Chromium Code Reviews Chromium Code Reviews
Issue 1270663002:
Validate the Origin HTTP header in the browser process. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/chrome_content_browser_client_extensions_par t.h" | 5 #include "chrome/browser/extensions/chrome_content_browser_client_extensions_par t.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "chrome/browser/browser_process.h" | 10 #include "chrome/browser/browser_process.h" |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 28 #include "content/public/browser/site_instance.h" | 28 #include "content/public/browser/site_instance.h" |
| 29 #include "content/public/browser/web_contents.h" | 29 #include "content/public/browser/web_contents.h" |
| 30 #include "content/public/common/content_switches.h" | 30 #include "content/public/common/content_switches.h" |
| 31 #include "extensions/browser/api/web_request/web_request_api.h" | 31 #include "extensions/browser/api/web_request/web_request_api.h" |
| 32 #include "extensions/browser/api/web_request/web_request_api_helpers.h" | 32 #include "extensions/browser/api/web_request/web_request_api_helpers.h" |
| 33 #include "extensions/browser/extension_host.h" | 33 #include "extensions/browser/extension_host.h" |
| 34 #include "extensions/browser/extension_message_filter.h" | 34 #include "extensions/browser/extension_message_filter.h" |
| 35 #include "extensions/browser/extension_registry.h" | 35 #include "extensions/browser/extension_registry.h" |
| 36 #include "extensions/browser/extension_system.h" | 36 #include "extensions/browser/extension_system.h" |
| 37 #include "extensions/browser/guest_view/extensions_guest_view_message_filter.h" | 37 #include "extensions/browser/guest_view/extensions_guest_view_message_filter.h" |
| 38 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" | |
| 38 #include "extensions/browser/info_map.h" | 39 #include "extensions/browser/info_map.h" |
| 39 #include "extensions/browser/io_thread_extension_message_filter.h" | 40 #include "extensions/browser/io_thread_extension_message_filter.h" |
| 40 #include "extensions/browser/view_type_utils.h" | 41 #include "extensions/browser/view_type_utils.h" |
| 41 #include "extensions/common/constants.h" | 42 #include "extensions/common/constants.h" |
| 43 #include "extensions/common/manifest_constants.h" | |
| 42 #include "extensions/common/manifest_handlers/app_isolation_info.h" | 44 #include "extensions/common/manifest_handlers/app_isolation_info.h" |
| 43 #include "extensions/common/manifest_handlers/background_info.h" | 45 #include "extensions/common/manifest_handlers/background_info.h" |
| 44 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h" | 46 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h" |
| 45 #include "extensions/common/switches.h" | 47 #include "extensions/common/switches.h" |
| 46 | 48 |
| 47 using content::BrowserContext; | 49 using content::BrowserContext; |
| 48 using content::BrowserThread; | 50 using content::BrowserThread; |
| 49 using content::BrowserURLHandler; | 51 using content::BrowserURLHandler; |
| 50 using content::RenderViewHost; | 52 using content::RenderViewHost; |
| 51 using content::SiteInstance; | 53 using content::SiteInstance; |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 177 | 179 |
| 178 // Hosted apps that have script access to their background page must use | 180 // Hosted apps that have script access to their background page must use |
| 179 // process per site, since all instances can make synchronous calls to the | 181 // process per site, since all instances can make synchronous calls to the |
| 180 // background window. Other extensions should use process per site as well. | 182 // background window. Other extensions should use process per site as well. |
| 181 return true; | 183 return true; |
| 182 } | 184 } |
| 183 | 185 |
| 184 // static | 186 // static |
| 185 bool ChromeContentBrowserClientExtensionsPart::CanCommitURL( | 187 bool ChromeContentBrowserClientExtensionsPart::CanCommitURL( |
| 186 content::RenderProcessHost* process_host, const GURL& url) { | 188 content::RenderProcessHost* process_host, const GURL& url) { |
| 189 DCHECK_CURRENTLY_ON(BrowserThread::UI); | |
|
nasko
2015/08/14 22:14:42
Thanks for adding this!
Charlie Reis
2015/08/14 23:23:32
Acknowledged.
| |
| 190 | |
| 187 // We need to let most extension URLs commit in any process, since this can | 191 // We need to let most extension URLs commit in any process, since this can |
| 188 // be allowed due to web_accessible_resources. Most hosted app URLs may also | 192 // be allowed due to web_accessible_resources. Most hosted app URLs may also |
| 189 // load in any process (e.g., in an iframe). However, the Chrome Web Store | 193 // load in any process (e.g., in an iframe). However, the Chrome Web Store |
| 190 // cannot be loaded in iframes and should never be requested outside its | 194 // cannot be loaded in iframes and should never be requested outside its |
| 191 // process. | 195 // process. |
| 192 ExtensionRegistry* registry = | 196 ExtensionRegistry* registry = |
| 193 ExtensionRegistry::Get(process_host->GetBrowserContext()); | 197 ExtensionRegistry::Get(process_host->GetBrowserContext()); |
| 194 if (!registry) | 198 if (!registry) |
| 195 return true; | 199 return true; |
| 196 | 200 |
| 197 const Extension* new_extension = | 201 const Extension* new_extension = |
| 198 registry->enabled_extensions().GetExtensionOrAppByURL(url); | 202 registry->enabled_extensions().GetExtensionOrAppByURL(url); |
| 199 if (new_extension && new_extension->is_hosted_app() && | 203 if (new_extension && new_extension->is_hosted_app() && |
| 200 new_extension->id() == extensions::kWebStoreAppId && | 204 new_extension->id() == extensions::kWebStoreAppId && |
| 201 !ProcessMap::Get(process_host->GetBrowserContext()) | 205 !ProcessMap::Get(process_host->GetBrowserContext()) |
| 202 ->Contains(new_extension->id(), process_host->GetID())) { | 206 ->Contains(new_extension->id(), process_host->GetID())) { |
| 203 return false; | 207 return false; |
| 204 } | 208 } |
| 205 return true; | 209 return true; |
| 206 } | 210 } |
| 207 | 211 |
| 212 bool ChromeContentBrowserClientExtensionsPart::IsIllegalOrigin( | |
| 213 content::ResourceContext* resource_context, | |
| 214 int child_process_id, | |
| 215 const GURL& origin) { | |
| 216 DCHECK_CURRENTLY_ON(BrowserThread::IO); | |
| 217 | |
| 218 // Consider non-extension URLs safe; they will be checked elsewhere. | |
| 219 if (!origin.SchemeIs(extensions::kExtensionScheme)) | |
| 220 return false; | |
| 221 | |
| 222 // If there is no extension installed for the URL, it couldn't have committed. | |
| 223 // (If the extension was recently uninstalled, the tab would have closed.) | |
| 224 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); | |
| 225 extensions::InfoMap* extension_info_map = io_data->GetExtensionInfoMap(); | |
| 226 const extensions::Extension* extension = | |
| 227 extension_info_map->extensions().GetExtensionOrAppByURL(origin); | |
| 228 if (!extension) | |
| 229 return true; | |
| 230 | |
| 231 // Check for platform app origins. These can only be committed by the app | |
| 232 // itself, or by one if its guests if there are accessible_resources. | |
|
Charlie Reis
2015/08/14 20:25:59
lfg@, can you review this part? I'm allowing an a
lfg
2015/08/17 19:01:54
lgtm.
| |
| 233 const extensions::ProcessMap& process_map = extension_info_map->process_map(); | |
| 234 if (extension->is_platform_app() && | |
| 235 !process_map.Contains(extension->id(), child_process_id)) { | |
| 236 // This is a platform app origin not in the app's own process. If there are | |
| 237 // no accessible resources, this is illegal. | |
| 238 if (!extension->GetManifestData(manifest_keys::kWebviewAccessibleResources)) | |
| 239 return true; | |
| 240 | |
| 241 // If there are accessible resources, the origin is only legal if the given | |
| 242 // process is a guest of the app. | |
| 243 std::string owner_extension_id; | |
| 244 int owner_process_id; | |
| 245 WebViewRendererState::GetInstance()->GetOwnerInfo( | |
| 246 child_process_id, &owner_process_id, &owner_extension_id); | |
| 247 const Extension* owner_extension = | |
| 248 extension_info_map->extensions().GetByID(owner_extension_id); | |
| 249 return !owner_extension || owner_extension != extension; | |
| 250 } | |
| 251 | |
| 252 // With only the origin and not the full URL, we don't have enough information | |
| 253 // to validate hosted apps or web_accessible_resources in normal extensions. | |
| 254 // Assume they're legal. | |
| 255 return false; | |
| 256 } | |
| 257 | |
| 208 // static | 258 // static |
| 209 bool ChromeContentBrowserClientExtensionsPart::IsSuitableHost( | 259 bool ChromeContentBrowserClientExtensionsPart::IsSuitableHost( |
| 210 Profile* profile, | 260 Profile* profile, |
| 211 content::RenderProcessHost* process_host, | 261 content::RenderProcessHost* process_host, |
| 212 const GURL& site_url) { | 262 const GURL& site_url) { |
| 213 DCHECK(profile); | 263 DCHECK(profile); |
| 214 | 264 |
| 215 ExtensionRegistry* registry = ExtensionRegistry::Get(profile); | 265 ExtensionRegistry* registry = ExtensionRegistry::Get(profile); |
| 216 ProcessMap* process_map = ProcessMap::Get(profile); | 266 ProcessMap* process_map = ProcessMap::Get(profile); |
| 217 | 267 |
| (...skipping 287 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 505 command_line->AppendSwitch(::switches::kEnableWebRtcHWH264Encoding); | 555 command_line->AppendSwitch(::switches::kEnableWebRtcHWH264Encoding); |
| 506 #endif | 556 #endif |
| 507 if (base::CommandLine::ForCurrentProcess()->HasSwitch( | 557 if (base::CommandLine::ForCurrentProcess()->HasSwitch( |
| 508 switches::kEnableMojoSerialService)) { | 558 switches::kEnableMojoSerialService)) { |
| 509 command_line->AppendSwitch(switches::kEnableMojoSerialService); | 559 command_line->AppendSwitch(switches::kEnableMojoSerialService); |
| 510 } | 560 } |
| 511 } | 561 } |
| 512 } | 562 } |
| 513 | 563 |
| 514 } // namespace extensions | 564 } // namespace extensions |
| OLD | NEW |
