| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/extensions/extension_resource_request_policy.h" | 5 #include "chrome/renderer/extensions/extension_resource_request_policy.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "chrome/common/url_constants.h" | 8 #include "chrome/common/url_constants.h" |
| 9 #include "chrome/common/extensions/extension.h" | 9 #include "chrome/common/extensions/extension.h" |
| 10 #include "chrome/common/extensions/extension_set.h" | 10 #include "chrome/common/extensions/extension_set.h" |
| 11 #include "googleurl/src/gurl.h" | 11 #include "googleurl/src/gurl.h" |
| 12 | 12 |
| 13 // static | 13 // static |
| 14 bool ExtensionResourceRequestPolicy::CanRequestResource( | 14 bool ExtensionResourceRequestPolicy::CanRequestResource( |
| 15 const GURL& resource_url, | 15 const GURL& resource_url, |
| 16 const GURL& frame_url, | 16 const GURL& frame_url, |
| 17 const ExtensionSet* loaded_extensions) { | 17 const ExtensionSet* loaded_extensions) { |
| 18 CHECK(resource_url.SchemeIs(chrome::kExtensionScheme)); | 18 CHECK(resource_url.SchemeIs(chrome::kExtensionScheme)); |
| 19 | 19 |
| 20 const Extension* extension = loaded_extensions->GetByURL(resource_url); | 20 const Extension* extension = |
| 21 loaded_extensions->GetByURL(ExtensionURLInfo(resource_url)); |
| 21 if (!extension) { | 22 if (!extension) { |
| 22 // Allow the load in the case of a non-existent extension. We'll just get a | 23 // Allow the load in the case of a non-existent extension. We'll just get a |
| 23 // 404 from the browser process. | 24 // 404 from the browser process. |
| 24 return true; | 25 return true; |
| 25 } | 26 } |
| 26 | 27 |
| 27 // Disallow loading of packaged resources for hosted apps. We don't allow | 28 // Disallow loading of packaged resources for hosted apps. We don't allow |
| 28 // hybrid hosted/packaged apps. The one exception is access to icons, since | 29 // hybrid hosted/packaged apps. The one exception is access to icons, since |
| 29 // some extensions want to be able to do things like create their own | 30 // some extensions want to be able to do things like create their own |
| 30 // launchers. | 31 // launchers. |
| 31 std::string resource_root_relative_path = | 32 std::string resource_root_relative_path = |
| 32 resource_url.path().empty() ? "" : resource_url.path().substr(1); | 33 resource_url.path().empty() ? "" : resource_url.path().substr(1); |
| 33 if (extension->is_hosted_app() && | 34 if (extension->is_hosted_app() && |
| 34 !extension->icons().ContainsPath(resource_root_relative_path)) { | 35 !extension->icons().ContainsPath(resource_root_relative_path)) { |
| 35 LOG(ERROR) << "Denying load of " << resource_url.spec() << " from " | 36 LOG(ERROR) << "Denying load of " << resource_url.spec() << " from " |
| 36 << "hosted app."; | 37 << "hosted app."; |
| 37 return false; | 38 return false; |
| 38 } | 39 } |
| 39 | 40 |
| 40 return true; | 41 return true; |
| 41 } | 42 } |
| 42 | 43 |
| 43 ExtensionResourceRequestPolicy::ExtensionResourceRequestPolicy() { | 44 ExtensionResourceRequestPolicy::ExtensionResourceRequestPolicy() { |
| 44 } | 45 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8659009:
Consider the origin when computing extension permissions (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/