Resource requests from Save-Page-As should go through CanRequestURL checks.
This CL:
- Added checks to ResourceDispatcherHostImpl::BeginSaveFile to verify if
the renderer process is authorized to access a given resource.
- Removed separate code path for file: URIs that used to be implemented
in SaveFileManager::SaveLocalFile. Avoiding a separate code path
helps consolidate all authorization checks in one place.
BUG=616429
Review-Url: https://codereview.chromium.org/2075273002
Cr-Commit-Position: refs/heads/master@{#408235}
(cherry picked from commit eff8e457298d01b437e4fd78194ad6de3c8d7ad6)
Review URL: https://codereview.chromium.org/2187353004 .
Cr-Commit-Position: refs/branch-heads/2785@{#394}
Cr-Branched-From: 68623971be0cfc492a2cb0427d7f478e7b214c24-refs/heads/master@{#403382}
13 files changed