diff --git a/atom/browser/api/atom_api_web_contents.cc b/atom/browser/api/atom_api_web_contents.cc index d2ff197929a5..cd21f5a79a6a 100644 --- a/atom/browser/api/atom_api_web_contents.cc +++ b/atom/browser/api/atom_api_web_contents.cc @@ -56,6 +56,7 @@ #include "content/browser/renderer_host/render_widget_host_view_base.h" #include "content/browser/web_contents/web_contents_impl.h" #include "content/common/view_messages.h" +#include "content/public/browser/child_process_security_policy.h" #include "content/public/browser/favicon_status.h" #include "content/public/browser/native_web_keyboard_event.h" #include "content/public/browser/navigation_details.h" @@ -1253,7 +1254,7 @@ void WebContents::HasServiceWorker( delete this; } }; - + auto wrapped_callback = new WrappedCallback(callback); context->CheckHasServiceWorker( @@ -1789,6 +1790,12 @@ v8::Local WebContents::Debugger(v8::Isolate* isolate) { return v8::Local::New(isolate, debugger_); } +void WebContents::GrantOriginAccess(const GURL& url) { + content::ChildProcessSecurityPolicy::GetInstance()->GrantOrigin( + web_contents()->GetMainFrame()->GetProcess()->GetID(), + url::Origin(url)); +} + // static void WebContents::BuildPrototype(v8::Isolate* isolate, v8::Local prototype) { @@ -1883,6 +1890,7 @@ void WebContents::BuildPrototype(v8::Isolate* isolate, &WebContents::SetWebRTCIPHandlingPolicy) .SetMethod("getWebRTCIPHandlingPolicy", &WebContents::GetWebRTCIPHandlingPolicy) + .SetMethod("_grantOriginAccess", &WebContents::GrantOriginAccess) .SetProperty("id", &WebContents::ID) .SetProperty("session", &WebContents::Session) .SetProperty("hostWebContents", &WebContents::HostWebContents) diff --git a/atom/browser/api/atom_api_web_contents.h b/atom/browser/api/atom_api_web_contents.h index c67c4e0d859c..b287cff3258d 100644 --- a/atom/browser/api/atom_api_web_contents.h +++ b/atom/browser/api/atom_api_web_contents.h @@ -216,6 +216,10 @@ class WebContents : public mate::TrackableObject, // Returns the owner window. v8::Local GetOwnerBrowserWindow(); + // Grants the child process the capability to access URLs with the origin of + // the specified URL. + void GrantOriginAccess(const GURL& url); + // Properties. int32_t ID() const; v8::Local Session(v8::Isolate* isolate); diff --git a/lib/browser/chrome-extension.js b/lib/browser/chrome-extension.js index b8f1089ff219..2e8254c19668 100644 --- a/lib/browser/chrome-extension.js +++ b/lib/browser/chrome-extension.js @@ -285,6 +285,9 @@ const loadDevToolsExtensions = function (win, manifests) { manifests.forEach(loadExtension) const extensionInfoArray = manifests.map(manifestToExtensionInfo) + extensionInfoArray.forEach((extension) => { + win.devToolsWebContents._grantOriginAccess(extension.startPage) + }) win.devToolsWebContents.executeJavaScript(`DevToolsAPI.addExtensions(${JSON.stringify(extensionInfoArray)})`) }