-
Robert Ogden authored
Virtual URLs are used in almost all UI display contexts in Chrome, but do not always represent the page that was actually loaded in the renderer. If the scheme is HTTP or HTTPS, and the virtual and loaded URLs are totally different origins, automatically deny the request. This should basically never happen because all but one virtual URL handlers are for chrome:// pages. The only http handler is for a special type of Preview which will have JavaScript disabled and should not create permission dialogs. None the less, if one does get created, it should be denied so that the user doesn't approve a request for the wrong page. Bug: 881938 Change-Id: Iedb835f72e0a963347ed2a85dc2a71dc43e1f53c Reviewed-on: https://chromium-review.googlesource.com/c/1260082 Commit-Queue: Robert Ogden <robertogden@chromium.org> Reviewed-by:
Timothy Loh <timloh@chromium.org> Reviewed-by:
Ryan Sturm <ryansturm@chromium.org> Cr-Commit-Position: refs/heads/master@{#597302}
2437524d
