mirror of
https://bitbucket.org/chromiumembedded/cef
synced 2025-06-05 21:39:12 +02:00
Fix crash when navigating to an unregistered scheme (fixes issue #3105)
The policy->CanAccessDataForOrigin CHECK in NavigationRequest:: GetOriginForURLLoaderFactory was failing because unregistered schemes (which are already considered non-standard schemes) didn't trigger the registered non-standard scheme allowance that we previously added in ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin. This change modifies GetOriginForURLLoaderFactory to always return an opaque/unique origin for non-standard schemes resulting in unregistered and non-standard schemes receiving the same treatment. New test coverage has been added for this condition, and can be run with: ceftests --gtest_filter=CorsTest.*CustomUnregistered*
This commit is contained in:
@@ -508,6 +508,10 @@ patches = [
|
||||
# Allow the loading of non-standard non-local WebSafe custom schemes in
|
||||
# iframes.
|
||||
# https://bugs.chromium.org/p/chromium/issues/detail?id=1081397#c9
|
||||
#
|
||||
# Fix crash in NavigationRequest::GetOriginForURLLoaderFactory() when
|
||||
# navigating to an unregistered (e.g. non-standard) scheme.
|
||||
# https://bitbucket.org/chromiumembedded/cef/issues/3105
|
||||
'name': 'browser_security_policy_1081397',
|
||||
},
|
||||
{
|
||||
|
Reference in New Issue
Block a user