service worker: Don't control a subframe of an insecure context

content/public/browser/content_browser_client.h

Index: content/public/browser/content_browser_client.h
diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h
index 56b709c056f6d638e4121c36d4f391c1cff9d77c..d1f9ae03b71b090d9e6b2909c20b482ed2759526 100644
--- a/content/public/browser/content_browser_client.h
+++ b/content/public/browser/content_browser_client.h
@@ -596,6 +596,12 @@ class CONTENT_EXPORT ContentBrowserClient {
   virtual void GetAdditionalAllowedSchemesForFileSystem(
       std::vector<std::string>* additional_schemes) {}
 
+  // |schemes| is a return value parameter that gets a whitelist of schemes that
+  // should bypass the Is Privileged Context check.
+  // See http://www.w3.org/TR/powerful-features/#settings-privileged
+  virtual void GetSchemesBypassingSecureContextCheckWhitelist(
+      std::set<std::string>* schemes) {}

[dcheng, 2016/06/07 02:21:20]

I guess this is just following existing convention, but note that it's fine to
return this by value: copy elision will generally prevent us from copying
anyway. If I saw something like this (without looking at the declaration), I
might think that it could return a bool or error or something else like that.

[falken, 2016/06/07 03:14:29]

Thanks I see. I decided to keep this for consistency with the existing
GetSchemesBypassingSecureContextCheckWhitelist.

+
   // Returns auto mount handlers for URL requests for FileSystem APIs.
   virtual void GetURLRequestAutoMountHandlers(
       std::vector<storage::URLRequestAutoMountHandler>* handlers) {}