bcarrella/cef
1
0
Fork 0
mirror of https://bitbucket.org/chromiumembedded/cef synced 2025-03-04 03:47:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
cef/patch/patches/browser_security_policy_1081397.patch
Marshall Greenblatt fc7f9ff505 Fix crash when navigating to an unregistered scheme (fixes issue #3105) 
The policy->CanAccessDataForOrigin CHECK in NavigationRequest::
GetOriginForURLLoaderFactory was failing because unregistered schemes
(which are already considered non-standard schemes) didn't trigger the
registered non-standard scheme allowance that we previously added in
ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin. This change
modifies GetOriginForURLLoaderFactory to always return an opaque/unique
origin for non-standard schemes resulting in unregistered and non-standard
schemes receiving the same treatment.

New test coverage has been added for this condition, and can be run with:
ceftests --gtest_filter=CorsTest.*CustomUnregistered*
2021-04-12 16:18:37 -04:00

39 lines
1.9 KiB
Diff
Raw Blame History

diff --git content/browser/child_process_security_policy_impl.cc content/browser/child_process_security_policy_impl.cc
index 52ebdbbc7c2e..822f2e41afec 100644
--- content/browser/child_process_security_policy_impl.cc
+++ content/browser/child_process_security_policy_impl.cc
@@ -1706,6 +1706,16 @@ bool ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin(
// DeclarativeApiTest.PersistRules.
if (actual_process_lock.matches_scheme(url::kDataScheme))
return true;
+
+ // Allow other schemes that are non-standard, non-local and WebSafe.
+ if (lock_url.is_valid() &&
+ !lock_url.IsStandard() &&
+ !base::Contains(url::GetLocalSchemes(),
+ lock_url.scheme_piece()) &&
+ base::Contains(schemes_okay_to_request_in_any_process_,
+ lock_url.scheme())) {
+ return true;
+ }
}
// TODO(wjmaclean): We should update the ProcessLock comparison API
diff --git content/browser/renderer_host/navigation_request.cc content/browser/renderer_host/navigation_request.cc
index dae1c91d2d72..c48bd5ea1fb7 100644
--- content/browser/renderer_host/navigation_request.cc
+++ content/browser/renderer_host/navigation_request.cc
@@ -4871,6 +4871,12 @@ url::Origin NavigationRequest::GetOriginForURLLoaderFactory() {
// Calculate an approximation of the origin. The sandbox/csp are ignored.
url::Origin origin = GetOriginForURLLoaderFactoryUnchecked(this);
+ if (!origin.GetURL().IsStandard()) {
+ // Always return an opaque origin for non-standard URLs. Otherwise, the
+ // below CanAccessDataForOrigin() check may fail for unregistered custom
+ // scheme requests in CEF.
+ return origin.DeriveNewOpaqueOrigin();
+ }
// Apply sandbox flags.
// See https://html.spec.whatwg.org/#sandboxed-origin-browsing-context-flag
Reference in New Issue View Git Blame Copy Permalink