Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(248)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chrome_content_browser_client.cc

Issue 9837074: Make it so that allow_js_access: false can be used with background pages created by window.open. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Revised approach based on http://crrev.com/125180. Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/chrome_content_browser_client.h ('k') | chrome/browser/extensions/app_background_page_apitest.cc » ('j') | chrome/browser/ui/browser.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chrome_content_browser_client.cc
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index 76de2316615e11e70554fe75e7c8a6a46b0b08d2..9182a463bbd788ba00943e0379d4f7b126050e6e 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -1259,7 +1259,8 @@ void ChromeContentBrowserClient::CancelDesktopNotification(
#endif
}
-bool ChromeContentBrowserClient::CanCreateWindow(
+content::ContentBrowserClient::CanCreateWindowResult
+ChromeContentBrowserClient::CanCreateWindow(
const GURL& opener_url,
const GURL& source_origin,
WindowContainerType container_type,
@@ -1272,23 +1273,25 @@ bool ChromeContentBrowserClient::CanCreateWindow(
ProfileIOData* io_data = ProfileIOData::FromResourceContext(context);
ExtensionInfoMap* map = io_data->GetExtensionInfoMap();
- // If the opener is not allowed to script its background window, then return
- // false so that the window.open call returns null. In this case, only
- // the manifest is permitted to create a background window.
+ if (!map->SecurityOriginHasAPIPermission(
+ source_origin,
+ render_process_id,
+ ExtensionAPIPermission::kBackground)) {
+ return CANNOT_CREATE_WINDOW;
+ }
+
// Note: this use of GetExtensionOrAppByURL is safe but imperfect. It may
// return a recently installed Extension even if this CanCreateWindow call
// was made by an old copy of the page in a normal web process. That's ok,
- // because the permission check below will still fail. We must use the
- // full URL to find hosted apps, though, and not just the origin.
+ // because the permission check above would have caused an early return
+ // already. We must use the full URL to find hosted apps, though, and not
+ // just the origin.
const Extension* extension = map->extensions().GetExtensionOrAppByURL(
ExtensionURLInfo(opener_url));
if (extension && !extension->allow_background_js_access())
- return false;
-
- return map->SecurityOriginHasAPIPermission(
- source_origin, render_process_id, ExtensionAPIPermission::kBackground);
+ return CAN_CREATE_WINDOW_NO_JS_ACCESS;
}
- return true;
+ return CAN_CREATE_WINDOW;
}
std::string ChromeContentBrowserClient::GetWorkerProcessTitle(
« no previous file with comments | « chrome/browser/chrome_content_browser_client.h ('k') | chrome/browser/extensions/app_background_page_apitest.cc » ('j') | chrome/browser/ui/browser.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698