bcarrella/cef
1
0
Fork 0
mirror of https://bitbucket.org/chromiumembedded/cef synced 2025-06-05 21:39:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
c60d380f39caef44bc44309066474d523307d65d
cef/patch/patches/browser_security_policy_1081397.patch
Marshall Greenblatt f8a746373e Update to Chromium version 138.0.7204.0 (#1465706) 
Mac: Require Xcode 16.3 (16E140) and SDK 15.4 (24E241)
2025-06-03 14:20:59 -04:00

99 lines
4.6 KiB
Diff
Raw Blame History

diff --git content/browser/child_process_security_policy_impl.cc content/browser/child_process_security_policy_impl.cc
index 4316d8b8bc09d..d6927a4e71460 100644
--- content/browser/child_process_security_policy_impl.cc
+++ content/browser/child_process_security_policy_impl.cc
@@ -2145,6 +2145,16 @@ bool ChildProcessSecurityPolicyImpl::PerformJailAndCitadelChecks(
if (actual_process_lock.matches_scheme(url::kDataScheme)) {
return true;
}
+
+ // Allow other schemes that are non-standard, non-local and WebSafe.
+ if (lock_url.is_valid() && !lock_url.IsStandard() &&
+ !base::Contains(url::GetLocalSchemes(), lock_url.scheme_piece())) {
+ base::AutoLock schemes_lock(schemes_lock_);
+ if (base::Contains(schemes_okay_to_request_in_any_process_,
+ lock_url.scheme())) {
+ return true;
+ }
+ }
}
// Make an exception to allow most visited tiles to commit in third-party
diff --git content/browser/renderer_host/navigation_request.cc content/browser/renderer_host/navigation_request.cc
index 32affd3a936bd..9d0723139658c 100644
--- content/browser/renderer_host/navigation_request.cc
+++ content/browser/renderer_host/navigation_request.cc
@@ -8601,7 +8601,8 @@ std::optional<url::Origin> NavigationRequest::GetOriginToCommit() {
}
url::Origin NavigationRequest::GetOriginForURLLoaderFactoryBeforeResponse(
- network::mojom::WebSandboxFlags sandbox_flags) {
+ network::mojom::WebSandboxFlags sandbox_flags,
+ bool* cef_nonstandard) {
// Calculate an approximation of the origin. The sandbox/csp are ignored.
url::Origin origin = GetOriginForURLLoaderFactoryUnchecked();
@@ -8618,6 +8619,17 @@ url::Origin NavigationRequest::GetOriginForURLLoaderFactoryBeforeResponse(
bool use_opaque_origin =
(sandbox_flags & network::mojom::WebSandboxFlags::kOrigin) ==
network::mojom::WebSandboxFlags::kOrigin;
+
+ if (!origin.GetURL().IsStandard()) {
+ // Always return an opaque origin for non-standard URLs. Otherwise, the
+ // CanAccessDataForOrigin() check may fail for unregistered custom
+ // scheme requests in CEF.
+ use_opaque_origin = true;
+ if (cef_nonstandard) {
+ *cef_nonstandard = true;
+ }
+ }
+
if (use_opaque_origin) {
origin = origin.DeriveNewOpaqueOrigin();
}
@@ -8677,8 +8689,9 @@ NavigationRequest::GetOriginForURLLoaderFactoryAfterResponse() {
return GetRenderFrameHost()->GetLastCommittedOrigin();
}
- url::Origin origin =
- GetOriginForURLLoaderFactoryBeforeResponse(SandboxFlagsToCommit());
+ bool cef_nonstandard = false;
+ url::Origin origin = GetOriginForURLLoaderFactoryBeforeResponse(
+ SandboxFlagsToCommit(), &cef_nonstandard);
SCOPED_CRASH_KEY_BOOL("Bug1454273", "is_in_main_frame", IsInMainFrame());
SCOPED_CRASH_KEY_STRING256(
@@ -8713,10 +8726,17 @@ NavigationRequest::GetOriginForURLLoaderFactoryAfterResponse() {
DetermineInitiatorRelationship(initiator_rfh,
frame_tree_node_->current_frame_host()));
+ if (origin.opaque() && cef_nonstandard) {
+ // Always return an opaque origin for non-standard URLs. Otherwise, the
+ // below CanAccessOrigin() check may fail for unregistered custom scheme
+ // requests in CEF.
+ return origin;
+ }
+
// MHTML documents should commit as an opaque origin. They should not be able
// to make network request on behalf of the real origin.
// TODO(crbug.com/370979008): Migrate to CHECK.
- DUMP_WILL_BE_CHECK(!IsMhtmlOrSubframe() || origin.opaque());
+ // DUMP_WILL_BE_CHECK(!IsMhtmlOrSubframe() || origin.opaque());
// If the target of this navigation will be rendered in a RenderFrameHost,
// then verify that the chosen origin is allowed to be accessed from that
diff --git content/browser/renderer_host/navigation_request.h content/browser/renderer_host/navigation_request.h
index 70321378be68d..b60791ca6bb88 100644
--- content/browser/renderer_host/navigation_request.h
+++ content/browser/renderer_host/navigation_request.h
@@ -2311,7 +2311,8 @@ class CONTENT_EXPORT NavigationRequest
// situations where the final frame host hasn't been determined but the origin
// is needed to create URLLoaderFactory.
url::Origin GetOriginForURLLoaderFactoryBeforeResponse(
- network::mojom::WebSandboxFlags sandbox_flags);
+ network::mojom::WebSandboxFlags sandbox_flags,
+ bool* cef_nonstandard = nullptr);
// Superset of GetOriginForURLLoaderFactoryBeforeResponse(). Calculates
// the origin with information from the final frame host. Can be called only
Reference in New Issue View Git Blame Copy Permalink