Index: Source/core/frame/SubresourceIntegrity.cpp |
diff --git a/Source/core/frame/SubresourceIntegrity.cpp b/Source/core/frame/SubresourceIntegrity.cpp |
index 0e041528d1f6cfa6a5db2bee128e5e2e9caf9afa..2446441f03c77a9118624e4e4692b31d6e99658b 100644 |
--- a/Source/core/frame/SubresourceIntegrity.cpp |
+++ b/Source/core/frame/SubresourceIntegrity.cpp |
@@ -87,26 +87,6 @@ bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, con |
Document& document = element.document(); |
- // Instead of just checking SecurityOrigin::isSecure on resourceUrl, this |
- // checks canAccessFeatureRequiringSecureOrigin so that file:// protocols |
- // and localhost resources can be allowed. These may be useful for testing |
- // and are allowed for features requiring authenticated origins, so Chrome |
- // allows them here. |
- String insecureOriginMsg = ""; |
- RefPtr<SecurityOrigin> resourceSecurityOrigin = SecurityOrigin::create(resourceUrl); |
- if (!document.securityOrigin()->canAccessFeatureRequiringSecureOrigin(insecureOriginMsg)) { |
- UseCounter::count(document, UseCounter::SRIElementWithIntegrityAttributeAndInsecureOrigin); |
jww
2014/12/16 03:36:35
If this CL eventually lands, we should deprecate t
|
- // FIXME: This console message should probably utilize |
- // inesecureOriginMsg to give a more helpful message to the user. |
- logErrorToConsole("The 'integrity' attribute may only be used in documents in secure origins.", document); |
- return false; |
- } |
- if (!resourceSecurityOrigin->canAccessFeatureRequiringSecureOrigin(insecureOriginMsg)) { |
- UseCounter::count(document, UseCounter::SRIElementWithIntegrityAttributeAndInsecureResource); |
- logErrorToConsole("The 'integrity' attribute may only be used with resources on secure origins.", document); |
- return false; |
- } |
- |
String integrity; |
HashAlgorithm algorithm; |
String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); |