bcarrella/cef
1
0
Fork 0
mirror of https://bitbucket.org/chromiumembedded/cef synced 2025-06-05 21:39:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix crash when navigating to an unregistered scheme (fixes issue #3105)

Browse Source 
The policy->CanAccessDataForOrigin CHECK in NavigationRequest::
GetOriginForURLLoaderFactory was failing because unregistered schemes
(which are already considered non-standard schemes) didn't trigger the
registered non-standard scheme allowance that we previously added in
ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin. This change
modifies GetOriginForURLLoaderFactory to always return an opaque/unique
origin for non-standard schemes resulting in unregistered and non-standard
schemes receiving the same treatment.

New test coverage has been added for this condition, and can be run with:
ceftests --gtest_filter=CorsTest.*CustomUnregistered*
This commit is contained in:
Marshall Greenblatt
2021-04-12 13:55:48 -04:00
parent e1b6f5ad31
commit fc7f9ff505
4 changed files with 177 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
patch/patch.cfg
View File

@ -508,6 +508,10 @@ patches = [
# Allow the loading of non-standard non-local WebSafe custom schemes in
# iframes.
# https://bugs.chromium.org/p/chromium/issues/detail?id=1081397#c9
#
# Fix crash in NavigationRequest::GetOriginForURLLoaderFactory() when
# navigating to an unregistered (e.g. non-standard) scheme.
# https://bitbucket.org/chromiumembedded/cef/issues/3105
'name': 'browser_security_policy_1081397',
},
{

17
patch/patches/browser_security_policy_1081397.patch
View File

@ -19,3 +19,20 @@ index 52ebdbbc7c2e..822f2e41afec 100644
}
// TODO(wjmaclean): We should update the ProcessLock comparison API
diff --git content/browser/renderer_host/navigation_request.cc content/browser/renderer_host/navigation_request.cc
index dae1c91d2d72..c48bd5ea1fb7 100644
--- content/browser/renderer_host/navigation_request.cc
+++ content/browser/renderer_host/navigation_request.cc
@@ -4871,6 +4871,12 @@ url::Origin NavigationRequest::GetOriginForURLLoaderFactory() {
// Calculate an approximation of the origin. The sandbox/csp are ignored.
url::Origin origin = GetOriginForURLLoaderFactoryUnchecked(this);
+ if (!origin.GetURL().IsStandard()) {
+ // Always return an opaque origin for non-standard URLs. Otherwise, the
+ // below CanAccessDataForOrigin() check may fail for unregistered custom
+ // scheme requests in CEF.
+ return origin.DeriveNewOpaqueOrigin();
+ }
// Apply sandbox flags.
// See https://html.spec.whatwg.org/#sandboxed-origin-browsing-context-flag