mirror of
https://bitbucket.org/chromiumembedded/cef
synced 2025-06-05 21:39:12 +02:00
Fix crash when navigating to an unregistered scheme (fixes issue #3105)
The policy->CanAccessDataForOrigin CHECK in NavigationRequest:: GetOriginForURLLoaderFactory was failing because unregistered schemes (which are already considered non-standard schemes) didn't trigger the registered non-standard scheme allowance that we previously added in ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin. This change modifies GetOriginForURLLoaderFactory to always return an opaque/unique origin for non-standard schemes resulting in unregistered and non-standard schemes receiving the same treatment. New test coverage has been added for this condition, and can be run with: ceftests --gtest_filter=CorsTest.*CustomUnregistered*
This commit is contained in:
@@ -1302,16 +1302,19 @@ void ProxyURLLoaderFactory::CreateLoaderAndStart(
|
||||
bool pass_through = false;
|
||||
if (pass_through) {
|
||||
// This is the so-called pass-through, no-op option.
|
||||
target_factory_->CreateLoaderAndStart(
|
||||
std::move(receiver), routing_id, request_id, options, request,
|
||||
std::move(client), traffic_annotation);
|
||||
if (target_factory_) {
|
||||
target_factory_->CreateLoaderAndStart(
|
||||
std::move(receiver), routing_id, request_id, options, request,
|
||||
std::move(client), traffic_annotation);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
mojo::PendingRemote<network::mojom::URLLoaderFactory> target_factory_clone;
|
||||
if (target_factory_)
|
||||
if (target_factory_) {
|
||||
target_factory_->Clone(
|
||||
target_factory_clone.InitWithNewPipeAndPassReceiver());
|
||||
}
|
||||
|
||||
InterceptedRequest* req = new InterceptedRequest(
|
||||
this, RequestId(request_id, routing_id), options, request,
|
||||
|
Reference in New Issue
Block a user