diff --git content/browser/child_process_security_policy_impl.cc content/browser/child_process_security_policy_impl.cc index 2bfca65cd8d13..0a5b7a68fca46 100644 --- content/browser/child_process_security_policy_impl.cc +++ content/browser/child_process_security_policy_impl.cc @@ -1860,6 +1860,16 @@ bool ChildProcessSecurityPolicyImpl::CanAccessDataForMaybeOpaqueOrigin( // DeclarativeApiTest.PersistRules. if (actual_process_lock.matches_scheme(url::kDataScheme)) return true; + + // Allow other schemes that are non-standard, non-local and WebSafe. + if (lock_url.is_valid() && + !lock_url.IsStandard() && + !base::Contains(url::GetLocalSchemes(), + lock_url.scheme_piece()) && + base::Contains(schemes_okay_to_request_in_any_process_, + lock_url.scheme())) { + return true; + } } // Make an exception to allow most visited tiles to commit in diff --git content/browser/renderer_host/navigation_request.cc content/browser/renderer_host/navigation_request.cc index 948ee821dfea0..d63fd2bb9508b 100644 --- content/browser/renderer_host/navigation_request.cc +++ content/browser/renderer_host/navigation_request.cc @@ -7281,10 +7281,22 @@ NavigationRequest::GetOriginForURLLoaderFactoryBeforeResponseWithDebugInfo( bool use_opaque_origin = (sandbox_flags & network::mojom::WebSandboxFlags::kOrigin) == network::mojom::WebSandboxFlags::kOrigin; + if (use_opaque_origin) { + origin_and_debug_info.second += ", sandbox_flags"; + } + + if (!origin_and_debug_info.first.GetURL().IsStandard()) { + // Always return an opaque origin for non-standard URLs. Otherwise, the + // CanAccessDataForOrigin() check may fail for unregistered custom scheme + // requests in CEF. + use_opaque_origin = true; + origin_and_debug_info.second += ", cef_nonstandard"; + } + if (use_opaque_origin) { origin_and_debug_info = std::make_pair(origin_and_debug_info.first.DeriveNewOpaqueOrigin(), - origin_and_debug_info.second + ", sandbox_flags"); + origin_and_debug_info.second); } return origin_and_debug_info; @@ -7314,6 +7326,15 @@ NavigationRequest::GetOriginForURLLoaderFactoryAfterResponseWithDebugInfo() { GetOriginForURLLoaderFactoryBeforeResponseWithDebugInfo( SandboxFlagsToCommit()); + if (origin_with_debug_info.first.opaque() && + origin_with_debug_info.second.find("cef_nonstandard") != + std::string::npos) { + // Always return an opaque origin for non-standard URLs. Otherwise, the + // below CanAccessDataForOrigin() check may fail for unregistered custom + // scheme requests in CEF. + return origin_with_debug_info; + } + // MHTML documents should commit as an opaque origin. They should not be able // to make network request on behalf of the real origin. DCHECK(!IsMhtmlOrSubframe() || origin_with_debug_info.first.opaque());