OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/browser/api/web_request/web_request_permissions.h" | 5 #include "extensions/browser/api/web_request/web_request_permissions.h" |
6 | 6 |
7 #include "base/strings/string_util.h" | 7 #include "base/strings/string_util.h" |
8 #include "base/strings/stringprintf.h" | 8 #include "base/strings/stringprintf.h" |
9 #include "content/public/browser/resource_request_info.h" | 9 #include "content/public/browser/resource_request_info.h" |
10 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" | 10 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" |
11 #include "extensions/browser/info_map.h" | 11 #include "extensions/browser/info_map.h" |
12 #include "extensions/common/constants.h" | 12 #include "extensions/common/constants.h" |
13 #include "extensions/common/extension.h" | 13 #include "extensions/common/extension.h" |
14 #include "extensions/common/extension_urls.h" | 14 #include "extensions/common/extension_urls.h" |
15 #include "extensions/common/permissions/permissions_data.h" | 15 #include "extensions/common/permissions/permissions_data.h" |
16 #include "net/url_request/url_request.h" | 16 #include "net/url_request/url_request.h" |
17 #include "url/gurl.h" | 17 #include "url/gurl.h" |
18 #include "url/origin.h" | |
18 | 19 |
19 using content::ResourceRequestInfo; | 20 using content::ResourceRequestInfo; |
20 | 21 |
21 namespace { | 22 namespace { |
22 | 23 |
23 // Returns true if the URL is sensitive and requests to this URL must not be | 24 // Returns true if the URL is sensitive and requests to this URL must not be |
24 // modified/canceled by extensions, e.g. because it is targeted to the webstore | 25 // modified/canceled by extensions, e.g. because it is targeted to the webstore |
25 // to check for updates, extension blacklisting, etc. | 26 // to check for updates, extension blacklisting, etc. |
26 bool IsSensitiveURL(const GURL& url) { | 27 bool IsSensitiveURL(const GURL& url) { |
27 // TODO(battre) Merge this, CanExtensionAccessURL and | 28 // TODO(battre) Merge this, CanExtensionAccessURL and |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
123 return false; | 124 return false; |
124 | 125 |
125 switch (host_permissions_check) { | 126 switch (host_permissions_check) { |
126 case DO_NOT_CHECK_HOST: | 127 case DO_NOT_CHECK_HOST: |
127 break; | 128 break; |
128 case REQUIRE_HOST_PERMISSION: | 129 case REQUIRE_HOST_PERMISSION: |
129 // about: URLs are not covered in host permissions, but are allowed | 130 // about: URLs are not covered in host permissions, but are allowed |
130 // anyway. | 131 // anyway. |
131 if (!((url.SchemeIs(url::kAboutScheme) || | 132 if (!((url.SchemeIs(url::kAboutScheme) || |
132 extension->permissions_data()->HasHostPermission(url) || | 133 extension->permissions_data()->HasHostPermission(url) || |
133 url.GetOrigin() == extension->url()))) { | 134 url::Origin(url).IsSameOriginWith( |
135 url::Origin(extension->url()))))) { | |
meacer
2016/02/02 01:35:08
While you are at it, do you mind applying De Morga
palmer
2016/02/02 23:12:38
Good idea. But, it should be
!url.SchemeIs(ur
meacer
2016/02/02 23:27:22
Sure :)
| |
134 return false; | 136 return false; |
135 } | 137 } |
136 break; | 138 break; |
137 case REQUIRE_ALL_URLS: | 139 case REQUIRE_ALL_URLS: |
138 if (!extension->permissions_data()->HasEffectiveAccessToAllHosts()) | 140 if (!extension->permissions_data()->HasEffectiveAccessToAllHosts()) |
139 return false; | 141 return false; |
140 break; | 142 break; |
141 } | 143 } |
142 | 144 |
143 return true; | 145 return true; |
144 } | 146 } |
OLD | NEW |