Fix load of non-standard custom scheme URI as iframe src (see issue #2929)

2025-02-16 20:20:51 +01:00 · 2020-05-11 18:12:20 -04:00 · 2020-05-11 18:12:20 -04:00 · 14571658a2
commit 14571658a2
parent aa4473e2c6
2 changed files with 27 additions and 0 deletions
--- a/patch/patch.cfg
+++ b/patch/patch.cfg
@ -492,5 +492,11 @@ patches = [
    # Fix unbound AssociatedRemote error in SetBackgroundOpaque.
    # https://bugs.chromium.org/p/chromium/issues/detail?id=1070713
    'name': 'renderer_host_1070713',
+  },
+  {
+    # Allow the loading of non-standard non-local WebSafe custom schemes in
+    # iframes.
+    # https://bugs.chromium.org/p/chromium/issues/detail?id=1081397#c9
+    'name': 'browser_security_policy_1081397',
  }
 ]
--- a/patch/patches/browser_security_policy_1081397.patch
+++ b/patch/patches/browser_security_policy_1081397.patch
@ -0,0 +1,21 @@
+diff --git content/browser/child_process_security_policy_impl.cc content/browser/child_process_security_policy_impl.cc
+index bcd42e788019..6a7a164a527a 100644
+--- content/browser/child_process_security_policy_impl.cc
+++ content/browser/child_process_security_policy_impl.cc
+@@ -1469,6 +1469,16 @@ bool ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin(
+         // DeclarativeApiTest.PersistRules.
+         if (actual_process_lock.SchemeIs(url::kDataScheme))
+           return true;
+
+        // Allow other schemes that are non-standard, non-local and WebSafe.
+        if (actual_process_lock.is_valid() &&
+            !actual_process_lock.IsStandard() &&
+            !base::Contains(url::GetLocalSchemes(),
+                            actual_process_lock.scheme_piece()) &&
+            base::Contains(schemes_okay_to_request_in_any_process_,
+                           actual_process_lock.scheme_piece())) {
+          return true;
+        }
+       }
+ 
+       failure_reason = "lock_mismatch";