Temporarily restore about:blank commit exception.

This is a minimal fix to avoid renderer kills for about:blank URLs being committed in the wrong process. This restores M78 about:blank behavior in a very narrow case and is intended to be easily merged to the M79 branch. Bug: 931895 Change-Id: Ie958b667f6879afbcebfe18e3f3f80f8cd88884b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1922693 Commit-Queue: Aaron Colwell <acolwell@chromium.org> Commit-Queue: Alex Moshchuk <alexmos@chromium.org> Auto-Submit: Aaron Colwell <acolwell@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#716422}
chromium · Nov 19, 2019 · 6e2348f · 6e2348f
1 parent 029d835
commit 6e2348f
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
@@ -1270,6 +1270,15 @@ CanCommitStatus ChildProcessSecurityPolicyImpl::CanCommitOriginAndUrl(
     if (actual_origin_lock == expected_origin_lock)
       return CanCommitStatus::CAN_COMMIT_ORIGIN_AND_URL;
 
+    // Allow about: pages to commit in a process that does not match the opaque
+    // origin's precursor information.
+    // TODO(acolwell): Remove this once process selection for about: URLs has
+    // been fixed to always match the precursor info.
+    if (url_origin.opaque() && url.IsAboutBlank() &&
+        !actual_origin_lock.is_empty()) {
+      return CanCommitStatus::CAN_COMMIT_ORIGIN_AND_URL;
+    }
+
     return CanCommitStatus::CANNOT_COMMIT_URL;
   }