diff --git content/browser/child_process_security_policy_impl.cc content/browser/child_process_security_policy_impl.cc index 4316d8b8bc09d..d6927a4e71460 100644 --- content/browser/child_process_security_policy_impl.cc +++ content/browser/child_process_security_policy_impl.cc @@ -2145,6 +2145,16 @@ bool ChildProcessSecurityPolicyImpl::PerformJailAndCitadelChecks( if (actual_process_lock.matches_scheme(url::kDataScheme)) { return true; } + + // Allow other schemes that are non-standard, non-local and WebSafe. + if (lock_url.is_valid() && !lock_url.IsStandard() && + !base::Contains(url::GetLocalSchemes(), lock_url.scheme_piece())) { + base::AutoLock schemes_lock(schemes_lock_); + if (base::Contains(schemes_okay_to_request_in_any_process_, + lock_url.scheme())) { + return true; + } + } } // Make an exception to allow most visited tiles to commit in third-party diff --git content/browser/renderer_host/navigation_request.cc content/browser/renderer_host/navigation_request.cc index 32affd3a936bd..9d0723139658c 100644 --- content/browser/renderer_host/navigation_request.cc +++ content/browser/renderer_host/navigation_request.cc @@ -8601,7 +8601,8 @@ std::optional NavigationRequest::GetOriginToCommit() { } url::Origin NavigationRequest::GetOriginForURLLoaderFactoryBeforeResponse( - network::mojom::WebSandboxFlags sandbox_flags) { + network::mojom::WebSandboxFlags sandbox_flags, + bool* cef_nonstandard) { // Calculate an approximation of the origin. The sandbox/csp are ignored. url::Origin origin = GetOriginForURLLoaderFactoryUnchecked(); @@ -8618,6 +8619,17 @@ url::Origin NavigationRequest::GetOriginForURLLoaderFactoryBeforeResponse( bool use_opaque_origin = (sandbox_flags & network::mojom::WebSandboxFlags::kOrigin) == network::mojom::WebSandboxFlags::kOrigin; + + if (!origin.GetURL().IsStandard()) { + // Always return an opaque origin for non-standard URLs. Otherwise, the + // CanAccessDataForOrigin() check may fail for unregistered custom + // scheme requests in CEF. + use_opaque_origin = true; + if (cef_nonstandard) { + *cef_nonstandard = true; + } + } + if (use_opaque_origin) { origin = origin.DeriveNewOpaqueOrigin(); } @@ -8677,8 +8689,9 @@ NavigationRequest::GetOriginForURLLoaderFactoryAfterResponse() { return GetRenderFrameHost()->GetLastCommittedOrigin(); } - url::Origin origin = - GetOriginForURLLoaderFactoryBeforeResponse(SandboxFlagsToCommit()); + bool cef_nonstandard = false; + url::Origin origin = GetOriginForURLLoaderFactoryBeforeResponse( + SandboxFlagsToCommit(), &cef_nonstandard); SCOPED_CRASH_KEY_BOOL("Bug1454273", "is_in_main_frame", IsInMainFrame()); SCOPED_CRASH_KEY_STRING256( @@ -8713,10 +8726,17 @@ NavigationRequest::GetOriginForURLLoaderFactoryAfterResponse() { DetermineInitiatorRelationship(initiator_rfh, frame_tree_node_->current_frame_host())); + if (origin.opaque() && cef_nonstandard) { + // Always return an opaque origin for non-standard URLs. Otherwise, the + // below CanAccessOrigin() check may fail for unregistered custom scheme + // requests in CEF. + return origin; + } + // MHTML documents should commit as an opaque origin. They should not be able // to make network request on behalf of the real origin. // TODO(crbug.com/370979008): Migrate to CHECK. - DUMP_WILL_BE_CHECK(!IsMhtmlOrSubframe() || origin.opaque()); + // DUMP_WILL_BE_CHECK(!IsMhtmlOrSubframe() || origin.opaque()); // If the target of this navigation will be rendered in a RenderFrameHost, // then verify that the chosen origin is allowed to be accessed from that diff --git content/browser/renderer_host/navigation_request.h content/browser/renderer_host/navigation_request.h index 70321378be68d..b60791ca6bb88 100644 --- content/browser/renderer_host/navigation_request.h +++ content/browser/renderer_host/navigation_request.h @@ -2311,7 +2311,8 @@ class CONTENT_EXPORT NavigationRequest // situations where the final frame host hasn't been determined but the origin // is needed to create URLLoaderFactory. url::Origin GetOriginForURLLoaderFactoryBeforeResponse( - network::mojom::WebSandboxFlags sandbox_flags); + network::mojom::WebSandboxFlags sandbox_flags, + bool* cef_nonstandard = nullptr); // Superset of GetOriginForURLLoaderFactoryBeforeResponse(). Calculates // the origin with information from the final frame host. Can be called only