-
horo authored
The plugins with private permission such as Flash plugin can bypass same origin checking by calling URLLoaderResource::GrantUniversalAccess(). They have their own origin checking logic (ex:cross-origin.xml). If ServiceWorker can intercept the HTTP requests from them, they can be misled. So ServiceWorker must be disabled for such plugins. These plugins have PERMISSION_PRIVATE permissions. - PDF Viewer - Google Talk Plugin Video Renderer - Google Talk Effects Plugin - Google Talk Plugin - Chrome Remote Desktop Viewer - Pepper Flash - Widevine Cdm Plugin BUG=413094 Review URL: https://codereview.chromium.org/606993002 Cr-Commit-Position: refs/heads/master@{#297396}
69354ff0
