New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 736140 link

Starred by 1 user
Status: Fixed
Owner:
raymes@chromium.org
OOO until 4th Feb
Closed: Jun 2017
Cc:
mkwst@chromium.org
elawrence@chromium.org
lafo...@chromium.org
raymes@chromium.org
est...@chromium.org
palmer@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

--unsafely-treat-insecure-origin-as-secure flag does not impact content::IsOriginSecure checks in the renderer

Project Member Reported by raymes@chromium.org, Jun 22 2017 
What steps will reproduce the problem?
(1) Run chrome with --unsafely-treat-insecure-origin-as-secure=http://www.testwebcam.com
(2) Go to http://www.testwebcam.com
(3) Allow Flash, note that camera and mic aren't allowed.

This will cause an error message to be displayed in the console.

The problem here is that the global variable in the renderer which stores the secure origins passed in via the flag is initialized while the process is still a zygote process. Currently we do not propagate the flag to zygote processes, so the values are never initialized correctly.

Comment 1 by raymes@chromium.org, Jun 22 2017

Cc: lafo...@chromium.org

Comment 2 by raymes@chromium.org, Jun 22 2017

Cc: palmer@chromium.org
mkwst/palmer: do you have thoughts on the behavior in this case?

Comment 3 by raymes@chromium.org, Jun 26 2017

Summary: --unsafely-treat-insecure-origin-as-secure flag does not impact content::IsOriginSecure checks in the renderer (was: --unsafely-treat-insecure-origin-as-secure flag does not impact secure origin checks)

Comment 4 by raymes@chromium.org, Jun 26 2017

Description: Show this description

Comment 5 by raymes@chromium.org, Jun 26 2017

Labels: OS-Linux
Owner: raymes@chromium.org
Status: Assigned (was: Available)
I worked this out, this was actually a bug specific to the checks I added because they use content::IsOriginSecure in the renderer process, which is currently buggy on linux. I've got a patch: https://codereview.chromium.org/2955803002

Comment 6 by raymes@chromium.org, Jun 26 2017

Cc: elawrence@chromium.org
+elawrence as FYI
Project Member

Comment 7 by bugdroid1@chromium.org, Jun 26 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/998231b917858c87b641040c742f5cc41ac9b43e

commit 998231b917858c87b641040c742f5cc41ac9b43e
Author: raymes <raymes@chromium.org>
Date: Mon Jun 26 19:29:25 2017

Propogate kUnsafelyTreatInsecureOriginAsSecure flag to the zygote process

ChromeContentClient::AddAdditionalSchemes sets up the global whitelisted
origins. Some of these origins may be passed in via the
kUnsafelyTreatInsecureOriginsAsSecure flag. However, this call happens
while the renderer process is still a zygote on linux. This means that
content::IsOriginSecure checks won't take these whitelisted origins into
account.

BUG= 736140 

Review-Url: https://codereview.chromium.org/2955803002
Cr-Commit-Position: refs/heads/master@{#482353}

[modify] https://crrev.com/998231b917858c87b641040c742f5cc41ac9b43e/chrome/browser/chrome_content_browser_client.cc

Comment 8 by raymes@chromium.org, Jun 26 2017

Status: Fixed (was: Assigned)

Sign in to add a comment