OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/renderer/dispatcher.h" | 5 #include "extensions/renderer/dispatcher.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include <memory> | 9 #include <memory> |
10 #include <utility> | 10 #include <utility> |
(...skipping 232 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
243 // ExtensionAPIEnabledInExtensionServiceWorkers(), but the Dispatcher is | 243 // ExtensionAPIEnabledInExtensionServiceWorkers(), but the Dispatcher is |
244 // created so early that sending an IPC from browser/ process to synchronize | 244 // created so early that sending an IPC from browser/ process to synchronize |
245 // this enabled-ness is too late. | 245 // this enabled-ness is too late. |
246 WorkerThreadDispatcher::Get()->Init(RenderThread::Get()); | 246 WorkerThreadDispatcher::Get()->Init(RenderThread::Get()); |
247 | 247 |
248 RenderThread::Get()->RegisterExtension(SafeBuiltins::CreateV8Extension()); | 248 RenderThread::Get()->RegisterExtension(SafeBuiltins::CreateV8Extension()); |
249 | 249 |
250 // Register WebSecurityPolicy whitelists for the chrome-extension:// scheme. | 250 // Register WebSecurityPolicy whitelists for the chrome-extension:// scheme. |
251 WebString extension_scheme(base::ASCIIToUTF16(kExtensionScheme)); | 251 WebString extension_scheme(base::ASCIIToUTF16(kExtensionScheme)); |
252 | 252 |
253 // Treat as secure because communication with them is entirely in the browser, | |
254 // so there is no danger of manipulation or eavesdropping on communication | |
255 // with them by third parties. | |
256 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme); | |
257 | |
258 // As far as Blink is concerned, they should be allowed to receive CORS | |
259 // requests. At the Extensions layer, requests will actually be blocked unless | |
260 // overridden by the web_accessible_resources manifest key. | |
261 // TODO(kalman): See what happens with a service worker. | |
262 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme); | |
263 | |
264 // Resources should bypass Content Security Policy checks when included in | 253 // Resources should bypass Content Security Policy checks when included in |
265 // protected resources. TODO(kalman): What are "protected resources"? | 254 // protected resources. TODO(kalman): What are "protected resources"? |
266 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy( | 255 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy( |
267 extension_scheme); | 256 extension_scheme); |
268 | 257 |
269 // Extension resources are HTTP-like and safe to expose to the fetch API. The | 258 // Extension resources are HTTP-like and safe to expose to the fetch API. The |
270 // rules for the fetch API are consistent with XHR. | 259 // rules for the fetch API are consistent with XHR. |
271 WebSecurityPolicy::registerURLSchemeAsSupportingFetchAPI(extension_scheme); | 260 WebSecurityPolicy::registerURLSchemeAsSupportingFetchAPI(extension_scheme); |
272 | 261 |
273 // Extension resources, when loaded as the top-level document, should bypass | 262 // Extension resources, when loaded as the top-level document, should bypass |
(...skipping 1182 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1456 // The "guestViewDeny" module must always be loaded last. It registers | 1445 // The "guestViewDeny" module must always be loaded last. It registers |
1457 // error-providing custom elements for the GuestView types that are not | 1446 // error-providing custom elements for the GuestView types that are not |
1458 // available, and thus all of those types must have been checked and loaded | 1447 // available, and thus all of those types must have been checked and loaded |
1459 // (or not loaded) beforehand. | 1448 // (or not loaded) beforehand. |
1460 if (context_type == Feature::BLESSED_EXTENSION_CONTEXT) { | 1449 if (context_type == Feature::BLESSED_EXTENSION_CONTEXT) { |
1461 module_system->Require("guestViewDeny"); | 1450 module_system->Require("guestViewDeny"); |
1462 } | 1451 } |
1463 } | 1452 } |
1464 | 1453 |
1465 } // namespace extensions | 1454 } // namespace extensions |
OLD | NEW |