| Index: chrome/browser/resources/cryptotoken/enroller.js
|
| diff --git a/chrome/browser/resources/cryptotoken/enroller.js b/chrome/browser/resources/cryptotoken/enroller.js
|
| index d8ef537faf8d704e4a21e7a914ec1779d0f944d3..ebc7f58acb105efb51a1c2ea2959706c92f188ab 100644
|
| --- a/chrome/browser/resources/cryptotoken/enroller.js
|
| +++ b/chrome/browser/resources/cryptotoken/enroller.js
|
| @@ -50,6 +50,10 @@ function handleWebEnrollRequest(messageSender, request, sendResponse) {
|
| sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});
|
| return null;
|
| }
|
| + if (sender.origin.indexOf('http://') == 0 && !HTTP_ORIGINS_ALLOWED) {
|
| + sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});
|
| + return null;
|
| + }
|
|
|
| if (!isValidEnrollRequest(request, 'enrollChallenges', 'signData')) {
|
| sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});
|
| @@ -124,6 +128,10 @@ function handleU2fEnrollRequest(messageSender, request, sendResponse) {
|
| sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});
|
| return null;
|
| }
|
| + if (sender.origin.indexOf('http://') == 0 && !HTTP_ORIGINS_ALLOWED) {
|
| + sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});
|
| + return null;
|
| + }
|
|
|
| if (!isValidEnrollRequest(request, 'registerRequests', 'signRequests',
|
| 'registeredKeys')) {
|
|
|
Chromium Code Reviews
Issue 847193003:
Don't allow HTTP origins for the CryptoToken extension. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master