[Chromecast] unsafely-treat-insecure-origin-as-secure

Pass unsafely-treat-insecure-origin-as-secure to renderer process. This
is useful in development to run secure context JS API on http pages.

Bug: internal b/143703467
Test: verify on device
Change-Id: I5961383044866bf3c104c7630fcb82d1bd672fe0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2001579
Auto-Submit: Yuchen Liu <yucliu@chromium.org>
Reviewed-by: Junbo Ke <juke@chromium.org>
Reviewed-by: Sean Topping <seantopping@chromium.org>
Commit-Queue: Yuchen Liu <yucliu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#732621}

chromecast/browser/cast_content_browser_client.cc

@@ -82,6 +82,7 @@
 #include "mojo/public/cpp/bindings/pending_receiver.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/url_request/url_request_context_getter.h"
+#include "services/network/public/cpp/network_switches.h"
 #include "services/service_manager/embedder/descriptors.h"
 #include "ui/display/display.h"
 #include "ui/display/screen.h"
@@ -436,7 +437,8 @@ void CastContentBrowserClient::AppendExtraCommandLineSwitches(
     // the renderer go here.
     static const char* const kForwardSwitches[] = {
         switches::kForceMediaResolutionHeight,
-        switches::kForceMediaResolutionWidth};
+        switches::kForceMediaResolutionWidth,
+        network::switches::kUnsafelyTreatInsecureOriginAsSecure};
     command_line->CopySwitchesFrom(*browser_command_line, kForwardSwitches,
                                    base::size(kForwardSwitches));
   } else if (process_type == switches::kUtilityProcess) {

chromecast/renderer/cast_content_renderer_client.cc

@@ -32,9 +32,11 @@
 #include "mojo/public/cpp/bindings/interface_request.h"
 #include "mojo/public/cpp/bindings/pending_remote.h"
 #include "mojo/public/cpp/bindings/remote.h"
+#include "services/network/public/cpp/is_potentially_trustworthy.h"
 #include "services/service_manager/public/cpp/interface_provider.h"
 #include "third_party/blink/public/platform/web_runtime_features.h"
 #include "third_party/blink/public/web/web_frame_widget.h"
+#include "third_party/blink/public/web/web_security_policy.h"
 #include "third_party/blink/public/web/web_settings.h"
 #include "third_party/blink/public/web/web_view.h"
 
@@ -148,6 +150,12 @@ void CastContentRendererClient::RenderThreadStarted() {
       std::make_unique<extensions::ExtensionsGuestViewContainerDispatcher>();
   thread->AddObserver(guest_view_container_dispatcher_.get());
 #endif
+
+  for (auto& origin_or_hostname_pattern :
+       network::SecureOriginAllowlist::GetInstance().GetCurrentAllowlist()) {
+    blink::WebSecurityPolicy::AddOriginToTrustworthySafelist(
+        blink::WebString::FromUTF8(origin_or_hostname_pattern));
+  }
 }
 
 void CastContentRendererClient::RenderViewCreated(