Chromium Code Reviews Chromium Code Reviews
Issue 9152022:
Add Access-Control-Allow-Origin: * header for extension resources specifically listed as web acce... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/| Index: chrome/browser/extensions/extension_protocols.cc |
| =================================================================== |
| --- chrome/browser/extensions/extension_protocols.cc (revision 119454) |
| +++ chrome/browser/extensions/extension_protocols.cc (working copy) |
| @@ -38,7 +38,7 @@ |
| namespace { |
| net::HttpResponseHeaders* BuildHttpHeaders( |
| - const std::string& content_security_policy) { |
| + const std::string& content_security_policy, bool send_cors_header) { |
| std::string raw_headers; |
| raw_headers.append("HTTP/1.1 200 OK"); |
| if (!content_security_policy.empty()) { |
| @@ -46,6 +46,11 @@ |
| raw_headers.append("X-WebKit-CSP: "); |
| raw_headers.append(content_security_policy); |
| } |
| + |
| + if (send_cors_header) { |
| + raw_headers.append(1, '\0'); |
| + raw_headers.append("Access-Control-Allow-Origin: *"); |
| + } |
| raw_headers.append(2, '\0'); |
| return new net::HttpResponseHeaders(raw_headers); |
| } |
| @@ -54,11 +59,12 @@ |
| public: |
| URLRequestResourceBundleJob( |
| net::URLRequest* request, const FilePath& filename, int resource_id, |
| - const std::string& content_security_policy) |
| + const std::string& content_security_policy, bool send_cors_header) |
| : net::URLRequestSimpleJob(request), |
| filename_(filename), |
| resource_id_(resource_id) { |
| - response_info_.headers = BuildHttpHeaders(content_security_policy); |
| + response_info_.headers = BuildHttpHeaders(content_security_policy, |
| + send_cors_header); |
| } |
| // Overridden from URLRequestSimpleJob: |
| @@ -109,7 +115,7 @@ |
| const std::string& content_security_policy) |
| : net::URLRequestSimpleJob(request), |
| extension_(extension) { |
| - response_info_.headers = BuildHttpHeaders(content_security_policy); |
| + response_info_.headers = BuildHttpHeaders(content_security_policy, false); |
|
Aaron Boodman
2012/01/27 22:36:46
Nit: use a named constant here for readability.
Cris Neckar
2012/01/27 22:58:23
Done.
|
| } |
| // Overridden from URLRequestSimpleJob: |
| @@ -142,9 +148,11 @@ |
| public: |
| URLRequestExtensionJob(net::URLRequest* request, |
| const FilePath& filename, |
| - const std::string& content_security_policy) |
| + const std::string& content_security_policy, |
| + bool send_cors_header) |
| : net::URLRequestFileJob(request, filename) { |
| - response_info_.headers = BuildHttpHeaders(content_security_policy); |
| + response_info_.headers = BuildHttpHeaders(content_security_policy, |
| + send_cors_header); |
| } |
| virtual void GetResponseInfo(net::HttpResponseInfo* info) OVERRIDE { |
| @@ -255,8 +263,14 @@ |
| } |
| std::string content_security_policy; |
| - if (extension) |
| + bool send_cors_header = false; |
| + if (extension) { |
| content_security_policy = extension->content_security_policy(); |
| + if ((extension->manifest_version() >= 2 || |
| + extension->HasWebAccessibleResources()) && |
| + extension->IsResourceWebAccessible(request->url().path())) |
| + send_cors_header = true; |
| + } |
| std::string path = request->url().path(); |
| if (path.size() > 1 && |
| @@ -285,7 +299,8 @@ |
| #endif |
| if (relative_path == bm_resource_path) { |
| return new URLRequestResourceBundleJob(request, relative_path, |
| - kComponentExtensionResources[i].value, content_security_policy); |
| + kComponentExtensionResources[i].value, content_security_policy, |
| + send_cors_header); |
| } |
| } |
| } |
| @@ -303,7 +318,7 @@ |
| } |
| return new URLRequestExtensionJob(request, resource_file_path, |
| - content_security_policy); |
| + content_security_policy, send_cors_header); |
| } |
| } // namespace |
