Skip to content

GitLab

T
tangled
Commit df83dca4 authored by Yutaka Hirano's avatar Yutaka Hirano Committed by Commit Bot
Browse files
Options

Add "BypassSecurityChecks" suffix to content::CreateFileURLLoader 

According to the comment "this does not restrict filesystem access
*in any way*", so make it look dangerous.

Bug: 1035575, 1036693,1026546
Change-Id: Iadd64b3b1be417b469b8d85144de21c86f67ceba
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1981414Reviewed-by: default avatarMatt Falkenhagen <falken@chromium.org>
Reviewed-by: default avatarTakashi Toyoshima <toyoshim@chromium.org>
Reviewed-by: default avatarKen Rockot <rockot@google.com>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#728817}
parent 23ce24ec
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 6 deletions
chrome/browser/chrome_content_browser_client.cc
View file @ df83dca4
......@@ -4368,9 +4368,10 @@ class FileURLLoaderFactory : public network::mojom::URLLoaderFactory {
network::URLLoaderCompletionStatus(net::ERR_ACCESS_DENIED));
return;
}
content::CreateFileURLLoader(request, std::move(loader), std::move(client),
/*observer=*/nullptr,
/* allow_directory_listing */ true);
content::CreateFileURLLoaderBypassingSecurityChecks(
request, std::move(loader), std::move(client),
/*observer=*/nullptr,
/* allow_directory_listing */ true);
}
void Clone(
......
content/browser/loader/file_url_loader_factory.cc
View file @ df83dca4
......@@ -891,7 +891,7 @@ void FileURLLoaderFactory::Clone(
receivers_.Add(this, std::move(loader));
}
void CreateFileURLLoader(
void CreateFileURLLoaderBypassingSecurityChecks(
const network::ResourceRequest& request,
mojo::PendingReceiver<network::mojom::URLLoader> loader,
mojo::PendingRemote<network::mojom::URLLoaderClient> client,
......
content/public/browser/file_url_loader.h
View file @ df83dca4
......@@ -50,7 +50,7 @@ class CONTENT_EXPORT FileURLLoaderObserver
// The URLLoader created by this function does *not* automatically follow
// filesytem links (e.g. Windows shortcuts) or support directory listing.
// A directory path will always yield a FILE_NOT_FOUND network error.
CONTENT_EXPORT void CreateFileURLLoader(
CONTENT_EXPORT void CreateFileURLLoaderBypassingSecurityChecks(
const network::ResourceRequest& request,
mojo::PendingReceiver<network::mojom::URLLoader> loader,
mojo::PendingRemote<network::mojom::URLLoaderClient> client,
......
extensions/browser/extension_protocols.cc
View file @ df83dca4
......@@ -604,7 +604,7 @@ class ExtensionURLLoaderFactory : public network::mojom::URLLoaderFactory {
resource.relative_path());
}
content::CreateFileURLLoader(
content::CreateFileURLLoaderBypassingSecurityChecks(
request, std::move(loader), std::move(client),
std::make_unique<FileLoaderObserver>(std::move(verify_job)),
/* allow_directory_listing */ false, std::move(response_headers));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment