Chromium Code Reviews Chromium Code Reviews
Issue 1312653003:
Fix for WebView accessible resources. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/renderer/extensions/resource_request_policy.cc |
| diff --git a/chrome/renderer/extensions/resource_request_policy.cc b/chrome/renderer/extensions/resource_request_policy.cc |
| index 339acfadf295adfc0855cdce1088d8beb8abefde..e70fba04b7cd0a6423ab2a3bd50a8fa6f6453ecd 100644 |
| --- a/chrome/renderer/extensions/resource_request_policy.cc |
| +++ b/chrome/renderer/extensions/resource_request_policy.cc |
| @@ -10,8 +10,10 @@ |
| #include "chrome/common/url_constants.h" |
| #include "extensions/common/constants.h" |
| #include "extensions/common/extension.h" |
| +#include "extensions/common/manifest_constants.h" |
| #include "extensions/common/manifest_handlers/icons_handler.h" |
| #include "extensions/common/manifest_handlers/web_accessible_resources_info.h" |
| +#include "extensions/common/manifest_handlers/webview_info.h" |
| #include "extensions/renderer/renderer_extension_registry.h" |
| #include "third_party/WebKit/public/platform/WebString.h" |
| #include "third_party/WebKit/public/web/WebConsoleMessage.h" |
| @@ -58,47 +60,55 @@ bool ResourceRequestPolicy::CanRequestResource( |
| return false; |
| } |
| - // Disallow loading of extension resources which are not explicitly listed |
| - // as web accessible if the manifest version is 2 or greater. |
| - if (!WebAccessibleResourcesInfo::IsResourceWebAccessible( |
| - extension, resource_url.path())) { |
| - GURL frame_url = frame->document().url(); |
| - |
| - // The page_origin may be GURL("null") for unique origins like data URLs, |
| - // but this is ok for the checks below. We only care if it matches the |
| - // current extension or has a devtools scheme. |
| - GURL page_origin = GURL(frame->top()->securityOrigin().toString()); |
| - |
| - // Exceptions are: |
| - // - empty origin (needed for some edge cases when we have empty origins) |
| - bool is_empty_origin = frame_url.is_empty(); |
| - // - extensions requesting their own resources (frame_url check is for |
| - // images, page_url check is for iframes) |
| - bool is_own_resource = frame_url.GetOrigin() == extension->url() || |
| - page_origin == extension->url(); |
| - // - devtools (chrome-extension:// URLs are loaded into frames of devtools |
| - // to support the devtools extension APIs) |
| - bool is_dev_tools = |
| - page_origin.SchemeIs(content::kChromeDevToolsScheme) && |
| - !chrome_manifest_urls::GetDevToolsPage(extension).is_empty(); |
| - bool transition_allowed = |
| - !ui::PageTransitionIsWebTriggerable(transition_type); |
| - // - unreachable web page error page (to allow showing the icon of the |
| - // unreachable app on this page) |
| - bool is_error_page = frame_url == GURL(content::kUnreachableWebDataURL); |
| - |
| - if (!is_empty_origin && !is_own_resource && |
| - !is_dev_tools && !transition_allowed && !is_error_page) { |
| - std::string message = base::StringPrintf( |
| - "Denying load of %s. Resources must be listed in the " |
| - "web_accessible_resources manifest key in order to be loaded by " |
| - "pages outside the extension.", |
| - resource_url.spec().c_str()); |
| - frame->addMessageToConsole( |
| - blink::WebConsoleMessage(blink::WebConsoleMessage::LevelError, |
| - blink::WebString::fromUTF8(message))); |
| - return false; |
| - } |
| + // Allow loading of extension resources which are explicitly listed as web or |
| + // webview accessible if the manifest version is 2 or greater. |
| + const WebviewInfo* webview_info = static_cast<const extensions::WebviewInfo*>( |
| + extension->GetManifestData(manifest_keys::kWebviewAccessibleResources)); |
|
not at google - send to devlin
2015/08/27 20:01:25
Usually there would be a WebviewInfo::Get(extensio
paulmeyer
2015/08/31 15:32:55
Done.
|
| + if (WebAccessibleResourcesInfo::IsResourceWebAccessible( |
|
not at google - send to devlin
2015/08/27 20:01:25
Is there a way to improve this diff? Like, go back
paulmeyer
2015/08/31 15:32:55
You're right, it's hard to tell. Done.
|
| + extension, resource_url.path()) || |
| + (webview_info && |
| + webview_info->IsResourceWebviewAccessible( |
| + extension, RendererExtensionRegistry::Get()->webview_partition_id(), |
| + resource_url.path()))) { |
| + return true; |
| + } |
| + |
| + GURL frame_url = frame->document().url(); |
| + |
| + // The page_origin may be GURL("null") for unique origins like data URLs, |
| + // but this is ok for the checks below. We only care if it matches the |
| + // current extension or has a devtools scheme. |
| + GURL page_origin = GURL(frame->top()->securityOrigin().toString()); |
| + |
| + // Exceptions are: |
| + // - empty origin (needed for some edge cases when we have empty origins) |
| + bool is_empty_origin = frame_url.is_empty(); |
| + // - extensions requesting their own resources (frame_url check is for |
| + // images, page_url check is for iframes) |
| + bool is_own_resource = frame_url.GetOrigin() == extension->url() || |
| + page_origin == extension->url(); |
| + // - devtools (chrome-extension:// URLs are loaded into frames of devtools |
| + // to support the devtools extension APIs) |
| + bool is_dev_tools = |
| + page_origin.SchemeIs(content::kChromeDevToolsScheme) && |
| + !chrome_manifest_urls::GetDevToolsPage(extension).is_empty(); |
| + bool transition_allowed = |
| + !ui::PageTransitionIsWebTriggerable(transition_type); |
| + // - unreachable web page error page (to allow showing the icon of the |
| + // unreachable app on this page) |
| + bool is_error_page = frame_url == GURL(content::kUnreachableWebDataURL); |
| + |
| + if (!is_empty_origin && !is_own_resource && !is_dev_tools && |
| + !transition_allowed && !is_error_page) { |
| + std::string message = base::StringPrintf( |
| + "Denying load of %s. Resources must be listed in the " |
| + "web_accessible_resources manifest key in order to be loaded by " |
| + "pages outside the extension.", |
| + resource_url.spec().c_str()); |
| + frame->addMessageToConsole( |
| + blink::WebConsoleMessage(blink::WebConsoleMessage::LevelError, |
| + blink::WebString::fromUTF8(message))); |
| + return false; |
| } |
| return true; |
