Set secure schemes in native code
Code with same functionalities should be put together.
This commit is contained in:
parent
5eb4b9ad6f
commit
b277353238
2 changed files with 17 additions and 3 deletions
|
@ -89,6 +89,22 @@ void RendererClientBase::RenderThreadStarted() {
|
|||
blink::WebCustomElement::AddEmbedderCustomElementName("webview");
|
||||
blink::WebCustomElement::AddEmbedderCustomElementName("browserplugin");
|
||||
|
||||
WTF::String extension_scheme("chrome-extension");
|
||||
// Extension resources are HTTP-like and safe to expose to the fetch API. The
|
||||
// rules for the fetch API are consistent with XHR.
|
||||
blink::SchemeRegistry::RegisterURLSchemeAsSupportingFetchAPI(
|
||||
extension_scheme);
|
||||
// Extension resources, when loaded as the top-level document, should bypass
|
||||
// Blink's strict first-party origin checks.
|
||||
blink::SchemeRegistry::RegisterURLSchemeAsFirstPartyWhenTopLevel(
|
||||
extension_scheme);
|
||||
// In Chrome we should set extension's origins to match the pages they can
|
||||
// work on, but in Electron currently we just let extensions do anything.
|
||||
blink::SchemeRegistry::RegisterURLSchemeAsSecure(extension_scheme);
|
||||
blink::SchemeRegistry::RegisterURLSchemeAsCORSEnabled(extension_scheme);
|
||||
blink::SchemeRegistry::RegisterURLSchemeAsBypassingContentSecurityPolicy(
|
||||
extension_scheme);
|
||||
|
||||
// Parse --secure-schemes=scheme1,scheme2
|
||||
std::vector<std::string> secure_schemes_list =
|
||||
ParseSchemesCLISwitch(switches::kSecureSchemes);
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
const {ipcRenderer, webFrame} = require('electron')
|
||||
const {ipcRenderer} = require('electron')
|
||||
const {runInThisContext} = require('vm')
|
||||
|
||||
webFrame.registerURLSchemeAsPrivileged('chrome-extension')
|
||||
|
||||
// Check whether pattern matches.
|
||||
// https://developer.chrome.com/extensions/match_patterns
|
||||
const matchesPattern = function (pattern) {
|
||||
|
|
Loading…
Reference in a new issue