Index: content/renderer/render_thread_impl.cc |
diff --git a/content/renderer/render_thread_impl.cc b/content/renderer/render_thread_impl.cc |
index 3e422031b5d329a33646975b044e29c49c173e07..6bc51187cef0ea14d74646927f95761a0be2f166 100644 |
--- a/content/renderer/render_thread_impl.cc |
+++ b/content/renderer/render_thread_impl.cc |
@@ -984,6 +984,16 @@ void RenderThreadImpl::RegisterSchemes() { |
WebString swappedout_scheme(base::ASCIIToUTF16(kSwappedOutScheme)); |
WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(swappedout_scheme); |
WebSecurityPolicy::registerURLSchemeAsEmptyDocument(swappedout_scheme); |
+ |
+ // This scheme serves resources that may be injected into the |
+ // web page (e.g. by Blink). This isn't mixed content, and |
+ // content security policy doesn't apply. |
+ WebString resource_scheme(base::ASCIIToUTF16(kResourceScheme)); |
+ WebSecurityPolicy::registerURLSchemeAsSecure(resource_scheme); |
+ WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy( |
+ resource_scheme, static_cast<WebSecurityPolicy::PolicyAreas>( |
+ WebSecurityPolicy::PolicyAreaImage | |
+ WebSecurityPolicy::PolicyAreaStyle)); |
} |
void RenderThreadImpl::NotifyTimezoneChange() { |