| Index: chrome/browser/plugins/plugin_utils.cc
|
| diff --git a/chrome/browser/plugins/plugin_utils.cc b/chrome/browser/plugins/plugin_utils.cc
|
| index 582d098b1380424bcca1aa64cad2f0986093c9c5..728166032199c8cbe298fe2f29316fad51edff72 100644
|
| --- a/chrome/browser/plugins/plugin_utils.cc
|
| +++ b/chrome/browser/plugins/plugin_utils.cc
|
| @@ -5,10 +5,12 @@
|
| #include "chrome/browser/plugins/plugin_utils.h"
|
|
|
| #include "base/values.h"
|
| +#include "chrome/common/chrome_features.h"
|
| #include "chrome/common/plugin_utils.h"
|
| #include "components/content_settings/core/browser/host_content_settings_map.h"
|
| #include "content/public/common/webplugininfo.h"
|
| #include "url/gurl.h"
|
| +#include "url/origin.h"
|
|
|
| namespace {
|
|
|
| @@ -17,12 +19,15 @@ const char kFlashPluginID[] = "adobe-flash-player";
|
| void GetPluginContentSettingInternal(
|
| const HostContentSettingsMap* host_content_settings_map,
|
| bool use_javascript_setting,
|
| - const GURL& policy_url,
|
| + const url::Origin& policy_origin,
|
| const GURL& plugin_url,
|
| const std::string& resource,
|
| ContentSetting* setting,
|
| bool* uses_default_content_setting,
|
| bool* is_managed) {
|
| + GURL policy_url =
|
| + policy_origin.unique() ? GURL() : GURL(policy_origin.Serialize());
|
| +
|
| std::unique_ptr<base::Value> value;
|
| content_settings::SettingInfo info;
|
| bool uses_plugin_specific_setting = false;
|
| @@ -31,6 +36,18 @@ void GetPluginContentSettingInternal(
|
| policy_url, policy_url, CONTENT_SETTINGS_TYPE_JAVASCRIPT, std::string(),
|
| &info);
|
| } else {
|
| + // For non-JavaScript treated plugins (Flash), always return BLOCK if the
|
| + // top level origin is any scheme other HTTP, HTTPS, or FILE.
|
| + if (base::FeatureList::IsEnabled(features::kPreferHtmlOverPlugins) &&
|
| + !policy_url.SchemeIsHTTPOrHTTPS() && !policy_url.SchemeIsFile()) {
|
| + *setting = CONTENT_SETTING_BLOCK;
|
| + if (uses_default_content_setting)
|
| + *uses_default_content_setting = true;
|
| + if (is_managed)
|
| + *is_managed = true;
|
| + return;
|
| + }
|
| +
|
| content_settings::SettingInfo specific_info;
|
| std::unique_ptr<base::Value> specific_setting =
|
| host_content_settings_map->GetWebsiteSetting(
|
| @@ -55,6 +72,7 @@ void GetPluginContentSettingInternal(
|
| }
|
| }
|
| *setting = content_settings::ValueToContentSetting(value.get());
|
| +
|
| if (uses_default_content_setting) {
|
| *uses_default_content_setting =
|
| !uses_plugin_specific_setting &&
|
| @@ -71,7 +89,7 @@ void GetPluginContentSettingInternal(
|
| void PluginUtils::GetPluginContentSetting(
|
| const HostContentSettingsMap* host_content_settings_map,
|
| const content::WebPluginInfo& plugin,
|
| - const GURL& policy_url,
|
| + const url::Origin& policy_url,
|
| const GURL& plugin_url,
|
| const std::string& resource,
|
| ContentSetting* setting,
|
| @@ -86,7 +104,7 @@ void PluginUtils::GetPluginContentSetting(
|
| // static
|
| ContentSetting PluginUtils::GetFlashPluginContentSetting(
|
| const HostContentSettingsMap* host_content_settings_map,
|
| - const GURL& policy_url,
|
| + const url::Origin& policy_url,
|
| const GURL& plugin_url,
|
| bool* is_managed) {
|
| ContentSetting plugin_setting = CONTENT_SETTING_DEFAULT;
|
|
|
Chromium Code Reviews
Issue 2378573005:
[HBD] Blanket BLOCK on all non-HTTP(s) and non-FILE URLs for Flash. (Closed)
