New issue
Advanced search Search tips

Issue 823639 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: May 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocked on:
issue 828963



Sign in to add a comment

extension view host should protect against navigations to web resources

Project Member Reported by jochen@chromium.org, Mar 20 2018

Issue description

Similar to the check in NavigationHandleImpl::WillProcessResponse which verifies that navitgations that should result in downloads never proceed.

The logic in ExtensionViewHost what can and what cannot be navigated to is a bit more complex, but we should have a check nevertheless
 
Project Member

Comment 1 by bugdroid1@chromium.org, Mar 20 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/71fdb27d0bf6f3493ee68b2236ff624320fad7e7

commit 71fdb27d0bf6f3493ee68b2236ff624320fad7e7
Author: Jochen Eisinger <jochen@chromium.org>
Date: Tue Mar 20 10:52:28 2018

Allow downloads again from extension views

Now that downloads initially look like navigations, we have to allow
some navigations from extension views such as popups

BUG= 821219 , 823639 
R=clamy@chromium.org,rdevlin.cronin@chromium.org

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: I2276a5649120a17974bf576791f74e3eac3d4e3a
Reviewed-on: https://chromium-review.googlesource.com/960003
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#544324}
[modify] https://crrev.com/71fdb27d0bf6f3493ee68b2236ff624320fad7e7/chrome/browser/extensions/api/extension_action/browser_action_apitest.cc
[modify] https://crrev.com/71fdb27d0bf6f3493ee68b2236ff624320fad7e7/chrome/browser/extensions/extension_view_host.cc
[add] https://crrev.com/71fdb27d0bf6f3493ee68b2236ff624320fad7e7/chrome/test/data/extensions/api_test/browser_action/popup_download/chromium.png
[add] https://crrev.com/71fdb27d0bf6f3493ee68b2236ff624320fad7e7/chrome/test/data/extensions/api_test/browser_action/popup_download/manifest.json
[add] https://crrev.com/71fdb27d0bf6f3493ee68b2236ff624320fad7e7/chrome/test/data/extensions/api_test/browser_action/popup_download/popup.html
[add] https://crrev.com/71fdb27d0bf6f3493ee68b2236ff624320fad7e7/chrome/test/data/extensions/api_test/browser_action/popup_download/popup.js
[modify] https://crrev.com/71fdb27d0bf6f3493ee68b2236ff624320fad7e7/testing/buildbot/filters/mojo.fyi.network_browser_tests.filter

Owner: jochen@chromium.org
Status: Assigned (was: Untriaged)
[Extensions Triage] jochen@: Seems you are working on this. Assigning.
Blockedon: 828963
Project Member

Comment 4 by bugdroid1@chromium.org, May 7 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7678c8ace3a3a31cb49225afd9200b72fe22b7aa

commit 7678c8ace3a3a31cb49225afd9200b72fe22b7aa
Author: Jochen Eisinger <jochen@chromium.org>
Date: Mon May 07 15:47:34 2018

Remove suggested filename plumbing

The codepath is no longer used, instead, we just navigate to cross
origin URLs.

BUG= 831073 , 823639 , 660288 

Change-Id: I6a347a11e84539ad73d2b0b6aaaa1cc97d0b6118
Reviewed-on: https://chromium-review.googlesource.com/1016906
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Reviewed-by: Xing Liu <xingliu@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#556455}
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/chrome/android/java/src/org/chromium/chrome/browser/tab/InterceptNavigationDelegateImpl.java
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/chrome/android/javatests/src/org/chromium/chrome/browser/contextualsearch/ContextualSearchManagerTest.java
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/chrome/browser/download/download_ui_controller.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/chrome/browser/extensions/api/web_navigation/web_navigation_apitest.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/chrome/browser/extensions/extension_view_host.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/chrome/browser/ui/android/external_protocol_dialog_android.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/chrome/browser/ui/browser_navigator.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/chrome/browser/ui/browser_navigator_params.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/chrome/browser/ui/browser_navigator_params.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/chrome/browser/ui/search/local_ntp_browsertest.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/chrome/test/data/extensions/api_test/webnavigation/download/test_download.js
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/components/download/internal/common/in_progress_download_manager.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/components/download/internal/common/resource_downloader.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/components/download/internal/common/resource_downloader.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/components/download/public/common/in_progress_download_manager.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/components/navigation_interception/android/java/src/org/chromium/components/navigation_interception/NavigationParams.java
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/components/navigation_interception/intercept_navigation_throttle.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/components/navigation_interception/navigation_params.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/components/navigation_interception/navigation_params.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/components/navigation_interception/navigation_params_android.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/browser_side_navigation_browsertest.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/devtools/devtools_url_interceptor_request_job.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/devtools/devtools_url_loader_interceptor.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/devtools/devtools_url_loader_interceptor.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/devtools/protocol/network_handler.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/devtools/protocol/network_handler.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/devtools/render_frame_devtools_agent_host.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/devtools/render_frame_devtools_agent_host.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/download/download_browsertest.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/download/download_manager_impl.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/download/download_manager_impl.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/download/download_request_core.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/blocked_scheme_navigation_throttle.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/form_submission_throttle_browsertest.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/frame_tree_node.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/navigation_controller_impl.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/navigation_controller_impl.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/navigation_controller_impl_browsertest.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/navigation_entry_impl.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/navigation_entry_impl.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/navigation_handle_impl.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/navigation_handle_impl.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/navigation_handle_impl_unittest.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/navigation_request.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/navigator.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/navigator_impl.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/navigator_impl.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/render_frame_host_impl.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/render_frame_host_manager.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/frame_host/render_frame_proxy_host.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/loader/mime_sniffing_resource_handler.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/loader/navigation_loader_util.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/loader/navigation_loader_util.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/loader/navigation_url_loader_network_service.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/loader/resource_dispatcher_host_impl.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/loader/resource_request_info_impl.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/loader/resource_request_info_impl.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/browser/security_exploit_browsertest.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/common/frame_messages.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/common/navigation_params.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/common/navigation_params.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/public/browser/navigation_controller.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/public/browser/navigation_handle.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/public/browser/navigation_handle.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/public/browser/page_navigator.h
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/public/test/render_view_test.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/renderer/render_frame_proxy.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/shell/browser/shell.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/content/shell/test_runner/web_frame_test_client.cc
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/extensions/browser/extension_navigation_throttle.cc
[delete] https://crrev.com/72aef1a4cea800fff0d5375c284c6d071cf3d46c/third_party/WebKit/LayoutTests/http/tests/security/anchor-download-block-crossorigin-expected.txt
[delete] https://crrev.com/72aef1a4cea800fff0d5375c284c6d071cf3d46c/third_party/WebKit/LayoutTests/http/tests/security/anchor-download-block-crossorigin.html
[modify] https://crrev.com/7678c8ace3a3a31cb49225afd9200b72fe22b7aa/third_party/blink/renderer/core/loader/frame_loader.cc

Status: Fixed (was: Assigned)

Sign in to add a comment