1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "android_webview/renderer/aw_permission_client.h" 6 7#include "content/public/renderer/render_frame.h" 8#include "third_party/WebKit/public/platform/WebURL.h" 9#include "third_party/WebKit/public/web/WebLocalFrame.h" 10#include "url/gurl.h" 11 12namespace android_webview { 13 14namespace { 15 16bool AllowMixedContent(const blink::WebURL& url) { 17 // We treat non-standard schemes as "secure" in the WebView to allow them to 18 // be used for request interception. 19 // TODO(benm): Tighten this restriction by requiring embedders to register 20 // their custom schemes? See b/9420953. 21 GURL gurl(url); 22 return !gurl.IsStandard(); 23} 24 25} 26 27AwPermissionClient::AwPermissionClient(content::RenderFrame* render_frame) 28 : content::RenderFrameObserver(render_frame) { 29 render_frame->GetWebFrame()->setPermissionClient(this); 30} 31 32AwPermissionClient::~AwPermissionClient() { 33} 34 35bool AwPermissionClient::allowDisplayingInsecureContent( 36 bool enabled_per_settings, 37 const blink::WebSecurityOrigin& origin, 38 const blink::WebURL& url) { 39 return enabled_per_settings ? true : AllowMixedContent(url); 40} 41 42bool AwPermissionClient::allowRunningInsecureContent( 43 bool enabled_per_settings, 44 const blink::WebSecurityOrigin& origin, 45 const blink::WebURL& url) { 46 return enabled_per_settings ? true : AllowMixedContent(url); 47} 48 49} // namespace android_webview 50