Chromium Code Reviews Chromium Code Reviews
Issue 1692503002:
Functionality to allow blacklist and whitelist of custom schemes (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate. h" | 5 #include "chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate. h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <utility> | 9 #include <utility> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 203 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 214 extension_id, web_contents, std::move(stream), view_id, | 214 extension_id, web_contents, std::move(stream), view_id, |
| 215 expected_content_size, embedded, render_process_id, render_frame_id); | 215 expected_content_size, embedded, render_process_id, render_frame_id); |
| 216 } | 216 } |
| 217 #endif // !defined(ENABLE_EXTENSIONS) | 217 #endif // !defined(ENABLE_EXTENSIONS) |
| 218 | 218 |
| 219 void LaunchURL( | 219 void LaunchURL( |
| 220 const GURL& url, | 220 const GURL& url, |
| 221 int render_process_id, | 221 int render_process_id, |
| 222 const content::ResourceRequestInfo::WebContentsGetter& web_contents_getter, | 222 const content::ResourceRequestInfo::WebContentsGetter& web_contents_getter, |
| 223 ui::PageTransition page_transition, | 223 ui::PageTransition page_transition, |
| 224 bool has_user_gesture) { | 224 bool has_user_gesture, |
| 225 bool is_whitelisted) { | |
| 225 // If there is no longer a WebContents, the request may have raced with tab | 226 // If there is no longer a WebContents, the request may have raced with tab |
| 226 // closing. Don't fire the external request. (It may have been a prerender.) | 227 // closing. Don't fire the external request. (It may have been a prerender.) |
| 227 content::WebContents* web_contents = web_contents_getter.Run(); | 228 content::WebContents* web_contents = web_contents_getter.Run(); |
| 228 if (!web_contents) | 229 if (!web_contents) |
| 229 return; | 230 return; |
| 230 | 231 |
| 231 // Do not launch external requests attached to unswapped prerenders. | 232 // Do not launch external requests attached to unswapped prerenders. |
| 232 prerender::PrerenderContents* prerender_contents = | 233 prerender::PrerenderContents* prerender_contents = |
| 233 prerender::PrerenderContents::FromWebContents(web_contents); | 234 prerender::PrerenderContents::FromWebContents(web_contents); |
| 234 if (prerender_contents) { | 235 if (prerender_contents) { |
| 235 prerender_contents->Destroy(prerender::FINAL_STATUS_UNSUPPORTED_SCHEME); | 236 prerender_contents->Destroy(prerender::FINAL_STATUS_UNSUPPORTED_SCHEME); |
| 236 prerender::ReportPrerenderExternalURL(); | 237 prerender::ReportPrerenderExternalURL(); |
| 237 return; | 238 return; |
| 238 } | 239 } |
| 239 | 240 |
| 240 ExternalProtocolHandler::LaunchUrlWithDelegate( | 241 // If the URL is in whitelist, we launch it without asking the user and |
| 241 url, render_process_id, web_contents->GetRoutingID(), page_transition, | 242 // without any additional security checks. Since the URL is whitelisted, |
|
bartfab (slow)
2016/03/10 13:49:41
What security checks exactly are we skipping here
| |
| 242 has_user_gesture, g_external_protocol_handler_delegate); | 243 // we assume it can be executed. |
| 244 if (is_whitelisted) { | |
| 245 ExternalProtocolHandler::LaunchUrlWithoutSecurityCheck( | |
| 246 url, render_process_id, web_contents->GetRoutingID()); | |
| 247 } else { | |
| 248 ExternalProtocolHandler::LaunchUrlWithDelegate( | |
| 249 url, render_process_id, web_contents->GetRoutingID(), page_transition, | |
| 250 has_user_gesture, g_external_protocol_handler_delegate); | |
| 251 } | |
| 243 } | 252 } |
| 244 | 253 |
| 245 #if !defined(DISABLE_NACL) | 254 #if !defined(DISABLE_NACL) |
| 246 void AppendComponentUpdaterThrottles( | 255 void AppendComponentUpdaterThrottles( |
| 247 net::URLRequest* request, | 256 net::URLRequest* request, |
| 248 content::ResourceContext* resource_context, | 257 content::ResourceContext* resource_context, |
| 249 ResourceType resource_type, | 258 ResourceType resource_type, |
| 250 ScopedVector<content::ResourceThrottle>* throttles) { | 259 ScopedVector<content::ResourceThrottle>* throttles) { |
| 251 const char* crx_id = NULL; | 260 const char* crx_id = NULL; |
| 252 component_updater::ComponentUpdateService* cus = | 261 component_updater::ComponentUpdateService* cus = |
| (...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 444 net::AuthChallengeInfo* auth_info, net::URLRequest* request) { | 453 net::AuthChallengeInfo* auth_info, net::URLRequest* request) { |
| 445 return CreateLoginPrompt(auth_info, request); | 454 return CreateLoginPrompt(auth_info, request); |
| 446 } | 455 } |
| 447 | 456 |
| 448 bool ChromeResourceDispatcherHostDelegate::HandleExternalProtocol( | 457 bool ChromeResourceDispatcherHostDelegate::HandleExternalProtocol( |
| 449 const GURL& url, | 458 const GURL& url, |
| 450 int child_id, | 459 int child_id, |
| 451 const content::ResourceRequestInfo::WebContentsGetter& web_contents_getter, | 460 const content::ResourceRequestInfo::WebContentsGetter& web_contents_getter, |
| 452 bool is_main_frame, | 461 bool is_main_frame, |
| 453 ui::PageTransition page_transition, | 462 ui::PageTransition page_transition, |
| 454 bool has_user_gesture) { | 463 bool has_user_gesture, |
| 464 bool is_whitelisted) { | |
| 455 #if defined(ENABLE_EXTENSIONS) | 465 #if defined(ENABLE_EXTENSIONS) |
| 456 // External protocols are disabled for guests. An exception is made for the | 466 // External protocols are disabled for guests. An exception is made for the |
| 457 // "mailto" protocol, so that pages that utilize it work properly in a | 467 // "mailto" protocol, so that pages that utilize it work properly in a |
| 458 // WebView. | 468 // WebView. |
| 459 if (extensions::WebViewRendererState::GetInstance()->IsGuest(child_id) && | 469 if (extensions::WebViewRendererState::GetInstance()->IsGuest(child_id) && |
| 460 !url.SchemeIs(url::kMailToScheme)) { | 470 !url.SchemeIs(url::kMailToScheme)) { |
| 461 return false; | 471 return false; |
| 462 } | 472 } |
| 463 #endif // defined(ENABLE_EXTENSIONS) | 473 #endif // defined(ENABLE_EXTENSIONS) |
| 464 | 474 |
| 465 #if defined(OS_ANDROID) | 475 #if defined(OS_ANDROID) |
| 466 // Main frame external protocols are handled by | 476 // Main frame external protocols are handled by |
| 467 // InterceptNavigationResourceThrottle. | 477 // InterceptNavigationResourceThrottle. |
| 468 if (is_main_frame) | 478 if (is_main_frame) |
| 469 return false; | 479 return false; |
| 470 #endif // defined(ANDROID) | 480 #endif // defined(ANDROID) |
| 471 | 481 |
| 472 BrowserThread::PostTask( | 482 BrowserThread::PostTask( |
| 473 BrowserThread::UI, FROM_HERE, | 483 BrowserThread::UI, FROM_HERE, |
| 474 base::Bind(&LaunchURL, url, child_id, web_contents_getter, | 484 base::Bind(&LaunchURL, url, child_id, web_contents_getter, |
| 475 page_transition, has_user_gesture)); | 485 page_transition, has_user_gesture, is_whitelisted)); |
| 476 return true; | 486 return true; |
| 477 } | 487 } |
| 478 | 488 |
| 479 void ChromeResourceDispatcherHostDelegate::AppendStandardResourceThrottles( | 489 void ChromeResourceDispatcherHostDelegate::AppendStandardResourceThrottles( |
| 480 net::URLRequest* request, | 490 net::URLRequest* request, |
| 481 content::ResourceContext* resource_context, | 491 content::ResourceContext* resource_context, |
| 482 ResourceType resource_type, | 492 ResourceType resource_type, |
| 483 ScopedVector<content::ResourceThrottle>* throttles) { | 493 ScopedVector<content::ResourceThrottle>* throttles) { |
| 484 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); | 494 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); |
| 485 | 495 |
| (...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 736 return data_reduction_proxy_io_data->ShouldEnableLoFiMode(url_request); | 746 return data_reduction_proxy_io_data->ShouldEnableLoFiMode(url_request); |
| 737 return false; | 747 return false; |
| 738 } | 748 } |
| 739 | 749 |
| 740 // static | 750 // static |
| 741 void ChromeResourceDispatcherHostDelegate:: | 751 void ChromeResourceDispatcherHostDelegate:: |
| 742 SetExternalProtocolHandlerDelegateForTesting( | 752 SetExternalProtocolHandlerDelegateForTesting( |
| 743 ExternalProtocolHandler::Delegate* delegate) { | 753 ExternalProtocolHandler::Delegate* delegate) { |
| 744 g_external_protocol_handler_delegate = delegate; | 754 g_external_protocol_handler_delegate = delegate; |
| 745 } | 755 } |
| OLD | NEW |
