Always prompt for permission on fullscreen and mouse lock on file:// URLs

chrome/browser/ui/exclusive_access/mouse_lock_controller.cc

Index: chrome/browser/ui/exclusive_access/mouse_lock_controller.cc
diff --git a/chrome/browser/ui/exclusive_access/mouse_lock_controller.cc b/chrome/browser/ui/exclusive_access/mouse_lock_controller.cc
index a053b859ee9353bbfd878534b8cf2f65b8fa358c..e8b2ea1d904c50584509222eb4335b325019d33b 100644
--- a/chrome/browser/ui/exclusive_access/mouse_lock_controller.cc
+++ b/chrome/browser/ui/exclusive_access/mouse_lock_controller.cc
@@ -143,7 +143,7 @@ bool MouseLockController::OnAcceptExclusiveAccessPermission() {
     ContentSettingsPattern pattern = ContentSettingsPattern::FromURL(url);
 
     // TODO(markusheintz): We should allow patterns for all possible URLs here.
-    if (pattern.IsValid()) {
+    if (!url.SchemeIsFile() && pattern.IsValid()) {

[scheib, 2015/02/11 16:48:34]

Add comment along lines of:
"Do not store preference on file:// URLs, they don't have a clean origin policy.
TODO(estark): Revisit this when crbug.com/455882 is fixed."

[estark, 2015/02/11 21:21:58]

Done.

       settings_map->SetContentSetting(pattern,
                                       ContentSettingsPattern::Wildcard(),
                                       CONTENT_SETTINGS_TYPE_MOUSELOCK,
@@ -222,10 +222,15 @@ void MouseLockController::UnlockMouse() {
 }
 
 ContentSetting MouseLockController::GetMouseLockSetting(const GURL& url) const {
+  // Always ask on file:// URLs, since we can't meaningfully make the
+  // decision stick for a particular origin.
+  // TODO(estark): Revisit this when crbug.com/455882 is fixed.
+  if (url.SchemeIsFile())
+    return CONTENT_SETTING_ASK;
+
   if (exclusive_access_manager()
           ->fullscreen_controller()
-          ->IsPrivilegedFullscreenForTab() ||
-      url.SchemeIsFile())
+          ->IsPrivilegedFullscreenForTab())
     return CONTENT_SETTING_ALLOW;
 
   HostContentSettingsMap* settings_map = profile()->GetHostContentSettingsMap();