chrome/renderer/extensions/resource_request_policy.cc - Issue 1312653003: Fix for WebView accessible resources.

Unified Diff: chrome/renderer/extensions/resource_request_policy.cc

Issue 1312653003: Fix for WebView accessible resources. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Addressed comments by kalman@. Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/renderer/extensions/resource_request_policy.h ('K') | « chrome/renderer/extensions/resource_request_policy.h ('k') | extensions/browser/guest_view/web_view/web_view_guest.h » ('j') | extensions/browser/guest_view/web_view/web_view_guest.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/renderer/extensions/resource_request_policy.cc

diff --git a/chrome/renderer/extensions/resource_request_policy.cc b/chrome/renderer/extensions/resource_request_policy.cc

index 339acfadf295adfc0855cdce1088d8beb8abefde..8509365f42f4cf098030809a71462eb6b89173e0 100644

--- a/chrome/renderer/extensions/resource_request_policy.cc

+++ b/chrome/renderer/extensions/resource_request_policy.cc

@@ -10,8 +10,10 @@

#include "chrome/common/url_constants.h"

#include "extensions/common/constants.h"

#include "extensions/common/extension.h"

+#include "extensions/common/manifest_constants.h"

#include "extensions/common/manifest_handlers/icons_handler.h"

#include "extensions/common/manifest_handlers/web_accessible_resources_info.h"

+#include "extensions/common/manifest_handlers/webview_info.h"

#include "extensions/renderer/renderer_extension_registry.h"

#include "third_party/WebKit/public/platform/WebString.h"

#include "third_party/WebKit/public/web/WebConsoleMessage.h"

@@ -22,6 +24,15 @@

namespace extensions {

+namespace {

+base::LazyInstance<std::string> webview_partition_id =

+ LAZY_INSTANCE_INITIALIZER;

not at google - send to devlin 2015/08/31 18:31:44 It would be better to make ResourceRequestPolicy a

paulmeyer 2015/08/31 21:40:08 I'll leave this class alone since I won't be addin

+} // namespace

+ResourceRequestPolicy::ResourceRequestPolicy() {}

// This method does a security check whether chrome-extension:// URLs can be

// requested by the renderer. Since this is in an untrusted process, the browser

// has a similar check to enforce the policy, in case this process is exploited.

@@ -59,9 +70,13 @@ bool ResourceRequestPolicy::CanRequestResource(

}

// Disallow loading of extension resources which are not explicitly listed

- // as web accessible if the manifest version is 2 or greater.

+ // as web or WebView accessible if the manifest version is 2 or greater.

+ const WebviewInfo* webview_info = WebviewInfo::Get(extension);

if (!WebAccessibleResourcesInfo::IsResourceWebAccessible(

- extension, resource_url.path())) {

+ extension, resource_url.path()) &&

+ !(webview_info &&

+ webview_info->IsResourceWebviewAccessible(

+ extension, webview_partition_id.Get(), resource_url.path()))) {

GURL frame_url = frame->document().url();

// The page_origin may be GURL("null") for unique origins like data URLs,

@@ -126,7 +141,14 @@ bool ResourceRequestPolicy::CanRequestExtensionResourceScheme(

return true;

}

-ResourceRequestPolicy::ResourceRequestPolicy() {

+// static

+void ResourceRequestPolicy::SetWebViewPartitionID(

+ const std::string& partition_id) {

+ // |webview_partition_id| cannot be changed once set.

+ std::string& stored_id = webview_partition_id.Get();

+ DCHECK(stored_id.empty() || stored_id == partition_id);

+ if (stored_id.empty())

+ stored_id = partition_id;

}

} // namespace extensions