Index: chrome/browser/chrome_content_browser_client.cc |
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc |
index f9f87bc27a3ea7ad6dd264f07bf07535705bf864..08d14eecadbf0ac77476de1aabe9dcc37662dc04 100644 |
--- a/chrome/browser/chrome_content_browser_client.cc |
+++ b/chrome/browser/chrome_content_browser_client.cc |
@@ -2261,8 +2261,21 @@ void ChromeContentBrowserClient::OverrideWebkitPrefs( |
if (!prefs->GetBoolean(prefs::kWebKitJavascriptEnabled)) |
web_prefs->javascript_enabled = false; |
- if (!prefs->GetBoolean(prefs::kWebKitWebSecurityEnabled)) |
+ |
+ // Only allow disabling web security via the command-line flag if the user |
+ // has specified a distinct profile directory. This still enables tests to |
+ // disable web security by setting the pref directly. |
+ base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); |
+ if (!prefs->GetBoolean(prefs::kWebKitWebSecurityEnabled)) { |
web_prefs->web_security_enabled = false; |
+ } else if (!web_prefs->web_security_enabled && |
+ command_line->HasSwitch(switches::kDisableWebSecurity) && |
+ !command_line->HasSwitch(switches::kUserDataDir)) { |
+ VLOG(1) << "Web security may only be disabled if '--user-data-dir' is " |
Mike West
2015/12/09 12:37:55
Maybe `LOG(ERROR)`?
|
+ "also specified."; |
+ web_prefs->web_security_enabled = true; |
+ } |
+ |
if (!prefs->GetBoolean(prefs::kWebKitPluginsEnabled)) |
web_prefs->plugins_enabled = false; |
web_prefs->loads_images_automatically = |