Index: third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.cpp |
diff --git a/third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.cpp b/third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.cpp |
index e8c3b7bae9441310de21a0791793174118a1bc8d..b9b2f3429e34202ef95c8769524f0c13664f709a 100644 |
--- a/third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.cpp |
+++ b/third_party/WebKit/Source/modules/payments/PaymentAppServiceWorkerRegistration.cpp |
@@ -4,10 +4,14 @@ |
#include "modules/payments/PaymentAppServiceWorkerRegistration.h" |
+#include "bindings/core/v8/ExceptionState.h" |
#include "core/dom/Document.h" |
+#include "core/dom/ExecutionContext.h" |
#include "modules/payments/PaymentManager.h" |
#include "modules/serviceworkers/ServiceWorkerRegistration.h" |
#include "platform/bindings/ScriptState.h" |
+#include "platform/weborigin/KURL.h" |
+#include "platform/weborigin/SecurityOrigin.h" |
namespace blink { |
@@ -32,13 +36,27 @@ PaymentAppServiceWorkerRegistration& PaymentAppServiceWorkerRegistration::From( |
// static |
PaymentManager* PaymentAppServiceWorkerRegistration::paymentManager( |
ScriptState* script_state, |
- ServiceWorkerRegistration& registration) { |
+ ServiceWorkerRegistration& registration, |
+ ExceptionState& exception_state) { |
return PaymentAppServiceWorkerRegistration::From(registration) |
- .paymentManager(script_state); |
+ .paymentManager(script_state, exception_state); |
} |
PaymentManager* PaymentAppServiceWorkerRegistration::paymentManager( |
- ScriptState* script_state) { |
+ ScriptState* script_state, |
+ ExceptionState& exception_state) { |
+ ExecutionContext* context = ExecutionContext::From(script_state); |
+ KURL origin = KURL(KURL(), context->GetSecurityOrigin()->ToString()); |
+ |
+ // The PaymentManager can be used only in SecureContext but we don't want to |
+ // enable the feature in Extension side. So, we additionally need the follwing |
+ // check whether the origin is HTTPS or not. |
+ if (!origin.ProtocolIsInHTTPFamily()) { |
+ exception_state.ThrowSecurityError( |
+ "PaymentManger can be used only in HTTPS scheme."); |
+ return nullptr; |
+ } |
+ |
if (!payment_manager_) { |
payment_manager_ = PaymentManager::Create(registration_); |
} |