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <utility> | 8 #include <utility> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 1003 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1014 GURL from_url = site_instance->GetSiteURL(); | 1014 GURL from_url = site_instance->GetSiteURL(); |
| 1015 | 1015 |
| 1016 #if defined(ENABLE_EXTENSIONS) | 1016 #if defined(ENABLE_EXTENSIONS) |
| 1017 bool result; | 1017 bool result; |
| 1018 if (ChromeContentBrowserClientExtensionsPart::ShouldAllowOpenURL( | 1018 if (ChromeContentBrowserClientExtensionsPart::ShouldAllowOpenURL( |
| 1019 site_instance, from_url, url, &result)) | 1019 site_instance, from_url, url, &result)) |
| 1020 return result; | 1020 return result; |
| 1021 #endif | 1021 #endif |
| 1022 | 1022 |
| 1023 // Do not allow chrome://chrome-signin navigate to other chrome:// URLs, since | 1023 // Do not allow chrome://chrome-signin navigate to other chrome:// URLs, since |
| 1024 // the signin page may host untrusted web content. | 1024 // the signin page may host untrusted web content unless <webview>-based |
|
Charlie Reis
2015/02/02 17:29:21
This comment is a bit hard to follow. Maybe:
...
Fady Samuel
2015/02/02 19:59:07
Done.
| |
| 1025 if (from_url.GetOrigin().spec() == chrome::kChromeUIChromeSigninURL && | 1025 // signin is enabled. In this case, untrusted content cannot directly access |
| 1026 // other chrome:// URLs. | |
| 1027 if (!switches::IsEnableWebviewBasedSignin() && | |
| 1028 from_url.GetOrigin().spec() == chrome::kChromeUIChromeSigninURL && | |
| 1026 url.SchemeIs(content::kChromeUIScheme) && | 1029 url.SchemeIs(content::kChromeUIScheme) && |
| 1027 url.host() != chrome::kChromeUIChromeSigninHost) { | 1030 url.host() != chrome::kChromeUIChromeSigninHost) { |
| 1028 VLOG(1) << "Blocked navigation to " << url.spec() << " from " | 1031 VLOG(1) << "Blocked navigation to " << url.spec() << " from " |
| 1029 << chrome::kChromeUIChromeSigninURL; | 1032 << chrome::kChromeUIChromeSigninURL; |
| 1030 return false; | 1033 return false; |
| 1031 } | 1034 } |
| 1032 | 1035 |
| 1033 return true; | 1036 return true; |
| 1034 } | 1037 } |
| 1035 | 1038 |
| (...skipping 1611 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2647 switches::kDisableWebRtcEncryption, | 2650 switches::kDisableWebRtcEncryption, |
| 2648 }; | 2651 }; |
| 2649 to_command_line->CopySwitchesFrom(from_command_line, | 2652 to_command_line->CopySwitchesFrom(from_command_line, |
| 2650 kWebRtcDevSwitchNames, | 2653 kWebRtcDevSwitchNames, |
| 2651 arraysize(kWebRtcDevSwitchNames)); | 2654 arraysize(kWebRtcDevSwitchNames)); |
| 2652 } | 2655 } |
| 2653 } | 2656 } |
| 2654 #endif // defined(ENABLE_WEBRTC) | 2657 #endif // defined(ENABLE_WEBRTC) |
| 2655 | 2658 |
| 2656 } // namespace chrome | 2659 } // namespace chrome |
| OLD | NEW |
