diff options
| author | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-14 22:56:45 +0000 |
|---|---|---|
| committer | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-14 22:56:45 +0000 |
| commit | 7b0ead976f68da996c97a832f9315105d20d393d (patch) | |
| tree | 74897a36c23c2915aa1af2b41cb0b9b6b8c9ef1c /content/renderer/p2p | |
| parent | ade085b2b879cb8037dfccb979aba22ffebd2be8 (diff) | |
| download | chromium_src-7b0ead976f68da996c97a832f9315105d20d393d.zip chromium_src-7b0ead976f68da996c97a832f9315105d20d393d.tar.gz chromium_src-7b0ead976f68da996c97a832f9315105d20d393d.tar.bz2 | |
Allow cross-origin requests for relay http requests made in Transport API.
Currently, when creating relay sessions the Transport API can make
cross-origin http requests only when the web app has explicit access to
the relay domain. This is not really neccessary because Transport API
can only be used by chromoting client plugin which is trusted.
PPB_URLLoader API allows cross-origin requests for trusted plugins, so
Transport API should be allowed to make them too. Changed
API implementation to allow cross-origin requests.
BUG=103992,104195
Review URL: http://codereview.chromium.org/8566012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@109973 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/renderer/p2p')
| -rw-r--r-- | content/renderer/p2p/port_allocator.cc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/content/renderer/p2p/port_allocator.cc b/content/renderer/p2p/port_allocator.cc index 53753f5..2146b9c 100644 --- a/content/renderer/p2p/port_allocator.cc +++ b/content/renderer/p2p/port_allocator.cc @@ -177,8 +177,13 @@ void P2PPortAllocatorSession::AllocateRelaySession() { WebURLLoaderOptions options; options.allowCredentials = false; + + // TODO(sergeyu): Set to CrossOriginRequestPolicyUseAccessControl + // when this code can be used by untrusted plugins. + // See http://crbug.com/104195 . options.crossOriginRequestPolicy = - WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; + WebURLLoaderOptions::CrossOriginRequestPolicyAllow; + relay_session_request_.reset( allocator_->web_frame_->createAssociatedURLLoader(options)); if (!relay_session_request_.get()) { |