diff options
| author | palmer <palmer@chromium.org> | 2016-02-03 15:21:36 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-02-03 23:22:25 +0000 |
| commit | 5c437bcc7a51edbef45242c5173cf7871fde2866 (patch) | |
| tree | cff6102f961c969435e9698cb821715f69ca64b2 /extensions/browser/api | |
| parent | a2280cd27bd434f6033d3ab0c70886c06e3882b0 (diff) | |
| download | chromium_src-5c437bcc7a51edbef45242c5173cf7871fde2866.zip chromium_src-5c437bcc7a51edbef45242c5173cf7871fde2866.tar.gz chromium_src-5c437bcc7a51edbef45242c5173cf7871fde2866.tar.bz2 | |
Make extensions use a correct same-origin check.
GURL::GetOrigin does not do the right thing for all types of URLs.
BUG=573317
Review URL: https://codereview.chromium.org/1658913002
Cr-Commit-Position: refs/heads/master@{#373381}
Diffstat (limited to 'extensions/browser/api')
| -rw-r--r-- | extensions/browser/api/web_request/web_request_permissions.cc | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/extensions/browser/api/web_request/web_request_permissions.cc b/extensions/browser/api/web_request/web_request_permissions.cc index fd73304..ec0aa17 100644 --- a/extensions/browser/api/web_request/web_request_permissions.cc +++ b/extensions/browser/api/web_request/web_request_permissions.cc @@ -15,6 +15,7 @@ #include "extensions/common/permissions/permissions_data.h" #include "net/url_request/url_request.h" #include "url/gurl.h" +#include "url/origin.h" using content::ResourceRequestInfo; @@ -128,9 +129,9 @@ bool WebRequestPermissions::CanExtensionAccessURL( case REQUIRE_HOST_PERMISSION: // about: URLs are not covered in host permissions, but are allowed // anyway. - if (!((url.SchemeIs(url::kAboutScheme) || - extension->permissions_data()->HasHostPermission(url) || - url.GetOrigin() == extension->url()))) { + if (!url.SchemeIs(url::kAboutScheme) && + !extension->permissions_data()->HasHostPermission(url) && + !url::IsSameOriginWith(url, extension->url())) { return false; } break; |