-
Yutaka Hirano authored
Currently web accessible resources in Chrome extensions[A] cannot be loaded as an iframe via content scripts from two reasons. 1. The response does not have a cross-origin-embedder-policy header. 2. The response does not have a cross-origin-resource-policy header. To fix the issue, we make iframes inherit parent COEP implicitly for chrome-extension:// URLs. This is similar to blob:// URLs. We also attach cross-origin-resource-policy: cross-origin to every web accessible resource. This is aligned with the fact that it also has access-control-allow-origin: *. A: https://developer.chrome.com/extensions/manifest/web_accessible_resources Bug: 1085915 Change-Id: I4574b4dbf55ab2d815e9b6ab22fd7b0a8ab28887 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2212200 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by:
Devlin <rdevlin.cronin@chromium.org> Reviewed-by:
Kinuko Yasuda <kinuko@chromium.org> Reviewed-by:
Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#773957}
3e61366f
