Fix for WebView accessible resources.

chrome/renderer/extensions/resource_request_policy.cc

Index: chrome/renderer/extensions/resource_request_policy.cc
diff --git a/chrome/renderer/extensions/resource_request_policy.cc b/chrome/renderer/extensions/resource_request_policy.cc
index 339acfadf295adfc0855cdce1088d8beb8abefde..13f1957c20515062a72290fdf15fa0191722c71e 100644
--- a/chrome/renderer/extensions/resource_request_policy.cc
+++ b/chrome/renderer/extensions/resource_request_policy.cc
@@ -10,8 +10,11 @@
 #include "chrome/common/url_constants.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/extension.h"
+#include "extensions/common/manifest_constants.h"
 #include "extensions/common/manifest_handlers/icons_handler.h"
 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h"
+#include "extensions/common/manifest_handlers/webview_info.h"
+#include "extensions/renderer/dispatcher.h"
 #include "extensions/renderer/renderer_extension_registry.h"
 #include "third_party/WebKit/public/platform/WebString.h"
 #include "third_party/WebKit/public/web/WebConsoleMessage.h"
@@ -22,18 +25,19 @@
 
 namespace extensions {
 
+ResourceRequestPolicy::ResourceRequestPolicy(Dispatcher* dispatcher)
+    : dispatcher_(dispatcher) {}
+
 // This method does a security check whether chrome-extension:// URLs can be
 // requested by the renderer. Since this is in an untrusted process, the browser
 // has a similar check to enforce the policy, in case this process is exploited.
 // If you are changing this function, ensure equivalent checks are added to
 // extension_protocols.cc's AllowExtensionResourceLoad.
-
-// static
 bool ResourceRequestPolicy::CanRequestResource(
     const GURL& resource_url,
     blink::WebFrame* frame,
     ui::PageTransition transition_type) {
-  CHECK(resource_url.SchemeIs(extensions::kExtensionScheme));
+  CHECK(resource_url.SchemeIs(kExtensionScheme));
 
   const Extension* extension =
       RendererExtensionRegistry::Get()->GetExtensionOrAppByURL(resource_url);
@@ -59,9 +63,14 @@ bool ResourceRequestPolicy::CanRequestResource(
   }
 
   // Disallow loading of extension resources which are not explicitly listed
-  // as web accessible if the manifest version is 2 or greater.
+  // as web or WebView accessible if the manifest version is 2 or greater.
+  const WebviewInfo* webview_info = WebviewInfo::Get(extension);
   if (!WebAccessibleResourcesInfo::IsResourceWebAccessible(
-          extension, resource_url.path())) {
+          extension, resource_url.path()) &&
+      !(webview_info &&
+        webview_info->IsResourceWebviewAccessible(

[not at google - send to devlin, 2015/09/03 20:17:54]

See point about WebviewInfo::IsResourceWebviewAccessible(...)

[paulmeyer, 2015/09/08 18:51:36]

Done.

+            extension, dispatcher_->webview_partition_id(),
+            resource_url.path()))) {
     GURL frame_url = frame->document().url();
 
     // The page_origin may be GURL("null") for unique origins like data URLs,
@@ -104,15 +113,13 @@ bool ResourceRequestPolicy::CanRequestResource(
   return true;
 }
 
-// static
 bool ResourceRequestPolicy::CanRequestExtensionResourceScheme(
     const GURL& resource_url,
     blink::WebFrame* frame) {
-  CHECK(resource_url.SchemeIs(extensions::kExtensionResourceScheme));
+  CHECK(resource_url.SchemeIs(kExtensionResourceScheme));
 
   GURL frame_url = frame->document().url();
-  if (!frame_url.is_empty() &&
-      !frame_url.SchemeIs(extensions::kExtensionScheme)) {
+  if (!frame_url.is_empty() && !frame_url.SchemeIs(kExtensionScheme)) {
     std::string message = base::StringPrintf(
         "Denying load of %s. chrome-extension-resources:// can only be "
         "loaded from extensions.",
@@ -126,7 +133,4 @@ bool ResourceRequestPolicy::CanRequestExtensionResourceScheme(
   return true;
 }
 
-ResourceRequestPolicy::ResourceRequestPolicy() {
-}
-
 }  // namespace extensions