Web MIDI: allow http://localhost to prompt sysex permission

chrome/browser/content_settings/permission_context_base.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/content_settings/permission_context_base.h"
 
 #include "base/logging.h"
 #include "base/prefs/pref_service.h"
 #include "chrome/browser/content_settings/permission_bubble_request_impl.h"
 #include "chrome/browser/content_settings/permission_context_uma_util.h"
 #include "chrome/browser/content_settings/permission_queue_controller.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/website_settings/permission_bubble_manager.h"
 #include "chrome/common/pref_names.h"
 #include "components/content_settings/core/browser/content_settings_utils.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/content_settings/core/common/permission_request_id.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/web_contents.h"
 
+namespace {
+bool IsHTTPLocalhost(const GURL& url) {

[markusheintz_, 2015/04/01 13:31:31]

Have you checked of there is not already a utility method in the code base that
does this?

[felt, 2015/04/01 18:04:30]

You should use net::IsLocalhost here

+  return url.is_valid() && url.SchemeIs(url::kHttpScheme) &&
+         (!url.host().compare("localhost") || !url.host().compare("127.0.0.1"));

[msramek, 2015/04/01 12:59:16]

How about IPv6 and other options?

https://code.google.com/p/chromium/codesearch#chromium/src/net/base/net_util_...

+}
+}  // namespace
+
 PermissionContextBase::PermissionContextBase(
     Profile* profile,
     const ContentSettingsType permission_type)
     : profile_(profile),
       permission_type_(permission_type),
       weak_factory_(this) {
   permission_queue_controller_.reset(
       new PermissionQueueController(profile_, permission_type_));
 }
 
@@ skipping 69 matching lines @@
         << " (" << content_settings::GetTypeName(permission_type_)
         << " is not supported in popups)";
     NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,
                         false /* persist */, CONTENT_SETTING_BLOCK);
     return;
   }
 
   // The Web MIDI API is not available for origin with non secure schemes.
   // Access to the MIDI API is blocked.
   if (permission_type_ == CONTENT_SETTINGS_TYPE_MIDI_SYSEX &&
-      !requesting_origin.SchemeIsSecure()) {
+      !requesting_origin.SchemeIsSecure() &&
+      !IsHTTPLocalhost(requesting_origin)) {
     NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,
                         false /* persist */, CONTENT_SETTING_BLOCK);
     return;
   }
 
   ContentSetting content_setting =
       profile_->GetHostContentSettingsMap()
           ->GetContentSettingAndMaybeUpdateLastUsage(
               requesting_origin, embedding_origin, permission_type_,
               std::string());
@@ skipping 122 matching lines @@
   DCHECK_EQ(requesting_origin, requesting_origin.GetOrigin());
   DCHECK_EQ(embedding_origin, embedding_origin.GetOrigin());
   DCHECK(content_setting == CONTENT_SETTING_ALLOW ||
          content_setting == CONTENT_SETTING_BLOCK);
 
   profile_->GetHostContentSettingsMap()->SetContentSetting(
       ContentSettingsPattern::FromURLNoWildcard(requesting_origin),
       ContentSettingsPattern::FromURLNoWildcard(embedding_origin),
       permission_type_, std::string(), content_setting);
 }