Google Git
Sign in
chromium / chromium / src.git / 90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3^! / . / content / browser / loader / navigation_url_loader_impl.cc
commit90b1a0d7e9754fdbf5b09bdfa3ced612b9c9fbf3[log] [tgz]
authorChris Mumford <[email protected]>Wed Sep 26 20:10:43 2018
committerCommit Bot <[email protected]>Wed Sep 26 20:10:43 2018
treeb4f1f8c3ca73f6daf2a5dff1cc67e5ac2f5996e2
parent6fb30d318cd9a654e53e2d7d2d8f833d8cf98cf1 [diff] [blame]
Allow file/filesystem schemes to redirect to same scheme.

Relax redirect safety checks, which exist in the network
service but were not present in URLRequestJob, to allow
the loading of a file/filesystem scheme to redirect to
the file/filesystem scheme.

One example of a redirect is where the following URL:

  file:///path/to/directory

during reload is redirected to:

  file:///path/to/directory/

This change also fixes redirects of Windows file links
(with network service) as it redirects back to the client
before following the redirect. This avoids an infinite
recursion bug triggered by circular symbolic links.

Bug: 884277,887039
Change-Id: I13923fc29397b1d3aa6679d861e9edc3af1c816b
Reviewed-on: https://chromium-review.googlesource.com/1234335
Reviewed-by: John Abd-El-Malek <[email protected]>
Commit-Queue: Chris Mumford <[email protected]>
Cr-Commit-Position: refs/heads/master@{#594450}
diff --git a/content/browser/loader/navigation_url_loader_impl.cc b/content/browser/loader/navigation_url_loader_impl.cc
index d3e7587..838bef6ca 100644
--- a/content/browser/loader/navigation_url_loader_impl.cc
+++ b/content/browser/loader/navigation_url_loader_impl.cc

@@ -322,10 +322,12 @@
   return IsURLHandledByNetworkService(url) || url.SchemeIs(url::kDataScheme);
 }
 
-// Determines whether it is safe to redirect to |url|.
-bool IsRedirectSafe(const GURL& url, ResourceContext* resource_context) {
-  return IsSafeRedirectTarget(url) &&
-         GetContentClient()->browser()->IsSafeRedirectTarget(url,
+// Determines whether it is safe to redirect from |from_url| to |to_url|.
+bool IsRedirectSafe(const GURL& from_url,
+                    const GURL& to_url,
+                    ResourceContext* resource_context) {
+  return IsSafeRedirectTarget(from_url, to_url) &&
+         GetContentClient()->browser()->IsSafeRedirectTarget(to_url,
                                                              resource_context);
 }
 
@@ -1186,7 +1188,7 @@
                          const network::ResourceResponseHead& head) override {
     if (base::FeatureList::IsEnabled(network::features::kNetworkService) &&
         !bypass_redirect_checks_ &&
-        !IsRedirectSafe(redirect_info.new_url, resource_context_)) {
+        !IsRedirectSafe(url_, redirect_info.new_url, resource_context_)) {
       OnComplete(network::URLLoaderCompletionStatus(net::ERR_UNSAFE_REDIRECT));
       return;
     }