| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/extension_protocols.h" | 5 #include "chrome/browser/extensions/extension_protocols.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/compiler_specific.h" | 9 #include "base/compiler_specific.h" |
| 10 #include "base/file_path.h" | 10 #include "base/file_path.h" |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/message_loop.h" | 12 #include "base/message_loop.h" |
| 13 #include "base/path_service.h" | 13 #include "base/path_service.h" |
| 14 #include "base/string_util.h" | 14 #include "base/string_util.h" |
| 15 #include "base/stringprintf.h" | 15 #include "base/stringprintf.h" |
| 16 #include "base/threading/thread_restrictions.h" | 16 #include "base/threading/thread_restrictions.h" |
| 17 #include "build/build_config.h" | 17 #include "build/build_config.h" |
| 18 #include "chrome/browser/extensions/extension_info_map.h" | 18 #include "chrome/browser/extensions/extension_info_map.h" |
| 19 #include "chrome/browser/net/chrome_url_request_context.h" | 19 #include "chrome/browser/net/chrome_url_request_context.h" |
| 20 #include "chrome/common/chrome_paths.h" | 20 #include "chrome/common/chrome_paths.h" |
| 21 #include "chrome/common/extensions/extension.h" | 21 #include "chrome/common/extensions/extension.h" |
| 22 #include "chrome/common/extensions/extension_file_util.h" | 22 #include "chrome/common/extensions/extension_file_util.h" |
| 23 #include "chrome/common/extensions/extension_resource.h" | 23 #include "chrome/common/extensions/extension_resource.h" |
| 24 #include "chrome/common/url_constants.h" | 24 #include "chrome/common/url_constants.h" |
| 25 #include "content/browser/renderer_host/resource_dispatcher_host.h" | 25 #include "content/public/browser/resource_request_info.h" |
| 26 #include "content/browser/renderer_host/resource_dispatcher_host_request_info.h" | |
| 27 #include "googleurl/src/url_util.h" | 26 #include "googleurl/src/url_util.h" |
| 28 #include "grit/component_extension_resources_map.h" | 27 #include "grit/component_extension_resources_map.h" |
| 29 #include "net/base/mime_util.h" | 28 #include "net/base/mime_util.h" |
| 30 #include "net/base/net_errors.h" | 29 #include "net/base/net_errors.h" |
| 31 #include "net/http/http_response_info.h" | 30 #include "net/http/http_response_info.h" |
| 32 #include "net/http/http_response_headers.h" | 31 #include "net/http/http_response_headers.h" |
| 33 #include "net/url_request/url_request_error_job.h" | 32 #include "net/url_request/url_request_error_job.h" |
| 34 #include "net/url_request/url_request_file_job.h" | 33 #include "net/url_request/url_request_file_job.h" |
| 35 #include "net/url_request/url_request_simple_job.h" | 34 #include "net/url_request/url_request_simple_job.h" |
| 36 #include "ui/base/resource/resource_bundle.h" | 35 #include "ui/base/resource/resource_bundle.h" |
| 37 | 36 |
| 37 using content::ResourceRequestInfo; |
| 38 |
| 38 namespace { | 39 namespace { |
| 39 | 40 |
| 40 net::HttpResponseHeaders* BuildHttpHeaders( | 41 net::HttpResponseHeaders* BuildHttpHeaders( |
| 41 const std::string& content_security_policy, bool send_cors_header) { | 42 const std::string& content_security_policy, bool send_cors_header) { |
| 42 std::string raw_headers; | 43 std::string raw_headers; |
| 43 raw_headers.append("HTTP/1.1 200 OK"); | 44 raw_headers.append("HTTP/1.1 200 OK"); |
| 44 if (!content_security_policy.empty()) { | 45 if (!content_security_policy.empty()) { |
| 45 raw_headers.append(1, '\0'); | 46 raw_headers.append(1, '\0'); |
| 46 raw_headers.append("X-WebKit-CSP: "); | 47 raw_headers.append("X-WebKit-CSP: "); |
| 47 raw_headers.append(content_security_policy); | 48 raw_headers.append(content_security_policy); |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 171 // Only split-mode extensions can load in incognito profiles. | 172 // Only split-mode extensions can load in incognito profiles. |
| 172 return extension && extension->incognito_split_mode(); | 173 return extension && extension->incognito_split_mode(); |
| 173 } | 174 } |
| 174 | 175 |
| 175 // Returns true if an chrome-extension:// resource should be allowed to load. | 176 // Returns true if an chrome-extension:// resource should be allowed to load. |
| 176 // TODO(aa): This should be moved into ExtensionResourceRequestPolicy, but we | 177 // TODO(aa): This should be moved into ExtensionResourceRequestPolicy, but we |
| 177 // first need to find a way to get CanLoadInIncognito state into the renderers. | 178 // first need to find a way to get CanLoadInIncognito state into the renderers. |
| 178 bool AllowExtensionResourceLoad(net::URLRequest* request, | 179 bool AllowExtensionResourceLoad(net::URLRequest* request, |
| 179 bool is_incognito, | 180 bool is_incognito, |
| 180 ExtensionInfoMap* extension_info_map) { | 181 ExtensionInfoMap* extension_info_map) { |
| 181 const ResourceDispatcherHostRequestInfo* info = | 182 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); |
| 182 ResourceDispatcherHost::InfoForRequest(request); | |
| 183 | 183 |
| 184 // We have seen crashes where info is NULL: crbug.com/52374. | 184 // We have seen crashes where info is NULL: crbug.com/52374. |
| 185 if (!info) { | 185 if (!info) { |
| 186 LOG(ERROR) << "Allowing load of " << request->url().spec() | 186 LOG(ERROR) << "Allowing load of " << request->url().spec() |
| 187 << "from unknown origin. Could not find user data for " | 187 << "from unknown origin. Could not find user data for " |
| 188 << "request."; | 188 << "request."; |
| 189 return true; | 189 return true; |
| 190 } | 190 } |
| 191 | 191 |
| 192 // Don't allow toplevel navigations to extension resources in incognito mode. | 192 // Don't allow toplevel navigations to extension resources in incognito mode. |
| 193 // This is because an extension must run in a single process, and an | 193 // This is because an extension must run in a single process, and an |
| 194 // incognito tab prevents that. | 194 // incognito tab prevents that. |
| 195 if (is_incognito && | 195 if (is_incognito && |
| 196 info->resource_type() == ResourceType::MAIN_FRAME && | 196 info->GetResourceType() == ResourceType::MAIN_FRAME && |
| 197 !ExtensionCanLoadInIncognito(request->url().host(), extension_info_map)) { | 197 !ExtensionCanLoadInIncognito(request->url().host(), extension_info_map)) { |
| 198 LOG(ERROR) << "Denying load of " << request->url().spec() << " from " | 198 LOG(ERROR) << "Denying load of " << request->url().spec() << " from " |
| 199 << "incognito tab."; | 199 << "incognito tab."; |
| 200 return false; | 200 return false; |
| 201 } | 201 } |
| 202 | 202 |
| 203 return true; | 203 return true; |
| 204 } | 204 } |
| 205 | 205 |
| 206 // Returns true if the given URL references an icon in the given extension. | 206 // Returns true if the given URL references an icon in the given extension. |
| (...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 319 content_security_policy, send_cors_header); | 319 content_security_policy, send_cors_header); |
| 320 } | 320 } |
| 321 | 321 |
| 322 } // namespace | 322 } // namespace |
| 323 | 323 |
| 324 net::URLRequestJobFactory::ProtocolHandler* CreateExtensionProtocolHandler( | 324 net::URLRequestJobFactory::ProtocolHandler* CreateExtensionProtocolHandler( |
| 325 bool is_incognito, | 325 bool is_incognito, |
| 326 ExtensionInfoMap* extension_info_map) { | 326 ExtensionInfoMap* extension_info_map) { |
| 327 return new ExtensionProtocolHandler(is_incognito, extension_info_map); | 327 return new ExtensionProtocolHandler(is_incognito, extension_info_map); |
| 328 } | 328 } |
| OLD | NEW |
|---|
Chromium Code Reviews
