Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(68)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/renderer/dispatcher.cc

Issue 2623353002: Share schemes needed for mixed content checking between the browser and renderer. (Closed)
Patch Set: remove unused public methods Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/renderer/render_thread_impl.cc ('k') | extensions/shell/common/shell_content_client.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/renderer/dispatcher.h" 5 #include "extensions/renderer/dispatcher.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 8
9 #include <memory> 9 #include <memory>
10 #include <utility> 10 #include <utility>
(...skipping 232 matching lines...) Expand 10 before | Expand all | Expand 10 after
243 // ExtensionAPIEnabledInExtensionServiceWorkers(), but the Dispatcher is 243 // ExtensionAPIEnabledInExtensionServiceWorkers(), but the Dispatcher is
244 // created so early that sending an IPC from browser/ process to synchronize 244 // created so early that sending an IPC from browser/ process to synchronize
245 // this enabled-ness is too late. 245 // this enabled-ness is too late.
246 WorkerThreadDispatcher::Get()->Init(RenderThread::Get()); 246 WorkerThreadDispatcher::Get()->Init(RenderThread::Get());
247 247
248 RenderThread::Get()->RegisterExtension(SafeBuiltins::CreateV8Extension()); 248 RenderThread::Get()->RegisterExtension(SafeBuiltins::CreateV8Extension());
249 249
250 // Register WebSecurityPolicy whitelists for the chrome-extension:// scheme. 250 // Register WebSecurityPolicy whitelists for the chrome-extension:// scheme.
251 WebString extension_scheme(base::ASCIIToUTF16(kExtensionScheme)); 251 WebString extension_scheme(base::ASCIIToUTF16(kExtensionScheme));
252 252
253 // Treat as secure because communication with them is entirely in the browser,
254 // so there is no danger of manipulation or eavesdropping on communication
255 // with them by third parties.
256 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme);
257
258 // As far as Blink is concerned, they should be allowed to receive CORS
259 // requests. At the Extensions layer, requests will actually be blocked unless
260 // overridden by the web_accessible_resources manifest key.
261 // TODO(kalman): See what happens with a service worker.
262 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme);
263
264 // Resources should bypass Content Security Policy checks when included in 253 // Resources should bypass Content Security Policy checks when included in
265 // protected resources. TODO(kalman): What are "protected resources"? 254 // protected resources. TODO(kalman): What are "protected resources"?
266 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy( 255 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(
267 extension_scheme); 256 extension_scheme);
268 257
269 // Extension resources are HTTP-like and safe to expose to the fetch API. The 258 // Extension resources are HTTP-like and safe to expose to the fetch API. The
270 // rules for the fetch API are consistent with XHR. 259 // rules for the fetch API are consistent with XHR.
271 WebSecurityPolicy::registerURLSchemeAsSupportingFetchAPI(extension_scheme); 260 WebSecurityPolicy::registerURLSchemeAsSupportingFetchAPI(extension_scheme);
272 261
273 // Extension resources, when loaded as the top-level document, should bypass 262 // Extension resources, when loaded as the top-level document, should bypass
(...skipping 1182 matching lines...) Expand 10 before | Expand all | Expand 10 after
1456 // The "guestViewDeny" module must always be loaded last. It registers 1445 // The "guestViewDeny" module must always be loaded last. It registers
1457 // error-providing custom elements for the GuestView types that are not 1446 // error-providing custom elements for the GuestView types that are not
1458 // available, and thus all of those types must have been checked and loaded 1447 // available, and thus all of those types must have been checked and loaded
1459 // (or not loaded) beforehand. 1448 // (or not loaded) beforehand.
1460 if (context_type == Feature::BLESSED_EXTENSION_CONTEXT) { 1449 if (context_type == Feature::BLESSED_EXTENSION_CONTEXT) {
1461 module_system->Require("guestViewDeny"); 1450 module_system->Require("guestViewDeny");
1462 } 1451 }
1463 } 1452 }
1464 1453
1465 } // namespace extensions 1454 } // namespace extensions
OLDNEW
« no previous file with comments | « content/renderer/render_thread_impl.cc ('k') | extensions/shell/common/shell_content_client.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698