Issue 760128 link

Starred by 1 user

Issue metadata

Status:	Started
Owner:	csharrison@chromium.org
Cc:	rdevlin....@chromium.org
Components:	Platform>Extensions
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug

Audit callers of GetExtensionOrAppByURL to ensure they don't strip paths

Project Member Reported by csharrison@chromium.org, Aug 29 2017

Issue description

Issue 756465 is the result of passing the "origin" of the URL to GetExtensionOrAppByURL, causing failed lookups for Chrome Hosted Apps which need the full URL for matching.

This method should never take an origin, as it gracefully handles host lookup already.

Comment 1 by csharrison@chromium.org, Aug 29 2017

Even if the API is not callable from a Chrome Hosted App (are there any?), we should try to avoid this pattern because it can lead people (like me) into thinking it is OK to unconditionally send the origin in new code.

Comment 2 by csharrison@chromium.org, Aug 29 2017

I found:
geolocation_permission_context_extensions.cc - I think I've confirmed this is a bug. Just searched monorail and found that it is issue 88550

Nothing else jumped out at me. There are plenty of cases where we do this (anytime we use the SiteInstance SiteURL()), but I *think* those are mostly targeted at non-hosted apps.

►

Issue 760128 link

Issue metadata

Audit callers of GetExtensionOrAppByURL to ensure they don't strip paths

Issue description

Comment 1 by csharrison@chromium.org, Aug 29 2017

Comment 1 Deleted

Comment 2 by csharrison@chromium.org, Aug 29 2017

Comment 2 Deleted

Sign in to add a comment