| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/chrome_content_renderer_client.h" | 5 #include "chrome/renderer/chrome_content_renderer_client.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/debug/crash_logging.h" | 8 #include "base/debug/crash_logging.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/metrics/field_trial.h" | 10 #include "base/metrics/field_trial.h" |
| (...skipping 382 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 393 WebSecurityPolicy::registerURLSchemeAsLocal(external_file_scheme); | 393 WebSecurityPolicy::registerURLSchemeAsLocal(external_file_scheme); |
| 394 #endif | 394 #endif |
| 395 | 395 |
| 396 // chrome: and chrome-search: pages should not be accessible by bookmarklets | 396 // chrome: and chrome-search: pages should not be accessible by bookmarklets |
| 397 // or javascript: URLs typed in the omnibox. | 397 // or javascript: URLs typed in the omnibox. |
| 398 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs( | 398 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs( |
| 399 chrome_ui_scheme); | 399 chrome_ui_scheme); |
| 400 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs( | 400 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs( |
| 401 chrome_search_scheme); | 401 chrome_search_scheme); |
| 402 | 402 |
| 403 // chrome:, chrome-search:, and chrome-extension: resources shouldn't trigger | 403 // chrome:, chrome-search:, chrome-extension:, and chrome-extension-resource: |
| 404 // insecure content warnings. | 404 // resources shouldn't trigger insecure content warnings. |
| 405 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_ui_scheme); | 405 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_ui_scheme); |
| 406 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_search_scheme); | 406 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_search_scheme); |
| 407 | 407 |
| 408 WebString extension_scheme(ASCIIToUTF16(extensions::kExtensionScheme)); | 408 WebString extension_scheme(ASCIIToUTF16(extensions::kExtensionScheme)); |
| 409 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme); | 409 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme); |
| 410 | 410 |
| 411 // chrome-extension: resources should be allowed to receive CORS requests. | |
| 412 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme); | |
| 413 | |
| 414 WebString extension_resource_scheme( | 411 WebString extension_resource_scheme( |
| 415 ASCIIToUTF16(extensions::kExtensionResourceScheme)); | 412 ASCIIToUTF16(extensions::kExtensionResourceScheme)); |
| 416 WebSecurityPolicy::registerURLSchemeAsSecure(extension_resource_scheme); | 413 WebSecurityPolicy::registerURLSchemeAsSecure(extension_resource_scheme); |
| 417 | 414 |
| 418 // chrome-extension-resource: resources should be allowed to receive CORS | 415 // chrome:, chrome-extension:, chrome-extension-resource: resources should be |
| 419 // requests. | 416 // allowed to receive CORS requests. |
| 417 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(chrome_ui_scheme); |
| 418 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme); |
| 420 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_resource_scheme); | 419 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_resource_scheme); |
| 421 | 420 |
| 422 // chrome-extension: resources should bypass Content Security Policy checks | 421 // chrome-extension: resources should bypass Content Security Policy checks |
| 423 // when included in protected resources. | 422 // when included in protected resources. |
| 424 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy( | 423 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy( |
| 425 extension_scheme); | 424 extension_scheme); |
| 426 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy( | 425 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy( |
| 427 extension_resource_scheme); | 426 extension_resource_scheme); |
| 428 | 427 |
| 429 #if defined(OS_WIN) | 428 #if defined(OS_WIN) |
| (...skipping 1140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1570 content::BrowserPluginDelegate* | 1569 content::BrowserPluginDelegate* |
| 1571 ChromeContentRendererClient::CreateBrowserPluginDelegate( | 1570 ChromeContentRendererClient::CreateBrowserPluginDelegate( |
| 1572 content::RenderFrame* render_frame, | 1571 content::RenderFrame* render_frame, |
| 1573 const std::string& mime_type) { | 1572 const std::string& mime_type) { |
| 1574 #if defined(ENABLE_EXTENSIONS) | 1573 #if defined(ENABLE_EXTENSIONS) |
| 1575 return new extensions::GuestViewContainer(render_frame, mime_type); | 1574 return new extensions::GuestViewContainer(render_frame, mime_type); |
| 1576 #else | 1575 #else |
| 1577 return NULL; | 1576 return NULL; |
| 1578 #endif | 1577 #endif |
| 1579 } | 1578 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 613733002:
Enabled CORS for chrome://resources. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master