Revert unretained dangling ptr detector crash by default (fixes #3693)

Also verified that https://browseraudit.com/ gives the same results
both with and without `--disable-request-handling-for-testing`.

libcef/browser/net_service/proxy_url_loader_factory.cc

@@ -359,6 +359,7 @@ class InterceptedRequest : public network::mojom::URLLoader,
   GURL redirect_url_;
   GURL header_client_redirect_url_;
   const net::MutableNetworkTrafficAnnotationTag traffic_annotation_;
+  std::optional<network::mojom::CredentialsMode> original_crendentials_mode_;
 
   mojo::Receiver<network::mojom::URLLoader> proxied_loader_receiver_;
   mojo::Remote<network::mojom::URLLoaderClient> target_client_;
@@ -507,6 +508,7 @@ void InterceptedRequest::Restart() {
     // Match logic in CorsURLLoader::StartNetworkRequest.
     const auto response_tainting = CalculateResponseTainting(
         should_check_cors, request_.mode, tainted_origin);
+    original_crendentials_mode_ = request_.credentials_mode;
     request_.credentials_mode =
         network::cors::CalculateCredentialsFlag(request_.credentials_mode,
                                                 response_tainting)
@@ -875,6 +877,14 @@ void InterceptedRequest::ContinueAfterIntercept() {
         target_loader_.BindNewPipeAndPassReceiver(), id_, options, request_,
         proxied_client_receiver_.BindNewPipeAndPassRemote(),
         traffic_annotation_);
+    if (original_crendentials_mode_) {
+      // Restore the original |credentials_mode| value after calling
+      // CreateLoaderAndStart. This matches the logic in CorsURLLoader::
+      // StartNetworkRequest and allows InterceptedRequest::Restart to compute
+      // the correct |credentials_mode| during a fetch request redirect.
+      request_.credentials_mode = *original_crendentials_mode_;
+      original_crendentials_mode_.reset();
+    }
   }
 }
 

patch/patch.cfg

@@ -766,5 +766,12 @@ patches = [
     # It is a bit hacky, not suitable for merging into upstream.
     # https://chromium-review.googlesource.com/c/chromium/src/+/5302103
     'name': 'osr_win_remove_keyed_mutex_2575'
+  },
+  {
+    # Revert unretained dangling ptr detector crash by default.
+    # https://github.com/chromiumembedded/cef/issues/3693
+    # Reverts
+    # https://chromium-review.googlesource.com/c/chromium/src/+/5351597
+    'name': 'base_allocator_unretained_dangling_ptr_5351597'
   }
 ]

patch/patches/base_allocator_unretained_dangling_ptr_5351597.patch

@@ -0,0 +1,13 @@
+diff --git base/allocator/partition_alloc_features.cc base/allocator/partition_alloc_features.cc
+index a2616fced0f5b..cacd41b0ffa23 100644
+--- base/allocator/partition_alloc_features.cc
++++ base/allocator/partition_alloc_features.cc
+@@ -36,7 +36,7 @@ const base::FeatureParam<UnretainedDanglingPtrMode>
+     kUnretainedDanglingPtrModeParam = {
+         &kPartitionAllocUnretainedDanglingPtr,
+         "mode",
+-        UnretainedDanglingPtrMode::kCrash,
++        UnretainedDanglingPtrMode::kDumpWithoutCrashing,
+         &kUnretainedDanglingPtrModeOption,
+ };
+