commit | 55479e1926b2dfe9a76251cd4c4d5533a2d2abce | [log] [tgz] |
---|---|---|
author | Alex Moshchuk <alexmos@chromium.org> | Mon Feb 17 16:42:39 2020 |
committer | Commit Bot <commit-bot@chromium.org> | Mon Feb 17 16:42:39 2020 |
tree | d8d5d25c41724aac53130f9bb5d55b73754ee159 | |
parent | 28477af976658024fd5b5b7bda3336d92f8c407e [diff] |
[M80] Fix hosted app effective URL resolution for some edge cases with paths. Currently, URLs that are covered by a hosted app's web extent get a SiteInstance with a special "effective" site URL, formed by translating the regular URL into a chrome-extension:// URL. The translation is done via Extension::GetResourceURL() against the target URL's path. This is problematic because GetResourceURL() internally uses GURL::Resolve(), which may fail for certain paths (such as a double slash, as in "http://docs.google.com//") and return an empty GURL, as described in issue 1034197. This in turn means that the effective URL used for some navigations may end up *empty*, which is incorrect, as the resulting navigation won't end up in a hosted app process. It is also dangerous: cross-site navigations with such paths could try to share the same SiteInstance since the destination site URL is the same (i.e., empty), which is a potential site isolation bypass. Fortunately, we have logic that catches this, but this results in a browser crash. See analysis in https://crbug.com/1016954. This CL fixes this by ensuring that effective URLs returned for hosted apps are never empty. The process model never uses an effective URL's path, just the origin, so there's no reason to keep the path around, and this CL simply changes the effective URL of a hosted app to be of form chrome-extension://hosted_app_id/, with no path. We should additionally ensure that when we set a site URL on a SiteInstance, the site URL is never actually empty. Unfortunately, this currently results in several test failures (see PS1) and thus will be attempted in a separate CL. TBR: alexmos@chromium.org TBR: rdevlin.cronin@chromium.org (cherry picked from commit 582b2e92e4a5094b692c621689cdbce877f2bad5) Bug: 1016954 Change-Id: Id4c71a4993de76f5cf8b56bbc333da5e08237c14 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1952033 Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Commit-Queue: Alex Moshchuk <alexmos@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#728610} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2059769 Reviewed-by: Charlie Reis <creis@chromium.org> Reviewed-by: Krishna Govind <govind@chromium.org> Commit-Queue: Krishna Govind <govind@chromium.org> Cr-Commit-Position: refs/branch-heads/3987@{#915} Cr-Branched-From: c4e8da9871cc266be74481e212f3a5252972509d-refs/heads/master@{#722274}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .