DescriptionNon-web-accessible extension URLs should not load in non-extension processes
This is a slightly modified version of my previous CL: https://codereview.chromium.org/12218064/.
The only difference is that we allow any resource request to succeed, if the extension has any web_acessible_resources. The reason for that we have been lax and allowed subresource loads, even if they are not explicitly added to the manifest (see crbug.com/179127 for details). This should be tightened up with a v3 manifest requirement to explicitly list all subresources.
BUG=173688
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=192121
Patch Set 1 #
Total comments: 10
Patch Set 2 : Fixing issues found in code review. #
Total comments: 12
Patch Set 3 : Fixing nits. #
Messages
Total messages: 10 (0 generated)
|