chrome/renderer/chrome_content_renderer_client.cc - Issue 1974413003: Whitelist hangouts.google.com further to allow video effects plugin access.

Side by Side Diff: chrome/renderer/chrome_content_renderer_client.cc

Issue 1974413003: Whitelist hangouts.google.com further to allow video effects plugin access. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Moving to single domain check Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/renderer/chrome_content_renderer_client.h"	5 #include "chrome/renderer/chrome_content_renderer_client.h"

6	6

7 #include <memory>	7 #include <memory>

8 #include <utility>	8 #include <utility>

9	9

10 #include "base/command_line.h"	10 #include "base/command_line.h"

(...skipping 167 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
178 using blink::WebURLResponse;	178 using blink::WebURLResponse;

179 using blink::WebVector;	179 using blink::WebVector;

180 using content::PluginInstanceThrottler;	180 using content::PluginInstanceThrottler;

181 using content::RenderFrame;	181 using content::RenderFrame;

182 using content::RenderThread;	182 using content::RenderThread;

183 using content::WebPluginInfo;	183 using content::WebPluginInfo;

184 using extensions::Extension;	184 using extensions::Extension;

185	185

186 namespace {	186 namespace {

187	187

	188 const char* const kGoogleComDomainSuffix = ".google.com";

	189

188 // Whitelist PPAPI for Android Runtime for Chromium. (See crbug.com/383937)	190 // Whitelist PPAPI for Android Runtime for Chromium. (See crbug.com/383937)

189 #if defined(ENABLE_PLUGINS)	191 #if defined(ENABLE_PLUGINS)

190 const char* const kPredefinedAllowedCameraDeviceOrigins[] = {	192 const char* const kPredefinedAllowedCameraDeviceOrigins[] = {

191 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F",	193 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F",

192 "4EB74897CB187C7633357C2FE832E0AD6A44883A"	194 "4EB74897CB187C7633357C2FE832E0AD6A44883A"

193 };	195 };

194	196

195 const char* const kPredefinedAllowedCompositorOrigins[] = {	197 const char* const kPredefinedAllowedCompositorOrigins[] = {

196 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F",	198 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F",

197 "4EB74897CB187C7633357C2FE832E0AD6A44883A"	199 "4EB74897CB187C7633357C2FE832E0AD6A44883A"

(...skipping 707 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
905 // Temporarily allow these whitelisted apps and WebUIs to use NaCl.	907 // Temporarily allow these whitelisted apps and WebUIs to use NaCl.

906 std::string app_url_host = app_url.host();	908 std::string app_url_host = app_url.host();

907 std::string manifest_url_path = manifest_url.path();	909 std::string manifest_url_path = manifest_url.path();

908	910

909 bool is_whitelisted_web_ui =	911 bool is_whitelisted_web_ui =

910 app_url.spec() == chrome::kChromeUIAppListStartPageURL;	912 app_url.spec() == chrome::kChromeUIAppListStartPageURL;

911	913

912 bool is_photo_app =	914 bool is_photo_app =

913 // Whitelisted apps must be served over https.	915 // Whitelisted apps must be served over https.

914 app_url.SchemeIsCryptographic() && manifest_url.SchemeIsCryptographic() &&	916 app_url.SchemeIsCryptographic() && manifest_url.SchemeIsCryptographic() &&

915 (base::EndsWith(app_url_host, "plus.google.com",	917 base::EndsWith(app_url_host, kGoogleComDomainSuffix,

916 base::CompareCase::INSENSITIVE_ASCII) \|\|	918 base::CompareCase::INSENSITIVE_ASCII) &&

917 base::EndsWith(app_url_host, "plus.sandbox.google.com",

918 base::CompareCase::INSENSITIVE_ASCII)) &&

919 manifest_url.DomainIs("ssl.gstatic.com") &&	919 manifest_url.DomainIs("ssl.gstatic.com") &&

920 (manifest_url_path.find("s2/oz/nacl/") == 1 \|\|	920 (manifest_url_path.find("s2/oz/nacl/") == 1 \|\|

921 manifest_url_path.find("photos/nacl/") == 1);	921 manifest_url_path.find("photos/nacl/") == 1);

922	922

923 std::string manifest_fs_host;	923 std::string manifest_fs_host;

924 if (manifest_url.SchemeIsFileSystem() && manifest_url.inner_url()) {	924 if (manifest_url.SchemeIsFileSystem() && manifest_url.inner_url()) {

925 manifest_fs_host = manifest_url.inner_url()->host();	925 manifest_fs_host = manifest_url.inner_url()->host();

926 }	926 }

927 bool is_hangouts_app =	927 bool is_hangouts_app =

928 // Whitelisted apps must be served over secure scheme.	928 // Whitelisted apps must be served over secure scheme.

929 app_url.SchemeIsCryptographic() && manifest_url.SchemeIsFileSystem() &&	929 app_url.SchemeIsCryptographic() && manifest_url.SchemeIsFileSystem() &&

930 manifest_url.inner_url()->SchemeIsCryptographic() &&	930 manifest_url.inner_url()->SchemeIsCryptographic() &&

931 (base::EndsWith(app_url_host, "talkgadget.google.com",	931 base::EndsWith(app_url_host, kGoogleComDomainSuffix,

932 base::CompareCase::INSENSITIVE_ASCII) \|\|	932 base::CompareCase::INSENSITIVE_ASCII) &&

933 base::EndsWith(app_url_host, "plus.google.com",

934 base::CompareCase::INSENSITIVE_ASCII) \|\|

935 base::EndsWith(app_url_host, "plus.sandbox.google.com",

936 base::CompareCase::INSENSITIVE_ASCII) \|\|

937 base::EndsWith(app_url_host, "hangouts.google.com",

938 base::CompareCase::INSENSITIVE_ASCII)) &&

939 // The manifest must be loaded from the host's FileSystem.	933 // The manifest must be loaded from the host's FileSystem.

940 (manifest_fs_host == app_url_host);	934 (manifest_fs_host == app_url_host);

941	935

942 bool is_whitelisted_app = is_photo_app \|\| is_hangouts_app;	936 bool is_whitelisted_app = is_photo_app \|\| is_hangouts_app;

943	937

944 bool is_invoked_by_webstore_installed_extension = false;	938 bool is_invoked_by_webstore_installed_extension = false;

945 bool is_extension_unrestricted = false;	939 bool is_extension_unrestricted = false;

946 bool is_extension_force_installed = false;	940 bool is_extension_force_installed = false;

947 #if defined(ENABLE_EXTENSIONS)	941 #if defined(ENABLE_EXTENSIONS)

948 bool is_extension_from_webstore = extension && extension->from_webstore();	942 bool is_extension_from_webstore = extension && extension->from_webstore();

(...skipping 274 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1223	1217

1224 blink::WebSpeechSynthesizer*	1218 blink::WebSpeechSynthesizer*

1225 ChromeContentRendererClient::OverrideSpeechSynthesizer(	1219 ChromeContentRendererClient::OverrideSpeechSynthesizer(

1226 blink::WebSpeechSynthesizerClient* client) {	1220 blink::WebSpeechSynthesizerClient* client) {

1227 return new TtsDispatcher(client);	1221 return new TtsDispatcher(client);

1228 }	1222 }

1229	1223

1230 bool ChromeContentRendererClient::AllowPepperMediaStreamAPI(	1224 bool ChromeContentRendererClient::AllowPepperMediaStreamAPI(

1231 const GURL& url) {	1225 const GURL& url) {

1232 #if !defined(OS_ANDROID)	1226 #if !defined(OS_ANDROID)

1233 // Allow only the Hangouts app to use the MediaStream APIs. It's OK to check

1234 // the whitelist in the renderer, since we're only preventing access until

1235 // these APIs are public and stable.

1236 std::string url_host = url.host();

1237 if (url.SchemeIs("https") &&

1238 (base::EndsWith(url_host, "talkgadget.google.com",

1239 base::CompareCase::INSENSITIVE_ASCII) \|\|

1240 base::EndsWith(url_host, "plus.google.com",

1241 base::CompareCase::INSENSITIVE_ASCII) \|\|

1242 base::EndsWith(url_host, "plus.sandbox.google.com",

1243 base::CompareCase::INSENSITIVE_ASCII)) &&

1244 base::StartsWith(url.path(), "/hangouts/",

1245 base::CompareCase::INSENSITIVE_ASCII)) {

1246 return true;

1247 }

1248 // Allow access for tests.	1227 // Allow access for tests.

1249 if (base::CommandLine::ForCurrentProcess()->HasSwitch(	1228 if (base::CommandLine::ForCurrentProcess()->HasSwitch(

1250 switches::kEnablePepperTesting)) {	1229 switches::kEnablePepperTesting)) {

1251 return true;	1230 return true;

1252 }	1231 }

	1232

	1233 std::string url_host = url.host();
	tommi (sloooow) - chröme 2016/05/17 17:10:44 I don't think you need this copy now. I don't think you need this copy now. AlexZ 2016/05/17 17:20:24 It's still in use at line 1235 below. Show quoted text On 2016/05/17 17:10:44, tommi-chrömium wrote: > I don't think you need this copy now. It's still in use at line 1235 below. tommi (sloooow) - chröme 2016/05/17 17:25:38 I mean, you could call url.host() inline there and Show quoted text On 2016/05/17 17:20:24, AlexZ wrote: > On 2016/05/17 17:10:44, tommi-chrömium wrote: > > I don't think you need this copy now. > > It's still in use at line 1235 below. I mean, you could call url.host() inline there and avoid an extra string copy. AlexZ 2016/05/17 17:33:55 Done. Show quoted text On 2016/05/17 17:25:38, tommi-chrömium wrote: > On 2016/05/17 17:20:24, AlexZ wrote: > > On 2016/05/17 17:10:44, tommi-chrömium wrote: > > > I don't think you need this copy now. > > > > It's still in use at line 1235 below. > > I mean, you could call url.host() inline there and avoid an extra string copy. Done.
	1234 if (!url.SchemeIs(url::kHttpsScheme) \|\|

	1235 !base::EndsWith(url_host, kGoogleComDomainSuffix,

	1236 base::CompareCase::INSENSITIVE_ASCII)) {

	1237 return false;

	1238 }

	1239

	1240 // Allow only the Hangouts app to use the MediaStream APIs. It's OK to check

	1241 // the whitelist in the renderer, since we're only preventing access until

	1242 // these APIs are public and stable.

	1243 return base::StartsWith(url.path(), "/hangouts/",

	1244 base::CompareCase::INSENSITIVE_ASCII);

1253 #endif // !defined(OS_ANDROID)	1245 #endif // !defined(OS_ANDROID)

1254 return false;	1246 return false;

1255 }	1247 }

1256	1248

1257 void ChromeContentRendererClient::AddSupportedKeySystems(	1249 void ChromeContentRendererClient::AddSupportedKeySystems(

1258 std::vector<std::unique_ptr<::media::KeySystemProperties>>* key_systems) {	1250 std::vector<std::unique_ptr<::media::KeySystemProperties>>* key_systems) {

1259 AddChromeKeySystems(key_systems);	1251 AddChromeKeySystems(key_systems);

1260 }	1252 }

1261	1253

1262 bool ChromeContentRendererClient::ShouldReportDetailedMessageForSource(	1254 bool ChromeContentRendererClient::ShouldReportDetailedMessageForSource(

(...skipping 160 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1423 // chrome.system.network.getNetworkInterfaces provides the same	1415 // chrome.system.network.getNetworkInterfaces provides the same

1424 // information. Also, the enforcement of sending and binding UDP is already done	1416 // information. Also, the enforcement of sending and binding UDP is already done

1425 // by chrome extension permission model.	1417 // by chrome extension permission model.

1426 bool ChromeContentRendererClient::ShouldEnforceWebRTCRoutingPreferences() {	1418 bool ChromeContentRendererClient::ShouldEnforceWebRTCRoutingPreferences() {

1427 #if defined(ENABLE_EXTENSIONS)	1419 #if defined(ENABLE_EXTENSIONS)

1428 return !IsStandaloneExtensionProcess();	1420 return !IsStandaloneExtensionProcess();

1429 #else	1421 #else

1430 return true;	1422 return true;

1431 #endif	1423 #endif

1432 }	1424 }

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »