Index: chrome/browser/content_settings/permission_context_base.cc |
diff --git a/chrome/browser/content_settings/permission_context_base.cc b/chrome/browser/content_settings/permission_context_base.cc |
index 6ce8d1295309dedfccffa65556387eb8cac015a8..a011d568d476c42cd084cbf0ba2959f4194a5132 100644 |
--- a/chrome/browser/content_settings/permission_context_base.cc |
+++ b/chrome/browser/content_settings/permission_context_base.cc |
@@ -17,6 +17,7 @@ |
#include "components/content_settings/core/common/permission_request_id.h" |
#include "content/public/browser/browser_thread.h" |
#include "content/public/browser/web_contents.h" |
+#include "net/base/net_util.h" |
PermissionContextBase::PermissionContextBase( |
Profile* profile, |
@@ -106,8 +107,10 @@ void PermissionContextBase::DecidePermission( |
// The Web MIDI API is not available for origin with non secure schemes. |
// Access to the MIDI API is blocked. |
+ // TODO(crbug.com/362214): Use a standard way to check the secure origin. |
if (permission_type_ == CONTENT_SETTINGS_TYPE_MIDI_SYSEX && |
- !requesting_origin.SchemeIsSecure()) { |
+ !requesting_origin.SchemeIsSecure() && |
+ !net::IsLocalhost(requesting_origin.host())) { |
NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
false /* persist */, CONTENT_SETTING_BLOCK); |
return; |