Always prompt for permission on fullscreen and mouse lock on file:// URLs

chrome/browser/ui/exclusive_access/fullscreen_controller.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/exclusive_access/fullscreen_controller.h"
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/message_loop/message_loop.h"
 #include "chrome/browser/app_mode/app_mode_utils.h"
@@ skipping 322 matching lines @@
     // embedder. Thus, even if a requesting origin has been previously approved
     // for embedder A, it will not be approved when embedded in a different
     // origin B.
     //
     // However, an exception is made when a requester and an embedder are the
     // same origin. In other words, if the requester is the top-level frame. If
     // that combination is ALLOWED, then future requests from that origin will
     // succeed no matter what the embedder is. For example, if youtube.com
     // is visited and user selects ALLOW. Later user visits example.com which
     // embeds youtube.com in an iframe, which is then ALLOWED to go fullscreen.
+    GURL requester = GetRequestingOrigin();
+    GURL embedder = GetEmbeddingOrigin();
     ContentSettingsPattern primary_pattern =
-        ContentSettingsPattern::FromURLNoWildcard(GetRequestingOrigin());
+        ContentSettingsPattern::FromURLNoWildcard(requester);
     ContentSettingsPattern secondary_pattern =
-        ContentSettingsPattern::FromURLNoWildcard(GetEmbeddingOrigin());
+        ContentSettingsPattern::FromURLNoWildcard(embedder);
 
     // ContentSettings requires valid patterns and the patterns might be invalid
     // in some edge cases like if the current frame is about:blank.
-    if (primary_pattern.IsValid() && secondary_pattern.IsValid()) {
+    //
+    // Do not store preference on file:// URLs, they don't have a clean
+    // origin policy.
+    // TODO(estark): Revisit this when crbug.com/455882 is fixed.

[msw, 2015/02/12 00:07:59]

nit: consider adding this bug to the BUG= in the CL description, just so owners
there might be more inclined to go back alert you or revisit this themselves.

[estark, 2015/02/12 02:33:10]

Done.

+    if (!requester.SchemeIsFile() && !embedder.SchemeIsFile() &&
+        primary_pattern.IsValid() && secondary_pattern.IsValid()) {
       HostContentSettingsMap* settings_map =
           profile()->GetHostContentSettingsMap();
       settings_map->SetContentSetting(
           primary_pattern, secondary_pattern, CONTENT_SETTINGS_TYPE_FULLSCREEN,
           std::string(), CONTENT_SETTING_ALLOW);
     }
     tab_fullscreen_accepted_ = true;
     return true;
   }
 
@@ skipping 134 matching lines @@
   extension_caused_fullscreen_ = GURL();
 
   exclusive_access_manager()->UpdateExclusiveAccessExitBubbleContent();
 }
 
 ContentSetting FullscreenController::GetFullscreenSetting() const {
   DCHECK(exclusive_access_tab());
 
   GURL url = GetRequestingOrigin();
 
-  if (IsPrivilegedFullscreenForTab() || url.SchemeIsFile())
+  // Always ask on file:// URLs, since we can't meaningfully make the
+  // decision stick for a particular origin.
+  // TODO(estark): Revisit this when crbug.com/455882 is fixed.
+  if (url.SchemeIsFile())
+    return CONTENT_SETTING_ASK;
+
+  if (IsPrivilegedFullscreenForTab())
     return CONTENT_SETTING_ALLOW;
 
   // If the permission was granted to the website with no embedder, it should
   // always be allowed, even if embedded.
   if (profile()->GetHostContentSettingsMap()->GetContentSetting(
           url, url, CONTENT_SETTINGS_TYPE_FULLSCREEN, std::string()) ==
       CONTENT_SETTING_ALLOW) {
     return CONTENT_SETTING_ALLOW;
   }
 
@@ skipping 57 matching lines @@
     return fullscreened_origin_;
 
   return exclusive_access_tab()->GetLastCommittedURL();
 }
 
 GURL FullscreenController::GetEmbeddingOrigin() const {
   DCHECK(exclusive_access_tab());
 
   return exclusive_access_tab()->GetLastCommittedURL();
 }