| Index: chrome/browser/extensions/extension_protocols.cc
|
| ===================================================================
|
| --- chrome/browser/extensions/extension_protocols.cc (revision 119454)
|
| +++ chrome/browser/extensions/extension_protocols.cc (working copy)
|
| @@ -38,7 +38,7 @@
|
| namespace {
|
|
|
| net::HttpResponseHeaders* BuildHttpHeaders(
|
| - const std::string& content_security_policy) {
|
| + const std::string& content_security_policy, bool send_cors_header) {
|
| std::string raw_headers;
|
| raw_headers.append("HTTP/1.1 200 OK");
|
| if (!content_security_policy.empty()) {
|
| @@ -46,6 +46,11 @@
|
| raw_headers.append("X-WebKit-CSP: ");
|
| raw_headers.append(content_security_policy);
|
| }
|
| +
|
| + if (send_cors_header) {
|
| + raw_headers.append(1, '\0');
|
| + raw_headers.append("Access-Control-Allow-Origin: *");
|
| + }
|
| raw_headers.append(2, '\0');
|
| return new net::HttpResponseHeaders(raw_headers);
|
| }
|
| @@ -54,11 +59,12 @@
|
| public:
|
| URLRequestResourceBundleJob(
|
| net::URLRequest* request, const FilePath& filename, int resource_id,
|
| - const std::string& content_security_policy)
|
| + const std::string& content_security_policy, bool send_cors_header)
|
| : net::URLRequestSimpleJob(request),
|
| filename_(filename),
|
| resource_id_(resource_id) {
|
| - response_info_.headers = BuildHttpHeaders(content_security_policy);
|
| + response_info_.headers = BuildHttpHeaders(content_security_policy,
|
| + send_cors_header);
|
| }
|
|
|
| // Overridden from URLRequestSimpleJob:
|
| @@ -109,7 +115,9 @@
|
| const std::string& content_security_policy)
|
| : net::URLRequestSimpleJob(request),
|
| extension_(extension) {
|
| - response_info_.headers = BuildHttpHeaders(content_security_policy);
|
| + const bool send_cors_headers = false;
|
| + response_info_.headers = BuildHttpHeaders(content_security_policy,
|
| + send_cors_headers);
|
| }
|
|
|
| // Overridden from URLRequestSimpleJob:
|
| @@ -142,9 +150,11 @@
|
| public:
|
| URLRequestExtensionJob(net::URLRequest* request,
|
| const FilePath& filename,
|
| - const std::string& content_security_policy)
|
| + const std::string& content_security_policy,
|
| + bool send_cors_header)
|
| : net::URLRequestFileJob(request, filename) {
|
| - response_info_.headers = BuildHttpHeaders(content_security_policy);
|
| + response_info_.headers = BuildHttpHeaders(content_security_policy,
|
| + send_cors_header);
|
| }
|
|
|
| virtual void GetResponseInfo(net::HttpResponseInfo* info) OVERRIDE {
|
| @@ -255,8 +265,14 @@
|
| }
|
|
|
| std::string content_security_policy;
|
| - if (extension)
|
| + bool send_cors_header = false;
|
| + if (extension) {
|
| content_security_policy = extension->content_security_policy();
|
| + if ((extension->manifest_version() >= 2 ||
|
| + extension->HasWebAccessibleResources()) &&
|
| + extension->IsResourceWebAccessible(request->url().path()))
|
| + send_cors_header = true;
|
| + }
|
|
|
| std::string path = request->url().path();
|
| if (path.size() > 1 &&
|
| @@ -285,7 +301,8 @@
|
| #endif
|
| if (relative_path == bm_resource_path) {
|
| return new URLRequestResourceBundleJob(request, relative_path,
|
| - kComponentExtensionResources[i].value, content_security_policy);
|
| + kComponentExtensionResources[i].value, content_security_policy,
|
| + send_cors_header);
|
| }
|
| }
|
| }
|
| @@ -303,7 +320,7 @@
|
| }
|
|
|
| return new URLRequestExtensionJob(request, resource_file_path,
|
| - content_security_policy);
|
| + content_security_policy, send_cors_header);
|
| }
|
|
|
| } // namespace
|
|
|
Chromium Code Reviews
Issue 9152022:
Add Access-Control-Allow-Origin: * header for extension resources specifically listed as web acce... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/