From b277353238d95eddd1ba0848eb9c8c969d96f84a Mon Sep 17 00:00:00 2001 From: Cheng Zhao Date: Fri, 15 Sep 2017 16:48:55 +0900 Subject: [PATCH] Set secure schemes in native code Code with same functionalities should be put together. --- atom/renderer/renderer_client_base.cc | 16 ++++++++++++++++ lib/renderer/content-scripts-injector.js | 4 +--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/atom/renderer/renderer_client_base.cc b/atom/renderer/renderer_client_base.cc index 913f14d15c8c..cc2e84261ae5 100644 --- a/atom/renderer/renderer_client_base.cc +++ b/atom/renderer/renderer_client_base.cc @@ -89,6 +89,22 @@ void RendererClientBase::RenderThreadStarted() { blink::WebCustomElement::AddEmbedderCustomElementName("webview"); blink::WebCustomElement::AddEmbedderCustomElementName("browserplugin"); + WTF::String extension_scheme("chrome-extension"); + // Extension resources are HTTP-like and safe to expose to the fetch API. The + // rules for the fetch API are consistent with XHR. + blink::SchemeRegistry::RegisterURLSchemeAsSupportingFetchAPI( + extension_scheme); + // Extension resources, when loaded as the top-level document, should bypass + // Blink's strict first-party origin checks. + blink::SchemeRegistry::RegisterURLSchemeAsFirstPartyWhenTopLevel( + extension_scheme); + // In Chrome we should set extension's origins to match the pages they can + // work on, but in Electron currently we just let extensions do anything. + blink::SchemeRegistry::RegisterURLSchemeAsSecure(extension_scheme); + blink::SchemeRegistry::RegisterURLSchemeAsCORSEnabled(extension_scheme); + blink::SchemeRegistry::RegisterURLSchemeAsBypassingContentSecurityPolicy( + extension_scheme); + // Parse --secure-schemes=scheme1,scheme2 std::vector secure_schemes_list = ParseSchemesCLISwitch(switches::kSecureSchemes); diff --git a/lib/renderer/content-scripts-injector.js b/lib/renderer/content-scripts-injector.js index de58902ec340..d26802c8a8e7 100644 --- a/lib/renderer/content-scripts-injector.js +++ b/lib/renderer/content-scripts-injector.js @@ -1,8 +1,6 @@ -const {ipcRenderer, webFrame} = require('electron') +const {ipcRenderer} = require('electron') const {runInThisContext} = require('vm') -webFrame.registerURLSchemeAsPrivileged('chrome-extension') - // Check whether pattern matches. // https://developer.chrome.com/extensions/match_patterns const matchesPattern = function (pattern) {