Chromium Code Reviews Chromium Code Reviews
Issue 1312653003:
Fix for WebView accessible resources. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/extensions/resource_request_policy.h" | 5 #include "chrome/renderer/extensions/resource_request_policy.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/strings/stringprintf.h" | 8 #include "base/strings/stringprintf.h" |
| 9 #include "chrome/common/extensions/chrome_manifest_url_handlers.h" | 9 #include "chrome/common/extensions/chrome_manifest_url_handlers.h" |
| 10 #include "chrome/common/url_constants.h" | 10 #include "chrome/common/url_constants.h" |
| 11 #include "extensions/common/constants.h" | 11 #include "extensions/common/constants.h" |
| 12 #include "extensions/common/extension.h" | 12 #include "extensions/common/extension.h" |
| 13 #include "extensions/common/manifest_constants.h" | |
| 13 #include "extensions/common/manifest_handlers/icons_handler.h" | 14 #include "extensions/common/manifest_handlers/icons_handler.h" |
| 14 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h" | 15 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h" |
| 16 #include "extensions/common/manifest_handlers/webview_info.h" | |
| 15 #include "extensions/renderer/renderer_extension_registry.h" | 17 #include "extensions/renderer/renderer_extension_registry.h" |
| 16 #include "third_party/WebKit/public/platform/WebString.h" | 18 #include "third_party/WebKit/public/platform/WebString.h" |
| 17 #include "third_party/WebKit/public/web/WebConsoleMessage.h" | 19 #include "third_party/WebKit/public/web/WebConsoleMessage.h" |
| 18 #include "third_party/WebKit/public/web/WebDocument.h" | 20 #include "third_party/WebKit/public/web/WebDocument.h" |
| 19 #include "third_party/WebKit/public/web/WebFrame.h" | 21 #include "third_party/WebKit/public/web/WebFrame.h" |
| 20 #include "ui/base/page_transition_types.h" | 22 #include "ui/base/page_transition_types.h" |
| 21 #include "url/gurl.h" | 23 #include "url/gurl.h" |
| 22 | 24 |
| 23 namespace extensions { | 25 namespace extensions { |
| 24 | 26 |
| 27 namespace { | |
| 28 | |
| 29 base::LazyInstance<std::string> webview_partition_id = | |
| 30 LAZY_INSTANCE_INITIALIZER; | |
|
not at google - send to devlin
2015/08/31 18:31:44
It would be better to make ResourceRequestPolicy a
paulmeyer
2015/08/31 21:40:08
I'll leave this class alone since I won't be addin
| |
| 31 | |
| 32 } // namespace | |
| 33 | |
| 34 ResourceRequestPolicy::ResourceRequestPolicy() {} | |
| 35 | |
| 25 // This method does a security check whether chrome-extension:// URLs can be | 36 // This method does a security check whether chrome-extension:// URLs can be |
| 26 // requested by the renderer. Since this is in an untrusted process, the browser | 37 // requested by the renderer. Since this is in an untrusted process, the browser |
| 27 // has a similar check to enforce the policy, in case this process is exploited. | 38 // has a similar check to enforce the policy, in case this process is exploited. |
| 28 // If you are changing this function, ensure equivalent checks are added to | 39 // If you are changing this function, ensure equivalent checks are added to |
| 29 // extension_protocols.cc's AllowExtensionResourceLoad. | 40 // extension_protocols.cc's AllowExtensionResourceLoad. |
| 30 | 41 |
| 31 // static | 42 // static |
| 32 bool ResourceRequestPolicy::CanRequestResource( | 43 bool ResourceRequestPolicy::CanRequestResource( |
| 33 const GURL& resource_url, | 44 const GURL& resource_url, |
| 34 blink::WebFrame* frame, | 45 blink::WebFrame* frame, |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 52 : resource_url.path().substr(1); | 63 : resource_url.path().substr(1); |
| 53 if (extension->is_hosted_app() && | 64 if (extension->is_hosted_app() && |
| 54 !IconsInfo::GetIcons(extension) | 65 !IconsInfo::GetIcons(extension) |
| 55 .ContainsPath(resource_root_relative_path)) { | 66 .ContainsPath(resource_root_relative_path)) { |
| 56 LOG(ERROR) << "Denying load of " << resource_url.spec() << " from " | 67 LOG(ERROR) << "Denying load of " << resource_url.spec() << " from " |
| 57 << "hosted app."; | 68 << "hosted app."; |
| 58 return false; | 69 return false; |
| 59 } | 70 } |
| 60 | 71 |
| 61 // Disallow loading of extension resources which are not explicitly listed | 72 // Disallow loading of extension resources which are not explicitly listed |
| 62 // as web accessible if the manifest version is 2 or greater. | 73 // as web or WebView accessible if the manifest version is 2 or greater. |
| 74 const WebviewInfo* webview_info = WebviewInfo::Get(extension); | |
| 63 if (!WebAccessibleResourcesInfo::IsResourceWebAccessible( | 75 if (!WebAccessibleResourcesInfo::IsResourceWebAccessible( |
| 64 extension, resource_url.path())) { | 76 extension, resource_url.path()) && |
| 77 !(webview_info && | |
| 78 webview_info->IsResourceWebviewAccessible( | |
| 79 extension, webview_partition_id.Get(), resource_url.path()))) { | |
| 65 GURL frame_url = frame->document().url(); | 80 GURL frame_url = frame->document().url(); |
| 66 | 81 |
| 67 // The page_origin may be GURL("null") for unique origins like data URLs, | 82 // The page_origin may be GURL("null") for unique origins like data URLs, |
| 68 // but this is ok for the checks below. We only care if it matches the | 83 // but this is ok for the checks below. We only care if it matches the |
| 69 // current extension or has a devtools scheme. | 84 // current extension or has a devtools scheme. |
| 70 GURL page_origin = GURL(frame->top()->securityOrigin().toString()); | 85 GURL page_origin = GURL(frame->top()->securityOrigin().toString()); |
| 71 | 86 |
| 72 // Exceptions are: | 87 // Exceptions are: |
| 73 // - empty origin (needed for some edge cases when we have empty origins) | 88 // - empty origin (needed for some edge cases when we have empty origins) |
| 74 bool is_empty_origin = frame_url.is_empty(); | 89 bool is_empty_origin = frame_url.is_empty(); |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 119 resource_url.spec().c_str()); | 134 resource_url.spec().c_str()); |
| 120 frame->addMessageToConsole( | 135 frame->addMessageToConsole( |
| 121 blink::WebConsoleMessage(blink::WebConsoleMessage::LevelError, | 136 blink::WebConsoleMessage(blink::WebConsoleMessage::LevelError, |
| 122 blink::WebString::fromUTF8(message))); | 137 blink::WebString::fromUTF8(message))); |
| 123 return false; | 138 return false; |
| 124 } | 139 } |
| 125 | 140 |
| 126 return true; | 141 return true; |
| 127 } | 142 } |
| 128 | 143 |
| 129 ResourceRequestPolicy::ResourceRequestPolicy() { | 144 // static |
| 145 void ResourceRequestPolicy::SetWebViewPartitionID( | |
| 146 const std::string& partition_id) { | |
| 147 // |webview_partition_id| cannot be changed once set. | |
| 148 std::string& stored_id = webview_partition_id.Get(); | |
| 149 DCHECK(stored_id.empty() || stored_id == partition_id); | |
| 150 if (stored_id.empty()) | |
| 151 stored_id = partition_id; | |
| 130 } | 152 } |
| 131 | 153 |
| 132 } // namespace extensions | 154 } // namespace extensions |
| OLD | NEW |
