Set secure schemes in native code

Code with same functionalities should be put together.
This commit is contained in:
Cheng Zhao 2017-09-15 16:48:55 +09:00
parent 5eb4b9ad6f
commit b277353238
2 changed files with 17 additions and 3 deletions

View file

@ -89,6 +89,22 @@ void RendererClientBase::RenderThreadStarted() {
blink::WebCustomElement::AddEmbedderCustomElementName("webview");
blink::WebCustomElement::AddEmbedderCustomElementName("browserplugin");
WTF::String extension_scheme("chrome-extension");
// Extension resources are HTTP-like and safe to expose to the fetch API. The
// rules for the fetch API are consistent with XHR.
blink::SchemeRegistry::RegisterURLSchemeAsSupportingFetchAPI(
extension_scheme);
// Extension resources, when loaded as the top-level document, should bypass
// Blink's strict first-party origin checks.
blink::SchemeRegistry::RegisterURLSchemeAsFirstPartyWhenTopLevel(
extension_scheme);
// In Chrome we should set extension's origins to match the pages they can
// work on, but in Electron currently we just let extensions do anything.
blink::SchemeRegistry::RegisterURLSchemeAsSecure(extension_scheme);
blink::SchemeRegistry::RegisterURLSchemeAsCORSEnabled(extension_scheme);
blink::SchemeRegistry::RegisterURLSchemeAsBypassingContentSecurityPolicy(
extension_scheme);
// Parse --secure-schemes=scheme1,scheme2
std::vector<std::string> secure_schemes_list =
ParseSchemesCLISwitch(switches::kSecureSchemes);

View file

@ -1,8 +1,6 @@
const {ipcRenderer, webFrame} = require('electron')
const {ipcRenderer} = require('electron')
const {runInThisContext} = require('vm')
webFrame.registerURLSchemeAsPrivileged('chrome-extension')
// Check whether pattern matches.
// https://developer.chrome.com/extensions/match_patterns
const matchesPattern = function (pattern) {