mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

fix: propagate unsafely-treat-insecure-origin-as-secure to renderer children (#33189)

Browse source 
* fix: propagate unsafely-treat-insecure-origin-as-secure to renderer children

* fix build
This commit is contained in:
Jeremy Rose 2022-03-09 07:15:50 -08:00 committed by GitHub
parent 865a29ed17
commit ebfcf89a0b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
shell/browser/electron_browser_client.cc
View file

@ -21,6 +21,7 @@
#include "base/no_destructor.h" #include "base/no_destructor.h"
#include "base/path_service.h" #include "base/path_service.h"
#include "base/stl_util.h" #include "base/stl_util.h"
#include "base/strings/strcat.h"
#include "base/strings/string_number_conversions.h" #include "base/strings/string_number_conversions.h"
#include "base/strings/string_util.h" #include "base/strings/string_util.h"
#include "base/strings/utf_string_conversions.h" #include "base/strings/utf_string_conversions.h"
@ -63,6 +64,8 @@
#include "printing/buildflags/buildflags.h" #include "printing/buildflags/buildflags.h"
#include "services/device/public/cpp/geolocation/location_provider.h" #include "services/device/public/cpp/geolocation/location_provider.h"
#include "services/network/public/cpp/features.h" #include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/is_potentially_trustworthy.h"
#include "services/network/public/cpp/network_switches.h"
#include "services/network/public/cpp/resource_request_body.h" #include "services/network/public/cpp/resource_request_body.h"
#include "services/network/public/cpp/self_deleting_url_loader_factory.h" #include "services/network/public/cpp/self_deleting_url_loader_factory.h"
#include "shell/app/electron_crash_reporter_client.h" #include "shell/app/electron_crash_reporter_client.h"
@ -361,6 +364,21 @@ int GetCrashSignalFD(const base::CommandLine& command_line) {
} }
#endif // BUILDFLAG(IS_LINUX) #endif // BUILDFLAG(IS_LINUX)
void MaybeAppendSecureOriginsAllowlistSwitch(base::CommandLine* cmdline) {
// |allowlist| combines pref/policy + cmdline switch in the browser process.
// For renderer and utility (e.g. NetworkService) processes the switch is the
// only available source, so below the combined (pref/policy + cmdline)
// allowlist of secure origins is injected into |cmdline| for these other
// processes.
std::vector<std::string> allowlist =
network::SecureOriginAllowlist::GetInstance().GetCurrentAllowlist();
if (!allowlist.empty()) {
cmdline->AppendSwitchASCII(
network::switches::kUnsafelyTreatInsecureOriginAsSecure,
base::JoinString(allowlist, ","));
}
}
} // namespace } // namespace
// static // static
@ -602,6 +620,10 @@ void ElectronBrowserClient::AppendExtraCommandLineSwitches(
command_line->CopySwitchesFrom(*base::CommandLine::ForCurrentProcess(), command_line->CopySwitchesFrom(*base::CommandLine::ForCurrentProcess(),
kCommonSwitchNames, kCommonSwitchNames,
base::size(kCommonSwitchNames)); base::size(kCommonSwitchNames));
if (process_type == ::switches::kUtilityProcess ||
content::RenderProcessHost::FromID(process_id)) {
MaybeAppendSecureOriginsAllowlistSwitch(command_line);
}
} }
if (process_type == ::switches::kRendererProcess) { if (process_type == ::switches::kRendererProcess) {