Chromium Code Reviews Chromium Code Reviews
Issue 9909019:
Add schema chrome-extension-resource:// for extension resources (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| Index: chrome/renderer/chrome_content_renderer_client.cc |
| diff --git a/chrome/renderer/chrome_content_renderer_client.cc b/chrome/renderer/chrome_content_renderer_client.cc |
| index 5f902a2065b2d5cdf99e1b3b61b50ee9b0a920a8..c741c57d769ac8d1f1b47df507836c4bd9e80c28 100644 |
| --- a/chrome/renderer/chrome_content_renderer_client.cc |
| +++ b/chrome/renderer/chrome_content_renderer_client.cc |
| @@ -214,6 +214,14 @@ void ChromeContentRendererClient::RenderThreadStarted() { |
| // chrome-extension: resources should be allowed to receive CORS requests. |
| WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme); |
| + |
| + WebString extension_resource_scheme( |
| + ASCIIToUTF16(chrome::kExtensionResourceScheme)); |
| + WebSecurityPolicy::registerURLSchemeAsSecure(extension_resource_scheme); |
| + |
| + // chrome-extension-resource: resources should be allowed to receive CORS |
| + // requests. |
| + WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_resource_scheme); |
| } |
| void ChromeContentRendererClient::RenderViewCreated( |
| @@ -703,14 +711,18 @@ bool ChromeContentRendererClient::ShouldFork(WebFrame* frame, |
| bool ChromeContentRendererClient::WillSendRequest(WebKit::WebFrame* frame, |
| const GURL& url, |
| GURL* new_url) { |
| - // If the request is for an extension resource, check whether it should be |
| - // allowed. If not allowed, we reset the URL to something invalid to prevent |
| - // the request and cause an error. |
| - if (url.SchemeIs(chrome::kExtensionScheme) && |
| + // Check whether the request should be allowed. If not allowed, we reset the |
| + // URL to something invalid to prevent the request and cause an error. |
| + if ((url.SchemeIs(chrome::kExtensionScheme) && |
| !ExtensionResourceRequestPolicy::CanRequestResource( |
| url, |
| frame, |
| - extension_dispatcher_->extensions())) { |
| + extension_dispatcher_->extensions())) || |
| + (url.SchemeIs(chrome::kExtensionResourceScheme) && |
|
Tom Sepez
2012/04/18 18:03:01
Worry about promoting a c-e-r:// scheme to a c-e:/
Aaron Boodman
2012/04/18 18:06:21
Theoretically, this URL should have no privileges,
Tom Sepez
2012/04/18 18:24:38
Maybe you invent c-e-r://null and check for that i
Peng
2012/04/18 18:29:16
Tom, Aaron, Any suggestion? I don't know any other
Peng
2012/04/18 18:35:12
Only requesting from web page will be redirected t
Peng
2012/04/18 18:47:32
Done.
Aaron Boodman
2012/04/18 18:51:01
How is that different from what we do now?
Can we
Aaron Boodman
2012/04/18 19:13:49
I discussed with peng offline. We are going to use
|
| + !ExtensionResourceRequestPolicy::CanRequestExtensionResourceScheme( |
| + url, |
| + frame, |
| + extension_dispatcher_->extensions()))) { |
| *new_url = GURL("chrome-extension://invalid/"); |
| return true; |
| } |
