| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/chrome_content_renderer_client.h" | 5 #include "chrome/renderer/chrome_content_renderer_client.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/debug/crash_logging.h" | 8 #include "base/debug/crash_logging.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/metrics/field_trial.h" | 10 #include "base/metrics/field_trial.h" |
| (...skipping 467 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 478 // resources shouldn't trigger insecure content warnings. | 478 // resources shouldn't trigger insecure content warnings. |
| 479 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_search_scheme); | 479 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_search_scheme); |
| 480 | 480 |
| 481 WebString extension_scheme(ASCIIToUTF16(extensions::kExtensionScheme)); | 481 WebString extension_scheme(ASCIIToUTF16(extensions::kExtensionScheme)); |
| 482 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme); | 482 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme); |
| 483 | 483 |
| 484 WebString extension_resource_scheme( | 484 WebString extension_resource_scheme( |
| 485 ASCIIToUTF16(extensions::kExtensionResourceScheme)); | 485 ASCIIToUTF16(extensions::kExtensionResourceScheme)); |
| 486 WebSecurityPolicy::registerURLSchemeAsSecure(extension_resource_scheme); | 486 WebSecurityPolicy::registerURLSchemeAsSecure(extension_resource_scheme); |
| 487 | 487 |
| 488 // chrome-search: and chrome-extension-resource: pages should not directly |
| 489 // embed insecure resources. |
| 490 WebSecurityPolicy::registerURLSchemeAsRestrictingMixedContent( |
| 491 chrome_search_scheme); |
| 492 WebSecurityPolicy::registerURLSchemeAsRestrictingMixedContent( |
| 493 extension_resource_scheme); |
| 494 |
| 488 // chrome:, chrome-extension:, chrome-extension-resource: resources should be | 495 // chrome:, chrome-extension:, chrome-extension-resource: resources should be |
| 489 // allowed to receive CORS requests. | 496 // allowed to receive CORS requests. |
| 490 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme); | 497 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme); |
| 491 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_resource_scheme); | 498 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_resource_scheme); |
| 492 | 499 |
| 493 // chrome-extension: resources should bypass Content Security Policy checks | 500 // chrome-extension: resources should bypass Content Security Policy checks |
| 494 // when included in protected resources. | 501 // when included in protected resources. |
| 495 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy( | 502 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy( |
| 496 extension_scheme); | 503 extension_scheme); |
| 497 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy( | 504 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy( |
| (...skipping 1155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1653 WebString header_key(ASCIIToUTF16( | 1660 WebString header_key(ASCIIToUTF16( |
| 1654 data_reduction_proxy::chrome_proxy_header())); | 1661 data_reduction_proxy::chrome_proxy_header())); |
| 1655 if (!response.httpHeaderField(header_key).isNull() && | 1662 if (!response.httpHeaderField(header_key).isNull() && |
| 1656 response.httpHeaderField(header_key).utf8().find( | 1663 response.httpHeaderField(header_key).utf8().find( |
| 1657 data_reduction_proxy::chrome_proxy_lo_fi_directive()) != | 1664 data_reduction_proxy::chrome_proxy_lo_fi_directive()) != |
| 1658 std::string::npos) { | 1665 std::string::npos) { |
| 1659 (*properties)[data_reduction_proxy::chrome_proxy_header()] = | 1666 (*properties)[data_reduction_proxy::chrome_proxy_header()] = |
| 1660 data_reduction_proxy::chrome_proxy_lo_fi_directive(); | 1667 data_reduction_proxy::chrome_proxy_lo_fi_directive(); |
| 1661 } | 1668 } |
| 1662 } | 1669 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 809153004:
Mixed Content: Treat some Chrome schemes as restricting mixed content.
Base URL: https://chromium.googlesource.com/chromium/src.git@master