chrome/renderer/extensions/user_script_slave.cc - Issue 7071025: Use WebFrame::setIsolatedWorldSecurityOrigin to allow cross-origin XHRs in content scripts.

Unified Diff: chrome/renderer/extensions/user_script_slave.cc

Issue 7071025: Use WebFrame::setIsolatedWorldSecurityOrigin to allow cross-origin XHRs in content scripts. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Tweak whitespace. Created 9 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « chrome/renderer/extensions/user_script_slave.h ('k') | chrome/test/data/extensions/api_test/cross_origin_xhr/background_page/manifest.json » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/renderer/extensions/user_script_slave.cc

diff --git a/chrome/renderer/extensions/user_script_slave.cc b/chrome/renderer/extensions/user_script_slave.cc

index b8309ac74042484ad7ec7d5694f870a5cc8f8855..16155371811fe70bc80d0bbf7a440cfb6943a677 100644

--- a/chrome/renderer/extensions/user_script_slave.cc

+++ b/chrome/renderer/extensions/user_script_slave.cc

@@ -17,15 +17,20 @@

#include "chrome/common/extensions/extension_set.h"

#include "chrome/common/url_constants.h"

#include "chrome/renderer/chrome_render_process_observer.h"

+#include "chrome/renderer/extensions/extension_dispatcher.h"

#include "chrome/renderer/extensions/extension_groups.h"

#include "googleurl/src/gurl.h"

#include "grit/renderer_resources.h"

#include "third_party/WebKit/Source/WebKit/chromium/public/WebFrame.h"

+#include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h"

+#include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityPolicy.h"

#include "third_party/WebKit/Source/WebKit/chromium/public/WebVector.h"

#include "third_party/WebKit/Source/WebKit/chromium/public/WebView.h"

#include "ui/base/resource/resource_bundle.h"

using WebKit::WebFrame;

+using WebKit::WebSecurityOrigin;

+using WebKit::WebSecurityPolicy;

using WebKit::WebString;

using WebKit::WebVector;

using WebKit::WebView;

@@ -60,6 +65,25 @@ int UserScriptSlave::GetIsolatedWorldId(const std::string& extension_id) {

return new_id;

}

+void UserScriptSlave::InitializeIsolatedWorld(

+ WebFrame* frame,

+ int isolated_world_id,

+ const Extension* extension) const {

+ frame->setIsolatedWorldSecurityOrigin(

+ isolated_world_id,

+ WebSecurityOrigin::create(extension->url()));

+ // We always have access to the origin of the page that we're injecting in.

+ GURL frame_url = GURL(frame->url());

+ WebSecurityPolicy::addOriginAccessWhitelistEntry(

Matt Perry 2011/05/26 22:39:48 note that we never clear the origin access whiteli

+ extension->url(),

+ WebString::fromUTF8(frame_url.scheme()),

+ WebString::fromUTF8(frame_url.host()),

+ false); // do not match subdomains

+ ExtensionDispatcher::InitHostPermissions(extension);

UserScriptSlave::UserScriptSlave(const ExtensionSet* extensions)

: shared_memory_(NULL),

script_deleter_(&scripts_),

@@ -249,6 +273,7 @@ void UserScriptSlave::InjectScripts(WebFrame* frame,

if (!script->extension_id().empty()) {

InsertInitExtensionCode(&sources, script->extension_id());

isolated_world_id = GetIsolatedWorldId(script->extension_id());

+ InitializeIsolatedWorld(frame, isolated_world_id, extension);

}

PerfTimer exec_timer;