github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-04-10 03:01:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: make grant_file_protocol_extra_privileges fuse also block CORS fetches (#40864)

Browse Source 
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
This commit is contained in:
trop[bot]
2024-01-03 13:30:26 +01:00
committed by GitHub
parent daf00de2ed
commit 44f29fc675
4 changed files with 67 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
shell/browser/protocol_registry.cc
View File

@@ -6,6 +6,7 @@
#include "base/stl_util.h"
#include "content/public/browser/web_contents.h"
#include "electron/fuses.h"
#include "shell/browser/electron_browser_context.h"
#include "shell/browser/net/asar/asar_url_loader_factory.h"
@@ -24,18 +25,21 @@ ProtocolRegistry::~ProtocolRegistry() = default;
void ProtocolRegistry::RegisterURLLoaderFactories(
content::ContentBrowserClient::NonNetworkURLLoaderFactoryMap* factories,
bool allow_file_access) {
auto file_factory = factories->find(url::kFileScheme);
if (file_factory != factories->end()) {
// If Chromium already allows file access then replace the url factory to
// also loading asar files.
file_factory->second = AsarURLLoaderFactory::Create();
} else if (allow_file_access) {
// Otherwise only allow file access when it is explicitly allowed.
//
// Note that Chromium may call |emplace| to create the default file factory
// after this call, it won't override our asar factory, but if asar support
// breaks in future, please check if Chromium has changed the call.
factories->emplace(url::kFileScheme, AsarURLLoaderFactory::Create());
if (electron::fuses::IsGrantFileProtocolExtraPrivilegesEnabled()) {
auto file_factory = factories->find(url::kFileScheme);
if (file_factory != factories->end()) {
// If Chromium already allows file access then replace the url factory to
// also loading asar files.
file_factory->second = AsarURLLoaderFactory::Create();
} else if (allow_file_access) {
// Otherwise only allow file access when it is explicitly allowed.
//
// Note that Chromium may call |emplace| to create the default file
// factory after this call, it won't override our asar factory, but if
// asar support breaks in future, please check if Chromium has changed the
// call.
factories->emplace(url::kFileScheme, AsarURLLoaderFactory::Create());
}
}
for (const auto& it : handlers_) {