Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(154)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/renderer/dispatcher.cc

Issue 2679383003: Share schemes needed for CSP between the browser and the renderer. (Closed)
Patch Set: Rebase and fix conflict. Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/public/common/content_client.h ('k') | extensions/shell/common/shell_content_client.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/renderer/dispatcher.h" 5 #include "extensions/renderer/dispatcher.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 8
9 #include <memory> 9 #include <memory>
10 #include <utility> 10 #include <utility>
(...skipping 251 matching lines...) Expand 10 before | Expand all | Expand 10 after
262 // ExtensionAPIEnabledInExtensionServiceWorkers(), but the Dispatcher is 262 // ExtensionAPIEnabledInExtensionServiceWorkers(), but the Dispatcher is
263 // created so early that sending an IPC from browser/ process to synchronize 263 // created so early that sending an IPC from browser/ process to synchronize
264 // this enabled-ness is too late. 264 // this enabled-ness is too late.
265 WorkerThreadDispatcher::Get()->Init(RenderThread::Get()); 265 WorkerThreadDispatcher::Get()->Init(RenderThread::Get());
266 266
267 RenderThread::Get()->RegisterExtension(SafeBuiltins::CreateV8Extension()); 267 RenderThread::Get()->RegisterExtension(SafeBuiltins::CreateV8Extension());
268 268
269 // Register WebSecurityPolicy whitelists for the chrome-extension:// scheme. 269 // Register WebSecurityPolicy whitelists for the chrome-extension:// scheme.
270 WebString extension_scheme(WebString::fromASCII(kExtensionScheme)); 270 WebString extension_scheme(WebString::fromASCII(kExtensionScheme));
271 271
272 // Resources should bypass Content Security Policy checks when included in
273 // protected resources. TODO(kalman): What are "protected resources"?
274 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(
275 extension_scheme);
276
277 // Extension resources are HTTP-like and safe to expose to the fetch API. The 272 // Extension resources are HTTP-like and safe to expose to the fetch API. The
278 // rules for the fetch API are consistent with XHR. 273 // rules for the fetch API are consistent with XHR.
279 WebSecurityPolicy::registerURLSchemeAsSupportingFetchAPI(extension_scheme); 274 WebSecurityPolicy::registerURLSchemeAsSupportingFetchAPI(extension_scheme);
280 275
281 // Extension resources, when loaded as the top-level document, should bypass 276 // Extension resources, when loaded as the top-level document, should bypass
282 // Blink's strict first-party origin checks. 277 // Blink's strict first-party origin checks.
283 WebSecurityPolicy::registerURLSchemeAsFirstPartyWhenTopLevel( 278 WebSecurityPolicy::registerURLSchemeAsFirstPartyWhenTopLevel(
284 extension_scheme); 279 extension_scheme);
285 280
286 // For extensions, we want to ensure we call the IdleHandler every so often, 281 // For extensions, we want to ensure we call the IdleHandler every so often,
(...skipping 1121 matching lines...) Expand 10 before | Expand all | Expand 10 after
1408 // The "guestViewDeny" module must always be loaded last. It registers 1403 // The "guestViewDeny" module must always be loaded last. It registers
1409 // error-providing custom elements for the GuestView types that are not 1404 // error-providing custom elements for the GuestView types that are not
1410 // available, and thus all of those types must have been checked and loaded 1405 // available, and thus all of those types must have been checked and loaded
1411 // (or not loaded) beforehand. 1406 // (or not loaded) beforehand.
1412 if (context_type == Feature::BLESSED_EXTENSION_CONTEXT) { 1407 if (context_type == Feature::BLESSED_EXTENSION_CONTEXT) {
1413 module_system->Require("guestViewDeny"); 1408 module_system->Require("guestViewDeny");
1414 } 1409 }
1415 } 1410 }
1416 1411
1417 } // namespace extensions 1412 } // namespace extensions
OLDNEW
« no previous file with comments | « content/public/common/content_client.h ('k') | extensions/shell/common/shell_content_client.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698