Chromium Code Reviews Chromium Code Reviews
Issue 16625012:
Remove ExtensionURLInfo, make security decisions in render process (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/chrome_content_renderer_client.h" | 5 #include "chrome/renderer/chrome_content_renderer_client.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/metrics/histogram.h" | 9 #include "base/metrics/histogram.h" |
| 10 #include "base/path_service.h" | 10 #include "base/path_service.h" |
| (...skipping 600 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 611 manifest_url = url; | 611 manifest_url = url; |
| 612 app_url = frame->top()->document().url(); | 612 app_url = frame->top()->document().url(); |
| 613 } else { | 613 } else { |
| 614 // NaCl is being invoked as a content handler. Look up the NaCl | 614 // NaCl is being invoked as a content handler. Look up the NaCl |
| 615 // module using the MIME type. The app URL is the manifest URL. | 615 // module using the MIME type. The app URL is the manifest URL. |
| 616 manifest_url = GetNaClContentHandlerURL(actual_mime_type, plugin); | 616 manifest_url = GetNaClContentHandlerURL(actual_mime_type, plugin); |
| 617 app_url = manifest_url; | 617 app_url = manifest_url; |
| 618 } | 618 } |
| 619 const Extension* extension = | 619 const Extension* extension = |
| 620 g_current_client->extension_dispatcher_->extensions()-> | 620 g_current_client->extension_dispatcher_->extensions()-> |
| 621 GetExtensionOrAppByURL(ExtensionURLInfo(manifest_url)); | 621 GetExtensionOrAppByURL(manifest_url); |
| 622 if (!IsNaClAllowed(manifest_url, | 622 if (!IsNaClAllowed(manifest_url, |
| 623 app_url, | 623 app_url, |
| 624 is_nacl_unrestricted, | 624 is_nacl_unrestricted, |
| 625 extension, | 625 extension, |
| 626 ¶ms)) { | 626 ¶ms)) { |
| 627 frame->addMessageToConsole( | 627 frame->addMessageToConsole( |
| 628 WebConsoleMessage( | 628 WebConsoleMessage( |
| 629 WebConsoleMessage::LevelError, | 629 WebConsoleMessage::LevelError, |
| 630 "Only unpacked extensions and apps installed from the " | 630 "Only unpacked extensions and apps installed from the " |
| 631 "Chrome Web Store can load NaCl modules without enabling " | 631 "Chrome Web Store can load NaCl modules without enabling " |
| (...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 854 const WebKit::WebURLRequest& failed_request, | 854 const WebKit::WebURLRequest& failed_request, |
| 855 const WebKit::WebURLError& error, | 855 const WebKit::WebURLError& error, |
| 856 std::string* error_html, | 856 std::string* error_html, |
| 857 string16* error_description) { | 857 string16* error_description) { |
| 858 const GURL failed_url = error.unreachableURL; | 858 const GURL failed_url = error.unreachableURL; |
| 859 const Extension* extension = NULL; | 859 const Extension* extension = NULL; |
| 860 | 860 |
| 861 if (failed_url.is_valid() && | 861 if (failed_url.is_valid() && |
| 862 !failed_url.SchemeIs(extensions::kExtensionScheme)) { | 862 !failed_url.SchemeIs(extensions::kExtensionScheme)) { |
| 863 extension = extension_dispatcher_->extensions()->GetExtensionOrAppByURL( | 863 extension = extension_dispatcher_->extensions()->GetExtensionOrAppByURL( |
| 864 ExtensionURLInfo(failed_url)); | 864 failed_url); |
| 865 } | 865 } |
| 866 | 866 |
| 867 bool is_post = EqualsASCII(failed_request.httpMethod(), "POST"); | 867 bool is_post = EqualsASCII(failed_request.httpMethod(), "POST"); |
| 868 | 868 |
| 869 if (error_html) { | 869 if (error_html) { |
| 870 // Use a local error page. | 870 // Use a local error page. |
| 871 int resource_id; | 871 int resource_id; |
| 872 base::DictionaryValue error_strings; | 872 base::DictionaryValue error_strings; |
| 873 if (extension && !extension->from_bookmark()) { | 873 if (extension && !extension->from_bookmark()) { |
| 874 LocalizedError::GetAppErrorStrings(error, failed_url, extension, | 874 LocalizedError::GetAppErrorStrings(error, failed_url, extension, |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 953 // to swap in the prerendered page on the browser process. If the prerendered | 953 // to swap in the prerendered page on the browser process. If the prerendered |
| 954 // page no longer exists by the time the OpenURL IPC is handled, a normal | 954 // page no longer exists by the time the OpenURL IPC is handled, a normal |
| 955 // navigation is attempted. | 955 // navigation is attempted. |
| 956 if (prerender_dispatcher_.get() && prerender_dispatcher_->IsPrerenderURL(url)) | 956 if (prerender_dispatcher_.get() && prerender_dispatcher_->IsPrerenderURL(url)) |
| 957 return true; | 957 return true; |
| 958 | 958 |
| 959 const ExtensionSet* extensions = extension_dispatcher_->extensions(); | 959 const ExtensionSet* extensions = extension_dispatcher_->extensions(); |
| 960 | 960 |
| 961 // Determine if the new URL is an extension (excluding bookmark apps). | 961 // Determine if the new URL is an extension (excluding bookmark apps). |
| 962 const Extension* new_url_extension = extensions::GetNonBookmarkAppExtension( | 962 const Extension* new_url_extension = extensions::GetNonBookmarkAppExtension( |
| 963 *extensions, ExtensionURLInfo(url)); | 963 *extensions, url); |
| 964 bool is_extension_url = !!new_url_extension; | 964 bool is_extension_url = !!new_url_extension; |
| 965 | 965 |
| 966 // If the navigation would cross an app extent boundary, we also need | 966 // If the navigation would cross an app extent boundary, we also need |
| 967 // to defer to the browser to ensure process isolation. This is not necessary | 967 // to defer to the browser to ensure process isolation. This is not necessary |
| 968 // for server redirects, which will be transferred to a new process by the | 968 // for server redirects, which will be transferred to a new process by the |
| 969 // browser process when they are ready to commit. It is necessary for client | 969 // browser process when they are ready to commit. It is necessary for client |
| 970 // redirects, which won't be transferred in the same way. | 970 // redirects, which won't be transferred in the same way. |
| 971 if (!is_server_redirect && | 971 if (!is_server_redirect && |
| 972 CrossesExtensionExtents(frame, url, *extensions, is_extension_url, | 972 CrossesExtensionExtents(frame, url, *extensions, is_extension_url, |
| 973 is_initial_navigation)) { | 973 is_initial_navigation)) { |
| 974 // Include the referrer in this case since we're going from a hosted web | 974 // Include the referrer in this case since we're going from a hosted web |
| 975 // page. (the packaged case is handled previously by the extension | 975 // page. (the packaged case is handled previously by the extension |
| 976 // navigation test) | 976 // navigation test) |
| 977 *send_referrer = true; | 977 *send_referrer = true; |
| 978 | 978 |
| 979 const Extension* extension = | 979 const Extension* extension = |
| 980 extension_dispatcher_->extensions()->GetExtensionOrAppByURL( | 980 extension_dispatcher_->extensions()->GetExtensionOrAppByURL(url); |
| 981 ExtensionURLInfo(url)); | |
| 982 if (extension && extension->is_app()) { | 981 if (extension && extension->is_app()) { |
| 983 UMA_HISTOGRAM_ENUMERATION( | 982 UMA_HISTOGRAM_ENUMERATION( |
| 984 extension->is_platform_app() ? | 983 extension->is_platform_app() ? |
| 985 extension_misc::kPlatformAppLaunchHistogram : | 984 extension_misc::kPlatformAppLaunchHistogram : |
| 986 extension_misc::kAppLaunchHistogram, | 985 extension_misc::kAppLaunchHistogram, |
| 987 extension_misc::APP_LAUNCH_CONTENT_NAVIGATION, | 986 extension_misc::APP_LAUNCH_CONTENT_NAVIGATION, |
| 988 extension_misc::APP_LAUNCH_BUCKET_BOUNDARY); | 987 extension_misc::APP_LAUNCH_BUCKET_BOUNDARY); |
| 989 } | 988 } |
| 990 return true; | 989 return true; |
| 991 } | 990 } |
| (...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1132 bool is_initial_navigation) { | 1131 bool is_initial_navigation) { |
| 1133 GURL old_url(frame->top()->document().url()); | 1132 GURL old_url(frame->top()->document().url()); |
| 1134 | 1133 |
| 1135 // If old_url is still empty and this is an initial navigation, then this is | 1134 // If old_url is still empty and this is an initial navigation, then this is |
| 1136 // a window.open operation. We should look at the opener URL. | 1135 // a window.open operation. We should look at the opener URL. |
| 1137 if (is_initial_navigation && old_url.is_empty() && frame->opener()) { | 1136 if (is_initial_navigation && old_url.is_empty() && frame->opener()) { |
| 1138 // If we're about to open a normal web page from a same-origin opener stuck | 1137 // If we're about to open a normal web page from a same-origin opener stuck |
| 1139 // in an extension process, we want to keep it in process to allow the | 1138 // in an extension process, we want to keep it in process to allow the |
| 1140 // opener to script it. | 1139 // opener to script it. |
| 1141 WebDocument opener_document = frame->opener()->document(); | 1140 WebDocument opener_document = frame->opener()->document(); |
| 1142 GURL opener_url = opener_document.url(); | |
| 1143 WebSecurityOrigin opener_origin = opener_document.securityOrigin(); | |
| 1144 bool opener_is_extension_url = !!extensions.GetExtensionOrAppByURL( | |
| 1145 ExtensionURLInfo(opener_origin, opener_url)); | |
| 1146 WebSecurityOrigin opener = frame->opener()->document().securityOrigin(); | 1141 WebSecurityOrigin opener = frame->opener()->document().securityOrigin(); |
| 1142 bool opener_is_extension_url = | |
| 1143 !opener.isUnique() && extensions.GetExtensionOrAppByURL( | |
|
not at google - send to devlin
2013/07/15 22:09:12
not totally sure why the isUnique check is needed
| |
| 1144 opener_document.url()) != NULL; | |
| 1147 if (!is_extension_url && | 1145 if (!is_extension_url && |
| 1148 !opener_is_extension_url && | 1146 !opener_is_extension_url && |
| 1149 extension_dispatcher_->is_extension_process() && | 1147 extension_dispatcher_->is_extension_process() && |
| 1150 opener.canRequest(WebURL(new_url))) | 1148 opener.canRequest(WebURL(new_url))) |
| 1151 return false; | 1149 return false; |
| 1152 | 1150 |
| 1153 // In all other cases, we want to compare against the top frame's URL (as | 1151 // In all other cases, we want to compare against the top frame's URL (as |
| 1154 // opposed to the opener frame's), since that's what determines the type of | 1152 // opposed to the opener frame's), since that's what determines the type of |
| 1155 // process. This allows iframes outside an app to open a popup in the app. | 1153 // process. This allows iframes outside an app to open a popup in the app. |
| 1156 old_url = frame->top()->opener()->top()->document().url(); | 1154 old_url = frame->top()->opener()->top()->document().url(); |
| 1157 } | 1155 } |
| 1158 | 1156 |
| 1159 // Only consider keeping non-app URLs in an app process if this window | 1157 // Only consider keeping non-app URLs in an app process if this window |
| 1160 // has an opener (in which case it might be an OAuth popup that tries to | 1158 // has an opener (in which case it might be an OAuth popup that tries to |
| 1161 // script an iframe within the app). | 1159 // script an iframe within the app). |
| 1162 bool should_consider_workaround = !!frame->opener(); | 1160 bool should_consider_workaround = !!frame->opener(); |
| 1163 | 1161 |
| 1164 return extensions::CrossesExtensionProcessBoundary( | 1162 return extensions::CrossesExtensionProcessBoundary( |
| 1165 extensions, ExtensionURLInfo(old_url), ExtensionURLInfo(new_url), | 1163 extensions, old_url, new_url, should_consider_workaround); |
| 1166 should_consider_workaround); | |
| 1167 } | 1164 } |
| 1168 | 1165 |
| 1169 void ChromeContentRendererClient::SetSpellcheck(SpellCheck* spellcheck) { | 1166 void ChromeContentRendererClient::SetSpellcheck(SpellCheck* spellcheck) { |
| 1170 RenderThread* thread = RenderThread::Get(); | 1167 RenderThread* thread = RenderThread::Get(); |
| 1171 if (spellcheck_.get() && thread) | 1168 if (spellcheck_.get() && thread) |
| 1172 thread->RemoveObserver(spellcheck_.get()); | 1169 thread->RemoveObserver(spellcheck_.get()); |
| 1173 spellcheck_.reset(spellcheck); | 1170 spellcheck_.reset(spellcheck); |
| 1174 SpellCheckReplacer replacer(spellcheck_.get()); | 1171 SpellCheckReplacer replacer(spellcheck_.get()); |
| 1175 content::RenderView::ForEach(&replacer); | 1172 content::RenderView::ForEach(&replacer); |
| 1176 if (thread) | 1173 if (thread) |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1278 if (CommandLine::ForCurrentProcess()->HasSwitch( | 1275 if (CommandLine::ForCurrentProcess()->HasSwitch( |
| 1279 switches::kEnablePepperTesting)) { | 1276 switches::kEnablePepperTesting)) { |
| 1280 return true; | 1277 return true; |
| 1281 } | 1278 } |
| 1282 #endif // !defined(OS_ANDROID) | 1279 #endif // !defined(OS_ANDROID) |
| 1283 return false; | 1280 return false; |
| 1284 } | 1281 } |
| 1285 | 1282 |
| 1286 | 1283 |
| 1287 } // namespace chrome | 1284 } // namespace chrome |
| OLD | NEW |
