New issue
Advanced search Search tips

Issue 898617 link

Starred by 1 user
Status: Fixed
Owner:
rdevlin....@chromium.org
Closed: Dec 13
Cc:
karandeepb@chromium.org
mea...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Extensions: Make activeTab "sticky" while on same-origin

Project Member Reported by rdevlin....@chromium.org, Oct 24 
While on the same origin within the same tab, persist activeTab granted permission to extensions.  This is the behavior with the RuntimeHostPermissions feature, and we should align activeTab with it to simplify the model.
Project Member

Comment 1 by bugdroid1@chromium.org, Nov 2 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a973691ebe6c4ecf5124c7740626beeb8616584e

commit a973691ebe6c4ecf5124c7740626beeb8616584e
Author: Devlin Cronin <rdevlin.cronin@chromium.org>
Date: Fri Nov 02 01:42:34 2018

[Extensions] Make activeTab sticky while on same origin

An extension is granted activeTab permission when the user invokes it on
a certain site. Currently, this grants host permission to the extension
until the user performs a (not-same-document) navigation or closes the
tab.

With RuntimeHostPermissions, we apply a similar model to extensions with
withheld permissions, but make the permission grant "sticky" while the
user is on the same origin - that is, the permission is only revoked on
cross-origin navigation or tab close.

Apply this behavior to activeTab as well. There's not really an
increased security risk here, since the extension already has access to
the site. This also simplifies the code by reducing the differences
between activeTab and RuntimeHostPermissions.

Update tests for activeTab to reflect the new behavior, and update
public documentation to include the change.

Bug:  898617 
Change-Id: I6772cf7d88ed53ceb4540e06adf33d5f17bbb4b0
Reviewed-on: https://chromium-review.googlesource.com/c/1298420
Reviewed-by: Karan Bhatia <karandeepb@chromium.org>
Commit-Queue: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#604805}
[modify] https://crrev.com/a973691ebe6c4ecf5124c7740626beeb8616584e/chrome/browser/extensions/active_tab_apitest.cc
[modify] https://crrev.com/a973691ebe6c4ecf5124c7740626beeb8616584e/chrome/browser/extensions/active_tab_permission_granter.cc
[modify] https://crrev.com/a973691ebe6c4ecf5124c7740626beeb8616584e/chrome/browser/extensions/active_tab_unittest.cc
[modify] https://crrev.com/a973691ebe6c4ecf5124c7740626beeb8616584e/chrome/common/extensions/docs/templates/articles/activeTab.html
[modify] https://crrev.com/a973691ebe6c4ecf5124c7740626beeb8616584e/chrome/test/data/extensions/api_test/active_tab/background.js

Comment 2 by rdevlin....@chromium.org, Dec 13

Status: Fixed (was: Started)
I think this is fixed with #1.

Sign in to add a comment