OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/renderer/extensions/extension_resource_request_policy.h" | 5 #include "chrome/renderer/extensions/extension_resource_request_policy.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "chrome/common/url_constants.h" | 8 #include "chrome/common/url_constants.h" |
9 #include "chrome/common/extensions/extension.h" | 9 #include "chrome/common/extensions/extension.h" |
10 #include "chrome/common/extensions/extension_set.h" | 10 #include "chrome/common/extensions/extension_set.h" |
11 #include "googleurl/src/gurl.h" | 11 #include "googleurl/src/gurl.h" |
12 | 12 |
13 // static | 13 // static |
14 bool ExtensionResourceRequestPolicy::CanRequestResource( | 14 bool ExtensionResourceRequestPolicy::CanRequestResource( |
15 const GURL& resource_url, | 15 const GURL& resource_url, |
16 const GURL& frame_url, | 16 const GURL& frame_url, |
17 const ExtensionSet* loaded_extensions) { | 17 const ExtensionSet* loaded_extensions) { |
18 CHECK(resource_url.SchemeIs(chrome::kExtensionScheme)); | 18 CHECK(resource_url.SchemeIs(chrome::kExtensionScheme)); |
19 | 19 |
20 const Extension* extension = loaded_extensions->GetByURL(resource_url); | 20 const Extension* extension = |
| 21 loaded_extensions->GetByURL(ExtensionURLInfo(resource_url)); |
21 if (!extension) { | 22 if (!extension) { |
22 // Allow the load in the case of a non-existent extension. We'll just get a | 23 // Allow the load in the case of a non-existent extension. We'll just get a |
23 // 404 from the browser process. | 24 // 404 from the browser process. |
24 return true; | 25 return true; |
25 } | 26 } |
26 | 27 |
27 // Disallow loading of packaged resources for hosted apps. We don't allow | 28 // Disallow loading of packaged resources for hosted apps. We don't allow |
28 // hybrid hosted/packaged apps. The one exception is access to icons, since | 29 // hybrid hosted/packaged apps. The one exception is access to icons, since |
29 // some extensions want to be able to do things like create their own | 30 // some extensions want to be able to do things like create their own |
30 // launchers. | 31 // launchers. |
31 std::string resource_root_relative_path = | 32 std::string resource_root_relative_path = |
32 resource_url.path().empty() ? "" : resource_url.path().substr(1); | 33 resource_url.path().empty() ? "" : resource_url.path().substr(1); |
33 if (extension->is_hosted_app() && | 34 if (extension->is_hosted_app() && |
34 !extension->icons().ContainsPath(resource_root_relative_path)) { | 35 !extension->icons().ContainsPath(resource_root_relative_path)) { |
35 LOG(ERROR) << "Denying load of " << resource_url.spec() << " from " | 36 LOG(ERROR) << "Denying load of " << resource_url.spec() << " from " |
36 << "hosted app."; | 37 << "hosted app."; |
37 return false; | 38 return false; |
38 } | 39 } |
39 | 40 |
40 return true; | 41 return true; |
41 } | 42 } |
42 | 43 |
43 ExtensionResourceRequestPolicy::ExtensionResourceRequestPolicy() { | 44 ExtensionResourceRequestPolicy::ExtensionResourceRequestPolicy() { |
44 } | 45 } |
OLD | NEW |