Index: content/renderer/shared_worker/embedded_shared_worker_stub.cc |
diff --git a/content/renderer/shared_worker/embedded_shared_worker_stub.cc b/content/renderer/shared_worker/embedded_shared_worker_stub.cc |
index 090ba0ea4fd31039ad3866583fe56dec69014507..6183ad5cb6c7262f03b914f7c65a5430b15f8d36 100644 |
--- a/content/renderer/shared_worker/embedded_shared_worker_stub.cc |
+++ b/content/renderer/shared_worker/embedded_shared_worker_stub.cc |
@@ -272,6 +272,12 @@ EmbeddedSharedWorkerStub::CreateWorkerFetchContext( |
std::unique_ptr<WorkerFetchContextImpl> worker_fetch_context = |
base::MakeUnique<WorkerFetchContextImpl>( |
worker_url_loader_factory_provider.PassInterface()); |
+ // TODO(horo): Currently we treat the worker context as secure if the origin |
+ // of the shared worker script url is secure. But according to the spec, if |
+ // the creation context is not secure, we should treat the worker as |
+ // non-secure. crbug.com/723575 |
falken
2017/05/18 02:14:13
just to confirm, this is not a regression with off
horo
2017/05/18 03:59:53
Yes this is an existing bug even without OffMainTh
|
+ // https://www.w3.org/TR/secure-contexts/#examples-shared-workers |
falken
2017/05/18 02:14:13
link to the newest spec:
https://w3c.github.io/web
horo
2017/05/18 03:59:53
Done.
|
+ worker_fetch_context->set_is_secure_context(IsOriginSecure(url_)); |
if (web_network_provider) { |
ServiceWorkerNetworkProvider* network_provider = |
ServiceWorkerNetworkProvider::FromWebServiceWorkerNetworkProvider( |