Commit Graph

14 Commits

Author SHA1 Message Date
Marshall Greenblatt 28c7f04001 Delete cef_web_plugin.h and plugin-related APIs (see issue #3047)
This functionality stopped being relevant after the removal of Flash support
in January 2021. The last remaining PPAPI plugin (PDF viewer) will switch to
a non-plugin implementation (PdfUnseasoned) in M100.
2022-02-18 16:23:11 -05:00
Marshall Greenblatt 529b91bc6e tests: Convert usage of base::Bind to Once or Repeating (see issue #3140) 2021-06-19 17:19:32 -04:00
Marshall Greenblatt 17fc2b3e3b Various fixes related to the C++11/14 update (see issue #3140)
- Convert scoped_ptr to std::unique_ptr from <memory>
- Convert arraysize to base::size from include/base/cef_cxx17_backports.h
- Convert NULL to nullptr
- Include include/base/cef_callback.h instead of include/base/cef_bind.h
- Implicit conversion of CefRefPtr<T> or scoped_refptr<T> to T* is gone;
  use .get() instead

See the issue for additional details.
2021-06-18 13:42:31 -04:00
Marshall Greenblatt 00dca9601e Update to Chromium version 92.0.4515.0 (#885287) 2021-06-10 16:42:44 -04:00
Marshall Greenblatt 511e10d594 ceftests: Add missing newline at end of file 2021-04-23 21:00:43 -04:00
Marshall Greenblatt fc7f9ff505 Fix crash when navigating to an unregistered scheme (fixes issue #3105)
The policy->CanAccessDataForOrigin CHECK in NavigationRequest::
GetOriginForURLLoaderFactory was failing because unregistered schemes
(which are already considered non-standard schemes) didn't trigger the
registered non-standard scheme allowance that we previously added in
ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin. This change
modifies GetOriginForURLLoaderFactory to always return an opaque/unique
origin for non-standard schemes resulting in unregistered and non-standard
schemes receiving the same treatment.

New test coverage has been added for this condition, and can be run with:
ceftests --gtest_filter=CorsTest.*CustomUnregistered*
2021-04-12 16:18:37 -04:00
Marshall Greenblatt 1cddbeb12f chrome: Fix CorsTest.RedirectPost307HttpSchemeToCustomNonStandardScheme failure (see issue #2969) 2021-04-05 14:49:30 -04:00
Marshall Greenblatt 74db00fc89 Update to Chromium version 90.0.4430.0 (#857950)
- Linux ARM builds require use_vaapi=false (see https://crbug.com/1185348)
- Windows official builds require use_thin_lto=false (see https://crbug.com/1177001)
2021-03-18 11:23:00 -04:00
Marshall Greenblatt e618f44667 Windows: Fix warning C4458: declaration of 'method' hides class member 2020-10-15 14:21:06 -04:00
Marshall Greenblatt cc56720bd2 Support CORS preflight requests with OutOfBlinkCors (fixes issue #3006)
A CORS preflight request is an "OPTIONS" request sent to a server prior to a
cross-origin XMLHttpRequest or Fetch request. The server's response determines
which HTTP request methods are allowed and supported, and whether credentials
such as Cookies and HTTP Authentication should be sent with requests.

A CORS preflight request will only be sent if certain conditions are met. For
example, it will be sent for requests that have potentially unsafe HTTP
methods [1] or request headers [2]. See the NeedsPreflight function in
services/network/cors/cors_url_loader.cc for full details.

CORS preflight functionality is implemented in the network service and will not
be triggered if the client handles the request instead of allowing it to proceed
over the network. Since the preflight request itself also runs in the network
service it cannot be intercepted by the client.

[1] https://fetch.spec.whatwg.org/#cors-safelisted-method
[2] https://fetch.spec.whatwg.org/#cors-safelisted-request-header
2020-09-11 19:21:53 -04:00
Marshall Greenblatt 88faf1023a Fix incorrect Origin and Cookie headers for POST redirects (fixes issue #2806)
This change also adds unit test coverage for cross-origin POST redirects.
2020-09-09 18:30:12 -04:00
Marshall Greenblatt 42f517ec69 Fix DCHECK failure in the URLLoader constructor.
The request.trusted_params.isolation_info.site_for_cookies value must
match request.site_for_cookies.

This change also adds unit test coverage for cross-origin GET redirects.
2020-09-09 18:29:21 -04:00
Marshall Greenblatt 4791109a28 Don't save or load cookies for non-cookieable scheme requests.
This fixes an IsCanonical() DCHECK failure triggered by calling
CanonicalCookie::Create for a non-cookieable URL.

This change also adds unit test coverage for cross-origin cookie
behavior with sub-resource requests (iframe, XHR, Fetch).
2020-09-09 18:29:15 -04:00
Marshall Greenblatt 6b1e5335bc Add support and enable out-of-Blink CORS (fixes issue #2716)
It can still be disabled for a short time by passing
`--disable-features=OutOfBlinkCors` on the command-line.
2020-08-26 16:25:25 -04:00