diff options
4 files changed, 70 insertions, 30 deletions
diff --git a/chrome/browser/content_settings/permission_context_base.cc b/chrome/browser/content_settings/permission_context_base.cc index 9211703..45ce75a 100644 --- a/chrome/browser/content_settings/permission_context_base.cc +++ b/chrome/browser/content_settings/permission_context_base.cc @@ -12,6 +12,7 @@ #include "chrome/browser/profiles/profile.h" #include "chrome/browser/ui/website_settings/permission_bubble_manager.h" #include "chrome/common/pref_names.h" +#include "components/content_settings/core/browser/content_settings_utils.h" #include "components/content_settings/core/browser/host_content_settings_map.h" #include "components/content_settings/core/common/permission_request_id.h" #include "content/public/browser/browser_thread.h" @@ -82,11 +83,24 @@ void PermissionContextBase::DecidePermission( const BrowserPermissionCallback& callback) { DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); + if (!requesting_origin.is_valid() || !embedding_origin.is_valid()) { + DVLOG(1) + << "Attempt to use " << content_settings::GetTypeName(permission_type_) + << " from an invalid URL: " << requesting_origin + << "," << embedding_origin + << " (" << content_settings::GetTypeName(permission_type_) + << " is not supported in popups)"; + NotifyPermissionSet(id, requesting_origin, embedding_origin, + callback, false /* persist */, false /* granted */); + return; + } + ContentSetting content_setting = profile_->GetHostContentSettingsMap() ->GetContentSettingAndMaybeUpdateLastUsage( requesting_origin, embedding_origin, permission_type_, std::string()); + switch (content_setting) { case CONTENT_SETTING_BLOCK: NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, diff --git a/chrome/browser/content_settings/permission_context_base_unittest.cc b/chrome/browser/content_settings/permission_context_base_unittest.cc index e915728..ab3a31d4 100644 --- a/chrome/browser/content_settings/permission_context_base_unittest.cc +++ b/chrome/browser/content_settings/permission_context_base_unittest.cc @@ -152,6 +152,32 @@ class PermissionContextBaseTests : public ChromeRenderViewHostTestHarness { EXPECT_EQ(CONTENT_SETTING_ASK , setting); } + void TestRequestPermissionInvalidUrl(ContentSettingsType type) { + TestPermissionContext permission_context(profile(), type); + GURL url; + ASSERT_FALSE(url.is_valid()); + content::WebContentsTester::For(web_contents())->NavigateAndCommit(url); + + const PermissionRequestID id( + web_contents()->GetRenderProcessHost()->GetID(), + web_contents()->GetRenderViewHost()->GetRoutingID(), + -1, GURL()); + permission_context.RequestPermission( + web_contents(), + id, url, true, + base::Bind(&TestPermissionContext::TrackPermissionDecision, + base::Unretained(&permission_context))); + + EXPECT_TRUE(permission_context.permission_set()); + EXPECT_FALSE(permission_context.permission_granted()); + EXPECT_TRUE(permission_context.tab_context_updated()); + + ContentSetting setting = + profile()->GetHostContentSettingsMap()->GetContentSetting( + url.GetOrigin(), url.GetOrigin(), type, std::string()); + EXPECT_EQ(CONTENT_SETTING_ASK, setting); + } + private: // ChromeRenderViewHostTestHarness: void SetUp() override { @@ -169,7 +195,7 @@ TEST_F(PermissionContextBaseTests, TestAskAndGrant) { TestAskAndGrant_TestContent(); StartUsingPermissionBubble(); TestAskAndGrant_TestContent(); -}; +} // Simulates clicking Dismiss (X) in the infobar/bubble. // The permission should be denied but not saved for future use. @@ -177,4 +203,17 @@ TEST_F(PermissionContextBaseTests, TestAskAndDismiss) { TestAskAndDismiss_TestContent(); StartUsingPermissionBubble(); TestAskAndDismiss_TestContent(); -}; +} + +// Simulates non-valid requesting URL. +// The permission should be denied but not saved for future use. +TEST_F(PermissionContextBaseTests, TestNonValidRequestingUrl) { + TestRequestPermissionInvalidUrl(CONTENT_SETTINGS_TYPE_GEOLOCATION); + TestRequestPermissionInvalidUrl(CONTENT_SETTINGS_TYPE_NOTIFICATIONS); + TestRequestPermissionInvalidUrl(CONTENT_SETTINGS_TYPE_MIDI_SYSEX); + TestRequestPermissionInvalidUrl(CONTENT_SETTINGS_TYPE_PUSH_MESSAGING); +#if defined(OS_ANDROID) || defined(OS_CHROMEOS) + TestRequestPermissionInvalidUrl( + CONTENT_SETTINGS_TYPE_PROTECTED_MEDIA_IDENTIFIER); +#endif +} diff --git a/chrome/browser/geolocation/geolocation_permission_context.cc b/chrome/browser/geolocation/geolocation_permission_context.cc index b5fc960..a183871 100644 --- a/chrome/browser/geolocation/geolocation_permission_context.cc +++ b/chrome/browser/geolocation/geolocation_permission_context.cc @@ -29,7 +29,6 @@ void GeolocationPermissionContext::RequestPermission( bool user_gesture, const BrowserPermissionCallback& callback) { DCHECK_CURRENTLY_ON(content::BrowserThread::UI); - GURL embedder_origin = web_contents->GetLastCommittedURL().GetOrigin(); bool permission_set; bool new_permission; @@ -37,21 +36,16 @@ void GeolocationPermissionContext::RequestPermission( web_contents, id, id.bridge_id(), requesting_frame_origin, user_gesture, callback, &permission_set, &new_permission)) { if (permission_set) { - NotifyPermissionSet(id, requesting_frame_origin, embedder_origin, - callback, true, new_permission); + NotifyPermissionSet(id, + requesting_frame_origin, + web_contents->GetLastCommittedURL().GetOrigin(), + callback, + true, + new_permission); } return; } - if (!requesting_frame_origin.is_valid() || !embedder_origin.is_valid()) { - LOG(WARNING) << "Attempt to use geolocation from an invalid URL: " - << requesting_frame_origin << "," << embedder_origin - << " (geolocation is not supported in popups)"; - NotifyPermissionSet(id, requesting_frame_origin, embedder_origin, - callback, false /* persist */, false /* allowed */); - return; - } - PermissionContextBase::RequestPermission(web_contents, id, requesting_frame_origin, user_gesture, diff --git a/chrome/browser/media/protected_media_identifier_permission_context.cc b/chrome/browser/media/protected_media_identifier_permission_context.cc index fd5f549..ca530c73 100644 --- a/chrome/browser/media/protected_media_identifier_permission_context.cc +++ b/chrome/browser/media/protected_media_identifier_permission_context.cc @@ -40,37 +40,30 @@ void ProtectedMediaIdentifierPermissionContext::RequestPermission( const BrowserPermissionCallback& callback) { DCHECK_CURRENTLY_ON(content::BrowserThread::UI); - GURL embedder = web_contents->GetLastCommittedURL().GetOrigin(); - #if defined(ENABLE_EXTENSIONS) if (extensions::GetViewType(web_contents) != extensions::VIEW_TYPE_TAB_CONTENTS) { // The tab may have gone away, or the request may not be from a tab at all. - LOG(WARNING) + DVLOG(1) << "Attempt to use protected media identifier in tabless renderer: " << id.ToString() << " (can't prompt user without a visible tab)"; - NotifyPermissionSet(id, origin, embedder, callback, false, false); - return; - } -#endif - - if (!requesting_frame_origin.is_valid() || !embedder.is_valid()) { - LOG(WARNING) - << "Attempt to use protected media identifier from an invalid URL: " - << requesting_frame_origin << "," << embedder - << " (proteced media identifier is not supported in popups)"; - NotifyPermissionSet(id, requesting_frame_origin, embedder, + NotifyPermissionSet(id, + origin, + web_contents->GetLastCommittedURL().GetOrigin(), callback, false, false); return; } +#endif #if defined(OS_ANDROID) // Check if the protected media identifier master switch is disabled. if (!profile()->GetPrefs()->GetBoolean( prefs::kProtectedMediaIdentifierEnabled)) { - NotifyPermissionSet(id, requesting_frame_origin, embedder, callback, - false, false); + NotifyPermissionSet(id, + requesting_frame_origin, + web_contents->GetLastCommittedURL().GetOrigin(), + callback, false, false); return; } #endif |