0

Change Referrer param in pdf SaveUrlAs() interface to ReferrerPolicy.

Create the Referrer in the receiver instead, using the URL and
ReferrerPolicy as input. Since the receiver is more trustworthy, this
eliminates the following potential issues:

- Sender forgetting to do Referrer sanitization.
- Sender sending different URL and refererer URL.

This also remove a dependency on Blink, and the GN visibility exception
that was needed for the dependency.

Change-Id: I5c7d14a3e23e0ff22af2509c1daa5d10cca6f0b1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2964337
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Hui Yingst <nigi@chromium.org>
Reviewed-by: Noel Gordon <noel@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/master@{#893088}
This commit is contained in:
Lei Zhang
2021-06-16 19:07:48 +00:00
committed by Chromium LUCI CQ
parent cfe5d71b75
commit ad5a30ba37
8 changed files with 19 additions and 35 deletions
chrome/browser/download
components/pdf
pdf
third_party/blink/renderer/platform

@ -2811,12 +2811,9 @@ IN_PROC_BROWSER_TEST_F(DownloadTestSplitCacheEnabled,
// Simulate saving the PDF from the UI.
pdf::PDFWebContentsHelper* pdf_helper =
pdf::PDFWebContentsHelper::FromWebContents(inner_web_contents);
blink::mojom::ReferrerPtr referrer = blink::mojom::Referrer::New();
referrer->url = subframe_url;
referrer->policy =
network::mojom::ReferrerPolicy::kStrictOriginWhenCrossOrigin;
static_cast<pdf::mojom::PdfService*>(pdf_helper)
->SaveUrlAs(subframe_url, std::move(referrer));
->SaveUrlAs(subframe_url,
network::mojom::ReferrerPolicy::kStrictOriginWhenCrossOrigin);
request_waiter.Run();

@ -260,13 +260,16 @@ void PDFWebContentsHelper::HasUnsupportedFeature() {
}
void PDFWebContentsHelper::SaveUrlAs(const GURL& url,
blink::mojom::ReferrerPtr referrer) {
network::mojom::ReferrerPolicy policy) {
client_->OnSaveURL(web_contents());
if (content::RenderFrameHost* rfh =
web_contents()->GetOuterWebContentsFrame()) {
web_contents()->SaveFrame(url, referrer.To<content::Referrer>(), rfh);
}
content::RenderFrameHost* rfh = web_contents()->GetOuterWebContentsFrame();
if (!rfh)
return;
content::Referrer referrer(url, policy);
referrer = content::Referrer::SanitizeForRequest(url, referrer);
web_contents()->SaveFrame(url, referrer, rfh);
}
void PDFWebContentsHelper::UpdateContentRestrictions(

@ -82,7 +82,8 @@ class PDFWebContentsHelper
// mojom::PdfService:
void SetListener(mojo::PendingRemote<mojom::PdfListener> listener) override;
void HasUnsupportedFeature() override;
void SaveUrlAs(const GURL& url, blink::mojom::ReferrerPtr referrer) override;
void SaveUrlAs(const GURL& url,
network::mojom::ReferrerPolicy policy) override;
void UpdateContentRestrictions(int32_t content_restrictions) override;
void SelectionChanged(const gfx::PointF& left,
int32_t left_height,

@ -9,16 +9,10 @@ mojom("interfaces") {
sources = [ "pdf.mojom" ]
public_deps = [
"//third_party/blink/public/mojom:mojom_platform",
"//services/network/public/mojom:url_loader_base",
"//ui/gfx/geometry/mojom",
"//url/mojom:url_mojom_gurl",
]
overridden_deps = [ "//third_party/blink/public/mojom:mojom_platform" ]
component_deps = [ "//content/public/common" ]
overridden_deps_blink = [ "//third_party/blink/public/mojom:mojom_platform" ]
component_deps_blink = [ "//third_party/blink/renderer/platform" ]
cpp_only = true
}

@ -4,7 +4,7 @@
module pdf.mojom;
import "third_party/blink/public/mojom/loader/referrer.mojom";
import "services/network/public/mojom/referrer_policy.mojom";
import "ui/gfx/geometry/mojom/geometry.mojom";
import "url/mojom/url.mojom";
@ -30,7 +30,7 @@ interface PdfService {
HasUnsupportedFeature();
// Brings up SaveAs... dialog to save specified URL.
SaveUrlAs(url.mojom.Url url, blink.mojom.Referrer referrer);
SaveUrlAs(url.mojom.Url url, network.mojom.ReferrerPolicy policy);
// Notifies the embedder of the top-left and bottom-right coordinates of the
// current selection.

@ -8,8 +8,6 @@
#include "base/lazy_instance.h"
#include "components/pdf/renderer/pdf_accessibility_tree.h"
#include "content/public/common/referrer.h"
#include "content/public/common/referrer_type_converters.h"
#include "content/public/renderer/pepper_plugin_instance.h"
#include "content/public/renderer/render_frame.h"
#include "content/public/renderer/render_thread.h"
@ -215,17 +213,12 @@ int32_t PepperPDFHost::OnHostMsgSaveAs(
if (!instance)
return PP_ERROR_FAILED;
GURL url = instance->GetPluginURL();
content::Referrer referrer;
referrer.url = url;
referrer.policy = network::mojom::ReferrerPolicy::kDefault;
referrer = content::Referrer::SanitizeForRequest(url, referrer);
mojom::PdfService* service = GetRemotePdfService();
if (!service)
return PP_ERROR_FAILED;
service->SaveUrlAs(url, blink::mojom::Referrer::From(referrer));
service->SaveUrlAs(instance->GetPluginURL(),
network::mojom::ReferrerPolicy::kDefault);
return PP_OK;
}

@ -46,7 +46,6 @@
#include "third_party/blink/public/common/input/web_input_event.h"
#include "third_party/blink/public/common/metrics/document_update_reason.h"
#include "third_party/blink/public/mojom/input/focus_type.mojom-shared.h"
#include "third_party/blink/public/mojom/loader/referrer.mojom.h"
#include "third_party/blink/public/platform/web_input_event_result.h"
#include "third_party/blink/public/platform/web_string.h"
#include "third_party/blink/public/platform/web_text_input_type.h"
@ -601,10 +600,8 @@ void PdfViewWebPlugin::SendMessage(base::Value message) {
}
void PdfViewWebPlugin::SaveAs() {
GURL gurl(GetURL().c_str());
blink::mojom::ReferrerPtr referrer = blink::mojom::Referrer::New(
gurl, network::mojom::ReferrerPolicy::kDefault);
GetPdfService()->SaveUrlAs(gurl, std::move(referrer));
GetPdfService()->SaveUrlAs(GURL(GetURL().c_str()),
network::mojom::ReferrerPolicy::kDefault);
}
void PdfViewWebPlugin::InitImageData(const gfx::Size& size) {

@ -253,7 +253,6 @@ source_set("platform_export") {
component("platform") {
visibility = [] # Allow re-assignment of list.
visibility = [
"//components/pdf/common:interfaces_blink",
"//services/device/public/mojom:mojom_blink",
"//services/media_session/public/mojom:mojom_blink",
"//third_party/blink/*",