android_webview/renderer/aw_content_settings_client.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "android_webview/renderer/aw_content_settings_client.h"
   6
   7 #include "content/public/renderer/render_frame.h"
   8 #include "third_party/WebKit/public/platform/WebURL.h"
   9 #include "third_party/WebKit/public/web/WebLocalFrame.h"
  10 #include "url/gurl.h"
  11
  12 namespace android_webview {
  13
  14 namespace {
  15
  16 bool AllowMixedContent(const blink::WebURL& url) {
  17   // We treat non-standard schemes as "secure" in the WebView to allow them to
  18   // be used for request interception.
  19   // TODO(benm): Tighten this restriction by requiring embedders to register
  20   // their custom schemes? See b/9420953.
  21   GURL gurl(url);
  22   return !gurl.IsStandard();
  23 }
  24
  25 }
  26
  27 AwContentSettingsClient::AwContentSettingsClient(
  28     content::RenderFrame* render_frame)
  29     : content::RenderFrameObserver(render_frame) {
  30   render_frame->GetWebFrame()->setContentSettingsClient(this);
  31 }
  32
  33 AwContentSettingsClient::~AwContentSettingsClient() {
  34 }
  35
  36 bool AwContentSettingsClient::allowDisplayingInsecureContent(
  37       bool enabled_per_settings,
  38       const blink::WebSecurityOrigin& origin,
  39       const blink::WebURL& url) {
  40   return enabled_per_settings ? true : AllowMixedContent(url);
  41 }
  42
  43 bool AwContentSettingsClient::allowRunningInsecureContent(
  44       bool enabled_per_settings,
  45       const blink::WebSecurityOrigin& origin,
  46       const blink::WebURL& url) {
  47   return enabled_per_settings ? true : AllowMixedContent(url);
  48 }
  49
  50 }  // namespace android_webview