Index: chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java |
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java b/chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java |
index d6d3b11a2a766a6bb94c176e550eae415294c97f..ef7f31860f11720395db5a9bab0c8f9c22a4916d 100644 |
--- a/chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java |
+++ b/chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java |
@@ -424,6 +424,16 @@ public class PaymentRequestImpl implements PaymentRequest, PaymentRequestUI.Clie |
mRequestPayerEmail = options != null && options.requestPayerEmail; |
mShippingType = options == null ? PaymentShippingType.SHIPPING : options.shippingType; |
+ if (!OriginSecurityChecker.isSchemeCryptographic(mWebContents.getLastCommittedUrl()) |
+ && !OriginSecurityChecker.isOriginLocalhostOrFile( |
+ mWebContents.getLastCommittedUrl())) { |
+ Log.d(TAG, "Only localhost, file://, and cryptographic scheme origins allowed"); |
+ // Don't show any UI. Resolve .canMakePayment() with "false". Reject .show() with |
+ // "NotSupportedError". |
+ onAllPaymentAppsCreated(); |
+ return; |
+ } |
+ |
PaymentRequestMetrics.recordRequestedInformationHistogram( |
mRequestPayerEmail, mRequestPayerPhone, mRequestShipping, mRequestPayerName); |