Google Git
Sign in
chromium / chromium / src / badc704f1939da9933d904adb23bea44f93b6c5f
commitbadc704f1939da9933d904adb23bea44f93b6c5f[log] [tgz]
authorKelvin Jiang <kelvinjiang@chromium.org>Fri Jun 27 01:34:27 2025
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri Jun 27 01:34:27 2025
treeee6964516c240d039a21f34b2252b6f135d455f4
parent82217425317588991153753d0f876453aa6c1711 [diff]
[WAR, DNR] Fix unsafe redirect error to web accessible resource

Error was observed on web pages that had a service worker for fetching
subresources. This caused the page to use the SharedURLLoaderFactory
which never bypasses renderer level redirect checks.

Combine that with the fact that the request's initiator was not passed
down into the renderer's redirect check + a redirect to an extension's
Web Accessible Resource that required the initiator to check if it was
a safe redirect, that led to the UNSAFE_REDIRECT error observed.

Fix involved adding the request's initiator to RedirectInfo which can
then be used in the renderer.

Bug: 375395102
Change-Id: I84a526c165847cfe390978d7133022aee25dd303
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6580522
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Michael Thiessen <mthiesse@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Kelvin Jiang <kelvinjiang@chromium.org>
Reviewed-by: Solomon Kinard <solomonkinard@chromium.org>
Reviewed-by: Kenichi Ishibashi <bashi@chromium.org>
Reviewed-by: Mustafa Emre Acer <meacer@chromium.org>
Reviewed-by: Devlin Cronin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1479568}
28 files changed
tree: ee6964516c240d039a21f34b2252b6f135d455f4
  1. .github/
  2. android_webview/
  3. apps/
  4. ash/
  5. base/
  6. build/
  7. build_overrides/
  8. buildtools/
  9. cc/
  10. chrome/
  11. chromecast/
  12. chromeos/
  13. codelabs/
  14. components/
  15. content/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia_web/
  22. gin/
  23. google_apis/
  24. gpu/
  25. headless/
  26. infra/
  27. ios/
  28. ipc/
  29. media/
  30. mojo/
  31. net/
  32. pdf/
  33. ppapi/
  34. printing/
  35. remoting/
  36. rlz/
  37. sandbox/
  38. services/
  39. skia/
  40. sql/
  41. storage/
  42. styleguide/
  43. testing/
  44. third_party/
  45. tools/
  46. ui/
  47. url/
  48. webkit/
  49. clank
  50. internal
  51. ios_internal
  52. signing_keys
  53. v8
  54. .clang-format
  55. .clang-tidy
  56. .clangd
  57. .cursorignore
  58. .git-blame-ignore-revs
  59. .gitallowed
  60. .gitattributes
  61. .gitignore
  62. .gitmodules
  63. .gn
  64. .mailmap
  65. .rustfmt.toml
  66. .vpython3
  67. .yapfignore
  68. ATL_OWNERS
  69. AUTHORS
  70. BUILD.gn
  71. CODE_OF_CONDUCT.md
  72. codereview.settings
  73. CPPLINT.cfg
  74. CRYPTO_OWNERS
  75. DEPS
  76. DIR_METADATA
  77. LICENSE
  78. LICENSE.chromium_os
  79. OWNERS
  80. PRESUBMIT.py
  81. PRESUBMIT_test.py
  82. PRESUBMIT_test_mocks.py
  83. README.md
  84. SECURITY_OWNERS
  85. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure.

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.