Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(622)

Unified Diff: chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

Issue 10959032: Protect the entire webstore origin, not just the webstore path, with XFO. Follow-up to crrev.com/1… (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc
===================================================================
--- chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc (revision 157879)
+++ chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc (working copy)
@@ -357,8 +357,7 @@
// Build in additional protection for the chrome web store origin.
GURL webstore_url(extension_urls::GetWebstoreLaunchURL());
- if (request->url().DomainIs(webstore_url.host().c_str()) &&
- StartsWithASCII(request->url().path(), webstore_url.path(), false)) {
+ if (request->url().DomainIs(webstore_url.host().c_str())) {
net::HttpResponseHeaders* response_headers = request->response_headers();
if (!response_headers->HasHeaderValue("x-frame-options", "deny") &&
!response_headers->HasHeaderValue("x-frame-options", "sameorigin")) {

Powered by Google App Engine
This is Rietveld 408576698