New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 22994 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Oct 2009
Cc:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug
M-4

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment

In Chrome Frame, the first time you click a link, the referrer is empty

Reported by jackson@chromium.org, Sep 25 2009

Issue description

What steps will reproduce the problem?
1. Visit 
https://crypto.stanford.edu/~collinj/test/chromeframe/referrer.html
2. Referrer is displayed.
3. Click "self link"
4. Referrer is displayed
5. Click "self link" again
6. Referrer is displayed again

What is the expected output?

Referrer "https://crypto.stanford.edu/~collinj/test/chromeframe/referrer.ht
ml" appears on steps 4 and 6. It is blank on step 2.

What do you see instead?

Referrer "https://crypto.stanford.edu/~collinj/test/chromeframe/referrer.ht
ml" appears on step 6. It is blank on step 2 and step 4.
 
Labels: Mstone-4 ReleaseBlock-Beta Security
Status: Assigned

Comment 3 by ananta@chromium.org, Oct 14 2009

Comment 4 by bugdro...@gmail.com, Oct 19 2009

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=29420 

------------------------------------------------------------------------
r29420 | ananta@chromium.org | 2009-10-19 10:34:57 -0700 (Mon, 19 Oct 2009) | 17 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/automation_provider.cc?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/automation_provider.h?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/extensions/extension_uitest.cc?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/external_tab_container.cc?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/renderer/render_view.cc?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/test/automation/automation_messages_internal.h?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/test/automation/automation_proxy_uitest.cc?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/test/automation/tab_proxy.cc?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/test/automation/tab_proxy.h?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/bho.cc?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/bho.h?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_active_document.cc?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_active_document.h?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_activex_base.h?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_automation.cc?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_automation.h?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_delegate.h?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_npapi.cc?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/chrome_frame_automation_mock.h?r1=29420&r2=29419
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/chrome_frame_unittests.cc?r1=29420&r2=29419
   A http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/data/referrer_frame.html
   A http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/data/referrer_main.html

When Chrome hands off a URL to be opened by the external host by the ViewHostMsg_OpenURL IPC, it
needs to pass the referrer as well. The Chrome fixes in this CL are mostly related to passing the
HTTP referer off to the browser and from there to the ExternalTabContainer to ChromeFrame and back.

The ChromeFrame changes are basically around the same lines with one exception. When we handle the
AutomationMsg_OpenURL IPC in the activex and the active document we pass the referer if applicable
to the WebBrowser2::Navigate2 interface, which is then read by the BHO in BeforeNavigate2. We then
save away an AddRef'ed BHO pointer in TLS which is then referenced by the Active document for reading
the referer and passing it off to Chrome in the NavigateInExternalTab message.

Added a unit test in ChromeFrame which tests this case.

This fixes http://code.google.com/p/chromium/issues/detail?id=22994

Bug= 22994 

Review URL: http://codereview.chromium.org/274071
------------------------------------------------------------------------

Comment 5 by ananta@chromium.org, Oct 19 2009

Status: Fixed
Labels: SecSeverity-None

Comment 7 by jsc...@chromium.org, Mar 21 2011

Labels: Type-Security
Labels: -Area-ChromeFrame bulkmove Feature-ChromeFrame
Project Member

Comment 9 by bugdroid1@chromium.org, Oct 13 2012

Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member

Comment 10 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Mstone-4 -SecSeverity-None -Type-Security -Feature-ChromeFrame Cr-ChromeFrame M-4 Security-Severity-None Type-Bug-Security
Project Member

Comment 11 by bugdroid1@chromium.org, Mar 13 2013

Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Project Member

Comment 12 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Severity-None Security_Severity-None
Labels: -Type-Bug-Security Type-Bug
Bulk unrestriction of Severity-none bugs.

Sign in to add a comment