OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/renderer/dispatcher.h" | 5 #include "extensions/renderer/dispatcher.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/callback.h" | 8 #include "base/callback.h" |
9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
10 #include "base/containers/scoped_ptr_map.h" | 10 #include "base/containers/scoped_ptr_map.h" |
(...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
247 script_injection_manager_.reset( | 247 script_injection_manager_.reset( |
248 new ScriptInjectionManager(user_script_set_manager_.get())); | 248 new ScriptInjectionManager(user_script_set_manager_.get())); |
249 user_script_set_manager_observer_.Add(user_script_set_manager_.get()); | 249 user_script_set_manager_observer_.Add(user_script_set_manager_.get()); |
250 request_sender_.reset(new RequestSender(this)); | 250 request_sender_.reset(new RequestSender(this)); |
251 PopulateSourceMap(); | 251 PopulateSourceMap(); |
252 WakeEventPage::Get()->Init(content::RenderThread::Get()); | 252 WakeEventPage::Get()->Init(content::RenderThread::Get()); |
253 | 253 |
254 // WebSecurityPolicy whitelists. They should be registered for both | 254 // WebSecurityPolicy whitelists. They should be registered for both |
255 // chrome-extension: and chrome-extension-resource. | 255 // chrome-extension: and chrome-extension-resource. |
256 using RegisterFunction = void (*)(const WebString&); | 256 using RegisterFunction = void (*)(const WebString&); |
257 RegisterFunction register_functions[] = { | 257 RegisterFunction register_functions[] = { |
not at google - send to devlin
2015/09/09 18:06:52
This has moved into WebkitInitialized.
| |
258 // Treat as secure because communication with them is entirely in the | 258 // Treat as secure because communication with them is entirely in the |
259 // browser, so there is no danger of manipulation or eavesdropping on | 259 // browser, so there is no danger of manipulation or eavesdropping on |
260 // communication with them by third parties. | 260 // communication with them by third parties. |
261 WebSecurityPolicy::registerURLSchemeAsSecure, | 261 WebSecurityPolicy::registerURLSchemeAsSecure, |
262 // As far as Blink is concerned, they should be allowed to receive CORS | 262 // As far as Blink is concerned, they should be allowed to receive CORS |
263 // requests. At the Extensions layer, requests will actually be blocked | 263 // requests. At the Extensions layer, requests will actually be blocked |
264 // unless overridden by the web_accessible_resources manifest key. | 264 // unless overridden by the web_accessible_resources manifest key. |
265 // TODO(kalman): See what happens with a service worker. | 265 // TODO(kalman): See what happens with a service worker. |
266 WebSecurityPolicy::registerURLSchemeAsCORSEnabled, | 266 WebSecurityPolicy::registerURLSchemeAsCORSEnabled, |
267 // Resources should bypass Content Security Policy checks when included in | 267 // Resources should bypass Content Security Policy checks when included in |
268 // protected resources. TODO(kalman): What are "protected resources"? | 268 // protected resources. TODO(kalman): What are "protected resources"? |
269 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy, | 269 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy, |
270 // Extension resources are HTTP-like and safe to expose to the fetch API. | 270 // Extension resources are HTTP-like and safe to expose to the fetch API. |
271 // The rules for the fetch API are consistent with XHR. | 271 // The rules for the fetch API are consistent with XHR. |
272 WebSecurityPolicy::registerURLSchemeAsSupportingFetchAPI, | 272 WebSecurityPolicy::registerURLSchemeAsSupportingFetchAPI, |
273 // Extension resources, when loaded as the top-level document, should | |
274 // bypass Blink's strict first-party origin checks. | |
275 WebSecurityPolicy::registerURLSchemeAsFirstPartyWhenTopLevel, | |
273 }; | 276 }; |
274 | 277 |
275 WebString extension_scheme(base::ASCIIToUTF16(kExtensionScheme)); | 278 WebString extension_scheme(base::ASCIIToUTF16(kExtensionScheme)); |
276 WebString extension_resource_scheme(base::ASCIIToUTF16( | 279 WebString extension_resource_scheme(base::ASCIIToUTF16( |
277 kExtensionResourceScheme)); | 280 kExtensionResourceScheme)); |
278 for (RegisterFunction func : register_functions) { | 281 for (RegisterFunction func : register_functions) { |
279 func(extension_scheme); | 282 func(extension_scheme); |
280 func(extension_resource_scheme); | 283 func(extension_resource_scheme); |
281 } | 284 } |
282 } | 285 } |
(...skipping 1284 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1567 void Dispatcher::AddChannelSpecificFeatures() { | 1570 void Dispatcher::AddChannelSpecificFeatures() { |
1568 // chrome-extension: resources should be allowed to register a Service Worker. | 1571 // chrome-extension: resources should be allowed to register a Service Worker. |
1569 if (FeatureProvider::GetBehaviorFeature(BehaviorFeature::kServiceWorker) | 1572 if (FeatureProvider::GetBehaviorFeature(BehaviorFeature::kServiceWorker) |
1570 ->IsAvailableToEnvironment() | 1573 ->IsAvailableToEnvironment() |
1571 .is_available()) | 1574 .is_available()) |
1572 WebSecurityPolicy::registerURLSchemeAsAllowingServiceWorkers( | 1575 WebSecurityPolicy::registerURLSchemeAsAllowingServiceWorkers( |
1573 WebString::fromUTF8(kExtensionScheme)); | 1576 WebString::fromUTF8(kExtensionScheme)); |
1574 } | 1577 } |
1575 | 1578 |
1576 } // namespace extensions | 1579 } // namespace extensions |
OLD | NEW |