2020-05-12 00:12:20 +02:00
|
|
|
diff --git content/browser/child_process_security_policy_impl.cc content/browser/child_process_security_policy_impl.cc
|
2022-09-26 21:30:45 +02:00
|
|
|
index 18c138c21a853..554e22458da45 100644
|
2020-05-12 00:12:20 +02:00
|
|
|
--- content/browser/child_process_security_policy_impl.cc
|
|
|
|
+++ content/browser/child_process_security_policy_impl.cc
|
2022-09-26 21:30:45 +02:00
|
|
|
@@ -1755,6 +1755,16 @@ bool ChildProcessSecurityPolicyImpl::CanAccessDataForMaybeOpaqueOrigin(
|
2020-12-02 23:31:49 +01:00
|
|
|
// DeclarativeApiTest.PersistRules.
|
|
|
|
if (actual_process_lock.matches_scheme(url::kDataScheme))
|
|
|
|
return true;
|
2020-05-12 00:12:20 +02:00
|
|
|
+
|
2020-12-02 23:31:49 +01:00
|
|
|
+ // Allow other schemes that are non-standard, non-local and WebSafe.
|
|
|
|
+ if (lock_url.is_valid() &&
|
|
|
|
+ !lock_url.IsStandard() &&
|
|
|
|
+ !base::Contains(url::GetLocalSchemes(),
|
|
|
|
+ lock_url.scheme_piece()) &&
|
|
|
|
+ base::Contains(schemes_okay_to_request_in_any_process_,
|
2021-01-28 00:13:12 +01:00
|
|
|
+ lock_url.scheme())) {
|
2020-12-02 23:31:49 +01:00
|
|
|
+ return true;
|
|
|
|
+ }
|
|
|
|
}
|
2020-05-12 00:12:20 +02:00
|
|
|
|
2020-12-02 23:31:49 +01:00
|
|
|
// TODO(wjmaclean): We should update the ProcessLock comparison API
|
2021-04-12 19:55:48 +02:00
|
|
|
diff --git content/browser/renderer_host/navigation_request.cc content/browser/renderer_host/navigation_request.cc
|
2022-10-17 19:27:40 +02:00
|
|
|
index 14dfb45da60c0..7e3ebfa6fb431 100644
|
2021-04-12 19:55:48 +02:00
|
|
|
--- content/browser/renderer_host/navigation_request.cc
|
|
|
|
+++ content/browser/renderer_host/navigation_request.cc
|
2022-10-17 19:27:40 +02:00
|
|
|
@@ -6669,6 +6669,14 @@ std::pair<url::Origin, std::string> NavigationRequest::
|
2022-07-21 19:26:10 +02:00
|
|
|
origin_and_debug_info.second += ", error";
|
|
|
|
}
|
|
|
|
|
|
|
|
+ if (!origin_and_debug_info.first.GetURL().IsStandard()) {
|
2021-04-12 19:55:48 +02:00
|
|
|
+ // Always return an opaque origin for non-standard URLs. Otherwise, the
|
2022-07-21 19:26:10 +02:00
|
|
|
+ // CanAccessDataForOrigin() check may fail for unregistered custom scheme
|
|
|
|
+ // requests in CEF.
|
|
|
|
+ use_opaque_origin = true;
|
|
|
|
+ origin_and_debug_info.second += ", cef_nonstandard";
|
2021-04-12 19:55:48 +02:00
|
|
|
+ }
|
2022-07-21 19:26:10 +02:00
|
|
|
+
|
|
|
|
if (use_opaque_origin) {
|
|
|
|
origin_and_debug_info =
|
|
|
|
std::make_pair(origin_and_debug_info.first.DeriveNewOpaqueOrigin(),
|
2022-10-17 19:27:40 +02:00
|
|
|
@@ -6696,6 +6704,15 @@ std::pair<url::Origin, std::string> NavigationRequest::
|
2022-07-21 19:26:10 +02:00
|
|
|
GetOriginForURLLoaderFactoryWithoutFinalFrameHostWithDebugInfo(
|
|
|
|
SandboxFlagsToCommit());
|
2021-04-12 19:55:48 +02:00
|
|
|
|
2022-07-21 19:26:10 +02:00
|
|
|
+ if (origin_with_debug_info.first.opaque() &&
|
|
|
|
+ origin_with_debug_info.second.find("cef_nonstandard") !=
|
|
|
|
+ std::string::npos) {
|
2021-07-23 18:40:13 +02:00
|
|
|
+ // Always return an opaque origin for non-standard URLs. Otherwise, the
|
|
|
|
+ // below CanAccessDataForOrigin() check may fail for unregistered custom
|
|
|
|
+ // scheme requests in CEF.
|
2022-07-21 19:26:10 +02:00
|
|
|
+ return origin_with_debug_info;
|
2021-07-23 18:40:13 +02:00
|
|
|
+ }
|
|
|
|
+
|
2022-07-21 19:26:10 +02:00
|
|
|
// MHTML documents should commit as an opaque origin. They should not be able
|
|
|
|
// to make network request on behalf of the real origin.
|
|
|
|
DCHECK(!IsMhtmlOrSubframe() || origin_with_debug_info.first.opaque());
|