mirror of
https://github.com/electron/electron.git
synced 2026-01-09 15:38:08 -05:00
d9ba26273a
* chore: bump chromium in DEPS to 118.0.5982.0 * chore: bump chromium in DEPS to 118.0.5983.0 * chore: bump chromium in DEPS to 118.0.5985.0 * chore: bump chromium in DEPS to 118.0.5987.0 * chore: update v8 patches * chore: update chromium patches * chore: update patches * [PEPC] Add new structs to contain permission request data Refs https://chromium-review.googlesource.com/c/chromium/src/+/4756727 * Add ThumbnailCapturer interface Refs https://chromium-review.googlesource.com/c/chromium/src/+/4812256 * Reland "[ChromeRefresh2023] Update document pip windows for Chrome Refresh" Refs https://chromium-review.googlesource.com/c/chromium/src/+/4814275 * chore: bump chromium in DEPS to 118.0.5989.0 * chore: bump chromium in DEPS to 118.0.5991.0 * chore: update patches --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: deepak1556 <hop2deep@gmail.com> Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
79 lines
4.1 KiB
Diff
79 lines
4.1 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Shelley Vohr <shelley.vohr@gmail.com>
|
|
Date: Mon, 29 Aug 2022 11:44:57 +0200
|
|
Subject: fix: crash loading non-standard schemes in iframes
|
|
|
|
This fixes a crash that occurs when loading non-standard schemes from
|
|
iframes or webviews. This was happening because
|
|
ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin contains explicit
|
|
exceptions to allow built-in non-standard schemes, but does not check
|
|
for non-standard schemes registered by the embedder.
|
|
|
|
Upstream, https://bugs.chromium.org/p/chromium/issues/detail?id=1081397
|
|
contains several paths forward - here I chose to swap out the
|
|
CHECK in navigation_request.cc from policy->CanAccessDataForOrigin to
|
|
policy->CanCommitOriginAndUrl.
|
|
|
|
Upstreamed at https://chromium-review.googlesource.com/c/chromium/src/+/3856266.
|
|
|
|
diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc
|
|
index e91fb6b203b55d4937e9f4b4ed8fd5e8efb5aa10..855cb90260de04b90b8bbf4a8733e0869cda551d 100644
|
|
--- a/content/browser/renderer_host/navigation_request.cc
|
|
+++ b/content/browser/renderer_host/navigation_request.cc
|
|
@@ -7543,10 +7543,11 @@ NavigationRequest::GetOriginForURLLoaderFactoryAfterResponseWithDebugInfo() {
|
|
if (IsForMhtmlSubframe())
|
|
return origin_with_debug_info;
|
|
|
|
- int process_id = GetRenderFrameHost()->GetProcess()->GetID();
|
|
- auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();
|
|
- CHECK(
|
|
- policy->CanAccessDataForOrigin(process_id, origin_with_debug_info.first));
|
|
+ CanCommitStatus can_commit = GetRenderFrameHost()->CanCommitOriginAndUrl(
|
|
+ origin_with_debug_info.first, GetURL(), IsSameDocument(), IsPdf(),
|
|
+ GetUrlInfo().is_sandboxed);
|
|
+ CHECK_EQ(CanCommitStatus::CAN_COMMIT_ORIGIN_AND_URL, can_commit);
|
|
+
|
|
return origin_with_debug_info;
|
|
}
|
|
|
|
diff --git a/content/browser/renderer_host/render_frame_host_impl.h b/content/browser/renderer_host/render_frame_host_impl.h
|
|
index 10282bf7372a07937d3aa15af6f3f7e767321df6..ae5cfc9bc17c7e8e9d1ab9134c95ff6413fe2017 100644
|
|
--- a/content/browser/renderer_host/render_frame_host_impl.h
|
|
+++ b/content/browser/renderer_host/render_frame_host_impl.h
|
|
@@ -2968,6 +2968,17 @@ class CONTENT_EXPORT RenderFrameHostImpl
|
|
// last committed document.
|
|
CookieChangeListener::CookieChangeInfo GetCookieChangeInfo();
|
|
|
|
+ // Returns whether the given origin and URL is allowed to commit in the
|
|
+ // current RenderFrameHost. The |url| is used to ensure it matches the origin
|
|
+ // in cases where it is applicable. This is a more conservative check than
|
|
+ // RenderProcessHost::FilterURL, since it will be used to kill processes that
|
|
+ // commit unauthorized origins.
|
|
+ CanCommitStatus CanCommitOriginAndUrl(const url::Origin& origin,
|
|
+ const GURL& url,
|
|
+ bool is_same_document_navigation,
|
|
+ bool is_pdf,
|
|
+ bool is_sandboxed);
|
|
+
|
|
// Sets a ResourceCache in the renderer. `this` must be active and there must
|
|
// be no pending navigation. `remote` must have the same and process
|
|
// isolation policy.
|
|
@@ -3391,17 +3402,6 @@ class CONTENT_EXPORT RenderFrameHostImpl
|
|
// relevant.
|
|
void ResetWaitingState();
|
|
|
|
- // Returns whether the given origin and URL is allowed to commit in the
|
|
- // current RenderFrameHost. The |url| is used to ensure it matches the origin
|
|
- // in cases where it is applicable. This is a more conservative check than
|
|
- // RenderProcessHost::FilterURL, since it will be used to kill processes that
|
|
- // commit unauthorized origins.
|
|
- CanCommitStatus CanCommitOriginAndUrl(const url::Origin& origin,
|
|
- const GURL& url,
|
|
- bool is_same_document_navigation,
|
|
- bool is_pdf,
|
|
- bool is_sandboxed);
|
|
-
|
|
// Returns whether a subframe navigation request should be allowed to commit
|
|
// to the current RenderFrameHost.
|
|
bool CanSubframeCommitOriginAndUrl(NavigationRequest* navigation_request);
|