chrome/browser/extensions/extension_function_dispatcher.cc - Issue 16625012: Remove ExtensionURLInfo, make security decisions in render process

Side by Side Diff: chrome/browser/extensions/extension_function_dispatcher.cc

Issue 16625012: Remove ExtensionURLInfo, make security decisions in render process (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 7 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/extensions/extension_function_dispatcher.h"	5 #include "chrome/browser/extensions/extension_function_dispatcher.h"

6	6

7 #include "base/bind.h"	7 #include "base/bind.h"

8 #include "base/json/json_string_value_serializer.h"	8 #include "base/json/json_string_value_serializer.h"

9 #include "base/lazy_instance.h"	9 #include "base/lazy_instance.h"

10 #include "base/logging.h"	10 #include "base/logging.h"

(...skipping 339 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
350 ExtensionService* service = profile()->GetExtensionService();	350 ExtensionService* service = profile()->GetExtensionService();

351 ExtensionProcessManager* process_manager =	351 ExtensionProcessManager* process_manager =

352 extensions::ExtensionSystem::Get(profile())->process_manager();	352 extensions::ExtensionSystem::Get(profile())->process_manager();

353 extensions::ProcessMap* process_map = service->process_map();	353 extensions::ProcessMap* process_map = service->process_map();

354 if (!service \|\| !process_map)	354 if (!service \|\| !process_map)

355 return;	355 return;

356	356

357 const Extension* extension = service->extensions()->GetByID(	357 const Extension* extension = service->extensions()->GetByID(

358 params.extension_id);	358 params.extension_id);

359 if (!extension)	359 if (!extension)

360 extension = service->extensions()->GetHostedAppByURL(ExtensionURLInfo(	360 extension = service->extensions()->GetHostedAppByURL(params.source_url);

361 WebSecurityOrigin::createFromString(params.source_origin),
abarth-chromium 2013/06/10 23:12:32 Should we check source_origin here? Should we check source_origin here? jamesr 2013/06/10 23:36:46 Yes. In particular, if the source_origin is unique Show quoted text On 2013/06/10 23:12:32, abarth wrote: > Should we check source_origin here? Yes. In particular, if the source_origin is unique this check should fail - but that appears to be the only use of the source_origin IPC parameter. We could replace it with a bool or, since all checks will fail on a call from a unique origin, make the source_url be an empty/invalid GURL when the source origin is unique jamesr 2013/07/10 20:38:58 Actually, this will be the string "null" if the or Show quoted text On 2013/06/10 23:36:46, jamesr wrote: > On 2013/06/10 23:12:32, abarth wrote: > > Should we check source_origin here? > > Yes. In particular, if the source_origin is unique this check should fail - but > that appears to be the only use of the source_origin IPC parameter. We could > replace it with a bool or, since all checks will fail on a call from a unique > origin, make the source_url be an empty/invalid GURL when the source origin is > unique Actually, this will be the string "null" if the origin is unique. This field is populated here: https://code.google.com/p/chromium/codesearch#chromium/src/chrome/renderer/ex... and toString() on a unique WebSecurityOrigin is defined to return "null", so this'll never match for a unique origin. So this code is fine as is. jamesr 2013/07/10 20:39:55 Sorry, the source_origin will be "null", so we can Sorry, the source_origin will be "null", so we can just check that.
362 params.source_url));

363	361

364 scoped_refptr<ExtensionFunction> function(	362 scoped_refptr<ExtensionFunction> function(

365 CreateExtensionFunction(params, extension,	363 CreateExtensionFunction(params, extension,

366 render_view_host->GetProcess()->GetID(),	364 render_view_host->GetProcess()->GetID(),

367 *(service->process_map()),	365 *(service->process_map()),

368 extensions::ExtensionAPI::GetSharedInstance(),	366 extensions::ExtensionAPI::GetSharedInstance(),

369 profile(), callback));	367 profile(), callback));

370 scoped_ptr<ListValue> args(params.arguments.DeepCopy());	368 scoped_ptr<ListValue> args(params.arguments.DeepCopy());

371	369

372 if (!function.get()) {	370 if (!function.get()) {

(...skipping 159 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
532 return function;	530 return function;

533 }	531 }

534	532

535 // static	533 // static

536 void ExtensionFunctionDispatcher::SendAccessDenied(	534 void ExtensionFunctionDispatcher::SendAccessDenied(

537 const ExtensionFunction::ResponseCallback& callback) {	535 const ExtensionFunction::ResponseCallback& callback) {

538 ListValue empty_list;	536 ListValue empty_list;

539 callback.Run(ExtensionFunction::FAILED, empty_list,	537 callback.Run(ExtensionFunction::FAILED, empty_list,

540 "Access to extension API denied.");	538 "Access to extension API denied.");

541 }	539 }

OLD	NEW

« no previous file with comments | « chrome/browser/chromeos/offline/offline_load_page.cc ('k') | chrome/browser/extensions/extension_info_map_unittest.cc » ('j') | no next file with comments »