• horo's avatar
    [ServiceWorker] Set setSkipServiceWorker flag of the request from plugins with private permission. · 69354ff0
    horo authored
    The plugins with private permission such as Flash plugin can bypass same origin checking by calling URLLoaderResource::GrantUniversalAccess().
    They have their own origin checking logic (ex:cross-origin.xml).
    If ServiceWorker can intercept the HTTP requests from them, they can be misled.
    
    So ServiceWorker must be disabled for such plugins.
    
    These plugins have PERMISSION_PRIVATE permissions.
     - PDF Viewer
     - Google Talk Plugin Video Renderer
     - Google Talk Effects Plugin
     - Google Talk Plugin
     - Chrome Remote Desktop Viewer
     - Pepper Flash
     - Widevine Cdm Plugin
    
    BUG=413094
    
    Review URL: https://codereview.chromium.org/606993002
    
    Cr-Commit-Position: refs/heads/master@{#297396}
    69354ff0
pepper_url_loader_host.cc 17.1 KB