Skip to content

GitLab

T
tangled
Commit 7938c717 authored by Yutaka Hirano's avatar Yutaka Hirano Committed by Commit Bot
Browse files
Options

Have FetchManager use SecurityOrigin::CanReadContent 

...instead of IsSameSchemeHostPort. This is observable when fetch()
is called on an extension that has a permission to the destination URL.

Bug: 1010030
Change-Id: I2f5a3bdc0e73493df9737b260e4557c72db9fbde
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1846428
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: default avatarKaran Bhatia <karandeepb@chromium.org>
Reviewed-by: default avatarTakashi Toyoshima <toyoshim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#705840}
parent e15fd78d
Hide whitespace changes
Inline Side-by-side
Showing with 30 additions and 13 deletions
chrome/browser/extensions/fetch_apitest.cc
View file @ 7938c717
...@@ -220,6 +220,30 @@ IN_PROC_BROWSER_TEST_F(ExtensionFetchTest, ...@@ -220,6 +220,30 @@ IN_PROC_BROWSER_TEST_F(ExtensionFetchTest,
EXPECT_EQ("TypeError: Failed to fetch", fetch_result); EXPECT_EQ("TypeError: Failed to fetch", fetch_result);
} }
IN_PROC_BROWSER_TEST_F(ExtensionFetchTest, FetchResponseType) {
const std::string script = base::StringPrintf(
"fetch(%s).then(function(response) {\n"
" window.domAutomationController.send(response.type);\n"
"}).catch(function(err) {\n"
" window.domAutomationController.send(String(err));\n"
"});\n",
GetQuotedTestServerURL("example.com", "/extensions/test_file.txt")
.data());
TestExtensionDir dir;
dir.WriteManifestWithSingleQuotes(
"{"
"'background': {'scripts': ['bg.js']},"
"'manifest_version': 2,"
"'name': 'FetchResponseType',"
"'permissions': ['http://example.com/*'],"
"'version': '1'"
"}");
const Extension* extension = WriteFilesAndLoadTestExtension(&dir);
ASSERT_TRUE(extension);
EXPECT_EQ("basic", ExecuteScriptInBackgroundPage(extension->id(), script));
}
} // namespace } // namespace
} // namespace extensions } // namespace extensions
third_party/blink/renderer/core/fetch/fetch_manager.cc
View file @ 7938c717
...@@ -350,8 +350,8 @@ void FetchManager::Loader::DidReceiveResponse( ...@@ -350,8 +350,8 @@ void FetchManager::Loader::DidReceiveResponse(
return; return;
} }
} }
} else if (!SecurityOrigin::Create(response.CurrentRequestUrl()) } else if (!fetch_request_data_->Origin()->CanReadContent(
->IsSameSchemeHostPort(fetch_request_data_->Origin().get())) { response.CurrentRequestUrl())) {
// Recompute the tainting if the request was redirected to a different // Recompute the tainting if the request was redirected to a different
// origin. // origin.
switch (fetch_request_data_->Mode()) { switch (fetch_request_data_->Mode()) {
...@@ -562,23 +562,16 @@ void FetchManager::Loader::Start(ExceptionState& exception_state) { ...@@ -562,23 +562,16 @@ void FetchManager::Loader::Start(ExceptionState& exception_state) {
return; return;
} }
const KURL& url = fetch_request_data_->Url();
// "- |request|'s url's origin is same origin with |request|'s origin, // "- |request|'s url's origin is same origin with |request|'s origin,
// |request|'s tainted origin flag is unset, and the CORS flag is unset" // |request|'s tainted origin flag is unset, and the CORS flag is unset"
// Note tainted origin flag is always unset here. // Note tainted origin flag is always unset here.
// Note we don't support to call this method with |CORS flag| // Note we don't support to call this method with |CORS flag|
// "- |request|'s current URL's scheme is |data|" // "- |request|'s current URL's scheme is |data|"
// "- |request|'s mode is |navigate| or |websocket|". // "- |request|'s mode is |navigate| or |websocket|".
bool is_target_same_origin_as_initiator = if (fetch_request_data_->Origin()->CanReadContent(url) ||
SecurityOrigin::Create(fetch_request_data_->Url()) (fetch_request_data_->IsolatedWorldOrigin() &&
->IsSameSchemeHostPort(fetch_request_data_->Origin().get()); fetch_request_data_->IsolatedWorldOrigin()->CanReadContent(url)) ||
bool is_target_same_origin_as_isolated_world =
fetch_request_data_->IsolatedWorldOrigin() &&
SecurityOrigin::Create(fetch_request_data_->Url())
->IsSameSchemeHostPort(
fetch_request_data_->IsolatedWorldOrigin().get());
if (is_target_same_origin_as_initiator ||
is_target_same_origin_as_isolated_world ||
fetch_request_data_->Url().ProtocolIsData() ||
network::IsNavigationRequestMode(fetch_request_data_->Mode())) { network::IsNavigationRequestMode(fetch_request_data_->Mode())) {
// "The result of performing a scheme fetch using request." // "The result of performing a scheme fetch using request."
PerformSchemeFetch(exception_state); PerformSchemeFetch(exception_state);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment