| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/extensions/extension_resource_request_policy.h" | 5 #include "chrome/renderer/extensions/extension_resource_request_policy.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" |
| 7 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "chrome/common/chrome_switches.h" |
| 8 #include "chrome/common/url_constants.h" | 10 #include "chrome/common/url_constants.h" |
| 9 #include "chrome/common/extensions/extension.h" | 11 #include "chrome/common/extensions/extension.h" |
| 10 #include "chrome/common/extensions/extension_set.h" | 12 #include "chrome/common/extensions/extension_set.h" |
| 11 #include "googleurl/src/gurl.h" | 13 #include "googleurl/src/gurl.h" |
| 12 | 14 |
| 13 // static | 15 // static |
| 14 bool ExtensionResourceRequestPolicy::CanRequestResource( | 16 bool ExtensionResourceRequestPolicy::CanRequestResource( |
| 15 const GURL& resource_url, | 17 const GURL& resource_url, |
| 16 const GURL& frame_url, | 18 const GURL& frame_url, |
| 17 const ExtensionSet* loaded_extensions) { | 19 const ExtensionSet* loaded_extensions) { |
| (...skipping 13 matching lines...) Expand all Loading... |
| 31 // launchers. | 33 // launchers. |
| 32 std::string resource_root_relative_path = | 34 std::string resource_root_relative_path = |
| 33 resource_url.path().empty() ? "" : resource_url.path().substr(1); | 35 resource_url.path().empty() ? "" : resource_url.path().substr(1); |
| 34 if (extension->is_hosted_app() && | 36 if (extension->is_hosted_app() && |
| 35 !extension->icons().ContainsPath(resource_root_relative_path)) { | 37 !extension->icons().ContainsPath(resource_root_relative_path)) { |
| 36 LOG(ERROR) << "Denying load of " << resource_url.spec() << " from " | 38 LOG(ERROR) << "Denying load of " << resource_url.spec() << " from " |
| 37 << "hosted app."; | 39 << "hosted app."; |
| 38 return false; | 40 return false; |
| 39 } | 41 } |
| 40 | 42 |
| 43 // Disallow loading of extension resources which are not explicitely listed |
| 44 // as web accessible if the manifest version is 2 or greater. |
| 45 |
| 46 // Exceptions are: |
| 47 // - empty origin (needed for some edge cases when we have empty origins) |
| 48 // - chrome-extension:// (for legacy reasons -- some extensions interop) |
| 49 if (!CommandLine::ForCurrentProcess()->HasSwitch( |
| 50 switches::kDisableExtensionsResourceWhitelist) && |
| 51 !frame_url.is_empty() && |
| 52 !frame_url.SchemeIs(chrome::kExtensionScheme) && |
| 53 !extension->IsResourceWebAccessible(resource_url.path())) { |
| 54 LOG(ERROR) << "Denying load of " << resource_url.spec() << " which " |
| 55 << "is not a web accessible resource."; |
| 56 return false; |
| 57 } |
| 58 |
| 41 return true; | 59 return true; |
| 42 } | 60 } |
| 43 | 61 |
| 44 ExtensionResourceRequestPolicy::ExtensionResourceRequestPolicy() { | 62 ExtensionResourceRequestPolicy::ExtensionResourceRequestPolicy() { |
| 45 } | 63 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8849010:
Add 'web_accessible_resource" keyword for version 2 extension manifests. This makes extension res... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/