New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix mixed content errors when loading content from `chrome-extension` #9950

Merged
merged 2 commits into from Sep 15, 2017

Conversation

Projects
None yet
4 participants
@alexstrat
Contributor

alexstrat commented Jul 7, 2017

Loading content from chrome-extension is considered as mixed-content.

screenshot 2017-07-07 02 24 23

const {runInThisContext} = require('vm')
webFrame.registerURLSchemeAsPrivileged('chrome-extension')

This comment has been minimized.

@kevinsawicki

kevinsawicki Jul 14, 2017

Contributor

I'm wondering if this should only be done if content scripts are actually being injected instead of all the time even when none exist.

Maybe it could be run from inside injectContentScript?

This comment has been minimized.

@alexstrat

alexstrat Jul 20, 2017

Contributor

I think determining whether chrome-extension:// can be considered as secure or not is independent of whether we injected content-scripts or not.
That being said, for now, I see no problem with both solutions.

This comment has been minimized.

@zcbenz

zcbenz Jul 24, 2017

Contributor

It should be fine always registering it, Chromium is doing the same.

@zcbenz

While this PR is totally fine, I think we should move it to RendererClientBase::RenderFrameCreated in renderer_client_base.cc, since security policy code are all put there.

@jkleinsc

This comment has been minimized.

Contributor

jkleinsc commented Aug 7, 2017

@alexstrat can you make the changes that @zcbenz requested?

alexstrat and others added some commits Jul 7, 2017

Set secure schemes in native code
Code with same functionalities should be put together.

@zcbenz zcbenz merged commit 800ba9a into electron:master Sep 15, 2017

8 checks passed

ci/circleci: electron-linux-arm Your tests passed on CircleCI!
Details
ci/circleci: electron-linux-arm64 Your tests passed on CircleCI!
Details
ci/circleci: electron-linux-ia32 Your tests passed on CircleCI!
Details
ci/circleci: electron-linux-x64 Your tests passed on CircleCI!
Details
continuous-integration/appveyor/branch AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
electron-mas-x64 Build #5110 succeeded in 12 min
Details
electron-osx-x64 Build #5093 succeeded in 16 min
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment