Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4825)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/chrome_extension_web_contents_observer.cc

Issue 1362433002: Fix for "chrome://" links in PDFs. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Small fix. Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/pdf/pdf_extension_test.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/chrome_extension_web_contents_observer.cc
diff --git a/chrome/browser/extensions/chrome_extension_web_contents_observer.cc b/chrome/browser/extensions/chrome_extension_web_contents_observer.cc
index b692dfbb0e01fcb1cc9de515061cfef4a3cda176..52e21269af1ba20ceff5ed4111933344e7ff7d46 100644
--- a/chrome/browser/extensions/chrome_extension_web_contents_observer.cc
+++ b/chrome/browser/extensions/chrome_extension_web_contents_observer.cc
@@ -8,7 +8,9 @@
#include "chrome/browser/extensions/extension_service.h"
#include "chrome/browser/extensions/window_controller.h"
#include "chrome/common/extensions/chrome_extension_messages.h"
+#include "chrome/common/url_constants.h"
#include "content/public/browser/browser_context.h"
+#include "content/public/browser/child_process_security_policy.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/render_process_host.h"
#include "content/public/browser/render_view_host.h"
@@ -34,6 +36,35 @@ void ChromeExtensionWebContentsObserver::RenderViewCreated(
content::RenderViewHost* render_view_host) {
ReloadIfTerminated(render_view_host);
ExtensionWebContentsObserver::RenderViewCreated(render_view_host);
+
+ const Extension* extension = GetExtension(render_view_host);
+ if (!extension)
+ return;
+
+ int process_id = render_view_host->GetProcess()->GetID();
+ auto policy = content::ChildProcessSecurityPolicy::GetInstance();
+
+ // Components of chrome that are implemented as extensions or platform apps
+ // are allowed to use chrome://resources/ URLs.
+ if ((extension->is_extension() || extension->is_platform_app()) &&
+ Manifest::IsComponentLocation(extension->location())) {
+ policy->GrantOrigin(process_id,
+ url::Origin(GURL(content::kChromeUIResourcesURL)));
+ }
+
+ // Extensions, legacy packaged apps, and component platform apps are allowed
+ // to use chrome://favicon/ and chrome://extension-icon/ URLs. Hosted apps are
+ // not allowed because they are served via web servers (and are generally
+ // never given access to Chrome APIs).
+ if (extension->is_extension() ||
+ extension->is_legacy_packaged_app() ||
+ (extension->is_platform_app() &&
+ Manifest::IsComponentLocation(extension->location()))) {
+ policy->GrantOrigin(process_id,
+ url::Origin(GURL(chrome::kChromeUIFaviconURL)));
+ policy->GrantOrigin(process_id,
+ url::Origin(GURL(chrome::kChromeUIExtensionIconURL)));
+ }
}
bool ChromeExtensionWebContentsObserver::OnMessageReceived(
« no previous file with comments | « no previous file | chrome/browser/pdf/pdf_extension_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698