-
Devlin Cronin authored
With runtime host permissions, the webRequest API only delivers events for the requests that an extension has access to. As the user grants the extension access (either through the activeTab-like mechanism or through allowing the extension to always run a site), the extension should be able to run on that page. However, the webRequest API traditionally requires access to the URL that is being requested. This means that if the user allows the extension to always run on example.com, but example.com includes a script from chromium.org, that script request will not be visible to the extension. This is a pretty significant breakage for any extension using webRequest with activeTab or runtime host permissions. Instead, relax the restriction so that the extension has access to the request if it a) would normally have access, but it was withheld (via runtime host permissions) and b) it has access to the initiator of the request. This will allow the extension to intercept a request made by example.com to chromium.org. Note that this won't apply to requests made by cross-origin subframes, since the initiator won't be the same as the top-level frame's origin. Bug: 851722 Change-Id: Ibd4dab7e69672782cae2c63f5d4f7d156cd05e0b Reviewed-on: https://chromium-review.googlesource.com/1103003 Commit-Queue: Devlin <rdevlin.cronin@chromium.org> Reviewed-by:
Karan Bhatia <karandeepb@chromium.org> Cr-Commit-Position: refs/heads/master@{#567889}
97748430
