Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5805)

Unified Diff: chrome/browser/permissions/permission_context_base.cc

Issue 2886363002: Flip the kRequireSecureOriginsForPepperMediaRequests to enabled by default (Closed)
Patch Set: Flip the kRequireSecureOriginsForPepperMediaRequests to enabled by default Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/permissions/permission_context_base.cc
diff --git a/chrome/browser/permissions/permission_context_base.cc b/chrome/browser/permissions/permission_context_base.cc
index 0e5ac6a0873f5bbfcc05b2bc236ff69f23734567..35af53f6364a197a3a2139ad9cd4e767efe427b2 100644
--- a/chrome/browser/permissions/permission_context_base.cc
+++ b/chrome/browser/permissions/permission_context_base.cc
@@ -36,6 +36,7 @@
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/web_contents.h"
#include "content/public/common/origin_util.h"
+#include "extensions/common/constants.h"
#include "url/gurl.h"
#if defined(OS_ANDROID)
@@ -226,10 +227,17 @@ PermissionResult PermissionContextBase::GetPermissionStatus(
}
if (IsRestrictedToSecureOrigins()) {
+ if (!content::IsOriginSecure(requesting_origin)) {
+ return PermissionResult(CONTENT_SETTING_BLOCK,
+ PermissionStatusSource::UNSPECIFIED);
+ }
+
// TODO(raymes): We should check the entire chain of embedders here whenever
// possible as this corresponds to the requirements of the secure contexts
- // spec and matches what is implemented in blink.
- if (!content::IsOriginSecure(requesting_origin) ||
+ // spec and matches what is implemented in blink. Right now we just check
+ // the top level and requesting origins. Note: chrome-extension:// origins
+ // are currently exempt from checking the embedder chain. crbug.com/530507.
+ if (!requesting_origin.SchemeIs(extensions::kExtensionScheme) &&
raymes 2017/05/22 04:09:39 timloh: I had to add this exception to make tests
Timothy Loh 2017/05/22 04:31:18 Seems reasonable.
!content::IsOriginSecure(embedding_origin)) {
return PermissionResult(CONTENT_SETTING_BLOCK,
PermissionStatusSource::UNSPECIFIED);
« no previous file with comments | « chrome/browser/media/webrtc/media_stream_devices_controller_browsertest.cc ('k') | content/public/common/content_features.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698