| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/nacl/renderer/ppb_nacl_private.h" | 5 #include "components/nacl/renderer/ppb_nacl_private.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 #include <numeric> | 9 #include <numeric> |
| 10 #include <string> | 10 #include <string> |
| (...skipping 90 matching lines...) Loading... |
| 101 const GURL& gurl) { | 101 const GURL& gurl) { |
| 102 // Fast path only works for installed file URLs. | 102 // Fast path only works for installed file URLs. |
| 103 if (!gurl.SchemeIs("chrome-extension")) | 103 if (!gurl.SchemeIs("chrome-extension")) |
| 104 return PP_kInvalidFileHandle; | 104 return PP_kInvalidFileHandle; |
| 105 | 105 |
| 106 // IMPORTANT: Make sure the document can request the given URL. If we don't | 106 // IMPORTANT: Make sure the document can request the given URL. If we don't |
| 107 // check, a malicious app could probe the extension system. This enforces a | 107 // check, a malicious app could probe the extension system. This enforces a |
| 108 // same-origin policy which prevents the app from requesting resources from | 108 // same-origin policy which prevents the app from requesting resources from |
| 109 // another app. | 109 // another app. |
| 110 blink::WebSecurityOrigin security_origin = | 110 blink::WebSecurityOrigin security_origin = |
| 111 plugin_instance->GetContainer()->element().document().securityOrigin(); | 111 plugin_instance->GetContainer()->element().document().getSecurityOrigin(); |
| 112 return security_origin.canRequest(gurl); | 112 return security_origin.canRequest(gurl); |
| 113 } | 113 } |
| 114 | 114 |
| 115 // This contains state that is produced by LaunchSelLdr() and consumed | 115 // This contains state that is produced by LaunchSelLdr() and consumed |
| 116 // by StartPpapiProxy(). | 116 // by StartPpapiProxy(). |
| 117 struct InstanceInfo { | 117 struct InstanceInfo { |
| 118 InstanceInfo() : plugin_pid(base::kNullProcessId), plugin_child_id(0) {} | 118 InstanceInfo() : plugin_pid(base::kNullProcessId), plugin_child_id(0) {} |
| 119 GURL url; | 119 GURL url; |
| 120 ppapi::PpapiPermissions permissions; | 120 ppapi::PpapiPermissions permissions; |
| 121 base::ProcessId plugin_pid; | 121 base::ProcessId plugin_pid; |
| (...skipping 204 matching lines...) Loading... |
| 326 DISALLOW_COPY_AND_ASSIGN(ManifestServiceProxy); | 326 DISALLOW_COPY_AND_ASSIGN(ManifestServiceProxy); |
| 327 }; | 327 }; |
| 328 | 328 |
| 329 blink::WebURLLoader* CreateWebURLLoader(const blink::WebDocument& document, | 329 blink::WebURLLoader* CreateWebURLLoader(const blink::WebDocument& document, |
| 330 const GURL& gurl) { | 330 const GURL& gurl) { |
| 331 blink::WebURLLoaderOptions options; | 331 blink::WebURLLoaderOptions options; |
| 332 options.untrustedHTTP = true; | 332 options.untrustedHTTP = true; |
| 333 | 333 |
| 334 // Options settings here follow the original behavior in the trusted | 334 // Options settings here follow the original behavior in the trusted |
| 335 // plugin and PepperURLLoaderHost. | 335 // plugin and PepperURLLoaderHost. |
| 336 if (document.securityOrigin().canRequest(gurl)) { | 336 if (document.getSecurityOrigin().canRequest(gurl)) { |
| 337 options.allowCredentials = true; | 337 options.allowCredentials = true; |
| 338 } else { | 338 } else { |
| 339 // Allow CORS. | 339 // Allow CORS. |
| 340 options.crossOriginRequestPolicy = | 340 options.crossOriginRequestPolicy = |
| 341 blink::WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; | 341 blink::WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; |
| 342 } | 342 } |
| 343 return document.frame()->createAssociatedURLLoader(options); | 343 return document.frame()->createAssociatedURLLoader(options); |
| 344 } | 344 } |
| 345 | 345 |
| 346 blink::WebURLRequest CreateWebURLRequest(const blink::WebDocument& document, | 346 blink::WebURLRequest CreateWebURLRequest(const blink::WebDocument& document, |
| (...skipping 1420 matching lines...) Loading... |
| 1767 // Mark the request as requesting a PNaCl bitcode file, | 1767 // Mark the request as requesting a PNaCl bitcode file, |
| 1768 // so that component updater can detect this user action. | 1768 // so that component updater can detect this user action. |
| 1769 url_request.addHTTPHeaderField( | 1769 url_request.addHTTPHeaderField( |
| 1770 blink::WebString::fromUTF8("Accept"), | 1770 blink::WebString::fromUTF8("Accept"), |
| 1771 blink::WebString::fromUTF8("application/x-pnacl, */*")); | 1771 blink::WebString::fromUTF8("application/x-pnacl, */*")); |
| 1772 url_request.setRequestContext(blink::WebURLRequest::RequestContextObject); | 1772 url_request.setRequestContext(blink::WebURLRequest::RequestContextObject); |
| 1773 downloader->Load(url_request); | 1773 downloader->Load(url_request); |
| 1774 } | 1774 } |
| 1775 | 1775 |
| 1776 } // namespace nacl | 1776 } // namespace nacl |
| OLD | NEW |
|---|
Chromium Code Reviews