Share schemes needed for mixed content checking between the browser and renderer.

third_party/WebKit/Source/platform/weborigin/SchemeRegistry.cpp

 /*
  * Copyright (C) 2010 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  *
  * THIS SOFTWARE IS PROVIDED BY APPLE, INC. ``AS IS'' AND ANY
  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
 
 #include "platform/weborigin/SchemeRegistry.h"
 
+#include "url/url_util.h"
 #include "wtf/ThreadSpecific.h"
 #include "wtf/Threading.h"
 #include "wtf/ThreadingPrimitives.h"
 #include "wtf/text/StringBuilder.h"
 
 namespace blink {
 
 namespace {
 
 class URLSchemesRegistry final {
  public:
   URLSchemesRegistry()
-      : localSchemes({"file"}),
-        secureSchemes({"https", "about", "data", "wss"}),
-        schemesWithUniqueOrigins({"about", "javascript", "data"}),
-        emptyDocumentSchemes({"about"}),
-        CORSEnabledSchemes({"http", "https", "data"}),
+      : emptyDocumentSchemes({"about"}),
         // For ServiceWorker schemes: HTTP is required because http://localhost
         // is considered secure. Additional checks are performed to ensure that
         // other http pages are filtered out.
         serviceWorkerSchemes({"http", "https"}),
         fetchAPISchemes({"http", "https"}),
-        allowedInReferrerSchemes({"http", "https"}) {}
+        allowedInReferrerSchemes({"http", "https"}) {
+    for (auto& scheme : url::GetLocalSchemes())
+      localSchemes.add(scheme.c_str());
+    for (auto& scheme : url::GetSecureSchemes())
+      secureSchemes.add(scheme.c_str());
+    for (auto& scheme : url::GetNoAccessSchemes())
+      schemesWithUniqueOrigins.add(scheme.c_str());
+    for (auto& scheme : url::GetCORSEnabledSchemes())
+      CORSEnabledSchemes.add(scheme.c_str());
+  }
   ~URLSchemesRegistry() = default;
 
   URLSchemesSet localSchemes;
   URLSchemesSet displayIsolatedURLSchemes;
   URLSchemesSet secureSchemes;
   URLSchemesSet schemesWithUniqueOrigins;
   URLSchemesSet emptyDocumentSchemes;
   URLSchemesSet schemesForbiddenFromDomainRelaxation;
   URLSchemesSet notAllowingJavascriptURLsSchemes;
   URLSchemesSet CORSEnabledSchemes;
@@ skipping 291 matching lines @@
 
 bool SchemeRegistry::schemeShouldBypassSecureContextCheck(
     const String& scheme) {
   if (scheme.isEmpty())
     return false;
   DCHECK_EQ(scheme, scheme.lower());
   return getURLSchemesRegistry().secureContextBypassingSchemes.contains(scheme);
 }
 
 }  // namespace blink