Allow 'chrome-extension:' URLs to bypass content settings (1/2)

We changed the behavior of 'Document::firstPartyForCookies' to return an empty URL in the case where any URL in the ancestor chain doesn't match the current document's URL. Previously, we'd simply return the top-level document's URL. This means that the content-settings bypass check in 'ContentSettingsObserver::IsWhitelistedForContentSettings' sees an empty URL as opposed to a 'chrome-extension://' URL for cases in which an extension loads a resource, so content settings are applied as per usual. This breaks things fairly badly for folks who have turned on third-party cookie blocking. In these patches, we introduce a new scheme registry for those schemes which ought to override Blink's concept of "first-party" when they're loaded into the top-level browsing context. Patch 1 (Blink): https://codereview.chromium.org/1305253012 Patch 2 (Chromium): [This patch] BUG=527963 TBR=jochen@chromium.org Review URL: https://codereview.chromium.org/1332563006 Cr-Commit-Position: refs/heads/master@{#348194} (cherry picked from commit cfed7a300606c5eedb858433b37db5ffadf3b2cc) Cherry-Pick note: Moved the call of this method from Dispatcher::WebKitInitialized() to ChromeContentRendererClient::RenderThreadStarted(), which is where all the similar methods were for this point in history. Review URL: https://codereview.chromium.org/1339763002 . Cr-Commit-Position: refs/branch-heads/2454@{#463} Cr-Branched-From: 12bfc3360892ec53cd00fc239a47e5298beb063b-refs/heads/master@{#338390}
author: Devlin Cronin <rdevlin.cronin@chromium.org> 2015-09-11 12:09:54 -0700
committer: Devlin Cronin <rdevlin.cronin@chromium.org> 2015-09-11 19:10:49 +0000
commit: e22bd11c3a288bd7b6abb34798caca1fe0f583ed (patch)
tree: 63c87c002447673f06c2aa161b0ac1f3a6106e5d
parent: 0fc8d1d04be6a826e1222ccd4bbff86bfecd1d86 (diff)
download: chromium_src-e22bd11c3a288bd7b6abb34798caca1fe0f583ed.zip
chromium_src-e22bd11c3a288bd7b6abb34798caca1fe0f583ed.tar.gz
chromium_src-e22bd11c3a288bd7b6abb34798caca1fe0f583ed.tar.bz2
1 files changed, 7 insertions, 0 deletions
diff --git a/chrome/renderer/chrome_content_renderer_client.cc b/chrome/renderer/chrome_content_renderer_client.cc
index cc4ba2b..bb76fcf 100644
--- a/chrome/renderer/chrome_content_renderer_client.cc
+++ b/chrome/renderer/chrome_content_renderer_client.cc
@@ -497,6 +497,13 @@ void ChromeContentRendererClient::RenderThreadStarted() {
   WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(
       extension_resource_scheme);
 
+  // Extension resources, when loaded as the top-level document, should bypass
+  // Blink's strict first-party origin checks.
+  WebSecurityPolicy::registerURLSchemeAsFirstPartyWhenTopLevel(
+    extension_scheme);
+  WebSecurityPolicy::registerURLSchemeAsFirstPartyWhenTopLevel(
+    extension_resource_scheme);
+
 #if defined(ENABLE_PRINT_PREVIEW)
   pdf_print_client_.reset(new ChromePDFPrintClient());
   pdf::PepperPDFHost::SetPrintClient(pdf_print_client_.get());
author	Devlin Cronin <rdevlin.cronin@chromium.org>	2015-09-11 12:09:54 -0700
committer	Devlin Cronin <rdevlin.cronin@chromium.org>	2015-09-11 19:10:49 +0000
commit	e22bd11c3a288bd7b6abb34798caca1fe0f583ed (patch)
tree	63c87c002447673f06c2aa161b0ac1f3a6106e5d
parent	0fc8d1d04be6a826e1222ccd4bbff86bfecd1d86 (diff)
download	chromium_src-e22bd11c3a288bd7b6abb34798caca1fe0f583ed.zip chromium_src-e22bd11c3a288bd7b6abb34798caca1fe0f583ed.tar.gz chromium_src-e22bd11c3a288bd7b6abb34798caca1fe0f583ed.tar.bz2