OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/extensions/extension_protocols.h" | 5 #include "chrome/browser/extensions/extension_protocols.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 | 8 |
9 #include "app/resource_bundle.h" | 9 #include "app/resource_bundle.h" |
10 #include "base/file_path.h" | 10 #include "base/file_path.h" |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
72 static URLRequestJob* CreateExtensionURLRequestJob(URLRequest* request, | 72 static URLRequestJob* CreateExtensionURLRequestJob(URLRequest* request, |
73 const std::string& scheme) { | 73 const std::string& scheme) { |
74 ChromeURLRequestContext* context = | 74 ChromeURLRequestContext* context = |
75 static_cast<ChromeURLRequestContext*>(request->context()); | 75 static_cast<ChromeURLRequestContext*>(request->context()); |
76 | 76 |
77 const ResourceDispatcherHostRequestInfo* info = | 77 const ResourceDispatcherHostRequestInfo* info = |
78 ResourceDispatcherHost::InfoForRequest(request); | 78 ResourceDispatcherHost::InfoForRequest(request); |
79 | 79 |
80 // Don't allow extension resources to be loaded from origins which are not | 80 // Don't allow extension resources to be loaded from origins which are not |
81 // present in the extension's effective host permissions with the exception | 81 // present in the extension's effective host permissions with the exception |
82 // of empty origins and extension schemes. | 82 // of empty origins, extension schemes and DevTools front-end. |
| 83 GURL origin_url = GURL(info->frame_origin()); |
83 if (!info->frame_origin().empty() && | 84 if (!info->frame_origin().empty() && |
84 !GURL(info->frame_origin()).SchemeIs(chrome::kExtensionScheme)) { | 85 !origin_url.SchemeIs(chrome::kExtensionScheme) && |
| 86 !(origin_url.SchemeIs(chrome::kChromeUIScheme) && |
| 87 origin_url.host() == chrome::kChromeUIDevToolsHost)) { |
85 ExtensionExtent host_permissions = | 88 ExtensionExtent host_permissions = |
86 context->GetEffectiveHostPermissionsForExtension(request->url().host()); | 89 context->GetEffectiveHostPermissionsForExtension(request->url().host()); |
87 if (!host_permissions.ContainsURL(GURL(info->frame_origin()))) | 90 if (!host_permissions.ContainsURL(GURL(info->frame_origin()))) |
88 return new URLRequestErrorJob(request, net::ERR_ADDRESS_UNREACHABLE); | 91 return new URLRequestErrorJob(request, net::ERR_ADDRESS_UNREACHABLE); |
89 } | 92 } |
90 | 93 |
91 // Don't allow toplevel navigations to extension resources in incognito mode. | 94 // Don't allow toplevel navigations to extension resources in incognito mode. |
92 // This is because an extension must run in a single process, and an | 95 // This is because an extension must run in a single process, and an |
93 // incognito tab prevents that. | 96 // incognito tab prevents that. |
94 // TODO(mpcomplete): better error code. | 97 // TODO(mpcomplete): better error code. |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
152 | 155 |
153 return new URLRequestFileJob(request, resource.GetFilePath()); | 156 return new URLRequestFileJob(request, resource.GetFilePath()); |
154 } | 157 } |
155 | 158 |
156 void RegisterExtensionProtocols() { | 159 void RegisterExtensionProtocols() { |
157 URLRequest::RegisterProtocolFactory(chrome::kExtensionScheme, | 160 URLRequest::RegisterProtocolFactory(chrome::kExtensionScheme, |
158 &CreateExtensionURLRequestJob); | 161 &CreateExtensionURLRequestJob); |
159 URLRequest::RegisterProtocolFactory(chrome::kUserScriptScheme, | 162 URLRequest::RegisterProtocolFactory(chrome::kUserScriptScheme, |
160 &CreateUserScriptURLRequestJob); | 163 &CreateUserScriptURLRequestJob); |
161 } | 164 } |
OLD | NEW |