Index: content/browser/service_worker/service_worker_controllee_request_handler.cc |
diff --git a/content/browser/service_worker/service_worker_controllee_request_handler.cc b/content/browser/service_worker/service_worker_controllee_request_handler.cc |
index 1187e94b3c0af5e11cd92a30733303c54dd10fcc..a770172e60534cf7c3c72b0af0962ce3bc1fc3a7 100644 |
--- a/content/browser/service_worker/service_worker_controllee_request_handler.cc |
+++ b/content/browser/service_worker/service_worker_controllee_request_handler.cc |
@@ -212,6 +212,24 @@ ServiceWorkerControlleeRequestHandler::DidLookupRegistrationForMainResource( |
return; |
} |
+ if (!provider_host_->is_parent_frame_secure()) { |
+ std::set<std::string> schemes; |
+ GetContentClient() |
+ ->browser() |
+ ->GetSchemesBypassingSecureContextCheckWhitelist(&schemes); |
+ if (schemes.find(provider_host_->document_url().scheme()) == |
Marijn Kruisselbrink
2016/06/02 22:44:43
Would it make sense to combine both the is_parent_
falken
2016/06/03 08:22:05
I like that and ended up adopting your patch, than
|
+ schemes.end()) { |
+ // TODO(falken): Figure out a way to surface in the page's DevTools |
+ // console that the service worker was blocked for security. |
+ job_->FallbackToNetwork(); |
+ TRACE_EVENT_ASYNC_END1( |
+ "ServiceWorker", |
+ "ServiceWorkerControlleeRequestHandler::PrepareForMainResource", |
+ job_.get(), "Info", "Insecure context"); |
+ return; |
+ } |
+ } |
+ |
if (need_to_update) { |
force_update_started_ = true; |
context_->UpdateServiceWorker( |