Allow transitions to WebUI pages which are extension urls (new tab page is the relevant example).

chrome/renderer/extensions/extension_resource_request_policy.cc

Index: chrome/renderer/extensions/extension_resource_request_policy.cc
===================================================================
--- chrome/renderer/extensions/extension_resource_request_policy.cc	(revision 149239)
+++ chrome/renderer/extensions/extension_resource_request_policy.cc	(working copy)
@@ -11,6 +11,7 @@
 #include "chrome/common/url_constants.h"
 #include "chrome/common/extensions/extension.h"
 #include "chrome/common/extensions/extension_set.h"
+#include "content/public/common/page_transition_types.h"
 #include "googleurl/src/gurl.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebConsoleMessage.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebDocument.h"
@@ -23,6 +24,7 @@
 bool ExtensionResourceRequestPolicy::CanRequestResource(
     const GURL& resource_url,
     WebKit::WebFrame* frame,
+    content::PageTransition transition_type,
     const ExtensionSet* loaded_extensions) {
   CHECK(resource_url.SchemeIs(chrome::kExtensionScheme));
 
@@ -55,9 +57,6 @@
     GURL frame_url = frame->document().url();
     GURL page_url = frame->top()->document().url();
 
-    // Exceptions are:
-    // - empty origin (needed for some edge cases when we have empty origins)
-    bool is_empty_origin = frame_url.is_empty();
     // - extensions requesting their own resources (frame_url check is for
     //     images, page_url check is for iframes)
     bool is_own_resource = frame_url.GetOrigin() == extension->url() ||
@@ -66,8 +65,16 @@
     //     to support the devtools extension APIs)
     bool is_dev_tools = page_url.SchemeIs(chrome::kChromeDevToolsScheme) &&
         !extension->devtools_url().is_empty();
+    // In all other cases we forbid certain types of transitions.

[Charlie Reis, 2012/08/02 18:39:26]

I don't quite follow this, with all the exceptions and negatives.  What's the
high level intention?  That certain types of page transitions should be allowed?
 Which ones?

[Cris Neckar, 2012/08/02 19:08:26]

Yes the intent was to ensure that certain types of page transitions are always
allowed. Namely anything that is not web triggerable (UI interaction etc).

Perhaps a helpers function in page_transition_types TransitionIsWebTriggerable()
or similar would be less prone to future breakage?

+    content::PageTransition base_transition =
+        PageTransitionStripQualifier(transition_type);
+    bool transition_allowed =
+        base_transition != content::PAGE_TRANSITION_LINK &&
+        base_transition != content::PAGE_TRANSITION_AUTO_SUBFRAME &&
+        base_transition != content::PAGE_TRANSITION_MANUAL_SUBFRAME &&
+        base_transition != content::PAGE_TRANSITION_FORM_SUBMIT;
 
-    if (!is_empty_origin && !is_own_resource && !is_dev_tools) {
+    if (!is_own_resource && !is_dev_tools && !transition_allowed) {
       std::string message = base::StringPrintf(
           "Denying load of %s. Resources must be listed in the "
           "web_accessible_resources manifest key in order to be loaded by "