Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1040)

Unified Diff: Source/core/frame/SubresourceIntegrity.cpp

Issue 803773002: SRI: Remove the restriction to HTTPS documents and resources. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Rebase. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | Source/core/frame/SubresourceIntegrityTest.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/frame/SubresourceIntegrity.cpp
diff --git a/Source/core/frame/SubresourceIntegrity.cpp b/Source/core/frame/SubresourceIntegrity.cpp
index 5e677c69b59f740e407b6d1e14babc39b68ad5ce..d7e824e010ca8d821f11996ff69e14e781922104 100644
--- a/Source/core/frame/SubresourceIntegrity.cpp
+++ b/Source/core/frame/SubresourceIntegrity.cpp
@@ -92,26 +92,6 @@ bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, con
Document& document = element.document();
- // Instead of just checking SecurityOrigin::isSecure on resourceUrl, this
- // checks canAccessFeatureRequiringSecureOrigin so that file:// protocols
- // and localhost resources can be allowed. These may be useful for testing
- // and are allowed for features requiring authenticated origins, so Chrome
- // allows them here.
- String insecureOriginMsg = "";
- RefPtr<SecurityOrigin> resourceSecurityOrigin = SecurityOrigin::create(resourceUrl);
- if (!document.securityOrigin()->canAccessFeatureRequiringSecureOrigin(insecureOriginMsg)) {
- UseCounter::count(document, UseCounter::SRIElementWithIntegrityAttributeAndInsecureOrigin);
- // FIXME: This console message should probably utilize
- // inesecureOriginMsg to give a more helpful message to the user.
- logErrorToConsole("The 'integrity' attribute may only be used in documents in secure origins.", document);
- return false;
- }
- if (!resourceSecurityOrigin->canAccessFeatureRequiringSecureOrigin(insecureOriginMsg)) {
- UseCounter::count(document, UseCounter::SRIElementWithIntegrityAttributeAndInsecureResource);
- logErrorToConsole("The 'integrity' attribute may only be used with resources on secure origins.", document);
- return false;
- }
-
String integrity;
HashAlgorithm algorithm;
String type;
« no previous file with comments | « no previous file | Source/core/frame/SubresourceIntegrityTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698