Index: extensions/renderer/dispatcher.cc |
diff --git a/extensions/renderer/dispatcher.cc b/extensions/renderer/dispatcher.cc |
index a1b2b51ee47ee43a59fec632ec8ab70a01634861..7f45aeba93e3ebc7c59c74476ae1ec58f9da6c88 100644 |
--- a/extensions/renderer/dispatcher.cc |
+++ b/extensions/renderer/dispatcher.cc |
@@ -250,17 +250,6 @@ Dispatcher::Dispatcher(DispatcherDelegate* delegate) |
// Register WebSecurityPolicy whitelists for the chrome-extension:// scheme. |
WebString extension_scheme(base::ASCIIToUTF16(kExtensionScheme)); |
- // Treat as secure because communication with them is entirely in the browser, |
- // so there is no danger of manipulation or eavesdropping on communication |
- // with them by third parties. |
- WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme); |
- |
- // As far as Blink is concerned, they should be allowed to receive CORS |
- // requests. At the Extensions layer, requests will actually be blocked unless |
- // overridden by the web_accessible_resources manifest key. |
- // TODO(kalman): See what happens with a service worker. |
- WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme); |
- |
// Resources should bypass Content Security Policy checks when included in |
// protected resources. TODO(kalman): What are "protected resources"? |
WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy( |