Use correct origin as a request initiator.

SearchEngineTabHelper::PageHasOpenSearchDescriptionDocument makes network requests on behalf of the main frame (using the URLLoaderFactory created via main frame's RFHI::CreateNetworkServiceDefaultFactory). Before this CL, the |initiator| argument of ScheduleDownload method would be incorrectly set based on WebContents::GetURL method. This was incorrect because: - WebContents::GetURL returns the "visible", rather than "committed" URL - iframe sandbox attribute is ignored (see //docs/security/origin-vs-url.md for more details) This CL fixes this by changing: url::Origin::Create(web_contents->GetURL()) into frame->GetLastCommittedOrigin() Bug: 237908 Change-Id: I8d7eef091aeaf26c7f6c65a03009cdf9713d5346 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1913969Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org> Cr-Commit-Position: refs/heads/master@{#715732}

Use correct origin as a request initiator.
SearchEngineTabHelper::PageHasOpenSearchDescriptionDocument makes network requests on behalf of the main frame (using the URLLoaderFactory created via main frame's RFHI::CreateNetworkServiceDefaultFactory). Before this CL, the |initiator| argument of ScheduleDownload method would be incorrectly set based on WebContents::GetURL method. This was incorrect because: - WebContents::GetURL returns the "visible", rather than "committed" URL - iframe sandbox attribute is ignored (see //docs/security/origin-vs-url.md for more details) This CL fixes this by changing: url::Origin::Create(web_contents->GetURL()) into frame->GetLastCommittedOrigin() Bug: 237908 Change-Id: I8d7eef091aeaf26c7f6c65a03009cdf9713d5346 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1913969Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org> Cr-Commit-Position: refs/heads/master@{#715732}
f3ea69c5 · Lukasz Anforowicz · Commit Bot · 4b44832d · f3ea69c5
Commit f3ea69c5 authored Nov 15, 2019 by Lukasz Anforowicz Committed by Commit Bot Nov 15, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

chrome/browser/ui/search_engines/search_engine_tab_helper.cc chrome/browser/ui/search_engines/search_engine_tab_helper.cc +1 -1

No files found.
--- a/chrome/browser/ui/search_engines/search_engine_tab_helper.cc
+++ b/chrome/browser/ui/search_engines/search_engine_tab_helper.cc
@@ -146,7 +146,7 @@ void SearchEngineTabHelper::PageHasOpenSearchDescriptionDocument(
  // new keyword will be created when done.
  TemplateURLFetcherFactory::GetForProfile(profile)->ScheduleDownload(
      keyword, osdd_url, entry->GetFavicon().url,
-      url::Origin::Create(web_contents()->GetURL()), url_loader_factory.get(),
+      frame->GetLastCommittedOrigin(), url_loader_factory.get(),
      frame->GetRoutingID(),
      static_cast<int>(content::ResourceType::kSubResource));
 }