Use |initiator_origin| in ExtensionNavigationThrottle.
Before this CL, ExtensionNavigationThrottle would more-or-less ignore
main frame navigations (except for special-casing some GuestView
scenarios). This allowed some undesirable navigations as pointed out in
https://crbug.com/442579. After this CL the throttle continues with
WebAccessibleResources checks even for main frames.
Before this CL, ExtensionNavigationThrottle would check if the target
is one of WebAccessibleResources iff the frame being navigated has an
ancestor that has a different origin than the target of the navigation.
This doesn't work for main frames (which have no parent). This could
be addressed by also going over opener relationship, but the right fix
here is to directly consider |initiator_origin| (which is trustworthy
and browser-verified). After this CL, |initiator_origin| is considered.
Applying the throttle checks to more navigations means that the throttle
has to replicate some exceptions from
ChromeContentBrowserClientExtensionsPart::ShouldAllowOpenURL.
Specifically, the throttle needs to ignore navigations ignored by
origins with chrome://, chrome-search:// and devtools:// schemes.
Additionally the changes mean that opaque origins (even if they have
been derived from an extension origin) cannot navigate to
non-WebAccessibleResources. This requires tweaking the
sandboxed_pages_csp test.
Bug: 442579
Change-Id: Iebc72b05fece9d0936214f5f8e00802b59e84fd1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1776854
Auto-Submit: Łukasz Anforowicz <[email protected]>
Reviewed-by: Kevin McNee <[email protected]>
Reviewed-by: Devlin <[email protected]>
Reviewed-by: Alex Moshchuk <[email protected]>
Reviewed-by: Nasko Oskov <[email protected]>
Commit-Queue: Łukasz Anforowicz <[email protected]>
Cr-Commit-Position: refs/heads/master@{#697794}
diff --git a/chrome/browser/extensions/chrome_extensions_browser_client.cc b/chrome/browser/extensions/chrome_extensions_browser_client.cc
index f079d9ff..1c10e92 100644
--- a/chrome/browser/extensions/chrome_extensions_browser_client.cc
+++ b/chrome/browser/extensions/chrome_extensions_browser_client.cc
@@ -47,6 +47,7 @@
#include "chrome/common/chrome_paths.h"
#include "chrome/common/chrome_switches.h"
#include "chrome/common/pref_names.h"
+#include "chrome/common/url_constants.h"
#include "components/update_client/update_client.h"
#include "components/version_info/version_info.h"
#include "content/public/browser/browser_thread.h"
@@ -530,6 +531,14 @@
return ::GetUserAgent();
}
+bool ChromeExtensionsBrowserClient::ShouldSchemeBypassNavigationChecks(
+ const std::string& scheme) const {
+ if (scheme == chrome::kChromeSearchScheme)
+ return true;
+
+ return ExtensionsBrowserClient::ShouldSchemeBypassNavigationChecks(scheme);
+}
+
// static
void ChromeExtensionsBrowserClient::set_did_chrome_update_for_testing(
bool did_update) {
