check for empty top_frame_origin and also restore webui/extension url…

… checks for cookies fix brave/brave-browser#5331
brave · Jul 23, 2019 · 40cae5e · 40cae5e
1 parent 4656e71
commit 40cae5e
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/browser/net/brave_network_delegate_base.cc b/browser/net/brave_network_delegate_base.cc
@@ -46,7 +46,7 @@ bool OnAllowAccessCookies(
     GURL url = request.url();
     GURL first_party = request.site_for_cookies();
     GURL tab_origin = GURL(request.network_isolation_key().ToString());
-    if (tab_origin.is_empty())
+    if (tab_origin.is_empty() && request.top_frame_origin().has_value())
       tab_origin = request.top_frame_origin()->GetURL();
     return
         cookie_settings->IsCookieAccessAllowed(url, first_party, tab_origin) &&

diff --git a/components/content_settings/core/browser/brave_cookie_settings.cc b/components/content_settings/core/browser/brave_cookie_settings.cc
@@ -90,6 +90,22 @@ void BraveCookieSettings::GetCookieSetting(
     ContentSetting* cookie_setting) const {
   DCHECK(cookie_setting);
 
+  // copied from CookieSettings::GetCookieSetting
+  if (first_party_url.SchemeIs(kChromeUIScheme) &&
+      url.SchemeIsCryptographic()) {
+    *cookie_setting = CONTENT_SETTING_ALLOW;
+    return;
+  }
+
+#if BUILDFLAG(ENABLE_EXTENSIONS)
+  if (url.SchemeIs(extension_scheme_) &&
+      first_party_url.SchemeIs(extension_scheme_)) {
+    *cookie_setting = CONTENT_SETTING_ALLOW;
+    return;
+  }
+#endif
+
+
   GURL main_frame_url =
       (tab_url == GURL("about:blank") || tab_url.is_empty() ? first_party_url
                                                             : tab_url);