-
David Van Cleve authored
Document.hasTrustToken is a JS method only available in secure contexts. Its implementation involves getting a Mojo interface from the browser and sending an IPC. In the browser-side code, in RenderFrameHostImpl, where we handle requests from the renderer for this Mojo interface, we perform a security check to make sure we aren't receiving requests for the interface from unexpected places, which could indicate a bad renderer. The current check makes sure that the request is coming from a frame with a potentially trustworthy origin. However, this is not exactly the same thing as a secure context: in particular, allow-scripts sandboxed iframes can be secure but not have potentially trustworthy frame origins. This leads to false positives in the check and unwanted renderer kills. This CL removes the check. R=dcheng Bug: 1144057 Change-Id: I0e57669606effb15c672586297ef7dcf2711bc91 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2511882 Commit-Queue: David Van Cleve <davidvc@chromium.org> Commit-Queue: Charlie Reis <creis@chromium.org> Reviewed-by:
Daniel Cheng <dcheng@chromium.org> Reviewed-by:
Charlie Reis <creis@chromium.org> Auto-Submit: David Van Cleve <davidvc@chromium.org> Cr-Commit-Position: refs/heads/master@{#823819}
b950aadc
