Chromium Code Reviews Chromium Code Reviews
Issue 9152022:
Add Access-Control-Allow-Origin: * header for extension resources specifically listed as web acce... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/| Index: chrome/browser/extensions/extension_protocols.cc |
| =================================================================== |
| --- chrome/browser/extensions/extension_protocols.cc (revision 116680) |
| +++ chrome/browser/extensions/extension_protocols.cc (working copy) |
| @@ -37,7 +37,7 @@ |
| namespace { |
| net::HttpResponseHeaders* BuildHttpHeaders( |
| - const std::string& content_security_policy) { |
| + const std::string& content_security_policy, const bool send_cors_header) { |
|
Matt Perry
2012/01/10 23:47:24
nit: don't const-ify parameters that are POD types
Cris Neckar
2012/01/26 00:48:44
Done.
|
| std::string raw_headers; |
| raw_headers.append("HTTP/1.1 200 OK"); |
| if (!content_security_policy.empty()) { |
| @@ -45,6 +45,11 @@ |
| raw_headers.append("X-WebKit-CSP: "); |
| raw_headers.append(content_security_policy); |
| } |
| + |
| + if (send_cors_header) { |
| + raw_headers.append(1, '\0'); |
|
Aaron Boodman
2012/01/10 23:40:33
What's this?
Cris Neckar
2012/01/26 00:48:44
newline
Aaron Boodman
2012/01/27 22:36:46
Oh.
|
| + raw_headers.append("Access-Control-Allow-Origin: *"); |
| + } |
| raw_headers.append(2, '\0'); |
| return new net::HttpResponseHeaders(raw_headers); |
| } |
| @@ -53,11 +58,12 @@ |
| public: |
| URLRequestResourceBundleJob( |
| net::URLRequest* request, const FilePath& filename, int resource_id, |
| - const std::string& content_security_policy) |
| + const std::string& content_security_policy, const bool send_cors_header) |
| : net::URLRequestSimpleJob(request), |
| filename_(filename), |
| resource_id_(resource_id) { |
| - response_info_.headers = BuildHttpHeaders(content_security_policy); |
| + response_info_.headers = BuildHttpHeaders(content_security_policy, |
| + send_cors_header); |
| } |
| // Overridden from URLRequestSimpleJob: |
| @@ -105,9 +111,11 @@ |
| public: |
| URLRequestExtensionJob(net::URLRequest* request, |
| const FilePath& filename, |
| - const std::string& content_security_policy) |
| + const std::string& content_security_policy, |
| + const bool send_cors_header) |
| : net::URLRequestFileJob(request, filename) { |
| - response_info_.headers = BuildHttpHeaders(content_security_policy); |
| + response_info_.headers = BuildHttpHeaders(content_security_policy, |
| + send_cors_header); |
| } |
| virtual void GetResponseInfo(net::HttpResponseInfo* info) OVERRIDE { |
| @@ -218,8 +226,14 @@ |
| } |
| std::string content_security_policy; |
| - if (extension) |
| + bool send_cors_header = false; |
| + if (extension) { |
| content_security_policy = extension->content_security_policy(); |
| + if ((extension->manifest_version() >= 2 || |
| + extension->HasWebAccessibleResources()) && |
| + extension->IsResourceWebAccessible(request->url().path())) |
| + send_cors_header = true; |
| + } |
| FilePath resources_path; |
| if (PathService::Get(chrome::DIR_RESOURCES, &resources_path) && |
| @@ -241,7 +255,8 @@ |
| #endif |
| if (relative_path == bm_resource_path) { |
| return new URLRequestResourceBundleJob(request, relative_path, |
| - kComponentExtensionResources[i].value, content_security_policy); |
| + kComponentExtensionResources[i].value, content_security_policy, |
| + send_cors_header); |
| } |
| } |
| } |
| @@ -259,7 +274,7 @@ |
| } |
| return new URLRequestExtensionJob(request, resource_file_path, |
| - content_security_policy); |
| + content_security_policy, send_cors_header); |
| } |
| } // namespace |
