/// Copyright (c) 2013 The Chromium Embedded Framework Authors. // Portions (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "libcef/renderer/render_thread_observer.h" #include "libcef/common/cef_messages.h" #include "libcef/renderer/blink_glue.h" #include "third_party/blink/public/platform/web_string.h" #include "third_party/blink/public/platform/web_url.h" #include "third_party/blink/public/web/web_security_policy.h" CefRenderThreadObserver::CefRenderThreadObserver() = default; CefRenderThreadObserver::~CefRenderThreadObserver() = default; bool CefRenderThreadObserver::OnControlMessageReceived( const IPC::Message& message) { bool handled = true; IPC_BEGIN_MESSAGE_MAP(CefRenderThreadObserver, message) IPC_MESSAGE_HANDLER(CefProcessMsg_ModifyCrossOriginWhitelistEntry, OnModifyCrossOriginWhitelistEntry) IPC_MESSAGE_HANDLER(CefProcessMsg_ClearCrossOriginWhitelist, OnClearCrossOriginWhitelist) IPC_MESSAGE_UNHANDLED(handled = false) IPC_END_MESSAGE_MAP() return handled; } void CefRenderThreadObserver::OnModifyCrossOriginWhitelistEntry( bool add, const Cef_CrossOriginWhiteListEntry_Params& params) { GURL gurl = GURL(params.source_origin); if (add) { blink::WebSecurityPolicy::AddOriginAccessAllowListEntry( gurl, blink::WebString::FromUTF8(params.target_protocol), blink::WebString::FromUTF8(params.target_domain), /*destination_port=*/0, params.allow_target_subdomains ? network::mojom::CorsDomainMatchMode::kAllowSubdomains : network::mojom::CorsDomainMatchMode::kDisallowSubdomains, network::mojom::CorsPortMatchMode::kAllowAnyPort, network::mojom::CorsOriginAccessMatchPriority::kDefaultPriority); } else { blink::WebSecurityPolicy::ClearOriginAccessListForOrigin(gurl); } } void CefRenderThreadObserver::OnClearCrossOriginWhitelist() { blink::WebSecurityPolicy::ClearOriginAccessList(); }