Merge pull request #7947 from beakerbrowser/register-standard-secure-schemes
Add {secure:} opt to protocol.registerStandardSchemes
This commit is contained in:
Kevin Sawicki
GitHub
commit
1d288b69e2
13 changed files with 88 additions and 18 deletions
|
|
@ -197,11 +197,20 @@ void AtomContentClient::AddServiceWorkerSchemes(
|
||||||
std::vector<std::string> schemes;
|
std::vector<std::string> schemes;
|
||||||
ConvertStringWithSeparatorToVector(&schemes, ",",
|
ConvertStringWithSeparatorToVector(&schemes, ",",
|
||||||
switches::kRegisterServiceWorkerSchemes);
|
switches::kRegisterServiceWorkerSchemes);
|
||||||
if (!schemes.empty()) {
|
for (const std::string& scheme : schemes)
|
||||||
for (const std::string& scheme : schemes)
|
service_worker_schemes->insert(scheme);
|
||||||
service_worker_schemes->insert(scheme);
|
|
||||||
}
|
|
||||||
service_worker_schemes->insert(url::kFileScheme);
|
service_worker_schemes->insert(url::kFileScheme);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void AtomContentClient::AddSecureSchemesAndOrigins(
|
||||||
|
std::set<std::string>* secure_schemes,
|
||||||
|
std::set<GURL>* secure_origins) {
|
||||||
|
std::vector<std::string> schemes;
|
||||||
|
ConvertStringWithSeparatorToVector(&schemes, ",", switches::kSecureSchemes);
|
||||||
|
for (const std::string& scheme : schemes)
|
||||||
|
secure_schemes->insert(scheme);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
} // namespace atom
|
} // namespace atom
|
||||||
|
|
|
||||||
|
|
@ -31,6 +31,9 @@ class AtomContentClient : public brightray::ContentClient {
|
||||||
std::vector<content::PepperPluginInfo>* plugins) override;
|
std::vector<content::PepperPluginInfo>* plugins) override;
|
||||||
void AddServiceWorkerSchemes(
|
void AddServiceWorkerSchemes(
|
||||||
std::set<std::string>* service_worker_schemes) override;
|
std::set<std::string>* service_worker_schemes) override;
|
||||||
|
void AddSecureSchemesAndOrigins(
|
||||||
|
std::set<std::string>* secure_schemes,
|
||||||
|
std::set<GURL>* secure_origins) override;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
DISALLOW_COPY_AND_ASSIGN(AtomContentClient);
|
DISALLOW_COPY_AND_ASSIGN(AtomContentClient);
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,8 @@ std::vector<std::string> GetStandardSchemes() {
|
||||||
return g_standard_schemes;
|
return g_standard_schemes;
|
||||||
}
|
}
|
||||||
|
|
||||||
void RegisterStandardSchemes(const std::vector<std::string>& schemes) {
|
void RegisterStandardSchemes(const std::vector<std::string>& schemes,
|
||||||
|
mate::Arguments* args) {
|
||||||
g_standard_schemes = schemes;
|
g_standard_schemes = schemes;
|
||||||
|
|
||||||
auto* policy = content::ChildProcessSecurityPolicy::GetInstance();
|
auto* policy = content::ChildProcessSecurityPolicy::GetInstance();
|
||||||
|
|
@ -55,8 +56,17 @@ void RegisterStandardSchemes(const std::vector<std::string>& schemes) {
|
||||||
policy->RegisterWebSafeScheme(scheme);
|
policy->RegisterWebSafeScheme(scheme);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// add switches to register as standard
|
||||||
base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
|
base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
|
||||||
atom::switches::kStandardSchemes, base::JoinString(schemes, ","));
|
atom::switches::kStandardSchemes, base::JoinString(schemes, ","));
|
||||||
|
|
||||||
|
mate::Dictionary opts;
|
||||||
|
bool secure = false;
|
||||||
|
if (args->GetNext(&opts) && opts.Get("secure", &secure) && secure) {
|
||||||
|
// add switches to register as secure
|
||||||
|
base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
|
||||||
|
atom::switches::kSecureSchemes, base::JoinString(schemes, ","));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Protocol::Protocol(v8::Isolate* isolate, AtomBrowserContext* browser_context)
|
Protocol::Protocol(v8::Isolate* isolate, AtomBrowserContext* browser_context)
|
||||||
|
|
@ -220,7 +230,7 @@ void RegisterStandardSchemes(
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
atom::api::RegisterStandardSchemes(schemes);
|
atom::api::RegisterStandardSchemes(schemes, args);
|
||||||
}
|
}
|
||||||
|
|
||||||
void Initialize(v8::Local<v8::Object> exports, v8::Local<v8::Value> unused,
|
void Initialize(v8::Local<v8::Object> exports, v8::Local<v8::Value> unused,
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,8 @@ namespace atom {
|
||||||
namespace api {
|
namespace api {
|
||||||
|
|
||||||
std::vector<std::string> GetStandardSchemes();
|
std::vector<std::string> GetStandardSchemes();
|
||||||
void RegisterStandardSchemes(const std::vector<std::string>& schemes);
|
void RegisterStandardSchemes(const std::vector<std::string>& schemes,
|
||||||
|
mate::Arguments* args);
|
||||||
|
|
||||||
class Protocol : public mate::TrackableObject<Protocol> {
|
class Protocol : public mate::TrackableObject<Protocol> {
|
||||||
public:
|
public:
|
||||||
|
|
|
||||||
|
|
@ -234,7 +234,8 @@ void AtomBrowserClient::AppendExtraCommandLineSwitches(
|
||||||
// Copy following switches to child process.
|
// Copy following switches to child process.
|
||||||
static const char* const kCommonSwitchNames[] = {
|
static const char* const kCommonSwitchNames[] = {
|
||||||
switches::kStandardSchemes,
|
switches::kStandardSchemes,
|
||||||
switches::kEnableSandbox
|
switches::kEnableSandbox,
|
||||||
|
switches::kSecureSchemes
|
||||||
};
|
};
|
||||||
command_line->CopySwitchesFrom(
|
command_line->CopySwitchesFrom(
|
||||||
*base::CommandLine::ForCurrentProcess(),
|
*base::CommandLine::ForCurrentProcess(),
|
||||||
|
|
|
||||||
|
|
@ -144,6 +144,9 @@ const char kStandardSchemes[] = "standard-schemes";
|
||||||
// Register schemes to handle service worker.
|
// Register schemes to handle service worker.
|
||||||
const char kRegisterServiceWorkerSchemes[] = "register-service-worker-schemes";
|
const char kRegisterServiceWorkerSchemes[] = "register-service-worker-schemes";
|
||||||
|
|
||||||
|
// Register schemes as secure.
|
||||||
|
const char kSecureSchemes[] = "secure-schemes";
|
||||||
|
|
||||||
// The minimum SSL/TLS version ("tls1", "tls1.1", or "tls1.2") that
|
// The minimum SSL/TLS version ("tls1", "tls1.1", or "tls1.2") that
|
||||||
// TLS fallback will accept.
|
// TLS fallback will accept.
|
||||||
const char kSSLVersionFallbackMin[] = "ssl-version-fallback-min";
|
const char kSSLVersionFallbackMin[] = "ssl-version-fallback-min";
|
||||||
|
|
|
||||||
|
|
@ -76,6 +76,7 @@ extern const char kPpapiFlashVersion[];
|
||||||
extern const char kDisableHttpCache[];
|
extern const char kDisableHttpCache[];
|
||||||
extern const char kStandardSchemes[];
|
extern const char kStandardSchemes[];
|
||||||
extern const char kRegisterServiceWorkerSchemes[];
|
extern const char kRegisterServiceWorkerSchemes[];
|
||||||
|
extern const char kSecureSchemes[];
|
||||||
extern const char kSSLVersionFallbackMin[];
|
extern const char kSSLVersionFallbackMin[];
|
||||||
extern const char kCipherSuiteBlacklist[];
|
extern const char kCipherSuiteBlacklist[];
|
||||||
extern const char kAppUserModelId[];
|
extern const char kAppUserModelId[];
|
||||||
|
|
|
||||||
|
|
@ -133,6 +133,7 @@ void WebFrame::SetSpellCheckProvider(mate::Arguments* args,
|
||||||
}
|
}
|
||||||
|
|
||||||
void WebFrame::RegisterURLSchemeAsSecure(const std::string& scheme) {
|
void WebFrame::RegisterURLSchemeAsSecure(const std::string& scheme) {
|
||||||
|
// TODO(pfrazee): Remove 2.0
|
||||||
// Register scheme to secure list (https, wss, data).
|
// Register scheme to secure list (https, wss, data).
|
||||||
blink::WebSecurityPolicy::registerURLSchemeAsSecure(
|
blink::WebSecurityPolicy::registerURLSchemeAsSecure(
|
||||||
blink::WebString::fromUTF8(scheme));
|
blink::WebString::fromUTF8(scheme));
|
||||||
|
|
@ -165,6 +166,7 @@ void WebFrame::RegisterURLSchemeAsPrivileged(const std::string& scheme,
|
||||||
// Register scheme to privileged list (https, wss, data, chrome-extension)
|
// Register scheme to privileged list (https, wss, data, chrome-extension)
|
||||||
blink::WebString privileged_scheme(blink::WebString::fromUTF8(scheme));
|
blink::WebString privileged_scheme(blink::WebString::fromUTF8(scheme));
|
||||||
if (secure) {
|
if (secure) {
|
||||||
|
// TODO(pfrazee): Remove 2.0
|
||||||
blink::WebSecurityPolicy::registerURLSchemeAsSecure(privileged_scheme);
|
blink::WebSecurityPolicy::registerURLSchemeAsSecure(privileged_scheme);
|
||||||
}
|
}
|
||||||
if (bypassCSP) {
|
if (bypassCSP) {
|
||||||
|
|
|
||||||
|
|
@ -121,21 +121,23 @@ bool IsDevToolsExtension(content::RenderFrame* render_frame) {
|
||||||
.SchemeIs("chrome-extension");
|
.SchemeIs("chrome-extension");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
std::vector<std::string> ParseSchemesCLISwitch(const char* switch_name) {
|
||||||
|
base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
|
||||||
|
std::string custom_schemes = command_line->GetSwitchValueASCII(switch_name);
|
||||||
|
return base::SplitString(
|
||||||
|
custom_schemes, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
|
||||||
|
}
|
||||||
|
|
||||||
} // namespace
|
} // namespace
|
||||||
|
|
||||||
AtomRendererClient::AtomRendererClient()
|
AtomRendererClient::AtomRendererClient()
|
||||||
: node_bindings_(NodeBindings::Create(false)),
|
: node_bindings_(NodeBindings::Create(false)),
|
||||||
atom_bindings_(new AtomBindings) {
|
atom_bindings_(new AtomBindings) {
|
||||||
// Parse --standard-schemes=scheme1,scheme2
|
// Parse --standard-schemes=scheme1,scheme2
|
||||||
base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
|
std::vector<std::string> standard_schemes_list =
|
||||||
std::string custom_schemes = command_line->GetSwitchValueASCII(
|
ParseSchemesCLISwitch(switches::kStandardSchemes);
|
||||||
switches::kStandardSchemes);
|
for (const std::string& scheme : standard_schemes_list)
|
||||||
if (!custom_schemes.empty()) {
|
url::AddStandardScheme(scheme.c_str(), url::SCHEME_WITHOUT_PORT);
|
||||||
std::vector<std::string> schemes_list = base::SplitString(
|
|
||||||
custom_schemes, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
|
|
||||||
for (const std::string& scheme : schemes_list)
|
|
||||||
url::AddStandardScheme(scheme.c_str(), url::SCHEME_WITHOUT_PORT);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
AtomRendererClient::~AtomRendererClient() {
|
AtomRendererClient::~AtomRendererClient() {
|
||||||
|
|
@ -182,6 +184,13 @@ void AtomRendererClient::RenderFrameCreated(
|
||||||
// Allow file scheme to handle service worker by default.
|
// Allow file scheme to handle service worker by default.
|
||||||
// FIXME(zcbenz): Can this be moved elsewhere?
|
// FIXME(zcbenz): Can this be moved elsewhere?
|
||||||
blink::WebSecurityPolicy::registerURLSchemeAsAllowingServiceWorkers("file");
|
blink::WebSecurityPolicy::registerURLSchemeAsAllowingServiceWorkers("file");
|
||||||
|
|
||||||
|
// Parse --secure-schemes=scheme1,scheme2
|
||||||
|
std::vector<std::string> secure_schemes_list =
|
||||||
|
ParseSchemesCLISwitch(switches::kSecureSchemes);
|
||||||
|
for (const std::string& secure_scheme : secure_schemes_list)
|
||||||
|
blink::WebSecurityPolicy::registerURLSchemeAsSecure(
|
||||||
|
blink::WebString::fromUTF8(secure_scheme));
|
||||||
}
|
}
|
||||||
|
|
||||||
void AtomRendererClient::RenderViewCreated(content::RenderView* render_view) {
|
void AtomRendererClient::RenderViewCreated(content::RenderView* render_view) {
|
||||||
|
|
|
||||||
|
|
@ -117,6 +117,16 @@ webContents.setVisualZoomLevelLimits(1, 2)
|
||||||
webFrame.setZoomLevelLimits(1, 2)
|
webFrame.setZoomLevelLimits(1, 2)
|
||||||
// Replace with
|
// Replace with
|
||||||
webFrame.setVisualZoomLevelLimits(1, 2)
|
webFrame.setVisualZoomLevelLimits(1, 2)
|
||||||
|
|
||||||
|
// Deprecated
|
||||||
|
webFrame.registerURLSchemeAsSecure('app')
|
||||||
|
// Replace with
|
||||||
|
protocol.registerStandardSchemes(['app'], {secure: true})
|
||||||
|
|
||||||
|
// Deprecated
|
||||||
|
webFrame.registerURLSchemeAsPrivileged('app', {secure: true})
|
||||||
|
// Replace with
|
||||||
|
protocol.registerStandardSchemes(['app'], {secure: true})
|
||||||
```
|
```
|
||||||
|
|
||||||
## `<webview>`
|
## `<webview>`
|
||||||
|
|
|
||||||
|
|
@ -985,5 +985,19 @@ describe('protocol module', function () {
|
||||||
ipcMain.once('file-system-error', (event, err) => done(err))
|
ipcMain.once('file-system-error', (event, err) => done(err))
|
||||||
ipcMain.once('file-system-write-end', () => done())
|
ipcMain.once('file-system-write-end', () => done())
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('registers secure, when {secure: true}', function (done) {
|
||||||
|
// the CacheStorage API will only work if secure == true
|
||||||
|
let filePath = path.join(__dirname, 'fixtures', 'pages', 'cache-storage.html')
|
||||||
|
const handler = function (request, callback) {
|
||||||
|
callback({path: filePath})
|
||||||
|
}
|
||||||
|
ipcMain.once('success', () => done())
|
||||||
|
ipcMain.once('failure', (event, err) => done(err))
|
||||||
|
protocol.registerFileProtocol(standardScheme, handler, function (error) {
|
||||||
|
if (error) return done(error)
|
||||||
|
w.loadURL(origin)
|
||||||
|
})
|
||||||
|
})
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
|
||||||
7
spec/fixtures/pages/cache-storage.html
vendored
Normal file
7
spec/fixtures/pages/cache-storage.html
vendored
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
<script>
|
||||||
|
const ipcRenderer = require('electron').ipcRenderer;
|
||||||
|
caches.open('foo').then(
|
||||||
|
() => ipcRenderer.send('success'),
|
||||||
|
err => ipcRenderer.send('failure', err)
|
||||||
|
)
|
||||||
|
</script>
|
||||||
|
|
@ -92,7 +92,7 @@ if (global.isCi) {
|
||||||
|
|
||||||
// Register app as standard scheme.
|
// Register app as standard scheme.
|
||||||
global.standardScheme = 'app'
|
global.standardScheme = 'app'
|
||||||
protocol.registerStandardSchemes([global.standardScheme])
|
protocol.registerStandardSchemes([global.standardScheme], { secure: true })
|
||||||
|
|
||||||
app.on('window-all-closed', function () {
|
app.on('window-all-closed', function () {
|
||||||
app.quit()
|
app.quit()
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue