OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/extensions/extension_protocols.h" | 5 #include "chrome/browser/extensions/extension_protocols.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 | 8 |
9 #include "base/compiler_specific.h" | 9 #include "base/compiler_specific.h" |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
(...skipping 302 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
313 // don't have it, allow the request handling to continue with the rest of the | 313 // don't have it, allow the request handling to continue with the rest of the |
314 // checks. | 314 // checks. |
315 if (!extension) | 315 if (!extension) |
316 return true; | 316 return true; |
317 | 317 |
318 // Disallow loading of packaged resources for hosted apps. We don't allow | 318 // Disallow loading of packaged resources for hosted apps. We don't allow |
319 // hybrid hosted/packaged apps. The one exception is access to icons, since | 319 // hybrid hosted/packaged apps. The one exception is access to icons, since |
320 // some extensions want to be able to do things like create their own | 320 // some extensions want to be able to do things like create their own |
321 // launchers. | 321 // launchers. |
322 std::string resource_root_relative_path = | 322 std::string resource_root_relative_path = |
323 request->url().path().empty() ? "" : request->url().path().substr(1); | 323 request->url().path().empty() ? std::string() |
| 324 : request->url().path().substr(1); |
324 if (extension->is_hosted_app() && | 325 if (extension->is_hosted_app() && |
325 !extensions::IconsInfo::GetIcons(extension) | 326 !extensions::IconsInfo::GetIcons(extension) |
326 .ContainsPath(resource_root_relative_path)) { | 327 .ContainsPath(resource_root_relative_path)) { |
327 LOG(ERROR) << "Denying load of " << request->url().spec() << " from " | 328 LOG(ERROR) << "Denying load of " << request->url().spec() << " from " |
328 << "hosted app."; | 329 << "hosted app."; |
329 return false; | 330 return false; |
330 } | 331 } |
331 | 332 |
332 // Extensions with web_accessible_resources: allow loading by regular | 333 // Extensions with web_accessible_resources: allow loading by regular |
333 // renderers. Since not all subresources are required to be listed in a v2 | 334 // renderers. Since not all subresources are required to be listed in a v2 |
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
469 send_cors_header); | 470 send_cors_header); |
470 } | 471 } |
471 | 472 |
472 } // namespace | 473 } // namespace |
473 | 474 |
474 net::URLRequestJobFactory::ProtocolHandler* CreateExtensionProtocolHandler( | 475 net::URLRequestJobFactory::ProtocolHandler* CreateExtensionProtocolHandler( |
475 bool is_incognito, | 476 bool is_incognito, |
476 ExtensionInfoMap* extension_info_map) { | 477 ExtensionInfoMap* extension_info_map) { |
477 return new ExtensionProtocolHandler(is_incognito, extension_info_map); | 478 return new ExtensionProtocolHandler(is_incognito, extension_info_map); |
478 } | 479 } |
OLD | NEW |