fix: allow accessing file:// when web security is disabled (#28489)

* fix: allow accessing file:// when web security is disabled * test: fix webview tests on web security * chore: remove unused attributes * chore: cleanup RegisterURLLoaderFactories method
2021-04-07 10:46:23 +09:00 · 2021-04-07 10:46:23 +09:00 · e454bded3c
commit e454bded3c
parent fe0da255b6
5 changed files with 100 additions and 54 deletions
--- a/shell/browser/electron_browser_client.cc
+++ b/shell/browser/electron_browser_client.cc
@ -1286,9 +1286,10 @@ void ElectronBrowserClient::RegisterNonNetworkNavigationURLLoaderFactories(
          context, ukm_source_id,
          false /* we don't support extensions::WebViewGuest */));
 #endif
+  // Always allow navigating to file:// URLs.
  auto* protocol_registry = ProtocolRegistry::FromBrowserContext(context);
-  protocol_registry->RegisterURLLoaderFactories(
-      URLLoaderFactoryType::kNavigation, factories);
+  protocol_registry->RegisterURLLoaderFactories(factories,
+                                                true /* allow_file_access */);
 }

 void ElectronBrowserClient::
@ -1297,8 +1298,10 @@ void ElectronBrowserClient::
        NonNetworkURLLoaderFactoryMap* factories) {
  auto* protocol_registry =
      ProtocolRegistry::FromBrowserContext(browser_context);
-  protocol_registry->RegisterURLLoaderFactories(
-      URLLoaderFactoryType::kWorkerMainResource, factories);
+  // Workers are not allowed to request file:// URLs, there is no particular
+  // reason for it, and we could consider supporting it in future.
+  protocol_registry->RegisterURLLoaderFactories(factories,
+                                                false /* allow_file_access */);
 }

 #if BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
@ -1369,9 +1372,22 @@ void ElectronBrowserClient::RegisterNonNetworkSubresourceURLLoaderFactories(
  if (!render_process_host || !render_process_host->GetBrowserContext())
    return;

+  content::RenderFrameHost* frame_host =
+      content::RenderFrameHost::FromID(render_process_id, render_frame_id);
+  content::WebContents* web_contents =
+      content::WebContents::FromRenderFrameHost(frame_host);
+
+  // Allow accessing file:// subresources from non-file protocols if web
+  // security is disabled.
+  bool allow_file_access = false;
+  if (web_contents) {
+    const auto& web_preferences = web_contents->GetOrCreateWebPreferences();
+    if (!web_preferences.web_security_enabled)
+      allow_file_access = true;
+  }
+
  ProtocolRegistry::FromBrowserContext(render_process_host->GetBrowserContext())
-      ->RegisterURLLoaderFactories(URLLoaderFactoryType::kDocumentSubResource,
-                                   factories);
+      ->RegisterURLLoaderFactories(factories, allow_file_access);

 #if BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
  auto factory = extensions::CreateExtensionURLLoaderFactory(render_process_id,
@ -1379,10 +1395,6 @@ void ElectronBrowserClient::RegisterNonNetworkSubresourceURLLoaderFactories(
  if (factory)
    factories->emplace(extensions::kExtensionScheme, std::move(factory));

-  content::RenderFrameHost* frame_host =
-      content::RenderFrameHost::FromID(render_process_id, render_frame_id);
-  content::WebContents* web_contents =
-      content::WebContents::FromRenderFrameHost(frame_host);
  if (!web_contents)
    return;