Index: extensions/shell/renderer/shell_content_renderer_client.cc |
diff --git a/extensions/shell/renderer/shell_content_renderer_client.cc b/extensions/shell/renderer/shell_content_renderer_client.cc |
index 4ac5cfea1259a70826964567c5ba0bc9dcb1204f..9180353f7bd6ca160e43e3345055829a6c47e99b 100644 |
--- a/extensions/shell/renderer/shell_content_renderer_client.cc |
+++ b/extensions/shell/renderer/shell_content_renderer_client.cc |
@@ -4,11 +4,13 @@ |
#include "extensions/shell/renderer/shell_content_renderer_client.h" |
+#include "base/strings/utf_string_conversions.h" |
#include "content/public/common/content_constants.h" |
#include "content/public/renderer/render_frame.h" |
#include "content/public/renderer/render_frame_observer.h" |
#include "content/public/renderer/render_frame_observer_tracker.h" |
#include "content/public/renderer/render_thread.h" |
+#include "extensions/common/constants.h" |
#include "extensions/common/extensions_client.h" |
#include "extensions/renderer/dispatcher.h" |
#include "extensions/renderer/dispatcher_delegate.h" |
@@ -20,6 +22,7 @@ |
#include "extensions/shell/common/shell_extensions_client.h" |
#include "extensions/shell/renderer/shell_extensions_renderer_client.h" |
#include "third_party/WebKit/public/web/WebLocalFrame.h" |
+#include "third_party/WebKit/public/web/WebSecurityPolicy.h" |
#if !defined(DISABLE_NACL) |
#include "components/nacl/common/nacl_constants.h" |
@@ -60,8 +63,15 @@ void ShellContentRendererClient::RenderThreadStarted() { |
new ExtensionsGuestViewContainerDispatcher()); |
thread->AddObserver(guest_view_container_dispatcher_.get()); |
- // TODO(jamescook): Init WebSecurityPolicy for chrome-extension: schemes. |
- // See ChromeContentRendererClient for details. |
+ // chrome-extensions: and chrome-extensions-resource: schemes should be |
Devlin
2015/08/20 16:37:20
If you wanted to be *really* cool, you could put t
jww
2015/08/20 16:50:35
Done.
ddorwin
2015/08/20 16:57:20
It doesn't look like you uploaded this. I'm not su
jww
2015/08/20 18:26:07
My mistake. Done.
|
+ // treated as secure. |
tommi (sloooow) - chröme
2015/08/20 17:14:25
can you extend this comment to explain why? I thi
jww
2015/08/20 18:26:07
Done.
|
+ WebString extension_scheme(base::ASCIIToUTF16(kExtensionScheme)); |
+ blink::WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme); |
+ |
+ WebString extension_resource_scheme(base::ASCIIToUTF16( |
+ kExtensionResourceScheme)); |
+ blink::WebSecurityPolicy::registerURLSchemeAsSecure( |
+ extension_resource_scheme); |
} |
void ShellContentRendererClient::RenderFrameCreated( |