///
-// Register a scheme handler factory for the specified |scheme_name| and
-// optional |domain_name|. An empty |domain_name| value for a standard scheme
-// will cause the factory to match all domain names. The |domain_name| value
-// will be ignored for non-standard schemes. If |scheme_name| is a built-in
-// scheme and no handler is returned by |factory| then the built-in scheme
-// handler factory will be called. If |scheme_name| is a custom scheme then
-// also implement the CefApp::OnRegisterCustomSchemes() method in all processes.
-// This function may be called multiple times to change or remove the factory
-// that matches the specified |scheme_name| and optional |domain_name|.
-// Returns false if an error occurs. This function may be called on any thread
-// in the browser process.
+// Register a scheme handler factory with the global request context. An empty
+// |domain_name| value for a standard scheme will cause the factory to match all
+// domain names. The |domain_name| value will be ignored for non-standard
+// schemes. If |scheme_name| is a built-in scheme and no handler is returned by
+// |factory| then the built-in scheme handler factory will be called. If
+// |scheme_name| is a custom scheme then you must also implement the
+// CefApp::OnRegisterCustomSchemes() method in all processes. This function may
+// be called multiple times to change or remove the factory that matches the
+// specified |scheme_name| and optional |domain_name|. Returns false if an error
+// occurs. This function may be called on any thread in the browser process.
+// Using this function is equivalent to calling
+// CefRequestContext::GetGlobalContext()->RegisterSchemeHandlerFactory().
///
/*--cef(optional_param=domain_name,optional_param=factory)--*/
bool CefRegisterSchemeHandlerFactory(
CefRefPtr<CefSchemeHandlerFactory> factory);
///
-// Clear all registered scheme handler factories. Returns false on error. This
-// function may be called on any thread in the browser process.
+// Clear all scheme handler factories registered with the global request
+// context. Returns false on error. This function may be called on any thread in
+// the browser process. Using this function is equivalent to calling
+// CefRequestContext::GetGlobalContext()->ClearSchemeHandlerFactories().
///
/*--cef()--*/
bool CefClearSchemeHandlerFactories();
// Class that manages custom scheme registrations.
///
/*--cef(source=library)--*/
-class CefSchemeRegistrar : public virtual CefBase {
+class CefSchemeRegistrar : public CefBaseScoped {
public:
///
// Register a custom scheme. This method should not be called for the built-in
// as-is. For example, "scheme:///some%20text" will remain the same.
// Non-standard scheme URLs cannot be used as a target for form submission.
//
- // If |is_local| is true the scheme will be treated as local (i.e., with the
- // same security rules as those applied to "file" URLs). Normal pages cannot
- // link to or access local URLs. Also, by default, local URLs can only perform
+ // If |is_local| is true the scheme will be treated with the same security
+ // rules as those applied to "file" URLs. Normal pages cannot link to or
+ // access local URLs. Also, by default, local URLs can only perform
// XMLHttpRequest calls to the same URL (origin + path) that originated the
// request. To allow XMLHttpRequest calls from a local URL to other URLs with
// the same origin set the CefSettings.file_access_from_file_urls_allowed
// origins set the CefSettings.universal_access_from_file_urls_allowed value
// to true.
//
- // If |is_display_isolated| is true the scheme will be treated as display-
- // isolated. This means that pages cannot display these URLs unless they are
- // from the same scheme. For example, pages in another origin cannot create
- // iframes or hyperlinks to URLs with this scheme.
+ // If |is_display_isolated| is true the scheme can only be displayed from
+ // other content hosted with the same scheme. For example, pages in other
+ // origins cannot create iframes or hyperlinks to URLs with the scheme. For
+ // schemes that must be accessible from other schemes set this value to false,
+ // set |is_cors_enabled| to true, and use CORS "Access-Control-Allow-Origin"
+ // headers to further restrict access.
+ //
+ // If |is_secure| is true the scheme will be treated with the same security
+ // rules as those applied to "https" URLs. For example, loading this scheme
+ // from other secure schemes will not trigger mixed content warnings.
+ //
+ // If |is_cors_enabled| is true the scheme can be sent CORS requests. This
+ // value should be true in most cases where |is_standard| is true.
+ //
+ // If |is_csp_bypassing| is true the scheme can bypass Content-Security-Policy
+ // (CSP) checks. This value should be false in most cases where |is_standard|
+ // is true.
//
// This function may be called on any thread. It should only be called once
// per unique |scheme_name| value. If |scheme_name| is already registered or
virtual bool AddCustomScheme(const CefString& scheme_name,
bool is_standard,
bool is_local,
- bool is_display_isolated) =0;
+ bool is_display_isolated,
+ bool is_secure,
+ bool is_cors_enabled,
+ bool is_csp_bypassing) =0;
};
// The methods of this class will always be called on the IO thread.
///
/*--cef(source=client)--*/
-class CefSchemeHandlerFactory : public virtual CefBase {
+class CefSchemeHandlerFactory : public virtual CefBaseRefCounted {
public:
///
// Return a new resource handler instance to handle the request or an empty