Chromium Code Reviews Chromium Code Reviews
Issue 9152022:
Add Access-Control-Allow-Origin: * header for extension resources specifically listed as web acce... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/extension_protocols.h" | 5 #include "chrome/browser/extensions/extension_protocols.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/compiler_specific.h" | 9 #include "base/compiler_specific.h" |
| 10 #include "base/file_path.h" | 10 #include "base/file_path.h" |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 30 #include "net/http/http_response_info.h" | 30 #include "net/http/http_response_info.h" |
| 31 #include "net/http/http_response_headers.h" | 31 #include "net/http/http_response_headers.h" |
| 32 #include "net/url_request/url_request_error_job.h" | 32 #include "net/url_request/url_request_error_job.h" |
| 33 #include "net/url_request/url_request_file_job.h" | 33 #include "net/url_request/url_request_file_job.h" |
| 34 #include "net/url_request/url_request_simple_job.h" | 34 #include "net/url_request/url_request_simple_job.h" |
| 35 #include "ui/base/resource/resource_bundle.h" | 35 #include "ui/base/resource/resource_bundle.h" |
| 36 | 36 |
| 37 namespace { | 37 namespace { |
| 38 | 38 |
| 39 net::HttpResponseHeaders* BuildHttpHeaders( | 39 net::HttpResponseHeaders* BuildHttpHeaders( |
| 40 const std::string& content_security_policy) { | 40 const std::string& content_security_policy, const bool send_cors_header) { |
|
Matt Perry
2012/01/10 23:47:24
nit: don't const-ify parameters that are POD types
Cris Neckar
2012/01/26 00:48:44
Done.
| |
| 41 std::string raw_headers; | 41 std::string raw_headers; |
| 42 raw_headers.append("HTTP/1.1 200 OK"); | 42 raw_headers.append("HTTP/1.1 200 OK"); |
| 43 if (!content_security_policy.empty()) { | 43 if (!content_security_policy.empty()) { |
| 44 raw_headers.append(1, '\0'); | 44 raw_headers.append(1, '\0'); |
| 45 raw_headers.append("X-WebKit-CSP: "); | 45 raw_headers.append("X-WebKit-CSP: "); |
| 46 raw_headers.append(content_security_policy); | 46 raw_headers.append(content_security_policy); |
| 47 } | 47 } |
| 48 | |
| 49 if (send_cors_header) { | |
| 50 raw_headers.append(1, '\0'); | |
|
Aaron Boodman
2012/01/10 23:40:33
What's this?
Cris Neckar
2012/01/26 00:48:44
newline
Aaron Boodman
2012/01/27 22:36:46
Oh.
| |
| 51 raw_headers.append("Access-Control-Allow-Origin: *"); | |
| 52 } | |
| 48 raw_headers.append(2, '\0'); | 53 raw_headers.append(2, '\0'); |
| 49 return new net::HttpResponseHeaders(raw_headers); | 54 return new net::HttpResponseHeaders(raw_headers); |
| 50 } | 55 } |
| 51 | 56 |
| 52 class URLRequestResourceBundleJob : public net::URLRequestSimpleJob { | 57 class URLRequestResourceBundleJob : public net::URLRequestSimpleJob { |
| 53 public: | 58 public: |
| 54 URLRequestResourceBundleJob( | 59 URLRequestResourceBundleJob( |
| 55 net::URLRequest* request, const FilePath& filename, int resource_id, | 60 net::URLRequest* request, const FilePath& filename, int resource_id, |
| 56 const std::string& content_security_policy) | 61 const std::string& content_security_policy, const bool send_cors_header) |
| 57 : net::URLRequestSimpleJob(request), | 62 : net::URLRequestSimpleJob(request), |
| 58 filename_(filename), | 63 filename_(filename), |
| 59 resource_id_(resource_id) { | 64 resource_id_(resource_id) { |
| 60 response_info_.headers = BuildHttpHeaders(content_security_policy); | 65 response_info_.headers = BuildHttpHeaders(content_security_policy, |
| 66 send_cors_header); | |
| 61 } | 67 } |
| 62 | 68 |
| 63 // Overridden from URLRequestSimpleJob: | 69 // Overridden from URLRequestSimpleJob: |
| 64 virtual bool GetData(std::string* mime_type, | 70 virtual bool GetData(std::string* mime_type, |
| 65 std::string* charset, | 71 std::string* charset, |
| 66 std::string* data) const OVERRIDE { | 72 std::string* data) const OVERRIDE { |
| 67 const ResourceBundle& rb = ResourceBundle::GetSharedInstance(); | 73 const ResourceBundle& rb = ResourceBundle::GetSharedInstance(); |
| 68 *data = rb.GetRawDataResource(resource_id_).as_string(); | 74 *data = rb.GetRawDataResource(resource_id_).as_string(); |
| 69 | 75 |
| 70 // Requests should not block on the disk! On Windows this goes to the | 76 // Requests should not block on the disk! On Windows this goes to the |
| (...skipping 27 matching lines...) Expand all Loading... | |
| 98 // The resource bundle id to load. | 104 // The resource bundle id to load. |
| 99 int resource_id_; | 105 int resource_id_; |
| 100 | 106 |
| 101 net::HttpResponseInfo response_info_; | 107 net::HttpResponseInfo response_info_; |
| 102 }; | 108 }; |
| 103 | 109 |
| 104 class URLRequestExtensionJob : public net::URLRequestFileJob { | 110 class URLRequestExtensionJob : public net::URLRequestFileJob { |
| 105 public: | 111 public: |
| 106 URLRequestExtensionJob(net::URLRequest* request, | 112 URLRequestExtensionJob(net::URLRequest* request, |
| 107 const FilePath& filename, | 113 const FilePath& filename, |
| 108 const std::string& content_security_policy) | 114 const std::string& content_security_policy, |
| 115 const bool send_cors_header) | |
| 109 : net::URLRequestFileJob(request, filename) { | 116 : net::URLRequestFileJob(request, filename) { |
| 110 response_info_.headers = BuildHttpHeaders(content_security_policy); | 117 response_info_.headers = BuildHttpHeaders(content_security_policy, |
| 118 send_cors_header); | |
| 111 } | 119 } |
| 112 | 120 |
| 113 virtual void GetResponseInfo(net::HttpResponseInfo* info) OVERRIDE { | 121 virtual void GetResponseInfo(net::HttpResponseInfo* info) OVERRIDE { |
| 114 *info = response_info_; | 122 *info = response_info_; |
| 115 } | 123 } |
| 116 | 124 |
| 117 net::HttpResponseInfo response_info_; | 125 net::HttpResponseInfo response_info_; |
| 118 }; | 126 }; |
| 119 | 127 |
| 120 bool ExtensionCanLoadInIncognito(const std::string& extension_id, | 128 bool ExtensionCanLoadInIncognito(const std::string& extension_id, |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 211 extension_info_map_->disabled_extensions().GetByID(extension_id); | 219 extension_info_map_->disabled_extensions().GetByID(extension_id); |
| 212 if (URLIsForExtensionIcon(request->url(), disabled_extension)) | 220 if (URLIsForExtensionIcon(request->url(), disabled_extension)) |
| 213 directory_path = disabled_extension->path(); | 221 directory_path = disabled_extension->path(); |
| 214 if (directory_path.value().empty()) { | 222 if (directory_path.value().empty()) { |
| 215 LOG(WARNING) << "Failed to GetPathForExtension: " << extension_id; | 223 LOG(WARNING) << "Failed to GetPathForExtension: " << extension_id; |
| 216 return NULL; | 224 return NULL; |
| 217 } | 225 } |
| 218 } | 226 } |
| 219 | 227 |
| 220 std::string content_security_policy; | 228 std::string content_security_policy; |
| 221 if (extension) | 229 bool send_cors_header = false; |
| 230 if (extension) { | |
| 222 content_security_policy = extension->content_security_policy(); | 231 content_security_policy = extension->content_security_policy(); |
| 232 if ((extension->manifest_version() >= 2 || | |
| 233 extension->HasWebAccessibleResources()) && | |
| 234 extension->IsResourceWebAccessible(request->url().path())) | |
| 235 send_cors_header = true; | |
| 236 } | |
| 223 | 237 |
| 224 FilePath resources_path; | 238 FilePath resources_path; |
| 225 if (PathService::Get(chrome::DIR_RESOURCES, &resources_path) && | 239 if (PathService::Get(chrome::DIR_RESOURCES, &resources_path) && |
| 226 directory_path.DirName() == resources_path) { | 240 directory_path.DirName() == resources_path) { |
| 227 FilePath relative_path = directory_path.BaseName().Append( | 241 FilePath relative_path = directory_path.BaseName().Append( |
| 228 extension_file_util::ExtensionURLToRelativeFilePath(request->url())); | 242 extension_file_util::ExtensionURLToRelativeFilePath(request->url())); |
| 229 #if defined(OS_WIN) | 243 #if defined(OS_WIN) |
| 230 relative_path = relative_path.NormalizeWindowsPathSeparators(); | 244 relative_path = relative_path.NormalizeWindowsPathSeparators(); |
| 231 #endif | 245 #endif |
| 232 | 246 |
| 233 // TODO(tc): Make a map of FilePath -> resource ids so we don't have to | 247 // TODO(tc): Make a map of FilePath -> resource ids so we don't have to |
| 234 // covert to FilePaths all the time. This will be more useful as we add | 248 // covert to FilePaths all the time. This will be more useful as we add |
| 235 // more resources. | 249 // more resources. |
| 236 for (size_t i = 0; i < kComponentExtensionResourcesSize; ++i) { | 250 for (size_t i = 0; i < kComponentExtensionResourcesSize; ++i) { |
| 237 FilePath bm_resource_path = | 251 FilePath bm_resource_path = |
| 238 FilePath().AppendASCII(kComponentExtensionResources[i].name); | 252 FilePath().AppendASCII(kComponentExtensionResources[i].name); |
| 239 #if defined(OS_WIN) | 253 #if defined(OS_WIN) |
| 240 bm_resource_path = bm_resource_path.NormalizeWindowsPathSeparators(); | 254 bm_resource_path = bm_resource_path.NormalizeWindowsPathSeparators(); |
| 241 #endif | 255 #endif |
| 242 if (relative_path == bm_resource_path) { | 256 if (relative_path == bm_resource_path) { |
| 243 return new URLRequestResourceBundleJob(request, relative_path, | 257 return new URLRequestResourceBundleJob(request, relative_path, |
| 244 kComponentExtensionResources[i].value, content_security_policy); | 258 kComponentExtensionResources[i].value, content_security_policy, |
| 259 send_cors_header); | |
| 245 } | 260 } |
| 246 } | 261 } |
| 247 } | 262 } |
| 248 // TODO(tc): Move all of these files into resources.pak so we don't break | 263 // TODO(tc): Move all of these files into resources.pak so we don't break |
| 249 // when updating on Linux. | 264 // when updating on Linux. |
| 250 ExtensionResource resource(extension_id, directory_path, | 265 ExtensionResource resource(extension_id, directory_path, |
| 251 extension_file_util::ExtensionURLToRelativeFilePath(request->url())); | 266 extension_file_util::ExtensionURLToRelativeFilePath(request->url())); |
| 252 | 267 |
| 253 FilePath resource_file_path; | 268 FilePath resource_file_path; |
| 254 { | 269 { |
| 255 // Getting the file path will touch the file system. Fixing | 270 // Getting the file path will touch the file system. Fixing |
| 256 // crbug.com/59849 would also fix this. Suppress the error for now. | 271 // crbug.com/59849 would also fix this. Suppress the error for now. |
| 257 base::ThreadRestrictions::ScopedAllowIO allow_io; | 272 base::ThreadRestrictions::ScopedAllowIO allow_io; |
| 258 resource_file_path = resource.GetFilePath(); | 273 resource_file_path = resource.GetFilePath(); |
| 259 } | 274 } |
| 260 | 275 |
| 261 return new URLRequestExtensionJob(request, resource_file_path, | 276 return new URLRequestExtensionJob(request, resource_file_path, |
| 262 content_security_policy); | 277 content_security_policy, send_cors_header); |
| 263 } | 278 } |
| 264 | 279 |
| 265 } // namespace | 280 } // namespace |
| 266 | 281 |
| 267 net::URLRequestJobFactory::ProtocolHandler* CreateExtensionProtocolHandler( | 282 net::URLRequestJobFactory::ProtocolHandler* CreateExtensionProtocolHandler( |
| 268 bool is_incognito, | 283 bool is_incognito, |
| 269 ExtensionInfoMap* extension_info_map) { | 284 ExtensionInfoMap* extension_info_map) { |
| 270 return new ExtensionProtocolHandler(is_incognito, extension_info_map); | 285 return new ExtensionProtocolHandler(is_incognito, extension_info_map); |
| 271 } | 286 } |
| OLD | NEW |
