-
Liquan (Max) Gu authored
Motivation: Now, payment handler supports pages of any mime type on Android. This exposes payment handlers to the vulnerabilities of some less maintained mime-types. In order to make payment handlers safer to use, this CL limits the mime types of payment handlers on Android by allowlisting. Changes: * Moved the WebContents user data setting logic into markPaymentHandlerWebContents() to payment_handler_navigation_throttle.cc. * Let both Android & desktop's payment handler coordinators use the method to annotate a payment handler web-contents. * Moved the throttle from //chrome/browser to //components to make it more convenient to depend on. Bug: 1165367, 1159267 Change-Id: Ibc75bad9b47b2586e4222c2556c4bf6fb6bd28cd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2614918 Commit-Queue: Liquan (Max) Gu <maxlg@chromium.org> Reviewed-by:
Rouslan Solomakhin <rouslan@chromium.org> Cr-Commit-Position: refs/heads/master@{#843892}
4fd38d86
