Allow Signin page to open other chrome:// URLs if login content in <webview>

chrome/browser/chrome_content_browser_client.cc

Index: chrome/browser/chrome_content_browser_client.cc
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index b6e6de5ecbbf505c069ddec6b2190416543aff33..396dccc30a6072135100e5e8c5dc462689bcad13 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -1021,8 +1021,11 @@ bool ChromeContentBrowserClient::ShouldAllowOpenURL(
 #endif
 
   // Do not allow chrome://chrome-signin navigate to other chrome:// URLs, since
-  // the signin page may host untrusted web content.
-  if (from_url.GetOrigin().spec() == chrome::kChromeUIChromeSigninURL &&
+  // the signin page may host untrusted web content unless <webview>-based

[Charlie Reis, 2015/02/02 17:29:21]

This comment is a bit hard to follow.  Maybe:

...since the signin page may host untrusted web content when <webview>-based
signin is not enabled.  In the <webview> case, untrusted content is
out-of-process and cannot navigate to chrome:// URLs.

[Fady Samuel, 2015/02/02 19:59:07]

Done.

+  // signin is enabled. In this case, untrusted content cannot directly access
+  // other chrome:// URLs.
+  if (!switches::IsEnableWebviewBasedSignin() &&
+      from_url.GetOrigin().spec() == chrome::kChromeUIChromeSigninURL &&
       url.SchemeIs(content::kChromeUIScheme) &&
       url.host() != chrome::kChromeUIChromeSigninHost) {
     VLOG(1) << "Blocked navigation to " << url.spec() << " from "