2020-05-12 00:12:20 +02:00
|
|
|
diff --git content/browser/child_process_security_policy_impl.cc content/browser/child_process_security_policy_impl.cc
|
2022-06-17 15:28:55 +02:00
|
|
|
index 3a619b38da0c7..8bdf8ad9b1c18 100644
|
2020-05-12 00:12:20 +02:00
|
|
|
--- content/browser/child_process_security_policy_impl.cc
|
|
|
|
|
+++ content/browser/child_process_security_policy_impl.cc
|
2022-06-17 15:28:55 +02:00
|
|
|
@@ -1751,6 +1751,16 @@ bool ChildProcessSecurityPolicyImpl::CanAccessDataForMaybeOpaqueOrigin(
|
2020-12-02 23:31:49 +01:00
|
|
|
// DeclarativeApiTest.PersistRules.
|
|
|
|
|
if (actual_process_lock.matches_scheme(url::kDataScheme))
|
|
|
|
|
return true;
|
2020-05-12 00:12:20 +02:00
|
|
|
+
|
2020-12-02 23:31:49 +01:00
|
|
|
+ // Allow other schemes that are non-standard, non-local and WebSafe.
|
|
|
|
|
+ if (lock_url.is_valid() &&
|
|
|
|
|
+ !lock_url.IsStandard() &&
|
|
|
|
|
+ !base::Contains(url::GetLocalSchemes(),
|
|
|
|
|
+ lock_url.scheme_piece()) &&
|
|
|
|
|
+ base::Contains(schemes_okay_to_request_in_any_process_,
|
2021-01-28 00:13:12 +01:00
|
|
|
+ lock_url.scheme())) {
|
2020-12-02 23:31:49 +01:00
|
|
|
+ return true;
|
|
|
|
|
+ }
|
|
|
|
|
}
|
2020-05-12 00:12:20 +02:00
|
|
|
|
2020-12-02 23:31:49 +01:00
|
|
|
// TODO(wjmaclean): We should update the ProcessLock comparison API
|
2021-04-12 19:55:48 +02:00
|
|
|
diff --git content/browser/renderer_host/navigation_request.cc content/browser/renderer_host/navigation_request.cc
|
2022-06-17 15:28:55 +02:00
|
|
|
index e3e73a2353312..4f2d190c000b2 100644
|
2021-04-12 19:55:48 +02:00
|
|
|
--- content/browser/renderer_host/navigation_request.cc
|
|
|
|
|
+++ content/browser/renderer_host/navigation_request.cc
|
2022-06-17 15:28:55 +02:00
|
|
|
@@ -6312,6 +6312,12 @@ NavigationRequest::GetOriginForURLLoaderFactoryWithoutFinalFrameHost(
|
2021-08-20 01:40:49 +02:00
|
|
|
network::mojom::WebSandboxFlags sandbox_flags) {
|
2021-04-12 19:55:48 +02:00
|
|
|
// Calculate an approximation of the origin. The sandbox/csp are ignored.
|
|
|
|
|
url::Origin origin = GetOriginForURLLoaderFactoryUnchecked(this);
|
|
|
|
|
+ if (!origin.GetURL().IsStandard()) {
|
|
|
|
|
+ // Always return an opaque origin for non-standard URLs. Otherwise, the
|
|
|
|
|
+ // below CanAccessDataForOrigin() check may fail for unregistered custom
|
|
|
|
|
+ // scheme requests in CEF.
|
|
|
|
|
+ return origin.DeriveNewOpaqueOrigin();
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
|
|
// Apply sandbox flags.
|
|
|
|
|
// See https://html.spec.whatwg.org/#sandboxed-origin-browsing-context-flag
|
2022-06-17 15:28:55 +02:00
|
|
|
@@ -6345,6 +6351,15 @@ NavigationRequest::GetOriginForURLLoaderFactoryWithFinalFrameHost() {
|
2021-07-23 18:40:13 +02:00
|
|
|
if (IsSameDocument() || IsPageActivation())
|
|
|
|
|
return GetRenderFrameHost()->GetLastCommittedOrigin();
|
|
|
|
|
|
|
|
|
|
+ // Calculate an approximation of the origin. The sandbox/csp are ignored.
|
|
|
|
|
+ url::Origin unchecked_origin = GetOriginForURLLoaderFactoryUnchecked(this);
|
|
|
|
|
+ if (!unchecked_origin.GetURL().IsStandard()) {
|
|
|
|
|
+ // Always return an opaque origin for non-standard URLs. Otherwise, the
|
|
|
|
|
+ // below CanAccessDataForOrigin() check may fail for unregistered custom
|
|
|
|
|
+ // scheme requests in CEF.
|
|
|
|
|
+ return unchecked_origin.DeriveNewOpaqueOrigin();
|
|
|
|
|
+ }
|
|
|
|
|
+
|
2022-02-21 23:23:40 +01:00
|
|
|
url::Origin origin =
|
|
|
|
|
GetOriginForURLLoaderFactoryWithoutFinalFrameHost(SandboxFlagsToCommit());
|
2021-07-23 18:40:13 +02:00
|
|
|
|
