| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/storage/durable_storage_permission_context.h" | 5 #include "chrome/browser/storage/durable_storage_permission_context.h" |
| 6 | 6 |
| 7 #include <algorithm> |
| 8 |
| 9 #include "base/logging.h" |
| 10 #include "chrome/browser/bookmarks/bookmark_model_factory.h" |
| 11 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" |
| 7 #include "chrome/browser/content_settings/tab_specific_content_settings.h" | 12 #include "chrome/browser/content_settings/tab_specific_content_settings.h" |
| 8 #include "chrome/browser/permissions/permission_request_id.h" | 13 #include "chrome/browser/permissions/permission_request_id.h" |
| 14 #include "chrome/browser/profiles/profile.h" |
| 15 #include "components/bookmarks/browser/bookmark_model.h" |
| 16 #include "components/content_settings/core/browser/host_content_settings_map.h" |
| 17 #include "components/content_settings/core/browser/website_settings_registry.h" |
| 18 #include "content/public/browser/browser_thread.h" |
| 9 #include "content/public/browser/child_process_security_policy.h" | 19 #include "content/public/browser/child_process_security_policy.h" |
| 20 #include "content/public/common/origin_util.h" |
| 10 #include "url/gurl.h" | 21 #include "url/gurl.h" |
| 11 | 22 |
| 23 using bookmarks::BookmarkModel; |
| 24 |
| 12 DurableStoragePermissionContext::DurableStoragePermissionContext( | 25 DurableStoragePermissionContext::DurableStoragePermissionContext( |
| 13 Profile* profile) | 26 Profile* profile) |
| 14 : PermissionContextBase(profile, CONTENT_SETTINGS_TYPE_DURABLE_STORAGE) { | 27 : PermissionContextBase(profile, CONTENT_SETTINGS_TYPE_DURABLE_STORAGE) { |
| 15 } | 28 } |
| 16 | 29 |
| 30 void DurableStoragePermissionContext::DecidePermission( |
| 31 content::WebContents* web_contents, |
| 32 const PermissionRequestID& id, |
| 33 const GURL& requesting_origin, |
| 34 const GURL& embedding_origin, |
| 35 bool user_gesture, |
| 36 const BrowserPermissionCallback& callback) { |
| 37 // TODO(dgrogan): Reuse the base class's implementation of everything from |
| 38 // here to using bookmarks. |
| 39 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 40 |
| 41 if (!requesting_origin.is_valid() || !embedding_origin.is_valid()) { |
| 42 std::string type_name = |
| 43 content_settings::WebsiteSettingsRegistry::GetInstance() |
| 44 ->Get(CONTENT_SETTINGS_TYPE_DURABLE_STORAGE) |
| 45 ->name(); |
| 46 |
| 47 DVLOG(1) << "Attempt to use " << type_name |
| 48 << " from an invalid URL: " << requesting_origin << "," |
| 49 << embedding_origin << " (" << type_name |
| 50 << " is not supported in popups)"; |
| 51 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
| 52 false /* persist */, CONTENT_SETTING_BLOCK); |
| 53 return; |
| 54 } |
| 55 |
| 56 if (IsRestrictedToSecureOrigins() && |
| 57 !content::IsOriginSecure(requesting_origin)) { |
| 58 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
| 59 false /* persist */, CONTENT_SETTING_BLOCK); |
| 60 return; |
| 61 } |
| 62 |
| 63 ContentSetting content_setting = |
| 64 HostContentSettingsMapFactory::GetForProfile(profile()) |
| 65 ->GetContentSettingAndMaybeUpdateLastUsage( |
| 66 requesting_origin, embedding_origin, |
| 67 CONTENT_SETTINGS_TYPE_DURABLE_STORAGE, std::string()); |
| 68 |
| 69 DCHECK_NE(CONTENT_SETTING_BLOCK, content_setting); |
| 70 if (content_setting == CONTENT_SETTING_ALLOW) { |
| 71 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
| 72 false /* persist */, content_setting); |
| 73 return; |
| 74 } |
| 75 |
| 76 // TODO(dgrogan): Remove bookmarks check in favor of site engagement. In the |
| 77 // meantime maybe grant permission to A2HS origins as well. |
| 78 BookmarkModel* model = BookmarkModelFactory::GetForProfileIfExists(profile()); |
| 79 if (model) { |
| 80 std::vector<bookmarks::BookmarkModel::URLAndTitle> bookmarks; |
| 81 model->GetBookmarks(&bookmarks); |
| 82 if (IsOriginBookmarked(bookmarks, requesting_origin)) { |
| 83 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
| 84 true /* persist */, CONTENT_SETTING_ALLOW); |
| 85 return; |
| 86 } |
| 87 } |
| 88 |
| 89 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
| 90 false /* persist */, CONTENT_SETTING_DEFAULT); |
| 91 } |
| 92 |
| 17 bool DurableStoragePermissionContext::IsRestrictedToSecureOrigins() const { | 93 bool DurableStoragePermissionContext::IsRestrictedToSecureOrigins() const { |
| 18 return true; | 94 return true; |
| 19 } | 95 } |
| 96 |
| 97 bool DurableStoragePermissionContext::IsOriginBookmarked( |
| 98 const std::vector<bookmarks::BookmarkModel::URLAndTitle>& bookmarks, |
| 99 const GURL& origin) { |
| 100 BookmarkModel::URLAndTitle looking_for; |
| 101 looking_for.url = origin; |
| 102 return std::binary_search(bookmarks.begin(), bookmarks.end(), looking_for, |
| 103 [](const BookmarkModel::URLAndTitle& a, |
| 104 const BookmarkModel::URLAndTitle& b) { |
| 105 return a.url.GetOrigin() < b.url.GetOrigin(); |
| 106 }); |
| 107 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1356813002:
Autogrant the durable storage permission to bookmarked origins (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master