2 files changed, 35 insertions, 0 deletions

diff --git a/android_webview/renderer/aw_render_view_ext.cc b/android_webview/renderer/aw_render_view_ext.cc
index 5fde596..36bf766 100644
--- a/android_webview/renderer/aw_render_view_ext.cc
+++ b/android_webview/renderer/aw_render_view_ext.cc
@@ -32,6 +32,15 @@ namespace android_webview {
 
 namespace {
 
+bool AllowMixedContent(const WebKit::WebURL& url) {
+  // We treat non-standard schemes as "secure" in the WebView to allow them to
+  // be used for request interception.
+  // TODO(benm): Tighten this restriction by requiring embedders to register
+  // their custom schemes? See b/9420953.
+  GURL gurl(url);
+  return !gurl.IsStandard();
+}
+
 GURL GetAbsoluteUrl(const WebKit::WebNode& node, const string16& url_fragment) {
   return GURL(node.document().completeURL(url_fragment));
 }
@@ -180,6 +189,22 @@ bool AwRenderViewExt::allowImage(WebKit::WebFrame* frame,
            url.SchemeIs(chrome::kFtpScheme));
 }
 
+bool AwRenderViewExt::allowDisplayingInsecureContent(
+      WebKit::WebFrame* frame,
+      bool enabled_per_settings,
+      const WebKit::WebSecurityOrigin& origin,
+      const WebKit::WebURL& url) {
+  return enabled_per_settings ? true : AllowMixedContent(url);
+}
+
+bool AwRenderViewExt::allowRunningInsecureContent(
+      WebKit::WebFrame* frame,
+      bool enabled_per_settings,
+      const WebKit::WebSecurityOrigin& origin,
+      const WebKit::WebURL& url) {
+  return enabled_per_settings ? true : AllowMixedContent(url);
+}
+
 void AwRenderViewExt::DidCommitProvisionalLoad(WebKit::WebFrame* frame,
                                                bool is_new_navigation) {
   content::DocumentState* document_state =
diff --git a/android_webview/renderer/aw_render_view_ext.h b/android_webview/renderer/aw_render_view_ext.h
index 1379913..8a9b68e 100644
--- a/android_webview/renderer/aw_render_view_ext.h
+++ b/android_webview/renderer/aw_render_view_ext.h
@@ -54,6 +54,16 @@ class AwRenderViewExt : public content::RenderViewObserver,
   virtual bool allowImage(WebKit::WebFrame* frame,
                           bool enabledPerSettings,
                           const WebKit::WebURL& imageURL) OVERRIDE;
+  virtual bool allowDisplayingInsecureContent(
+      WebKit::WebFrame* frame,
+      bool enabled_per_settings,
+      const WebKit::WebSecurityOrigin& origin,
+      const WebKit::WebURL& url) OVERRIDE;
+  virtual bool allowRunningInsecureContent(
+      WebKit::WebFrame* frame,
+      bool enabled_per_settings,
+      const WebKit::WebSecurityOrigin& origin,
+      const WebKit::WebURL& url) OVERRIDE;
 
   bool capture_picture_enabled_;