mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

fix: make grant_file_protocol_extra_privileges fuse also block CORS fetches (#40801)

Browse source
This commit is contained in:
Jeremy Rose 2024-01-02 13:06:33 -08:00 committed by GitHub
parent a208d45aca
commit be4e4ff11b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 67 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

28
shell/browser/protocol_registry.cc
View file

@ -6,6 +6,7 @@
#include "base/stl_util.h"
#include "content/public/browser/web_contents.h"
#include "electron/fuses.h"
#include "shell/browser/electron_browser_context.h"
#include "shell/browser/net/asar/asar_url_loader_factory.h"
@ -24,18 +25,21 @@ ProtocolRegistry::~ProtocolRegistry() = default;
void ProtocolRegistry::RegisterURLLoaderFactories(
content::ContentBrowserClient::NonNetworkURLLoaderFactoryMap* factories,
bool allow_file_access) {
auto file_factory = factories->find(url::kFileScheme);
if (file_factory != factories->end()) {
// If Chromium already allows file access then replace the url factory to
// also loading asar files.
file_factory->second = AsarURLLoaderFactory::Create();
} else if (allow_file_access) {
// Otherwise only allow file access when it is explicitly allowed.
//
// Note that Chromium may call |emplace| to create the default file factory
// after this call, it won't override our asar factory, but if asar support
// breaks in future, please check if Chromium has changed the call.
factories->emplace(url::kFileScheme, AsarURLLoaderFactory::Create());
if (electron::fuses::IsGrantFileProtocolExtraPrivilegesEnabled()) {
auto file_factory = factories->find(url::kFileScheme);
if (file_factory != factories->end()) {
// If Chromium already allows file access then replace the url factory to
// also loading asar files.
file_factory->second = AsarURLLoaderFactory::Create();
} else if (allow_file_access) {
// Otherwise only allow file access when it is explicitly allowed.
//
// Note that Chromium may call |emplace| to create the default file
// factory after this call, it won't override our asar factory, but if
// asar support breaks in future, please check if Chromium has changed the
// call.
factories->emplace(url::kFileScheme, AsarURLLoaderFactory::Create());
}
}
for (const auto& it : handlers_) {