[ServiceWorker] Set setSkipServiceWorker flag of the request from plugins with private permission.

The plugins with private permission such as Flash plugin can bypass same origin checking by calling URLLoaderResource::GrantUniversalAccess().
They have their own origin checking logic (ex:cross-origin.xml).
If ServiceWorker can intercept the HTTP requests from them, they can be misled.

So ServiceWorker must be disabled for such plugins.

These plugins have PERMISSION_PRIVATE permissions.
 - PDF Viewer
 - Google Talk Plugin Video Renderer
 - Google Talk Effects Plugin
 - Google Talk Plugin
 - Chrome Remote Desktop Viewer
 - Pepper Flash
 - Widevine Cdm Plugin

BUG=413094

Review URL: https://codereview.chromium.org/606993002

Cr-Commit-Position: refs/heads/master@{#297396}

1 files changed, 4 insertions, 0 deletions

diff --git a/content/renderer/pepper/pepper_url_loader_host.cc b/content/renderer/pepper/pepper_url_loader_host.cc
index 9a6ce72..5f70dfa 100644
--- a/content/renderer/pepper/pepper_url_loader_host.cc
+++ b/content/renderer/pepper/pepper_url_loader_host.cc
@@ -259,6 +259,10 @@ int32_t PepperURLLoaderHost::InternalOnHostMsgOpen(
 
   web_request.setRequestContext(WebURLRequest::RequestContextPlugin);
   web_request.setRequestorProcessID(renderer_ppapi_host_->GetPluginPID());
+  // The requests from the plugins with private permission which can bypass same
+  // origin must skip the ServiceWorker.
+  web_request.setSkipServiceWorker(
+      host()->permissions().HasPermission(ppapi::PERMISSION_PRIVATE));
 
   WebURLLoaderOptions options;
   if (has_universal_access_) {