[OOPIF PDF Viewer] Allow PDF resource requests for PDF navigation [chromium/src : main]

509 views
Skip to first unread message

Andy Phan (Gerrit)

unread,
Sep 11, 2023, 6:44:27 PM9/11/23
to Devlin Cronin, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, findit...@appspot.gserviceaccount.com

Attention is currently required from: Devlin Cronin.

Andy Phan would like Devlin Cronin to review this change.

View Change

[OOPIF PDF Viewer] Allow PDF resource requests for PDF navigation

Allow PDF extension resources to be requested only for the frames in the
PDF Viewer architecture. The frames that should be able to access the
resources are the extension frame and the content frame.

In ResourceRequestPolicy::CanRequestResource(), if the top frame has the
same origin as the resource, then the resource can be requested. This is
the case for MimeHandlerViewGuest PDF Viewer, as the PDF extension is in
an inner WebContents.

For OOPIF PDF Viewer, there is only one WebContents, so the top frame's
origin is not the same. Loosen the conditions to allow PDF resource
requests for OOPIF PDF Viewer.

Bug: 1445746
Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
---
M chrome/renderer/BUILD.gn
M chrome/renderer/extensions/DEPS
M chrome/renderer/extensions/resource_request_policy.cc
3 files changed, 27 insertions(+), 0 deletions(-)


To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: newchange
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>

Andy Phan (Gerrit)

unread,
Sep 11, 2023, 6:44:33 PM9/11/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Devlin Cronin.

View Change

1 comment:

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Comment-Date: Mon, 11 Sep 2023 22:44:23 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No

Lei Zhang (Gerrit)

unread,
Sep 11, 2023, 7:04:00 PM9/11/23
to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Lei Zhang, Devlin Cronin, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Andy Phan, Devlin Cronin.

View Change

2 comments:

  • File chrome/renderer/extensions/resource_request_policy.cc:

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-Attention: Andy Phan <andy...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Comment-Date: Mon, 11 Sep 2023 23:03:46 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No

Andy Phan (Gerrit)

unread,
Sep 11, 2023, 7:21:36 PM9/11/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Lei Zhang, Devlin Cronin, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Devlin Cronin, Lei Zhang.

View Change

1 comment:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • Patch Set #6, Line 137: if (frame_url.IsAboutBlank()) {

      Can a regular renderer that's on about:blank abuse this logic to request PDF extension resources?

    • I'm not sure of the threat model here; lines 109, 119, and 129 all check the frame_url too, so I'd imagine that those could be abused, too, in addition to about:blank?

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Attention: Lei Zhang <the...@chromium.org>
Gerrit-Comment-Date: Mon, 11 Sep 2023 23:21:26 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Lei Zhang <the...@chromium.org>

Lei Zhang (Gerrit)

unread,
Sep 11, 2023, 7:31:52 PM9/11/23
to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Lei Zhang, Devlin Cronin, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Andy Phan, Devlin Cronin.

View Change

1 comment:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • I'm not sure of the threat model here; lines 109, 119, and 129 all check the frame_url too, so I'd i […]

      I don't understand your definition of "abused".

      I'm just looking at this particular check and wondering about the behavior on about:blank. Can about:blank currently load PDF extension resources without this CL? e.g. With Devtools. Can about:blank load PDF extension resources with this CL? It's a straightforward question and I'm not implying there is anything unusual happening aside from the use of Devtools.

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-Attention: Andy Phan <andy...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Comment-Date: Mon, 11 Sep 2023 23:31:40 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Andy Phan <andy...@chromium.org>
Comment-In-Reply-To: Lei Zhang <the...@chromium.org>

Andy Phan (Gerrit)

unread,
Sep 11, 2023, 8:11:10 PM9/11/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Lei Zhang, Devlin Cronin, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Devlin Cronin, Lei Zhang.

View Change

1 comment:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • I don't understand your definition of "abused". […]

      Sorry, I misunderstood the question.

      I tested this by navigating to about:blank using the omnibox, opening DevTools, and running in the console: `fetch('chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/index.css')`.

      Without this CL, CanRequestResource() returns false, so the resource request is denied.

      With this CL, CanRequestResource() returns true, but there's still an error on the request: `net::ERR_BLOCKED_BY_CLIENT`.

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Attention: Lei Zhang <the...@chromium.org>
Gerrit-Comment-Date: Tue, 12 Sep 2023 00:11:01 +0000

Lei Zhang (Gerrit)

unread,
Sep 11, 2023, 8:23:26 PM9/11/23
to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Lei Zhang, Devlin Cronin, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Andy Phan, Devlin Cronin.

View Change

1 comment:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • Sorry, I misunderstood the question. […]

      Is that because this code is out of sync with AllowExtensionResourceLoad()? See the comment on line 77.

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-Attention: Andy Phan <andy...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Comment-Date: Tue, 12 Sep 2023 00:23:17 +0000

Andy Phan (Gerrit)

unread,
Sep 11, 2023, 11:49:07 PM9/11/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Lei Zhang, Devlin Cronin, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Devlin Cronin, Lei Zhang.

View Change

1 comment:

  • File chrome/renderer/extensions/resource_request_policy.cc:

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Attention: Lei Zhang <the...@chromium.org>
Gerrit-Comment-Date: Tue, 12 Sep 2023 03:48:51 +0000

Lei Zhang (Gerrit)

unread,
Sep 12, 2023, 1:49:23 PM9/12/23
to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Lei Zhang, Devlin Cronin, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Andy Phan, Devlin Cronin.

View Change

1 comment:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • Yes, with the CL, CanRequestResource() returning true but still having an error is because of https: […]

      I'm surprised to hear AllowExtensionResourceLoad() can return false with this CL, but return true without this CL. Even though this CL does not touch AllowExtensionResourceLoad().

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-Attention: Andy Phan <andy...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Comment-Date: Tue, 12 Sep 2023 17:49:13 +0000

Andy Phan (Gerrit)

unread,
Sep 12, 2023, 2:06:45 PM9/12/23
to David Bertoni, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, findit...@appspot.gserviceaccount.com

Attention is currently required from: David Bertoni, Devlin Cronin.

Andy Phan would like David Bertoni to review this change.

View Change

[OOPIF PDF Viewer] Allow PDF resource requests for PDF navigation

Allow PDF extension resources to be requested only for the frames in the
PDF Viewer architecture. The frames that should be able to access the
resources are the extension frame and the content frame.

In ResourceRequestPolicy::CanRequestResource(), if the top frame has the
same origin as the resource, then the resource can be requested. This is
the case for MimeHandlerViewGuest PDF Viewer, as the PDF extension is in
an inner WebContents.

For OOPIF PDF Viewer, there is only one WebContents, so the top frame's
origin is not the same. Loosen the conditions to allow PDF resource
requests for OOPIF PDF Viewer.

Bug: 1445746
Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
---
M chrome/renderer/BUILD.gn
M chrome/renderer/extensions/DEPS
M chrome/renderer/extensions/resource_request_policy.cc
3 files changed, 27 insertions(+), 0 deletions(-)


To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: newchange
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-Attention: David Bertoni <dber...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>

Andy Phan (Gerrit)

unread,
Sep 12, 2023, 2:06:53 PM9/12/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, David Bertoni, Lei Zhang, Devlin Cronin, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: David Bertoni, Devlin Cronin.

View Change

1 comment:

  • Patchset:

    • Patch Set #6:

      +dbertoni@, as Devlin is effectively OOO. Please see the first comment for context on this CL. Thanks!

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-Attention: David Bertoni <dber...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Comment-Date: Tue, 12 Sep 2023 18:06:42 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No

Andy Phan (Gerrit)

unread,
Sep 12, 2023, 2:07:16 PM9/12/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, David Bertoni, findit...@appspot.gserviceaccount.com

Attention is currently required from: David Bertoni, Devlin Cronin.

Andy Phan has uploaded this change for review.

View Change

[OOPIF PDF Viewer] Allow PDF resource requests for PDF navigation

Allow PDF extension resources to be requested only for the frames in the
PDF Viewer architecture. The frames that should be able to access the
resources are the extension frame and the content frame.

In ResourceRequestPolicy::CanRequestResource(), if the top frame has the
same origin as the resource, then the resource can be requested. This is
the case for MimeHandlerViewGuest PDF Viewer, as the PDF extension is in
an inner WebContents.

For OOPIF PDF Viewer, there is only one WebContents, so the top frame's
origin is not the same. Loosen the conditions to allow PDF resource
requests for OOPIF PDF Viewer.

Bug: 1445746
Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
---
M chrome/renderer/BUILD.gn
M chrome/renderer/extensions/DEPS
M chrome/renderer/extensions/resource_request_policy.cc
3 files changed, 27 insertions(+), 0 deletions(-)


To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: newchange
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>

David Bertoni (Gerrit)

unread,
Sep 14, 2023, 1:44:10 PM9/14/23
to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Andy Phan, Devlin Cronin, Lei Zhang.

View Change

1 comment:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • I'm surprised to hear AllowExtensionResourceLoad() can return false with this CL, but return true wi […]

      Has this thread been resolved? I don't want to +1 this until everyone's OK.

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-Attention: Andy Phan <andy...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Attention: Lei Zhang <the...@chromium.org>
Gerrit-Comment-Date: Thu, 14 Sep 2023 17:43:56 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No

Andy Phan (Gerrit)

unread,
Sep 14, 2023, 7:56:07 PM9/14/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: David Bertoni, Devlin Cronin.

View Change

1 comment:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • Has this thread been resolved? I don't want to +1 this until everyone's OK.

      Not yet. I'm awaiting an opinion from someone either from the extensions team or the security team about this.

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-Attention: David Bertoni <dber...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Comment-Date: Thu, 14 Sep 2023 23:55:57 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: David Bertoni <dber...@chromium.org>

Lei Zhang (Gerrit)

unread,
Sep 14, 2023, 8:07:43 PM9/14/23
to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Andy Phan, David Bertoni, Devlin Cronin.

View Change

1 comment:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • Not yet. […]

      Have you made it clear to extensions/security folks that you want their opinion? e.g. Are you waiting for dbertoni@ to give their thoughts on whether about:blank should be able to access PDF extension resources?

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-Attention: David Bertoni <dber...@chromium.org>
Gerrit-Attention: Andy Phan <andy...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Comment-Date: Fri, 15 Sep 2023 00:07:29 +0000

Andy Phan (Gerrit)

unread,
Sep 14, 2023, 8:38:54 PM9/14/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: David Bertoni, Devlin Cronin, Lei Zhang.

View Change

1 comment:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • Have you made it clear to extensions/security folks that you want their opinion? e.g. […]

      I'll make it clearer.

      +dbertoni@, are you familiar with this ResourceRequestPolicy::CanRequestResource()? WDYT about this line allowing about:blank to access extension resources? It doesn't actually allow it, since there are browser-side checks that disallow it, but we're not sure if those have to be in complete sync. There's an existing case mentioned in the thread where it goes out of sync.

      Empty URLs, chrome:// schemes and other schemes allow extension resources, but I'd assume those are locked down more heavily than about:blank.

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-Attention: David Bertoni <dber...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Attention: Lei Zhang <the...@chromium.org>
Gerrit-Comment-Date: Fri, 15 Sep 2023 00:38:46 +0000

David Bertoni (Gerrit)

unread,
Sep 14, 2023, 10:09:03 PM9/14/23
to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Andy Phan, Devlin Cronin, Lei Zhang.

View Change

1 comment:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • I'll make it clearer. […]

      I don't have much experience in this area, so I hesitate to offer an opinion. There are certainly lots of cases where there are renderer-side checks that are duplicated in the browser, given that renderers can be compromised.

      I'm somewhat worried about the inconsistency here. This is something Devlin should probably weigh in on.

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-Attention: Andy Phan <andy...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Attention: Lei Zhang <the...@chromium.org>
Gerrit-Comment-Date: Fri, 15 Sep 2023 02:08:49 +0000

Lei Zhang (Gerrit)

unread,
Sep 15, 2023, 1:45:36 PM9/15/23
to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Andy Phan, David Bertoni, Devlin Cronin.

View Change

1 comment:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • I don't have much experience in this area, so I hesitate to offer an opinion. […]

      For this particular navigation where `frame_url` is about:blank, I see `initiator_origin` is chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai and so is `frame_origin`. I wonder if it makes sense to take those into account when making this decision.

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-Attention: David Bertoni <dber...@chromium.org>
Gerrit-Attention: Andy Phan <andy...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Comment-Date: Fri, 15 Sep 2023 17:45:24 +0000

Andy Phan (Gerrit)

unread,
Sep 15, 2023, 3:18:18 PM9/15/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Łukasz Anforowicz, David Bertoni, findit...@appspot.gserviceaccount.com

Attention is currently required from: Devlin Cronin, Łukasz Anforowicz.

Andy Phan has uploaded this change for review.

View Change

[OOPIF PDF Viewer] Allow PDF resource requests for PDF navigation

Allow PDF extension resources to be requested only for the frames in the
PDF Viewer architecture. The frames that should be able to access the
resources are the extension frame and the content frame.

In ResourceRequestPolicy::CanRequestResource(), if the top frame has the
same origin as the resource, then the resource can be requested. This is
the case for MimeHandlerViewGuest PDF Viewer, as the PDF extension is in
an inner WebContents.

For OOPIF PDF Viewer, there is only one WebContents, so the top frame's
origin is not the same. Loosen the conditions to allow PDF resource
requests for OOPIF PDF Viewer.

Bug: 1445746
Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
---
M chrome/renderer/BUILD.gn
M chrome/renderer/extensions/DEPS
M chrome/renderer/extensions/resource_request_policy.cc
3 files changed, 27 insertions(+), 0 deletions(-)


To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: newchange
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-CC: Łukasz Anforowicz <luk...@chromium.org>
Gerrit-Attention: Łukasz Anforowicz <luk...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>

Andy Phan (Gerrit)

unread,
Sep 15, 2023, 3:18:32 PM9/15/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Łukasz Anforowicz, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Devlin Cronin, Łukasz Anforowicz.

View Change

1 comment:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • For this particular navigation where `frame_url` is about:blank, I see `initiator_origin` is chrome- […]

      +lukasza@ from the Security Team, do you have any thoughts about the discussion above? Thanks!

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-CC: Łukasz Anforowicz <luk...@chromium.org>
Gerrit-Attention: Łukasz Anforowicz <luk...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Comment-Date: Fri, 15 Sep 2023 19:18:15 +0000

Łukasz Anforowicz (Gerrit)

unread,
Sep 15, 2023, 7:24:50 PM9/15/23
to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Andy Phan, Devlin Cronin.

View Change

2 comments:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • +lukasza@ from the Security Team, do you have any thoughts about the discussion above? Thanks!

      This is //chrome/**renderer**/extensions/... - overall security ultimately depends on checks that should be happening in the browser process (e.g. in //extensions/browser/extension_protocols.cc or //extensions/browser/extension_navigation_throttle.cc for navigations). In other words, having inconsistency between the renderer and browser checks is a bit undesirable, but shouldn’t have a security impact. OTOH, having correct/matching renderer checks can 1) provide better user experience (e.g. more details about the failure) and/or 2) avoid renderer kills when the browser receives an IPC that it thinks the renderer should never send. Still, I would defer to the Extensions Team for whether a discrepancy between browser and renderer checks is okay here or not.

      That said, I agree with the recommendation to compare the `initiator_origin` with `kPdfExtensionId` (which would directly attribute the request to the PDF extension) instead of comparing `frame_url` with “about:blank” (which is a broad heuristic that is likely to catch more than just the PDF extension).

    • +1

      Is it possible that the current CL may result in null dereference and a crash if `frame->Parent()` is null? If so, it seems that it might be desirable to add test coverage that would catch such a crash?

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 6
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-CC: Łukasz Anforowicz <luk...@chromium.org>
Gerrit-Attention: Andy Phan <andy...@chromium.org>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Comment-Date: Fri, 15 Sep 2023 23:24:41 +0000

Andy Phan (Gerrit)

unread,
Oct 10, 2023, 4:53:54 PM10/10/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org

Attention is currently required from: Andy Phan.

Andy Phan uploaded patch set #7 to this change.

View Change

[OOPIF PDF Viewer] Allow PDF resource requests for PDF navigation

Allow PDF extension resources to be requested only for the frames in the
PDF Viewer architecture. The frames that should be able to access the
resources are the extension frame and the content frame.

In ResourceRequestPolicy::CanRequestResource(), if the top frame has the
same origin as the resource, then the resource can be requested. This is
the case for MimeHandlerViewGuest PDF Viewer, as the PDF extension is in
an inner WebContents.

For OOPIF PDF Viewer, there is only one WebContents, so the top frame's
origin is not the same. Loosen the conditions to allow PDF resource
requests for OOPIF PDF Viewer.

Bug: 1445746
Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
---
M chrome/renderer/BUILD.gn
M chrome/renderer/extensions/DEPS
M chrome/renderer/extensions/resource_request_policy.cc
3 files changed, 30 insertions(+), 0 deletions(-)

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: newpatchset
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 7

Andy Phan (Gerrit)

unread,
Oct 10, 2023, 7:58:22 PM10/10/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org

Attention is currently required from: Andy Phan.

Andy Phan uploaded patch set #8 to this change.

View Change

[OOPIF PDF] Allow PDF resource requests for PDF navigation


Allow PDF extension resources to be requested only for the frames in the
PDF Viewer architecture. The frames that should be able to access the
resources are the extension frame and the content frame.

In ResourceRequestPolicy::CanRequestResource(), if the top frame has the
same origin as the resource, then the resource can be requested. This is
the case for MimeHandlerViewGuest PDF Viewer, as the PDF extension is in
an inner WebContents.

For OOPIF PDF Viewer, there is only one WebContents, so the top frame's
origin is not the same. Loosen the conditions to allow PDF resource
requests for OOPIF PDF Viewer.

Bug: 1445746
Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
---
M chrome/renderer/BUILD.gn
M chrome/renderer/extensions/DEPS
M chrome/renderer/extensions/resource_request_policy.cc
3 files changed, 30 insertions(+), 0 deletions(-)

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: newpatchset
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 8

Andy Phan (Gerrit)

unread,
Oct 11, 2023, 5:26:47 PM10/11/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org

Attention is currently required from: Andy Phan.

Andy Phan uploaded patch set #9 to this change.

Gerrit-PatchSet: 9

Lei Zhang (Gerrit)

unread,
Oct 11, 2023, 5:36:25 PM10/11/23
to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Łukasz Anforowicz, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Andy Phan, David Bertoni, Łukasz Anforowicz.

View Change

1 comment:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • This is //chrome/**renderer**/extensions/... […]

      I would suggest checking for PAGE_TRANSITION_AUTO_SUBFRAME instead of for about:blank, since that's the only valid possibility. The check for about:blank shouldn't be needed in the conditional, but maybe keep it inside the conditional block in a CHECK() as a sanity check.

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 9
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-CC: Łukasz Anforowicz <luk...@chromium.org>
Gerrit-Attention: David Bertoni <dber...@chromium.org>
Gerrit-Attention: Łukasz Anforowicz <luk...@chromium.org>
Gerrit-Attention: Andy Phan <andy...@chromium.org>
Gerrit-Comment-Date: Wed, 11 Oct 2023 21:36:16 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: David Bertoni <dber...@chromium.org>
Comment-In-Reply-To: Łukasz Anforowicz <luk...@chromium.org>

Lei Zhang (Gerrit)

unread,
Oct 11, 2023, 5:50:51 PM10/11/23
to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Łukasz Anforowicz, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Andy Phan, David Bertoni, Łukasz Anforowicz.

View Change

2 comments:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • Patch Set #9, Line 134: extension_origin.host() == extension_misc::kPdfExtensionId) {

      Check the scheme too.

    • Patch Set #9, Line 142: // The parent origin of a PDF content frame should match the extension

      What's the scenario where the above check fails, and code execution reaches this point?

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 9
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-CC: Łukasz Anforowicz <luk...@chromium.org>
Gerrit-Attention: David Bertoni <dber...@chromium.org>
Gerrit-Attention: Łukasz Anforowicz <luk...@chromium.org>
Gerrit-Attention: Andy Phan <andy...@chromium.org>
Gerrit-Comment-Date: Wed, 11 Oct 2023 21:50:40 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No

Andy Phan (Gerrit)

unread,
Oct 12, 2023, 2:51:34 PM10/12/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org

Attention is currently required from: Andy Phan.

Andy Phan uploaded patch set #10 to this change.

View Change

[OOPIF PDF] Allow PDF resource requests for PDF navigation

Allow PDF extension resources to be requested only for the frames in the
PDF Viewer architecture. The frames that should be able to access the
resources are the extension frame and the content frame.

In ResourceRequestPolicy::CanRequestResource(), if the top frame has the
same origin as the resource, then the resource can be requested. This is
the case for MimeHandlerViewGuest PDF Viewer, as the PDF extension is in
an inner WebContents.

For OOPIF PDF Viewer, there is only one WebContents, so the top frame's
origin is not the same. Loosen the conditions to allow PDF resource
requests for OOPIF PDF Viewer.

Bug: 1445746
Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
---
M chrome/renderer/BUILD.gn
M chrome/renderer/extensions/DEPS
M chrome/renderer/extensions/resource_request_policy.cc
3 files changed, 38 insertions(+), 0 deletions(-)

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: newpatchset
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 10
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-CC: Łukasz Anforowicz <luk...@chromium.org>
Gerrit-Attention: Andy Phan <andy...@chromium.org>

Andy Phan (Gerrit)

unread,
Oct 12, 2023, 3:21:24 PM10/12/23
to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Łukasz Anforowicz, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Lei Zhang.

View Change

4 comments:

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • Patch Set #6, Line 137: if (frame_url.IsAboutBlank()) {

      I would suggest checking for PAGE_TRANSITION_AUTO_SUBFRAME instead of for about:blank, since that's […]

      Checking for PAGE_TRANSITION_AUTO_SUBFRAME, with a CHECK for about:blank.

    • +1 […]

      Added conditional to check that parent is non-null.

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • Done

    • Patch Set #9, Line 142: // The parent origin of a PDF content frame should match the extension

      What's the scenario where the above check fails, and code execution reaches this point?

    • This scenario occurs for the PDF content frame, which needs to access the stream resource. Added comments to clarify each scenario.

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 10
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-CC: Łukasz Anforowicz <luk...@chromium.org>
Gerrit-Attention: Lei Zhang <the...@chromium.org>
Gerrit-Comment-Date: Thu, 12 Oct 2023 19:21:14 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No

Devlin Cronin (Gerrit)

unread,
Oct 12, 2023, 5:13:40 PM10/12/23
to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Łukasz Anforowicz, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Andy Phan, Lei Zhang.

View Change

3 comments:

  • Patchset:

    • Patch Set #10:

      Thanks, Andy, and sorry for the delay! It looks like I was never properly added to the feature set in Gerrit, so I never even saw this one come in. A couple of basic questions here

  • File chrome/renderer/extensions/resource_request_policy.cc:

    • Patch Set #10, Line 135:

            extension_origin.scheme() == kExtensionScheme &&
      extension_origin.host() == extension_misc::kPdfExtensionId) {
      // The PDF extension frame should be able to request resources from itself.
      if (ui::PageTransitionCoreTypeIs(
      transition_type,
      ui::PageTransition::PAGE_TRANSITION_AUTO_SUBFRAME) &&
      frame_origin.scheme() == kExtensionScheme &&
      frame_origin.host() == extension_misc::kPdfExtensionId) {
      // The URL will be about:blank when the PDF extension requests its own
      // resources.
      CHECK(frame_url.IsAboutBlank());
      return true;
      }

      I'm surprised this is necessary. If the requesting frame is the PDF extension itself, why would it (ever) be blocked from accessing it's resources?

      For regular extensions, if you do something like:

      • open about:blank from an extension page
      • try to fetch a resource

      The fetch succeeds, because the about:blank frame is still tied to the extension origin.

      What is the PDF viewer doing differently?

    • Patch Set #10, Line 148:


      // The PDF content frame should be able to request resources from the PDF
      // extension. The parent origin of a PDF content frame should match the
      // extension origin.
      blink::WebFrame* parent = frame->Parent();
      if (parent) {
      GURL parent_origin = url::Origin(parent->GetSecurityOrigin()).GetURL();
      if (parent_origin == extension_origin) {
      return true;
      }
      }

      what is the frame origin in this case?

To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
Gerrit-Change-Number: 4782091
Gerrit-PatchSet: 10
Gerrit-Owner: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Lei Zhang <the...@chromium.org>
Gerrit-CC: Łukasz Anforowicz <luk...@chromium.org>
Gerrit-Attention: Andy Phan <andy...@chromium.org>
Gerrit-Attention: Lei Zhang <the...@chromium.org>
Gerrit-Comment-Date: Thu, 12 Oct 2023 21:13:30 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No

findit-for-me@appspot.gserviceaccount.com (Gerrit)

unread,
Oct 16, 2023, 8:49:22 AM10/16/23
to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Łukasz Anforowicz, Devlin Cronin, David Bertoni, Lei Zhang, Chromium LUCI CQ, chromium...@chromium.org

Attention is currently required from: Andy Phan, Lei Zhang.

This change will be blocked from submission as there are files which do not meet the coverage criteria. Following files have incremental coverage(all tests) < 70%.

  • //chrome/renderer/extensions/resource_request_policy.cc

Please add tests for uncovered lines, or add Low-Coverage-Reason:<reason> in the change description to bypass. See https://bit.ly/46jhjS9 to understand when it is okay to bypass. If you think coverage is underreported, file a bug at https://bit.ly/3ENM7Pe

Patch set 11:Code-Coverage -1

View Change

    To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
    Gerrit-Change-Number: 4782091
    Gerrit-PatchSet: 11
    Gerrit-Owner: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
    Gerrit-CC: Devlin Cronin <rdevlin...@chromium.org>
    Gerrit-CC: Lei Zhang <the...@chromium.org>
    Gerrit-CC: Łukasz Anforowicz <luk...@chromium.org>
    Gerrit-Attention: Andy Phan <andy...@chromium.org>
    Gerrit-Attention: Lei Zhang <the...@chromium.org>
    Gerrit-Comment-Date: Mon, 16 Oct 2023 12:49:06 +0000
    Gerrit-HasComments: No
    Gerrit-Has-Labels: Yes

    Andy Phan (Gerrit)

    unread,
    Oct 17, 2023, 2:25:17 PM10/17/23
    to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org

    Attention is currently required from: Andy Phan, Lei Zhang.

    Andy Phan uploaded patch set #12 to this change.

    View Change

    [OOPIF PDF] Allow PDF resource requests for PDF navigation

    Allow PDF extension resources to be requested only for the frames in the
    PDF Viewer architecture. The frames that should be able to access the
    resources are the extension frame and the content frame.

    In ResourceRequestPolicy::CanRequestResource(), if the top frame has the
    same origin as the resource, then the resource can be requested. This is
    the case for MimeHandlerViewGuest PDF Viewer, as the PDF extension is in
    an inner WebContents.

    For OOPIF PDF Viewer, there is only one WebContents, so the top frame's
    origin is not the same. Loosen the conditions to allow PDF resource
    requests for OOPIF PDF Viewer.

    Bug: 1445746
    Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
    ---
    M chrome/renderer/BUILD.gn
    M chrome/renderer/extensions/DEPS
    M chrome/renderer/extensions/resource_request_policy.cc
    3 files changed, 28 insertions(+), 0 deletions(-)

    To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-MessageType: newpatchset
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
    Gerrit-Change-Number: 4782091
    Gerrit-PatchSet: 12

    Andy Phan (Gerrit)

    unread,
    Oct 17, 2023, 2:30:43 PM10/17/23
    to Devlin Cronin, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, David Bertoni, findit...@appspot.gserviceaccount.com

    Attention is currently required from: Devlin Cronin.

    Andy Phan would like Devlin Cronin to review this change.

    View Change

    [OOPIF PDF] Allow PDF resource requests for PDF navigation

    Allow PDF extension resources to be requested only for the frames in the
    PDF Viewer architecture. The frames that should be able to access the
    resources are the extension frame and the content frame.

    In ResourceRequestPolicy::CanRequestResource(), if the top frame has the
    same origin as the resource, then the resource can be requested. This is
    the case for MimeHandlerViewGuest PDF Viewer, as the PDF extension is in
    an inner WebContents.

    For OOPIF PDF Viewer, there is only one WebContents, so the top frame's
    origin is not the same. Loosen the conditions to allow PDF resource
    requests for OOPIF PDF Viewer.

    Bug: 1445746
    Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
    ---
    M chrome/renderer/BUILD.gn
    M chrome/renderer/extensions/DEPS
    M chrome/renderer/extensions/resource_request_policy.cc
    3 files changed, 28 insertions(+), 0 deletions(-)


    To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-MessageType: newchange
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
    Gerrit-Change-Number: 4782091
    Gerrit-PatchSet: 12
    Gerrit-Owner: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
    Gerrit-CC: David Bertoni <dber...@chromium.org>
    Gerrit-CC: Lei Zhang <the...@chromium.org>
    Gerrit-CC: Łukasz Anforowicz <luk...@chromium.org>
    Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>

    Andy Phan (Gerrit)

    unread,
    Oct 17, 2023, 2:30:50 PM10/17/23
    to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, David Bertoni, Łukasz Anforowicz, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

    Attention is currently required from: Devlin Cronin.

    View Change

    3 comments:

    • File chrome/renderer/extensions/resource_request_policy.cc:

      • Checking for PAGE_TRANSITION_AUTO_SUBFRAME, with a CHECK for about:blank.

        Potentially obsolete, so marking resolved for now.

    • File chrome/renderer/extensions/resource_request_policy.cc:

      • Patch Set #10, Line 135:

              extension_origin.scheme() == kExtensionScheme &&
        extension_origin.host() == extension_misc::kPdfExtensionId) {
        // The PDF extension frame should be able to request resources from itself.
        if (ui::PageTransitionCoreTypeIs(
        transition_type,
        ui::PageTransition::PAGE_TRANSITION_AUTO_SUBFRAME) &&
        frame_origin.scheme() == kExtensionScheme &&
        frame_origin.host() == extension_misc::kPdfExtensionId) {
        // The URL will be about:blank when the PDF extension requests its own
        // resources.
        CHECK(frame_url.IsAboutBlank());
        return true;
        }

      • I'm surprised this is necessary. […]

        Normally, `page_origin == extension_origin`, so extensions can get their own resources [1].

        For OOPIF PDF case, I've observed that `page_origin` actually matches the original PDF URL's origin and not the extension origin, which is why resources cannot be requested.

        Added a comment for this.

        (Additionally, the code highlighted is actually no longer needed. The condition below is sufficient for both the extension frame and the content frame cases.)

        [1] https://source.chromium.org/chromium/chromium/src/+/main:chrome/renderer/extensions/resource_request_policy.cc;l=114

      • Patch Set #10, Line 148:


        // The PDF content frame should be able to request resources from the PDF
        // extension. The parent origin of a PDF content frame should match the
        // extension origin.
        blink::WebFrame* parent = frame->Parent();
        if (parent) {
        GURL parent_origin = url::Origin(parent->GetSecurityOrigin()).GetURL();
        if (parent_origin == extension_origin) {
        return true;
        }
        }

        what is the frame origin in this case?

      • The frame origin matches the original PDF content URL's.

        For example, if a user navigates to http://www.pdf995.com/samples/pdf.pdf, then the origin would be origin for the PDF content frame would be that.

    To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
    Gerrit-Change-Number: 4782091
    Gerrit-PatchSet: 12
    Gerrit-Owner: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
    Gerrit-CC: David Bertoni <dber...@chromium.org>
    Gerrit-CC: Lei Zhang <the...@chromium.org>
    Gerrit-CC: Łukasz Anforowicz <luk...@chromium.org>
    Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
    Gerrit-Comment-Date: Tue, 17 Oct 2023 18:30:40 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    Comment-In-Reply-To: David Bertoni <dber...@chromium.org>
    Comment-In-Reply-To: Łukasz Anforowicz <luk...@chromium.org>
    Comment-In-Reply-To: Andy Phan <andy...@chromium.org>
    Comment-In-Reply-To: Devlin Cronin <rdevlin...@chromium.org>
    Comment-In-Reply-To: Lei Zhang <the...@chromium.org>

    Andy Phan (Gerrit)

    unread,
    Oct 18, 2023, 4:54:18 PM10/18/23
    to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, David Bertoni, Łukasz Anforowicz, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

    Attention is currently required from: Devlin Cronin.

    View Change

    2 comments:

      •       extension_origin.scheme() == kExtensionScheme &&
        extension_origin.host() == extension_misc::kPdfExtensionId) {
        // The PDF extension frame should be able to request resources from itself.
        if (ui::PageTransitionCoreTypeIs(
        transition_type,
        ui::PageTransition::PAGE_TRANSITION_AUTO_SUBFRAME) &&
        frame_origin.scheme() == kExtensionScheme &&
        frame_origin.host() == extension_misc::kPdfExtensionId) {
        // The URL will be about:blank when the PDF extension requests its own
        // resources.
        CHECK(frame_url.IsAboutBlank());
        return true;
        }

      • Normally, `page_origin == extension_origin`, so extensions can get their own resources [1]. […]

        To add more details:

        Most of the resources can be requested, since they meet the `frame_url.DeprecatedGetOriginAsURL() == extension_origin` condition. E.g. `index.css, main.js, ...`.

        The two resource requests that need special permission is the PDF's stream resource URL. There's a resource with an ID unique for each PDF viewer instance, that is required for PDF loading.

        The resource_url will look something like: `chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/b44d5875-76c0-4155-8267-c57ced0cccd9`.

        When the PDF extension frame tries to request the stream resource, `frame_url` is empty and `page_origin` is the original PDF URL.

        When the PDF content frame tries to request the stream resource, `frame_url` and `page_origin` are both the original PDF URL.

      • Patch Set #10, Line 148:


        // The PDF content frame should be able to request resources from the PDF
        // extension. The parent origin of a PDF content frame should match the
        // extension origin.
        blink::WebFrame* parent = frame->Parent();
        if (parent) {
        GURL parent_origin = url::Origin(parent->GetSecurityOrigin()).GetURL();
        if (parent_origin == extension_origin) {
        return true;
        }
        }

      • The frame origin matches the original PDF content URL's. […]

        And the frame origin is the PDF content URL for the PDF extension frame's resource request, too.

    To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
    Gerrit-Change-Number: 4782091
    Gerrit-PatchSet: 12
    Gerrit-Owner: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
    Gerrit-CC: David Bertoni <dber...@chromium.org>
    Gerrit-CC: Lei Zhang <the...@chromium.org>
    Gerrit-CC: Łukasz Anforowicz <luk...@chromium.org>
    Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
    Gerrit-Comment-Date: Wed, 18 Oct 2023 20:54:08 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No

    Devlin Cronin (Gerrit)

    unread,
    Oct 25, 2023, 1:45:57 PM10/25/23
    to Łukasz Anforowicz, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Andy Phan, Devlin Cronin, findit...@appspot.gserviceaccount.com

    Attention is currently required from: Andy Phan, Łukasz Anforowicz.

    Devlin Cronin would like Łukasz Anforowicz to review this change authored by Andy Phan.

    View Change

    [OOPIF PDF] Allow PDF resource requests for PDF navigation

    Allow PDF extension resources to be requested only for the frames in the
    PDF Viewer architecture. The frames that should be able to access the
    resources are the extension frame and the content frame.

    In ResourceRequestPolicy::CanRequestResource(), if the top frame has the
    same origin as the resource, then the resource can be requested. This is
    the case for MimeHandlerViewGuest PDF Viewer, as the PDF extension is in
    an inner WebContents.

    For OOPIF PDF Viewer, there is only one WebContents, so the top frame's
    origin is not the same. Loosen the conditions to allow PDF resource
    requests for OOPIF PDF Viewer.

    Bug: 1445746
    Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
    ---
    M chrome/renderer/BUILD.gn
    M chrome/renderer/extensions/DEPS
    M chrome/renderer/extensions/resource_request_policy.cc
    3 files changed, 28 insertions(+), 0 deletions(-)


    To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-MessageType: newchange
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
    Gerrit-Change-Number: 4782091
    Gerrit-PatchSet: 12
    Gerrit-Owner: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
    Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
    Gerrit-CC: David Bertoni <dber...@chromium.org>
    Gerrit-CC: Lei Zhang <the...@chromium.org>
    Gerrit-Attention: Łukasz Anforowicz <luk...@chromium.org>
    Gerrit-Attention: Andy Phan <andy...@chromium.org>

    Devlin Cronin (Gerrit)

    unread,
    Oct 25, 2023, 1:46:03 PM10/25/23
    to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Łukasz Anforowicz, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

    Attention is currently required from: Andy Phan, Łukasz Anforowicz.

    View Change

    2 comments:

    • Patchset:

      • Patch Set #12:

        Thanks, Andy!

        Andy and I talked offline, and adding a test for this isn't really feasible at the moment -- our renderer unit tests don't allow us to set up the proper environment, and this will really need an E2E pdf test.

        I'm fine holding off on the test for now (this is gated on a base::Feature), but I do have an open question here. I'm not *too* concerned about this because the real protections should be in the browser anyway, but I did want to flag it and bring it to @luk...@chromium.org's attention.

    • File chrome/renderer/extensions/resource_request_policy.cc:

      • Patch Set #12, Line 142: blink::WebFrame* parent = frame->Parent();

        I'm assuming that, in the case of an iframe embedding a PDF, we can't look at the top-level origin to match it against the PDF extension?

        I'm slightly worried here about an attack where we have something like:

        evil.com
        - pdf_extension_frame
        - pdf_frame

        and then evil.com navigates pdf_frame (via `frames`) to evil.com/subframe, and then evil.com/subframe can access any PDF extension resources. Is that a concern?

        I don't think there's a _ton_ that could happen there (since the resources would still be properly permissioned, I'd think?), but it... seems undesirable. Maybe that's just a cost we have here, though, since I suppose that might also be achievable through a malicious pdf_frame?

    To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
    Gerrit-Change-Number: 4782091
    Gerrit-PatchSet: 12
    Gerrit-Owner: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
    Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
    Gerrit-CC: David Bertoni <dber...@chromium.org>
    Gerrit-CC: Lei Zhang <the...@chromium.org>
    Gerrit-Attention: Łukasz Anforowicz <luk...@chromium.org>
    Gerrit-Attention: Andy Phan <andy...@chromium.org>
    Gerrit-Comment-Date: Wed, 25 Oct 2023 17:45:53 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No

    Łukasz Anforowicz (Gerrit)

    unread,
    Oct 25, 2023, 2:42:09 PM10/25/23
    to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

    Attention is currently required from: Andy Phan, Devlin Cronin.

    View Change

    2 comments:

      • I'm assuming that, in the case of an iframe embedding a PDF, we can't look at the top-level origin t […]

        I think that I still stand by my earlier position [1] that

        1. When reviewing from a security perspective, I think this is all fine, because ultimately we rely on correctness of the browser-side checks (the checks in the renderer are secondary). FWIW, I haven't reviewed the related browser-side checks for this scenario (but my default position is to assume that somebody has reviewed them in the past and that they look okay).

        2. When just giving an opinion / optional advice, I think that having some consistency between renderer and browser is desirable for maintainability, but I guess that I defer to the Chrome Extensions team on this. If this early return needs to be made, then so be it. (And FWIW in the current patchset the early return seems relatively well/narrow-scoped.)

        [1] https://chromium-review.googlesource.com/c/chromium/src/+/4782091/12#message-cac940f235a6fd7c9a75857e90b9748df0e2fa5b

    To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
    Gerrit-Change-Number: 4782091
    Gerrit-PatchSet: 12
    Gerrit-Owner: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
    Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
    Gerrit-CC: David Bertoni <dber...@chromium.org>
    Gerrit-CC: Lei Zhang <the...@chromium.org>
    Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
    Gerrit-Attention: Andy Phan <andy...@chromium.org>
    Gerrit-Comment-Date: Wed, 25 Oct 2023 18:41:59 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    Comment-In-Reply-To: Devlin Cronin <rdevlin...@chromium.org>

    Andy Phan (Gerrit)

    unread,
    Oct 25, 2023, 3:01:30 PM10/25/23
    to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Łukasz Anforowicz, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

    Attention is currently required from: Devlin Cronin.

    View Change

    1 comment:

    • File chrome/renderer/extensions/resource_request_policy.cc:

    To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
    Gerrit-Change-Number: 4782091
    Gerrit-PatchSet: 12
    Gerrit-Owner: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
    Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
    Gerrit-CC: David Bertoni <dber...@chromium.org>
    Gerrit-CC: Lei Zhang <the...@chromium.org>
    Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
    Gerrit-Comment-Date: Wed, 25 Oct 2023 19:01:15 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    Comment-In-Reply-To: Łukasz Anforowicz <luk...@chromium.org>
    Comment-In-Reply-To: Devlin Cronin <rdevlin...@chromium.org>

    Devlin Cronin (Gerrit)

    unread,
    Oct 25, 2023, 6:12:11 PM10/25/23
    to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, Łukasz Anforowicz, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

    Attention is currently required from: Andy Phan, Łukasz Anforowicz.

    Patch set 13:Code-Review +1

    View Change

    2 comments:

    • Patchset:

    • File chrome/renderer/extensions/resource_request_policy.cc:

      • Re: the evil.com example, […]

        Right -- I'm thinking more along the lines of evil.com embedding a (real) pdf, which triggers the PDF extension and frame load, such that then we get the frame tree I mentioned above (is that right so far?). Then, once that loads, evil.com can navigate the pdf_frame (embedded by the parent extension_frame, but accessible through window.frames) to its own resource. I'm assuming the pdf extension wouldn't monitor this and remove itself from the frame tree (does it?), and then that evil frame could make requests to the pdf extension that would be approved on the renderer, because it's from a frame that the pdf extension embeds.

        Does that make sense?

        Regardless, as Lukasz mentioned, this doesn't _really_ matter because it's in the renderer? So most of this is just an academic discussion at this point.

        In the interest of unblocking this CL, I'll stamp for now, but it does seem like something we'd ideally make better in the future. What do you think about filing a bug that, ideally, this carve out wouldn't be required?

    To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
    Gerrit-Change-Number: 4782091
    Gerrit-PatchSet: 13
    Gerrit-Owner: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
    Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
    Gerrit-CC: David Bertoni <dber...@chromium.org>
    Gerrit-CC: Lei Zhang <the...@chromium.org>
    Gerrit-Attention: Łukasz Anforowicz <luk...@chromium.org>
    Gerrit-Attention: Andy Phan <andy...@chromium.org>
    Gerrit-Comment-Date: Wed, 25 Oct 2023 22:12:01 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: Yes
    Comment-In-Reply-To: Łukasz Anforowicz <luk...@chromium.org>

    Andy Phan (Gerrit)

    unread,
    Oct 25, 2023, 8:14:18 PM10/25/23
    to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, Łukasz Anforowicz, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

    Attention is currently required from: Łukasz Anforowicz.

    View Change

    4 comments:

    • Patchset:

    • File chrome/renderer/extensions/resource_request_policy.cc:

      • Patch Set #10, Line 135:

              extension_origin.scheme() == kExtensionScheme &&
        extension_origin.host() == extension_misc::kPdfExtensionId) {
        // The PDF extension frame should be able to request resources from itself.
        if (ui::PageTransitionCoreTypeIs(
        transition_type,
        ui::PageTransition::PAGE_TRANSITION_AUTO_SUBFRAME) &&
        frame_origin.scheme() == kExtensionScheme &&
        frame_origin.host() == extension_misc::kPdfExtensionId) {
        // The URL will be about:blank when the PDF extension requests its own
        // resources.
        CHECK(frame_url.IsAboutBlank());
        return true;
        }

      • To add more details: […]

        Marking as done.


      • // The PDF content frame should be able to request resources from the PDF
        // extension. The parent origin of a PDF content frame should match the
        // extension origin.

      •     blink::WebFrame* parent = frame->Parent();

      •     if (parent) {
        GURL parent_origin = url::Origin(parent->GetSecurityOrigin()).GetURL();
        if (parent_origin == extension_origin) {
        return true;
        }
        }

      • And the frame origin is the PDF content URL for the PDF extension frame's resource request, too.

        Marking as done.

    • File chrome/renderer/extensions/resource_request_policy.cc:

      • Right -- I'm thinking more along the lines of evil. […]

        Ack, makes sense. creis@ and I have briefly discussed window.frames and if we should somehow disable access to the PDF extension frame (and therefore also disabling access to the pdf_frame). I'll have to escalate this conversation further.

        I filed two bugs which may solve this. One for potentially disallowing access to the content frame (which means this would no longer be a concern, and may have to be done anyway) [1], and one for potentially just changing how we access the PDF extension resources so this wouldn't occur [2].

        Thanks!

        [1] https://bugs.chromium.org/p/chromium/issues/detail?id=1495989
        [2] https://bugs.chromium.org/p/chromium/issues/detail?id=1495995

    To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
    Gerrit-Change-Number: 4782091
    Gerrit-PatchSet: 14
    Gerrit-Owner: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
    Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
    Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
    Gerrit-CC: David Bertoni <dber...@chromium.org>
    Gerrit-CC: Lei Zhang <the...@chromium.org>
    Gerrit-Attention: Łukasz Anforowicz <luk...@chromium.org>
    Gerrit-Comment-Date: Thu, 26 Oct 2023 00:14:09 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    Comment-In-Reply-To: Łukasz Anforowicz <luk...@chromium.org>
    Comment-In-Reply-To: Devlin Cronin <rdevlin...@chromium.org>
    Comment-In-Reply-To: Andy Phan <andy...@chromium.org>

    findit-for-me@appspot.gserviceaccount.com (Gerrit)

    unread,
    Oct 25, 2023, 10:01:53 PM10/25/23
    to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, Łukasz Anforowicz, David Bertoni, Lei Zhang, Chromium LUCI CQ, chromium...@chromium.org

    This change meets the code coverage requirements.

    Patch set 14:Code-Coverage +1

    View Change

      To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

      Gerrit-MessageType: comment
      Gerrit-Project: chromium/src
      Gerrit-Branch: main
      Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
      Gerrit-Change-Number: 4782091
      Gerrit-PatchSet: 14
      Gerrit-Owner: Andy Phan <andy...@chromium.org>
      Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
      Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
      Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
      Gerrit-CC: David Bertoni <dber...@chromium.org>
      Gerrit-CC: Lei Zhang <the...@chromium.org>
      Gerrit-Comment-Date: Thu, 26 Oct 2023 02:01:45 +0000
      Gerrit-HasComments: No
      Gerrit-Has-Labels: Yes

      findit-for-me@appspot.gserviceaccount.com (Gerrit)

      unread,
      Nov 6, 2023, 8:54:30 PM11/6/23
      to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, Łukasz Anforowicz, David Bertoni, Lei Zhang, Chromium LUCI CQ, chromium...@chromium.org

      Attention is currently required from: Andy Phan.

      This change meets the code coverage requirements.

      Patch set 17:Code-Coverage +1

      View Change

        To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

        Gerrit-MessageType: comment
        Gerrit-Project: chromium/src
        Gerrit-Branch: main
        Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
        Gerrit-Change-Number: 4782091
        Gerrit-PatchSet: 17
        Gerrit-Owner: Andy Phan <andy...@chromium.org>
        Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
        Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
        Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
        Gerrit-CC: David Bertoni <dber...@chromium.org>
        Gerrit-CC: Lei Zhang <the...@chromium.org>
        Gerrit-Attention: Andy Phan <andy...@chromium.org>
        Gerrit-Comment-Date: Tue, 07 Nov 2023 01:54:20 +0000
        Gerrit-HasComments: No
        Gerrit-Has-Labels: Yes

        Łukasz Anforowicz (Gerrit)

        unread,
        Nov 7, 2023, 2:01:49 PM11/7/23
        to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

        Attention is currently required from: Andy Phan.

        Patch set 17:Code-Review +1

        View Change

        1 comment:

        • Patchset:

        To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

        Gerrit-MessageType: comment
        Gerrit-Project: chromium/src
        Gerrit-Branch: main
        Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
        Gerrit-Change-Number: 4782091
        Gerrit-PatchSet: 17
        Gerrit-Owner: Andy Phan <andy...@chromium.org>
        Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
        Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
        Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
        Gerrit-CC: David Bertoni <dber...@chromium.org>
        Gerrit-CC: Lei Zhang <the...@chromium.org>
        Gerrit-Attention: Andy Phan <andy...@chromium.org>
        Gerrit-Comment-Date: Tue, 07 Nov 2023 19:01:40 +0000
        Gerrit-HasComments: Yes
        Gerrit-Has-Labels: Yes

        Andy Phan (Gerrit)

        unread,
        Nov 7, 2023, 4:00:53 PM11/7/23
        to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Łukasz Anforowicz, Devlin Cronin, David Bertoni, Lei Zhang, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

        Patch set 18:Commit-Queue +2

        View Change

          To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

          Gerrit-MessageType: comment
          Gerrit-Project: chromium/src
          Gerrit-Branch: main
          Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
          Gerrit-Change-Number: 4782091
          Gerrit-PatchSet: 18
          Gerrit-Owner: Andy Phan <andy...@chromium.org>
          Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
          Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
          Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
          Gerrit-CC: David Bertoni <dber...@chromium.org>
          Gerrit-CC: Lei Zhang <the...@chromium.org>
          Gerrit-Comment-Date: Tue, 07 Nov 2023 21:00:45 +0000
          Gerrit-HasComments: No
          Gerrit-Has-Labels: Yes

          Andy Phan (Gerrit)

          unread,
          Nov 7, 2023, 4:14:52 PM11/7/23
          to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org

          Attention is currently required from: Andy Phan.

          Andy Phan uploaded patch set #19 to this change.

          View Change

          [OOPIF PDF] Allow PDF resource requests for PDF navigation

          Allow PDF extension resources to be requested only for the frames in the
          PDF Viewer architecture. The frames that should be able to access the
          resources are the extension frame and the content frame.

          In ResourceRequestPolicy::CanRequestResource(), if the top frame has the
          same origin as the resource, then the resource can be requested. This is
          the case for MimeHandlerViewGuest PDF Viewer, as the PDF extension is in
          an inner WebContents.

          For OOPIF PDF Viewer, there is only one WebContents, so the top frame's
          origin is not the same. Loosen the conditions to allow PDF resource
          requests for OOPIF PDF Viewer.

          Low-Coverage-Reason: TESTS_IN_SEPARATE_CL Future end-to-end tests for
          OOPIF PDF will provide code coverage for the changes made in this CL.


          Bug: 1445746
          Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
          ---
          M chrome/renderer/BUILD.gn
          M chrome/renderer/extensions/DEPS
          M chrome/renderer/extensions/resource_request_policy.cc
          3 files changed, 28 insertions(+), 0 deletions(-)

          To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

          Gerrit-MessageType: newpatchset
          Gerrit-Project: chromium/src
          Gerrit-Branch: main
          Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
          Gerrit-Change-Number: 4782091
          Gerrit-PatchSet: 19
          Gerrit-Owner: Andy Phan <andy...@chromium.org>
          Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
          Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
          Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
          Gerrit-CC: David Bertoni <dber...@chromium.org>
          Gerrit-CC: Lei Zhang <the...@chromium.org>
          Gerrit-Attention: Andy Phan <andy...@chromium.org>

          Andy Phan (Gerrit)

          unread,
          Nov 7, 2023, 4:15:32 PM11/7/23
          to Lei Zhang, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Łukasz Anforowicz, Devlin Cronin, findit...@appspot.gserviceaccount.com

          Attention is currently required from: Lei Zhang.

          Andy Phan would like Lei Zhang to review this change.

          View Change

          [OOPIF PDF] Allow PDF resource requests for PDF navigation

          Allow PDF extension resources to be requested only for the frames in the
          PDF Viewer architecture. The frames that should be able to access the
          resources are the extension frame and the content frame.

          In ResourceRequestPolicy::CanRequestResource(), if the top frame has the
          same origin as the resource, then the resource can be requested. This is
          the case for MimeHandlerViewGuest PDF Viewer, as the PDF extension is in
          an inner WebContents.

          For OOPIF PDF Viewer, there is only one WebContents, so the top frame's
          origin is not the same. Loosen the conditions to allow PDF resource
          requests for OOPIF PDF Viewer.

          Low-Coverage-Reason: TESTS_IN_SEPARATE_CL Future end-to-end tests for
          OOPIF PDF will provide code coverage for the changes made in this CL.

          Bug: 1445746
          Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
          ---
          M chrome/renderer/BUILD.gn
          M chrome/renderer/extensions/DEPS
          M chrome/renderer/extensions/resource_request_policy.cc
          3 files changed, 28 insertions(+), 0 deletions(-)


          To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

          Gerrit-MessageType: newchange
          Gerrit-Project: chromium/src
          Gerrit-Branch: main
          Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
          Gerrit-Change-Number: 4782091
          Gerrit-PatchSet: 19
          Gerrit-Owner: Andy Phan <andy...@chromium.org>
          Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
          Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
          Gerrit-Reviewer: Lei Zhang <the...@chromium.org>
          Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
          Gerrit-CC: David Bertoni <dber...@chromium.org>
          Gerrit-Attention: Lei Zhang <the...@chromium.org>

          Andy Phan (Gerrit)

          unread,
          Nov 7, 2023, 4:15:37 PM11/7/23
          to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Lei Zhang, Łukasz Anforowicz, Devlin Cronin, David Bertoni, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

          Attention is currently required from: Lei Zhang.

          View Change

          1 comment:

          • Patchset:

            • Patch Set #19:

              +thestig@ to reviewer for ownership of pdf/pdf_features.h for DEPS.

          To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

          Gerrit-MessageType: comment
          Gerrit-Project: chromium/src
          Gerrit-Branch: main
          Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
          Gerrit-Change-Number: 4782091
          Gerrit-PatchSet: 19
          Gerrit-Owner: Andy Phan <andy...@chromium.org>
          Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
          Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
          Gerrit-Reviewer: Lei Zhang <the...@chromium.org>
          Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
          Gerrit-CC: David Bertoni <dber...@chromium.org>
          Gerrit-Attention: Lei Zhang <the...@chromium.org>
          Gerrit-Comment-Date: Tue, 07 Nov 2023 21:15:29 +0000
          Gerrit-HasComments: Yes
          Gerrit-Has-Labels: No

          Andy Phan (Gerrit)

          unread,
          Nov 7, 2023, 4:16:07 PM11/7/23
          to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org

          Attention is currently required from: Lei Zhang.

          Andy Phan uploaded patch set #20 to this change.

          View Change

          [OOPIF PDF] Allow PDF resource requests for PDF navigation

          Allow PDF extension resources to be requested only for the frames in the
          PDF Viewer architecture. The frames that should be able to access the
          resources are the extension frame and the content frame.

          In ResourceRequestPolicy::CanRequestResource(), if the top frame has the
          same origin as the resource, then the resource can be requested. This is
          the case for MimeHandlerViewGuest PDF Viewer, as the PDF extension is in
          an inner WebContents.

          For OOPIF PDF Viewer, there is only one WebContents, so the top frame's
          origin is not the same. Loosen the conditions to allow PDF resource
          requests for OOPIF PDF Viewer.

          Bug: 1445746
          Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
          ---
          M chrome/renderer/BUILD.gn
          M chrome/renderer/extensions/DEPS
          M chrome/renderer/extensions/resource_request_policy.cc
          3 files changed, 28 insertions(+), 0 deletions(-)

          To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

          Gerrit-MessageType: newpatchset
          Gerrit-Project: chromium/src
          Gerrit-Branch: main
          Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
          Gerrit-Change-Number: 4782091
          Gerrit-PatchSet: 20

          Lei Zhang (Gerrit)

          unread,
          Nov 7, 2023, 4:50:37 PM11/7/23
          to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Lei Zhang, Łukasz Anforowicz, Devlin Cronin, David Bertoni, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

          Attention is currently required from: Andy Phan.

          Patch set 20:Code-Review +1

          View Change

            To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

            Gerrit-MessageType: comment
            Gerrit-Project: chromium/src
            Gerrit-Branch: main
            Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
            Gerrit-Change-Number: 4782091
            Gerrit-PatchSet: 20
            Gerrit-Owner: Andy Phan <andy...@chromium.org>
            Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
            Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
            Gerrit-Reviewer: Lei Zhang <the...@chromium.org>
            Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
            Gerrit-CC: David Bertoni <dber...@chromium.org>
            Gerrit-Attention: Andy Phan <andy...@chromium.org>
            Gerrit-Comment-Date: Tue, 07 Nov 2023 21:50:28 +0000
            Gerrit-HasComments: No
            Gerrit-Has-Labels: Yes

            Andy Phan (Gerrit)

            unread,
            Nov 7, 2023, 5:30:36 PM11/7/23
            to chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Lei Zhang, Łukasz Anforowicz, Devlin Cronin, David Bertoni, findit...@appspot.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org

            Patch set 20:Commit-Queue +2

            View Change

              To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

              Gerrit-MessageType: comment
              Gerrit-Project: chromium/src
              Gerrit-Branch: main
              Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
              Gerrit-Change-Number: 4782091
              Gerrit-PatchSet: 20
              Gerrit-Owner: Andy Phan <andy...@chromium.org>
              Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
              Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
              Gerrit-Reviewer: Lei Zhang <the...@chromium.org>
              Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
              Gerrit-CC: David Bertoni <dber...@chromium.org>
              Gerrit-Comment-Date: Tue, 07 Nov 2023 22:30:21 +0000
              Gerrit-HasComments: No
              Gerrit-Has-Labels: Yes

              Chromium LUCI CQ (Gerrit)

              unread,
              Nov 7, 2023, 5:52:20 PM11/7/23
              to Andy Phan, chromium-a...@chromium.org, extension...@chromium.org, pdf-r...@chromium.org, Lei Zhang, Łukasz Anforowicz, Devlin Cronin, David Bertoni, findit...@appspot.gserviceaccount.com, chromium...@chromium.org

              Chromium LUCI CQ submitted this change.

              View Change

              Approvals: Andy Phan: Commit Devlin Cronin: Looks good to me Łukasz Anforowicz: Looks good to me findit...@appspot.gserviceaccount.com: Ok Lei Zhang: Looks good to me
              [OOPIF PDF] Allow PDF resource requests for PDF navigation

              Allow PDF extension resources to be requested only for the frames in the
              PDF Viewer architecture. The frames that should be able to access the
              resources are the extension frame and the content frame.

              In ResourceRequestPolicy::CanRequestResource(), if the top frame has the
              same origin as the resource, then the resource can be requested. This is
              the case for MimeHandlerViewGuest PDF Viewer, as the PDF extension is in
              an inner WebContents.

              For OOPIF PDF Viewer, there is only one WebContents, so the top frame's
              origin is not the same. Loosen the conditions to allow PDF resource
              requests for OOPIF PDF Viewer.

              Bug: 1445746
              Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
              Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4782091
              Reviewed-by: Łukasz Anforowicz <luk...@chromium.org>
              Code-Coverage: findit...@appspot.gserviceaccount.com <findit...@appspot.gserviceaccount.com>
              Reviewed-by: Lei Zhang <the...@chromium.org>
              Reviewed-by: Devlin Cronin <rdevlin...@chromium.org>
              Commit-Queue: Andy Phan <andy...@chromium.org>
              Cr-Commit-Position: refs/heads/main@{#1221234}

              ---
              M chrome/renderer/BUILD.gn
              M chrome/renderer/extensions/DEPS
              M chrome/renderer/extensions/resource_request_policy.cc
              3 files changed, 28 insertions(+), 0 deletions(-)


              To view, visit change 4782091. To unsubscribe, or for help writing mail filters, visit settings.

              Gerrit-MessageType: merged
              Gerrit-Project: chromium/src
              Gerrit-Branch: main
              Gerrit-Change-Id: I05a5273d5842d35a70a08233761fb1416d97effb
              Gerrit-Change-Number: 4782091
              Gerrit-PatchSet: 21
              Gerrit-Owner: Andy Phan <andy...@chromium.org>
              Gerrit-Reviewer: Andy Phan <andy...@chromium.org>
              Gerrit-Reviewer: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>
              Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
              Gerrit-Reviewer: Lei Zhang <the...@chromium.org>
              Gerrit-Reviewer: Łukasz Anforowicz <luk...@chromium.org>
              Reply all
              Reply to author
              Forward
              0 new messages