Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(79)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/renderer/extensions/resource_request_policy.cc

Issue 1312653003: Fix for WebView accessible resources. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressed comments by kalman@. Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | extensions/browser/guest_view/web_view/web_view_guest.h » ('j') | extensions/browser/guest_view/web_view/web_view_guest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/renderer/extensions/resource_request_policy.cc
diff --git a/chrome/renderer/extensions/resource_request_policy.cc b/chrome/renderer/extensions/resource_request_policy.cc
index 339acfadf295adfc0855cdce1088d8beb8abefde..e67bf5f77c01ee2c6263083cac999fac9bb9f967 100644
--- a/chrome/renderer/extensions/resource_request_policy.cc
+++ b/chrome/renderer/extensions/resource_request_policy.cc
@@ -10,8 +10,11 @@
#include "chrome/common/url_constants.h"
#include "extensions/common/constants.h"
#include "extensions/common/extension.h"
+#include "extensions/common/manifest_constants.h"
#include "extensions/common/manifest_handlers/icons_handler.h"
#include "extensions/common/manifest_handlers/web_accessible_resources_info.h"
+#include "extensions/common/manifest_handlers/webview_info.h"
+#include "extensions/renderer/dispatcher.h"
#include "extensions/renderer/renderer_extension_registry.h"
#include "third_party/WebKit/public/platform/WebString.h"
#include "third_party/WebKit/public/web/WebConsoleMessage.h"
@@ -22,6 +25,8 @@
namespace extensions {
+ResourceRequestPolicy::ResourceRequestPolicy() {}
not at google - send to devlin 2015/08/31 21:52:51 Just chuck DISALLOW_COPY_AND_ASSIGN on the Resourc
paulmeyer 2015/09/02 13:43:57 Added the macro, but I still need this constructor
+
// This method does a security check whether chrome-extension:// URLs can be
// requested by the renderer. Since this is in an untrusted process, the browser
// has a similar check to enforce the policy, in case this process is exploited.
@@ -59,9 +64,14 @@ bool ResourceRequestPolicy::CanRequestResource(
}
// Disallow loading of extension resources which are not explicitly listed
- // as web accessible if the manifest version is 2 or greater.
+ // as web or WebView accessible if the manifest version is 2 or greater.
+ const WebviewInfo* webview_info = WebviewInfo::Get(extension);
if (!WebAccessibleResourcesInfo::IsResourceWebAccessible(
- extension, resource_url.path())) {
+ extension, resource_url.path()) &&
+ !(webview_info &&
+ webview_info->IsResourceWebviewAccessible(
+ extension, extensions::Dispatcher::GetWebViewPartitionID(),
not at google - send to devlin 2015/08/31 21:52:51 This file is already in the extensions namespace.
paulmeyer 2015/09/02 13:43:57 You're right. The other uses of "extensions::" thr
+ resource_url.path()))) {
GURL frame_url = frame->document().url();
// The page_origin may be GURL("null") for unique origins like data URLs,
@@ -126,7 +136,4 @@ bool ResourceRequestPolicy::CanRequestExtensionResourceScheme(
return true;
}
-ResourceRequestPolicy::ResourceRequestPolicy() {
-}
-
} // namespace extensions
« no previous file with comments | « no previous file | extensions/browser/guest_view/web_view/web_view_guest.h » ('j') | extensions/browser/guest_view/web_view/web_view_guest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698