Google Git
Sign in
chromium / chromium / src / 55479e1926b2dfe9a76251cd4c4d5533a2d2abce
commit55479e1926b2dfe9a76251cd4c4d5533a2d2abce[log] [tgz]
authorAlex Moshchuk <alexmos@chromium.org>Mon Feb 17 16:42:39 2020
committerCommit Bot <commit-bot@chromium.org>Mon Feb 17 16:42:39 2020
treed8d5d25c41724aac53130f9bb5d55b73754ee159
parent28477af976658024fd5b5b7bda3336d92f8c407e [diff]
[M80] Fix hosted app effective URL resolution for some edge cases with paths.

Currently, URLs that are covered by a hosted app's web extent get a
SiteInstance with a special "effective" site URL, formed by
translating the regular URL into a chrome-extension:// URL.  The
translation is done via Extension::GetResourceURL() against the target
URL's path.

This is problematic because GetResourceURL() internally uses
GURL::Resolve(), which may fail for certain paths (such as a double
slash, as in "http://docs.google.com//") and return an empty GURL, as
described in issue 1034197.  This in turn means that the effective URL
used for some navigations may end up *empty*, which is incorrect, as
the resulting navigation won't end up in a hosted app process. It is
also dangerous: cross-site navigations with such paths could try to
share the same SiteInstance since the destination site URL is the same
(i.e., empty), which is a potential site isolation bypass.
Fortunately, we have logic that catches this, but this results in a
browser crash.  See analysis in https://crbug.com/1016954.

This CL fixes this by ensuring that effective URLs returned for hosted
apps are never empty.  The process model never uses an effective URL's
path, just the origin, so there's no reason to keep the path around,
and this CL simply changes the effective URL of a hosted app to be of
form chrome-extension://hosted_app_id/, with no path.

We should additionally ensure that when we set a site URL on a
SiteInstance, the site URL is never actually empty.  Unfortunately,
this currently results in several test failures (see PS1) and thus
will be attempted in a separate CL.

TBR: alexmos@chromium.org
TBR: rdevlin.cronin@chromium.org

(cherry picked from commit 582b2e92e4a5094b692c621689cdbce877f2bad5)

Bug: 1016954
Change-Id: Id4c71a4993de76f5cf8b56bbc333da5e08237c14
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1952033
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#728610}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2059769
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Krishna Govind <govind@chromium.org>
Commit-Queue: Krishna Govind <govind@chromium.org>
Cr-Commit-Position: refs/branch-heads/3987@{#915}
Cr-Branched-From: c4e8da9871cc266be74481e212f3a5252972509d-refs/heads/master@{#722274}
2 files changed
tree: d8d5d25c41724aac53130f9bb5d55b73754ee159
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. weblayer/
  52. .clang-format
  53. .clang-tidy
  54. .eslintrc.js
  55. .git-blame-ignore-revs
  56. .gitattributes
  57. .gitignore
  58. .gn
  59. .vpython
  60. .vpython3
  61. .yapfignore
  62. AUTHORS
  63. BUILD.gn
  64. CODE_OF_CONDUCT.md
  65. codereview.settings
  66. DEPS
  67. ENG_REVIEW_OWNERS
  68. LICENSE
  69. LICENSE.chromium_os
  70. OWNERS
  71. PRESUBMIT.py
  72. PRESUBMIT_test.py
  73. PRESUBMIT_test_mocks.py
  74. README.md
  75. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .