OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/extensions/api/web_request/web_request_permissions.h" | 5 #include "chrome/browser/extensions/api/web_request/web_request_permissions.h" |
6 | 6 |
7 #include "base/string_util.h" | 7 #include "base/string_util.h" |
8 #include "base/stringprintf.h" | 8 #include "base/stringprintf.h" |
9 #include "chrome/browser/extensions/extension_info_map.h" | 9 #include "chrome/browser/extensions/extension_info_map.h" |
10 #include "chrome/common/extensions/extension.h" | 10 #include "chrome/common/extensions/extension.h" |
11 #include "chrome/common/extensions/extension_constants.h" | |
11 #include "chrome/common/url_constants.h" | 12 #include "chrome/common/url_constants.h" |
13 #include "content/public/browser/resource_request_info.h" | |
12 #include "googleurl/src/gurl.h" | 14 #include "googleurl/src/gurl.h" |
13 #include "net/url_request/url_request.h" | 15 #include "net/url_request/url_request.h" |
14 | 16 |
17 using content::ResourceRequestInfo; | |
18 | |
15 namespace { | 19 namespace { |
16 | 20 |
17 // Returns true if the URL is sensitive and requests to this URL must not be | 21 // Returns true if the URL is sensitive and requests to this URL must not be |
18 // modified/canceled by extensions, e.g. because it is targeted to the webstore | 22 // modified/canceled by extensions, e.g. because it is targeted to the webstore |
19 // to check for updates, extension blacklisting, etc. | 23 // to check for updates, extension blacklisting, etc. |
20 bool IsSensitiveURL(const GURL& url) { | 24 bool IsSensitiveURL(const GURL& url) { |
21 // TODO(battre) Merge this, CanExtensionAccessURL of web_request_api.cc and | 25 // TODO(battre) Merge this, CanExtensionAccessURL and |
22 // Extension::CanExecuteScriptOnPage into one function. | 26 // Extension::CanExecuteScriptOnPage into one function. |
23 bool is_webstore_gallery_url = | |
24 StartsWithASCII(url.spec(), extension_urls::kGalleryBrowsePrefix, true); | |
25 bool sensitive_chrome_url = false; | 27 bool sensitive_chrome_url = false; |
26 if (EndsWith(url.host(), "google.com", true)) { | 28 if (EndsWith(url.host(), "google.com", true)) { |
27 sensitive_chrome_url |= (url.host() == "www.google.com") && | 29 // This protects requests to several internal services such as sync, |
28 StartsWithASCII(url.path(), "/chrome", true); | 30 // extension update pings, captive portal detection, fraudulent certificate |
29 sensitive_chrome_url |= (url.host() == "chrome.google.com"); | 31 // reporting, autofill and others. |
30 if (StartsWithASCII(url.host(), "client", true)) { | 32 if (StartsWithASCII(url.host(), "client", true)) { |
31 for (int i = 0; i < 10; ++i) { | 33 for (int i = 0; i < 10; ++i) { |
32 sensitive_chrome_url |= | 34 sensitive_chrome_url = sensitive_chrome_url || |
33 (StringPrintf("client%d.google.com", i) == url.host()); | 35 (StringPrintf("client%d.google.com", i) == url.host()); |
34 } | 36 } |
35 } | 37 } |
38 // This protects requests to safe browsing, link doctor, and possibly | |
39 // others. | |
40 sensitive_chrome_url = sensitive_chrome_url || | |
41 EndsWith(url.host(), "client.google.com", true); | |
abarth-chromium
2012/08/02 14:48:04
Should this be ".client.google.com"
| |
36 } | 42 } |
37 GURL::Replacements replacements; | 43 GURL::Replacements replacements; |
38 replacements.ClearQuery(); | 44 replacements.ClearQuery(); |
39 replacements.ClearRef(); | 45 replacements.ClearRef(); |
40 GURL url_without_query = url.ReplaceComponents(replacements); | 46 GURL url_without_query = url.ReplaceComponents(replacements); |
41 return is_webstore_gallery_url || sensitive_chrome_url || | 47 return sensitive_chrome_url || |
42 extension_urls::IsWebstoreUpdateUrl(url_without_query) || | 48 extension_urls::IsWebstoreUpdateUrl(url_without_query) || |
43 extension_urls::IsBlacklistUpdateUrl(url); | 49 extension_urls::IsBlacklistUpdateUrl(url); |
44 } | 50 } |
45 | 51 |
46 // Returns true if the scheme is one we want to allow extensions to have access | 52 // Returns true if the scheme is one we want to allow extensions to have access |
47 // to. Extensions still need specific permissions for a given URL, which is | 53 // to. Extensions still need specific permissions for a given URL, which is |
48 // covered by CanExtensionAccessURL. | 54 // covered by CanExtensionAccessURL. |
49 bool HasWebRequestScheme(const GURL& url) { | 55 bool HasWebRequestScheme(const GURL& url) { |
50 return (url.SchemeIs(chrome::kAboutScheme) || | 56 return (url.SchemeIs(chrome::kAboutScheme) || |
51 url.SchemeIs(chrome::kFileScheme) || | 57 url.SchemeIs(chrome::kFileScheme) || |
52 url.SchemeIs(chrome::kFileSystemScheme) || | 58 url.SchemeIs(chrome::kFileSystemScheme) || |
53 url.SchemeIs(chrome::kFtpScheme) || | 59 url.SchemeIs(chrome::kFtpScheme) || |
54 url.SchemeIs(chrome::kHttpScheme) || | 60 url.SchemeIs(chrome::kHttpScheme) || |
55 url.SchemeIs(chrome::kHttpsScheme) || | 61 url.SchemeIs(chrome::kHttpsScheme) || |
56 url.SchemeIs(chrome::kExtensionScheme)); | 62 url.SchemeIs(chrome::kExtensionScheme)); |
57 } | 63 } |
58 | 64 |
59 } // namespace | 65 } // namespace |
60 | 66 |
61 // static | 67 // static |
62 bool WebRequestPermissions::HideRequest(const net::URLRequest* request) { | 68 bool WebRequestPermissions::HideRequest( |
69 const ExtensionInfoMap* extension_info_map, | |
70 const net::URLRequest* request) { | |
71 // Hide requests from the Chrome WebStore App. | |
72 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); | |
73 if (info && extension_info_map) { | |
74 int process_id = info->GetChildID(); | |
75 const extensions::ProcessMap& process_map = | |
76 extension_info_map->process_map(); | |
77 if (process_map.Contains(extension_misc::kWebStoreAppId, process_id)) | |
78 return true; | |
79 } | |
80 | |
63 const GURL& url = request->url(); | 81 const GURL& url = request->url(); |
64 const GURL& first_party_url = request->first_party_for_cookies(); | 82 return IsSensitiveURL(url) || !HasWebRequestScheme(url); |
65 bool hide = false; | |
66 if (first_party_url.is_valid()) { | |
67 hide = IsSensitiveURL(first_party_url) || | |
68 !HasWebRequestScheme(first_party_url); | |
69 } | |
70 if (!hide) | |
71 hide = IsSensitiveURL(url) || !HasWebRequestScheme(url); | |
72 return hide; | |
73 } | 83 } |
74 | 84 |
75 // static | 85 // static |
76 bool WebRequestPermissions::CanExtensionAccessURL( | 86 bool WebRequestPermissions::CanExtensionAccessURL( |
77 const ExtensionInfoMap* extension_info_map, | 87 const ExtensionInfoMap* extension_info_map, |
78 const std::string& extension_id, | 88 const std::string& extension_id, |
79 const GURL& url, | 89 const GURL& url, |
80 bool crosses_incognito, | 90 bool crosses_incognito, |
81 bool enforce_host_permissions) { | 91 bool enforce_host_permissions) { |
82 // extension_info_map can be NULL in testing. | 92 // extension_info_map can be NULL in testing. |
(...skipping 13 matching lines...) Expand all Loading... | |
96 // about: URLs are not covered in host permissions, but are allowed anyway. | 106 // about: URLs are not covered in host permissions, but are allowed anyway. |
97 bool host_permissions_ok = (url.SchemeIs(chrome::kAboutScheme) || | 107 bool host_permissions_ok = (url.SchemeIs(chrome::kAboutScheme) || |
98 extension->HasHostPermission(url) || | 108 extension->HasHostPermission(url) || |
99 url.GetOrigin() == extension->url()); | 109 url.GetOrigin() == extension->url()); |
100 if (!host_permissions_ok) | 110 if (!host_permissions_ok) |
101 return false; | 111 return false; |
102 } | 112 } |
103 | 113 |
104 return true; | 114 return true; |
105 } | 115 } |
OLD | NEW |