Don't consider about: and data: as cross origin downloads

Bug: 730050 Change-Id: Ia11ab0e17995339fa2a620837a0bbb29b789512a Reviewed-on: https://chromium-review.googlesource.com/528235 Commit-Queue: Jochen Eisinger <jochen@chromium.org> Reviewed-by: David Trainor <dtrainor@chromium.org> Cr-Commit-Position: refs/heads/master@{#478638}

Don't consider about: and data: as cross origin downloads
Bug: 730050 Change-Id: Ia11ab0e17995339fa2a620837a0bbb29b789512a Reviewed-on: https://chromium-review.googlesource.com/528235 Commit-Queue: Jochen Eisinger <jochen@chromium.org> Reviewed-by: David Trainor <dtrainor@chromium.org> Cr-Commit-Position: refs/heads/master@{#478638}
e09ad54e · Jochen Eisinger · Commit Bot · a0770bb9 · e09ad54e
Commit e09ad54e authored Jun 12, 2017 by Jochen Eisinger Committed by Commit Bot Jun 12, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

content/browser/download/download_request_core.cc content/browser/download/download_request_core.cc +4 -1

No files found.
--- a/content/browser/download/download_request_core.cc
+++ b/content/browser/download/download_request_core.cc
@@ -347,9 +347,12 @@ bool DownloadRequestCore::OnResponseStarted(

  // GURL::GetOrigin() doesn't support getting the inner origin of a blob URL.
  // However, requesting a cross origin blob URL would have resulted in a
-  // network error, so we'll just ignore them here.
+  // network error, so we'll just ignore them here. Furthermore, we consider
+  // data: and about: schemes as same origin regardless of the initiator.
  if (request()->initiator().has_value() &&
      !create_info->url_chain.back().SchemeIsBlob() &&
+      !create_info->url_chain.back().SchemeIs(url::kAboutScheme) &&
+      !create_info->url_chain.back().SchemeIs(url::kDataScheme) &&
      request()->initiator()->GetURL() !=
          create_info->url_chain.back().GetOrigin()) {
    create_info->save_info->suggested_name.clear();