[ServiceWorker] Set setSkipServiceWorker flag of the request from plugins with private permission.

[ServiceWorker] Set setSkipServiceWorker flag of the request from plugins with private permission.

The plugins with private permission such as Flash plugin can bypass same origin checking by calling URLLoaderResource::GrantUniversalAccess().
They have their own origin checking logic (ex:cross-origin.xml).
If ServiceWorker can intercept the HTTP requests from them, they can be misled.

So ServiceWorker must be disabled for such plugins.

These plugins have PERMISSION_PRIVATE permissions.
 - PDF Viewer
 - Google Talk Plugin Video Renderer
 - Google Talk Effects Plugin
 - Google Talk Plugin
 - Chrome Remote Desktop Viewer
 - Pepper Flash
 - Widevine Cdm Plugin

BUG=413094
Committed: https://crrev.com/69354ff099fcff76361bc74c1abe41b6f45de188
Cr-Commit-Position: refs/heads/master@{#297396}

[horo, 2014-09-26 04:41:09]

Patchset #1 (id:1) has been deleted

[horo, 2014-09-26 04:42:52]

horo@chromium.org changed reviewers:
+ michaeln@chromium.org

[horo, 2014-09-26 04:42:52]

michaeln@
Could you please review this?

[michaeln, 2014-09-29 21:49:44]

lgtm

i think we really only need to prevent hooking xorigin requests but +1 to
preventing all requests for now

(thnx for picking this one up)

[michaeln, 2014-09-29 22:16:15]

Hmmm... what about webplugin_impl.cc and plugin_url_fetcher.cc, it looks like
those also creates url loaders on behalf of plugins. Is that code still
relevant? Skipping sw's for these too would be the more cautious thing todo.

I'm not so familiar the various url loader clients in the renderer and how
they're plugged in. It'd probably be good to get some more eyes on this change.

[horo, 2014-09-30 04:52:49]

On 2014/09/29 22:16:15, michaeln wrote:
> Hmmm... what about webplugin_impl.cc and plugin_url_fetcher.cc, it looks like
> those also creates url loaders on behalf of plugins. Is that code still
> relevant? Skipping sw's for these too would be the more cautious thing todo.
> 
> I'm not so familiar the various url loader clients in the renderer and how
> they're plugged in. It'd probably be good to get some more eyes on this
change.

webplugin_impl.cc and plugin_url_fetcher.cc are used in NPAPI
NPAPI is going to be deprecated.
So I think it is OK to disable ServiceWorker for NPAPI.
I will create another CL.

[horo, 2014-09-30 04:53:21]

horo@chromium.org changed reviewers:
+ jochen@chromium.org

[horo, 2014-09-30 04:53:21]

jochen@
Could you please review this?

[jochen (gone - plz use gerrit), 2014-09-30 08:42:20]

lgtm

[horo, 2014-09-30 09:00:05]

The CQ bit was checked by horo@chromium.org

[commit-bot: I haz the power, 2014-09-30 09:00:37]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/606993002/20001

[commit-bot: I haz the power, 2014-09-30 10:09:28]

Committed patchset #1 (id:20001) as dd3af7b24992aae23c438d26deafdd04cff30039

[commit-bot: I haz the power, 2014-09-30 10:10:04]

Patchset 1 (id:??) landed as
https://crrev.com/69354ff099fcff76361bc74c1abe41b6f45de188
Cr-Commit-Position: refs/heads/master@{#297396}