Change error pages to use a new chrome-error:// scheme.
This CL changes error pages to use chrome-error://chromewebdata/
instead of data:text/html,chromewebdata.
This has the benefit that error pages won't inherit CSP from their
parent/opener. Previously, when a page defined a CSP and then ended
up loading an error page in a subframe, the error page might've been
broken by the parent's CSP, since, for example, it needs to execute
inline scripts. This could result in the error page not showing up
correctly and/or false CSP reports being sent.
The new scheme is marked as secure and as requiring an opaque origin
to match previous behavior.
Web pages used to be able to directly load the error URL, which just
showed up as "chromewebdata". With this change, navigating to the
error URL would bring up the external protocol dialog instead, so this
CL prevents renderers from directly navigating to or redirecting to
error URLs.
Additionally, chrome-error:// is registered as a display-isolated
scheme, so that regular web pages can't embed the error URL in an
iframe or image, and as a scheme that does not allow javascript URL
manipulation, which is consistent with other pages considered to be
part of Chrome. If either of these new restrictions ends up being
problematic, we should revisit them in
RenderThreadImpl::RegisterSchemes().
In the future, it's possible to further utilize the host/path portion
of the URL to identify different kinds of error pages.
Bug: 703801
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation
Change-Id: I45fa0aa157523450c33c6464f96414ff742e8604
Reviewed-on: https://chromium-review.googlesource.com/580169
Reviewed-by: Matt Menke <[email protected]>
Reviewed-by: Nasko Oskov <[email protected]>
Reviewed-by: Charlie Reis (OOO Aug 17-24) <[email protected]>
Reviewed-by: Devlin <[email protected]>
Reviewed-by: Shuotao Gao <[email protected]>
Reviewed-by: Mike West <[email protected]>
Commit-Queue: Alex Moshchuk <[email protected]>
Cr-Commit-Position: refs/heads/master@{#494809}diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc
index c45919d..6b69dd7 100644
--- a/content/browser/child_process_security_policy_unittest.cc
+++ b/content/browser/child_process_security_policy_unittest.cc
@@ -207,6 +207,8 @@
EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("chrome://foo/bar")));
EXPECT_FALSE(p->CanSetAsOriginHeader(
kRendererID, GURL("view-source:http://www.google.com/")));
+ EXPECT_FALSE(p->CanRedirectToURL(GURL(kUnreachableWebDataURL)));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL(kUnreachableWebDataURL)));
p->Remove(kRendererID);
}
