Index: chrome/browser/content_settings/permission_context_base.cc |
diff --git a/chrome/browser/content_settings/permission_context_base.cc b/chrome/browser/content_settings/permission_context_base.cc |
index 6ce8d1295309dedfccffa65556387eb8cac015a8..74233da52001dc7481b9aa469823b80f776fdb0a 100644 |
--- a/chrome/browser/content_settings/permission_context_base.cc |
+++ b/chrome/browser/content_settings/permission_context_base.cc |
@@ -18,6 +18,13 @@ |
#include "content/public/browser/browser_thread.h" |
#include "content/public/browser/web_contents.h" |
+namespace { |
+bool IsHTTPLocalhost(const GURL& url) { |
markusheintz_
2015/04/01 13:31:31
Have you checked of there is not already a utility
felt
2015/04/01 18:04:30
You should use net::IsLocalhost here
|
+ return url.is_valid() && url.SchemeIs(url::kHttpScheme) && |
+ (!url.host().compare("localhost") || !url.host().compare("127.0.0.1")); |
msramek
2015/04/01 12:59:16
How about IPv6 and other options?
https://code.go
|
+} |
+} // namespace |
+ |
PermissionContextBase::PermissionContextBase( |
Profile* profile, |
const ContentSettingsType permission_type) |
@@ -107,7 +114,8 @@ void PermissionContextBase::DecidePermission( |
// The Web MIDI API is not available for origin with non secure schemes. |
// Access to the MIDI API is blocked. |
if (permission_type_ == CONTENT_SETTINGS_TYPE_MIDI_SYSEX && |
- !requesting_origin.SchemeIsSecure()) { |
+ !requesting_origin.SchemeIsSecure() && |
+ !IsHTTPLocalhost(requesting_origin)) { |
NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
false /* persist */, CONTENT_SETTING_BLOCK); |
return; |