Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(418)

Side by Side Diff: extensions/renderer/dispatcher.cc

Issue 1332563006: Allow 'chrome-extension:' URLs to bypass content settings (2/2) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/renderer/dispatcher.h" 5 #include "extensions/renderer/dispatcher.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/callback.h" 8 #include "base/callback.h"
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/containers/scoped_ptr_map.h" 10 #include "base/containers/scoped_ptr_map.h"
(...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after
247 script_injection_manager_.reset( 247 script_injection_manager_.reset(
248 new ScriptInjectionManager(user_script_set_manager_.get())); 248 new ScriptInjectionManager(user_script_set_manager_.get()));
249 user_script_set_manager_observer_.Add(user_script_set_manager_.get()); 249 user_script_set_manager_observer_.Add(user_script_set_manager_.get());
250 request_sender_.reset(new RequestSender(this)); 250 request_sender_.reset(new RequestSender(this));
251 PopulateSourceMap(); 251 PopulateSourceMap();
252 WakeEventPage::Get()->Init(content::RenderThread::Get()); 252 WakeEventPage::Get()->Init(content::RenderThread::Get());
253 253
254 // WebSecurityPolicy whitelists. They should be registered for both 254 // WebSecurityPolicy whitelists. They should be registered for both
255 // chrome-extension: and chrome-extension-resource. 255 // chrome-extension: and chrome-extension-resource.
256 using RegisterFunction = void (*)(const WebString&); 256 using RegisterFunction = void (*)(const WebString&);
257 RegisterFunction register_functions[] = { 257 RegisterFunction register_functions[] = {
not at google - send to devlin 2015/09/09 18:06:52 This has moved into WebkitInitialized.
258 // Treat as secure because communication with them is entirely in the 258 // Treat as secure because communication with them is entirely in the
259 // browser, so there is no danger of manipulation or eavesdropping on 259 // browser, so there is no danger of manipulation or eavesdropping on
260 // communication with them by third parties. 260 // communication with them by third parties.
261 WebSecurityPolicy::registerURLSchemeAsSecure, 261 WebSecurityPolicy::registerURLSchemeAsSecure,
262 // As far as Blink is concerned, they should be allowed to receive CORS 262 // As far as Blink is concerned, they should be allowed to receive CORS
263 // requests. At the Extensions layer, requests will actually be blocked 263 // requests. At the Extensions layer, requests will actually be blocked
264 // unless overridden by the web_accessible_resources manifest key. 264 // unless overridden by the web_accessible_resources manifest key.
265 // TODO(kalman): See what happens with a service worker. 265 // TODO(kalman): See what happens with a service worker.
266 WebSecurityPolicy::registerURLSchemeAsCORSEnabled, 266 WebSecurityPolicy::registerURLSchemeAsCORSEnabled,
267 // Resources should bypass Content Security Policy checks when included in 267 // Resources should bypass Content Security Policy checks when included in
268 // protected resources. TODO(kalman): What are "protected resources"? 268 // protected resources. TODO(kalman): What are "protected resources"?
269 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy, 269 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy,
270 // Extension resources are HTTP-like and safe to expose to the fetch API. 270 // Extension resources are HTTP-like and safe to expose to the fetch API.
271 // The rules for the fetch API are consistent with XHR. 271 // The rules for the fetch API are consistent with XHR.
272 WebSecurityPolicy::registerURLSchemeAsSupportingFetchAPI, 272 WebSecurityPolicy::registerURLSchemeAsSupportingFetchAPI,
273 // Extension resources, when loaded as the top-level document, should
274 // bypass Blink's strict first-party origin checks.
275 WebSecurityPolicy::registerURLSchemeAsFirstPartyWhenTopLevel,
273 }; 276 };
274 277
275 WebString extension_scheme(base::ASCIIToUTF16(kExtensionScheme)); 278 WebString extension_scheme(base::ASCIIToUTF16(kExtensionScheme));
276 WebString extension_resource_scheme(base::ASCIIToUTF16( 279 WebString extension_resource_scheme(base::ASCIIToUTF16(
277 kExtensionResourceScheme)); 280 kExtensionResourceScheme));
278 for (RegisterFunction func : register_functions) { 281 for (RegisterFunction func : register_functions) {
279 func(extension_scheme); 282 func(extension_scheme);
280 func(extension_resource_scheme); 283 func(extension_resource_scheme);
281 } 284 }
282 } 285 }
(...skipping 1284 matching lines...) Expand 10 before | Expand all | Expand 10 after
1567 void Dispatcher::AddChannelSpecificFeatures() { 1570 void Dispatcher::AddChannelSpecificFeatures() {
1568 // chrome-extension: resources should be allowed to register a Service Worker. 1571 // chrome-extension: resources should be allowed to register a Service Worker.
1569 if (FeatureProvider::GetBehaviorFeature(BehaviorFeature::kServiceWorker) 1572 if (FeatureProvider::GetBehaviorFeature(BehaviorFeature::kServiceWorker)
1570 ->IsAvailableToEnvironment() 1573 ->IsAvailableToEnvironment()
1571 .is_available()) 1574 .is_available())
1572 WebSecurityPolicy::registerURLSchemeAsAllowingServiceWorkers( 1575 WebSecurityPolicy::registerURLSchemeAsAllowingServiceWorkers(
1573 WebString::fromUTF8(kExtensionScheme)); 1576 WebString::fromUTF8(kExtensionScheme));
1574 } 1577 }
1575 1578
1576 } // namespace extensions 1579 } // namespace extensions
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698