commit | d0858c6f36dbe29039112b1dc7732278e3f59163 | [log] [tgz] |
---|---|---|
author | Lukasz Anforowicz <lukasza@chromium.org> | Thu May 23 15:38:04 2019 |
committer | Commit Bot <commit-bot@chromium.org> | Thu May 23 15:38:04 2019 |
tree | 3f6c054fa4a68cc4a2720840d5a8a5b7d725b4c3 | |
parent | 648e59b2c58922f12caeb0f73074f4777f3c734c [diff] |
CORB should block CSV, PDF and other MimeHandlerView types w/o sniffing. This CL extends CORB to also cover CSV, PDF and other types handled by MimeHandlerView. This protection is only turned on when the kMimeHandlerViewInCrossProcessFrame feature is enabled, because otherwise the resource body may need to go through a cross-origin renderer process (see https://crbug.com/929300). Manually tested by launching $ out/rel/chrome --user-data-dir=$HOME/.corb-for-pdf \ --enable-features=MimeHandlerViewInCrossProcessFrame \ http://anforowicz.github.io/xsdb-demo/index.html and verifying that DevTools console shows CORB warning for <img src="https://www.w3.org/.../dummy.pdf"> Bug: 802836 Change-Id: Ia13a693d76f50aca52d6241af317d75c07e20b59 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1606589 Reviewed-by: John Abd-El-Malek <jam@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Ehsan Karamad <ekaramad@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Commit-Queue: Ćukasz Anforowicz <lukasza@chromium.org> Cr-Commit-Position: refs/heads/master@{#662651}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .