New issue
Advanced search Search tips

Issue 660901 link

Starred by 1 user
Status: Fixed
Owner:
rdevlin....@chromium.org
Closed: Oct 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Click to script - blocked action indicator shows for blocked webrequests on subframes

Project Member Reported by rdevlin....@chromium.org, Oct 31 2016 
What steps will reproduce the problem?
0. enable click to script
1. Install the honey extension
2. visit a site with cross-origin iframes (like anything with google ads)
3. allow the extension to always run on that site
4. refresh the page

What is the expected result?
The extension should not appear blocked

What happens instead of that?
The extension appears blocked

This happens because we don't grant subframe permissions with activeTab-style granting.  This is currently WAI, and for content scripts, we don't consider this blocking.  Webrequest should do the same, where we only surface the webRequest blocked indication in the case of a top frame.
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 31 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/eb53f1445275265a2b81112a69a5205004b709d3

commit eb53f1445275265a2b81112a69a5205004b709d3
Author: rdevlin.cronin <rdevlin.cronin@chromium.org>
Date: Mon Oct 31 20:26:53 2016

[Extensions] Don't show a blocked action for webRequest on subframes

Click-To-Script blocks webRequest on sites without permission, but we
currently don't have any mechanism of granting subframe origins. As
such, we don't count blocking subframe actions as a reason to show the
blocked action indicator in the case of content scripts running on
subframes. We should do the same for webRequest actions.

BUG= 660901 

Review-Url: https://codereview.chromium.org/2465603002
Cr-Commit-Position: refs/heads/master@{#428787}

[modify] https://crrev.com/eb53f1445275265a2b81112a69a5205004b709d3/chrome/browser/extensions/api/web_request/chrome_extension_web_request_event_router_delegate.cc
[modify] https://crrev.com/eb53f1445275265a2b81112a69a5205004b709d3/chrome/browser/extensions/api/web_request/web_request_apitest.cc

Comment 2 by rdevlin....@chromium.org, Oct 31 2016

Status: Fixed (was: Assigned)

Sign in to add a comment