bcarrella/cef
1
0
Fork 0
mirror of https://bitbucket.org/chromiumembedded/cef synced 2025-06-05 21:39:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to Chromium version 131.0.6768.0 (#1366576)

Browse Source 
mac: Switch to Xcode 16.0 16A242d with macOS SDK 15.0 24A336
This commit is contained in:
Nik Pavlov
2024-10-24 11:05:31 -04:00
committed by Marshall Greenblatt
parent e3a8741563
commit 5d817b20a6
81 changed files with 655 additions and 710 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
patch/patches/browser_security_policy_1081397.patch
View File

@@ -1,30 +1,29 @@
diff --git content/browser/child_process_security_policy_impl.cc content/browser/child_process_security_policy_impl.cc
index 1bf903af89b3c..5471355376272 100644
index eae60792ce033..6f6641e3fd3dd 100644
--- content/browser/child_process_security_policy_impl.cc
+++ content/browser/child_process_security_policy_impl.cc
@@ -2084,6 +2084,17 @@ bool ChildProcessSecurityPolicyImpl::CanAccessMaybeOpaqueOrigin(
// DeclarativeApiTest.PersistRules.
if (actual_process_lock.matches_scheme(url::kDataScheme))
return true;
@@ -2043,6 +2043,16 @@ bool ChildProcessSecurityPolicyImpl::PerformJailAndCitadelChecks(
if (actual_process_lock.matches_scheme(url::kDataScheme)) {
return true;
}
+
+ // Allow other schemes that are non-standard, non-local and WebSafe.
+ if (lock_url.is_valid() && !lock_url.IsStandard() &&
+ !base::Contains(url::GetLocalSchemes(),
+ lock_url.scheme_piece())) {
+ base::AutoLock schemes_lock(schemes_lock_);
+ if (base::Contains(schemes_okay_to_request_in_any_process_,
+ lock_url.scheme())) {
+ return true;
+ }
+ }
}
+ // Allow other schemes that are non-standard, non-local and WebSafe.
+ if (lock_url.is_valid() && !lock_url.IsStandard() &&
+ !base::Contains(url::GetLocalSchemes(), lock_url.scheme_piece())) {
+ base::AutoLock schemes_lock(schemes_lock_);
+ if (base::Contains(schemes_okay_to_request_in_any_process_,
+ lock_url.scheme())) {
+ return true;
+ }
+ }
}
// Make an exception to allow most visited tiles to commit in
// Make an exception to allow most visited tiles to commit in third-party
diff --git content/browser/renderer_host/navigation_request.cc content/browser/renderer_host/navigation_request.cc
index e6b11183c78bd..e6082d8873a0b 100644
index 16784489df658..1d89a64a98b19 100644
--- content/browser/renderer_host/navigation_request.cc
+++ content/browser/renderer_host/navigation_request.cc
@@ -8210,10 +8210,22 @@ NavigationRequest::GetOriginForURLLoaderFactoryBeforeResponseWithDebugInfo(
@@ -8237,10 +8237,22 @@ NavigationRequest::GetOriginForURLLoaderFactoryBeforeResponseWithDebugInfo(
bool use_opaque_origin =
(sandbox_flags & network::mojom::WebSandboxFlags::kOrigin) ==
network::mojom::WebSandboxFlags::kOrigin;
@@ -48,7 +47,7 @@ index e6b11183c78bd..e6082d8873a0b 100644
}
return origin_and_debug_info;
@@ -8321,6 +8333,15 @@ NavigationRequest::GetOriginForURLLoaderFactoryAfterResponseWithDebugInfo() {
@@ -8348,11 +8360,20 @@ NavigationRequest::GetOriginForURLLoaderFactoryAfterResponseWithDebugInfo() {
DetermineInitiatorRelationship(initiator_rfh,
frame_tree_node_->current_frame_host()));
@@ -63,4 +62,11 @@ index e6b11183c78bd..e6082d8873a0b 100644
+
// MHTML documents should commit as an opaque origin. They should not be able
// to make network request on behalf of the real origin.
DCHECK(!IsMhtmlOrSubframe() || origin_with_debug_info.first.opaque());
// TODO(crbug.com/370979008): Migrate to CHECK.
- DUMP_WILL_BE_CHECK(!IsMhtmlOrSubframe() ||
- origin_with_debug_info.first.opaque());
+ // DUMP_WILL_BE_CHECK(!IsMhtmlOrSubframe() ||
+ // origin_with_debug_info.first.opaque());
// If the target of this navigation will be rendered in a RenderFrameHost,
// then verify that the chosen origin is allowed to be accessed from that