Resource requests from Save-Page-As should go through CanRequestURL checks.
This CL:
- Added checks to ResourceDispatcherHostImpl::BeginSaveFile to verify if
the renderer process is authorized to access a given resource.
- Removed separate code path for file: URIs that used to be implemented
in SaveFileManager::SaveLocalFile. Avoiding a separate code path
helps consolidate all authorization checks in one place.
BUG=616429
Review-Url: https://codereview.chromium.org/2075273002
Cr-Commit-Position: refs/heads/master@{#408235}
13 files changed