Fix crash when navigating to an unregistered scheme (fixes issue #3105)

The policy->CanAccessDataForOrigin CHECK in NavigationRequest::
GetOriginForURLLoaderFactory was failing because unregistered schemes
(which are already considered non-standard schemes) didn't trigger the
registered non-standard scheme allowance that we previously added in
ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin. This change
modifies GetOriginForURLLoaderFactory to always return an opaque/unique
origin for non-standard schemes resulting in unregistered and non-standard
schemes receiving the same treatment.

New test coverage has been added for this condition, and can be run with:
ceftests --gtest_filter=CorsTest.*CustomUnregistered*
This commit is contained in:
Marshall Greenblatt
2021-04-12 13:55:48 -04:00
parent e1b6f5ad31
commit fc7f9ff505
4 changed files with 177 additions and 30 deletions

View File

@@ -1302,16 +1302,19 @@ void ProxyURLLoaderFactory::CreateLoaderAndStart(
bool pass_through = false;
if (pass_through) {
// This is the so-called pass-through, no-op option.
target_factory_->CreateLoaderAndStart(
std::move(receiver), routing_id, request_id, options, request,
std::move(client), traffic_annotation);
if (target_factory_) {
target_factory_->CreateLoaderAndStart(
std::move(receiver), routing_id, request_id, options, request,
std::move(client), traffic_annotation);
}
return;
}
mojo::PendingRemote<network::mojom::URLLoaderFactory> target_factory_clone;
if (target_factory_)
if (target_factory_) {
target_factory_->Clone(
target_factory_clone.InitWithNewPipeAndPassReceiver());
}
InterceptedRequest* req = new InterceptedRequest(
this, RequestId(request_id, routing_id), options, request,