mirror of
				https://bitbucket.org/chromiumembedded/cef
				synced 2025-06-05 21:39:12 +02:00 
			
		
		
		
	
		
			
				
	
	
		
			66 lines
		
	
	
		
			3.1 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			66 lines
		
	
	
		
			3.1 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| diff --git content/browser/child_process_security_policy_impl.cc content/browser/child_process_security_policy_impl.cc
 | |
| index 0f781fe1c2b2e..6456de7ad1c39 100644
 | |
| --- content/browser/child_process_security_policy_impl.cc
 | |
| +++ content/browser/child_process_security_policy_impl.cc
 | |
| @@ -1878,6 +1878,16 @@ bool ChildProcessSecurityPolicyImpl::CanAccessDataForMaybeOpaqueOrigin(
 | |
|              // DeclarativeApiTest.PersistRules.
 | |
|              if (actual_process_lock.matches_scheme(url::kDataScheme))
 | |
|                return true;
 | |
| +
 | |
| +            // Allow other schemes that are non-standard, non-local and WebSafe.
 | |
| +            if (lock_url.is_valid() &&
 | |
| +                !lock_url.IsStandard() &&
 | |
| +                !base::Contains(url::GetLocalSchemes(),
 | |
| +                                lock_url.scheme_piece()) &&
 | |
| +                base::Contains(schemes_okay_to_request_in_any_process_,
 | |
| +                               lock_url.scheme())) {
 | |
| +              return true;
 | |
| +            }
 | |
|            }
 | |
|  
 | |
|            // Make an exception to allow most visited tiles to commit in
 | |
| diff --git content/browser/renderer_host/navigation_request.cc content/browser/renderer_host/navigation_request.cc
 | |
| index bfe5677d66b32..c48b317dde955 100644
 | |
| --- content/browser/renderer_host/navigation_request.cc
 | |
| +++ content/browser/renderer_host/navigation_request.cc
 | |
| @@ -7611,10 +7611,22 @@ NavigationRequest::GetOriginForURLLoaderFactoryBeforeResponseWithDebugInfo(
 | |
|    bool use_opaque_origin =
 | |
|        (sandbox_flags & network::mojom::WebSandboxFlags::kOrigin) ==
 | |
|        network::mojom::WebSandboxFlags::kOrigin;
 | |
| +  if (use_opaque_origin) {
 | |
| +    origin_and_debug_info.second += ", sandbox_flags";
 | |
| +  }
 | |
| +
 | |
| +  if (!origin_and_debug_info.first.GetURL().IsStandard()) {
 | |
| +    // Always return an opaque origin for non-standard URLs. Otherwise, the
 | |
| +    // CanAccessDataForOrigin() check may fail for unregistered custom scheme
 | |
| +    // requests in CEF.
 | |
| +    use_opaque_origin = true;
 | |
| +    origin_and_debug_info.second += ", cef_nonstandard";
 | |
| +  }
 | |
| +
 | |
|    if (use_opaque_origin) {
 | |
|      origin_and_debug_info =
 | |
|          std::make_pair(origin_and_debug_info.first.DeriveNewOpaqueOrigin(),
 | |
| -                       origin_and_debug_info.second + ", sandbox_flags");
 | |
| +                       origin_and_debug_info.second);
 | |
|    }
 | |
|  
 | |
|    return origin_and_debug_info;
 | |
| @@ -7722,6 +7734,15 @@ NavigationRequest::GetOriginForURLLoaderFactoryAfterResponseWithDebugInfo() {
 | |
|        DetermineInitiatorRelationship(initiator_rfh,
 | |
|                                       frame_tree_node_->current_frame_host()));
 | |
|  
 | |
| +  if (origin_with_debug_info.first.opaque() &&
 | |
| +      origin_with_debug_info.second.find("cef_nonstandard") !=
 | |
| +          std::string::npos) {
 | |
| +    // Always return an opaque origin for non-standard URLs. Otherwise, the
 | |
| +    // below CanAccessDataForOrigin() check may fail for unregistered custom
 | |
| +    // scheme requests in CEF.
 | |
| +    return origin_with_debug_info;
 | |
| +  }
 | |
| +
 | |
|    // MHTML documents should commit as an opaque origin. They should not be able
 | |
|    // to make network request on behalf of the real origin.
 | |
|    DCHECK(!IsMhtmlOrSubframe() || origin_with_debug_info.first.opaque());
 |