chrome/renderer/chrome_content_renderer_client.cc - Issue 1974413003: Whitelist hangouts.google.com further to allow video effects plugin access.

Side by Side Diff: chrome/renderer/chrome_content_renderer_client.cc

Issue 1974413003: Whitelist hangouts.google.com further to allow video effects plugin access. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix 'unreachable code' error Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/renderer/chrome_content_renderer_client.h"	5 #include "chrome/renderer/chrome_content_renderer_client.h"

6	6

7 #include <memory>	7 #include <memory>

8 #include <utility>	8 #include <utility>

9	9

10 #include "base/command_line.h"	10 #include "base/command_line.h"

(...skipping 167 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
178 using blink::WebURLResponse;	178 using blink::WebURLResponse;

179 using blink::WebVector;	179 using blink::WebVector;

180 using content::PluginInstanceThrottler;	180 using content::PluginInstanceThrottler;

181 using content::RenderFrame;	181 using content::RenderFrame;

182 using content::RenderThread;	182 using content::RenderThread;

183 using content::WebPluginInfo;	183 using content::WebPluginInfo;

184 using extensions::Extension;	184 using extensions::Extension;

185	185

186 namespace {	186 namespace {

187	187

	188 #if !defined(DISABLE_NACL) \|\| !defined(OS_ANDROID)

	189 const char* const kGoogleComDomainSuffix = ".google.com";
	Tom Sepez 2016/05/17 23:23:17 No, we really don't want to whitelist all of googl No, we really don't want to whitelist all of google.com, you'll add another host to the comparision at line 919 AlexZ 2016/05/18 23:05:23 Done. Show quoted text On 2016/05/17 23:23:17, Tom Sepez wrote: > No, we really don't want to whitelist all of http://google.com, you'll add another host > to the comparision at line 919 Done.
	190 #endif

	191

188 // Whitelist PPAPI for Android Runtime for Chromium. (See crbug.com/383937)	192 // Whitelist PPAPI for Android Runtime for Chromium. (See crbug.com/383937)

189 #if defined(ENABLE_PLUGINS)	193 #if defined(ENABLE_PLUGINS)

190 const char* const kPredefinedAllowedCameraDeviceOrigins[] = {	194 const char* const kPredefinedAllowedCameraDeviceOrigins[] = {

191 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F",	195 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F",

192 "4EB74897CB187C7633357C2FE832E0AD6A44883A"	196 "4EB74897CB187C7633357C2FE832E0AD6A44883A"

193 };	197 };

194	198

195 const char* const kPredefinedAllowedCompositorOrigins[] = {	199 const char* const kPredefinedAllowedCompositorOrigins[] = {

196 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F",	200 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F",

197 "4EB74897CB187C7633357C2FE832E0AD6A44883A"	201 "4EB74897CB187C7633357C2FE832E0AD6A44883A"

(...skipping 707 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
905 // Temporarily allow these whitelisted apps and WebUIs to use NaCl.	909 // Temporarily allow these whitelisted apps and WebUIs to use NaCl.

906 std::string app_url_host = app_url.host();	910 std::string app_url_host = app_url.host();

907 std::string manifest_url_path = manifest_url.path();	911 std::string manifest_url_path = manifest_url.path();

908	912

909 bool is_whitelisted_web_ui =	913 bool is_whitelisted_web_ui =

910 app_url.spec() == chrome::kChromeUIAppListStartPageURL;	914 app_url.spec() == chrome::kChromeUIAppListStartPageURL;

911	915

912 bool is_photo_app =	916 bool is_photo_app =

913 // Whitelisted apps must be served over https.	917 // Whitelisted apps must be served over https.

914 app_url.SchemeIsCryptographic() && manifest_url.SchemeIsCryptographic() &&	918 app_url.SchemeIsCryptographic() && manifest_url.SchemeIsCryptographic() &&

915 (base::EndsWith(app_url_host, "plus.google.com",	919 base::EndsWith(app_url_host, kGoogleComDomainSuffix,
Tom Sepez 2016/05/17 23:23:17 Pre-existing: EndsWith isn't ideal for these kinds Pre-existing: EndsWith isn't ideal for these kinds of comparisions unless there's a leading "." in the literal. Otherwise, things like fooplus.google.com would match. AlexZ 2016/05/18 23:05:23 This should actually be an equality test. This should actually be an equality test.
916 base::CompareCase::INSENSITIVE_ASCII) \|\|	920 base::CompareCase::INSENSITIVE_ASCII) &&

917 base::EndsWith(app_url_host, "plus.sandbox.google.com",

918 base::CompareCase::INSENSITIVE_ASCII)) &&

919 manifest_url.DomainIs("ssl.gstatic.com") &&	921 manifest_url.DomainIs("ssl.gstatic.com") &&

920 (manifest_url_path.find("s2/oz/nacl/") == 1 \|\|	922 (manifest_url_path.find("s2/oz/nacl/") == 1 \|\|

921 manifest_url_path.find("photos/nacl/") == 1);	923 manifest_url_path.find("photos/nacl/") == 1);

922	924

923 std::string manifest_fs_host;	925 std::string manifest_fs_host;

924 if (manifest_url.SchemeIsFileSystem() && manifest_url.inner_url()) {	926 if (manifest_url.SchemeIsFileSystem() && manifest_url.inner_url()) {

925 manifest_fs_host = manifest_url.inner_url()->host();	927 manifest_fs_host = manifest_url.inner_url()->host();

926 }	928 }

927 bool is_hangouts_app =	929 bool is_hangouts_app =

928 // Whitelisted apps must be served over secure scheme.	930 // Whitelisted apps must be served over secure scheme.

929 app_url.SchemeIsCryptographic() && manifest_url.SchemeIsFileSystem() &&	931 app_url.SchemeIsCryptographic() && manifest_url.SchemeIsFileSystem() &&

930 manifest_url.inner_url()->SchemeIsCryptographic() &&	932 manifest_url.inner_url()->SchemeIsCryptographic() &&

931 (base::EndsWith(app_url_host, "talkgadget.google.com",	933 base::EndsWith(app_url_host, kGoogleComDomainSuffix,

932 base::CompareCase::INSENSITIVE_ASCII) \|\|	934 base::CompareCase::INSENSITIVE_ASCII) &&

933 base::EndsWith(app_url_host, "plus.google.com",

934 base::CompareCase::INSENSITIVE_ASCII) \|\|

935 base::EndsWith(app_url_host, "plus.sandbox.google.com",

936 base::CompareCase::INSENSITIVE_ASCII) \|\|

937 base::EndsWith(app_url_host, "hangouts.google.com",

938 base::CompareCase::INSENSITIVE_ASCII)) &&

939 // The manifest must be loaded from the host's FileSystem.	935 // The manifest must be loaded from the host's FileSystem.

940 (manifest_fs_host == app_url_host);	936 (manifest_fs_host == app_url_host);

941	937

942 bool is_whitelisted_app = is_photo_app \|\| is_hangouts_app;	938 bool is_whitelisted_app = is_photo_app \|\| is_hangouts_app;

943	939

944 bool is_invoked_by_webstore_installed_extension = false;	940 bool is_invoked_by_webstore_installed_extension = false;

945 bool is_extension_unrestricted = false;	941 bool is_extension_unrestricted = false;

946 bool is_extension_force_installed = false;	942 bool is_extension_force_installed = false;

947 #if defined(ENABLE_EXTENSIONS)	943 #if defined(ENABLE_EXTENSIONS)

948 bool is_extension_from_webstore = extension && extension->from_webstore();	944 bool is_extension_from_webstore = extension && extension->from_webstore();

(...skipping 274 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1223	1219

1224 blink::WebSpeechSynthesizer*	1220 blink::WebSpeechSynthesizer*

1225 ChromeContentRendererClient::OverrideSpeechSynthesizer(	1221 ChromeContentRendererClient::OverrideSpeechSynthesizer(

1226 blink::WebSpeechSynthesizerClient* client) {	1222 blink::WebSpeechSynthesizerClient* client) {

1227 return new TtsDispatcher(client);	1223 return new TtsDispatcher(client);

1228 }	1224 }

1229	1225

1230 bool ChromeContentRendererClient::AllowPepperMediaStreamAPI(	1226 bool ChromeContentRendererClient::AllowPepperMediaStreamAPI(

1231 const GURL& url) {	1227 const GURL& url) {

1232 #if !defined(OS_ANDROID)	1228 #if !defined(OS_ANDROID)

1233 // Allow only the Hangouts app to use the MediaStream APIs. It's OK to check

1234 // the whitelist in the renderer, since we're only preventing access until

1235 // these APIs are public and stable.

1236 std::string url_host = url.host();

1237 if (url.SchemeIs("https") &&

1238 (base::EndsWith(url_host, "talkgadget.google.com",

1239 base::CompareCase::INSENSITIVE_ASCII) \|\|

1240 base::EndsWith(url_host, "plus.google.com",

1241 base::CompareCase::INSENSITIVE_ASCII) \|\|

1242 base::EndsWith(url_host, "plus.sandbox.google.com",

1243 base::CompareCase::INSENSITIVE_ASCII)) &&

1244 base::StartsWith(url.path(), "/hangouts/",

1245 base::CompareCase::INSENSITIVE_ASCII)) {

1246 return true;

1247 }

1248 // Allow access for tests.	1229 // Allow access for tests.

1249 if (base::CommandLine::ForCurrentProcess()->HasSwitch(	1230 if (base::CommandLine::ForCurrentProcess()->HasSwitch(

1250 switches::kEnablePepperTesting)) {	1231 switches::kEnablePepperTesting)) {

1251 return true;	1232 return true;

1252 }	1233 }

	1234

	1235 if (!url.SchemeIs(url::kHttpsScheme) \|\|

	1236 !base::EndsWith(url.host(), kGoogleComDomainSuffix,

	1237 base::CompareCase::INSENSITIVE_ASCII)) {

	1238 return false;

	1239 }

	1240

	1241 // Allow only the Hangouts app to use the MediaStream APIs. It's OK to check

	1242 // the whitelist in the renderer, since we're only preventing access until

	1243 // these APIs are public and stable.

	1244 if (base::StartsWith(url.path(), "/hangouts/",

	1245 base::CompareCase::INSENSITIVE_ASCII)) {

	1246 return true;

	1247 }

1253 #endif // !defined(OS_ANDROID)	1248 #endif // !defined(OS_ANDROID)

1254 return false;	1249 return false;

1255 }	1250 }

1256	1251

1257 void ChromeContentRendererClient::AddSupportedKeySystems(	1252 void ChromeContentRendererClient::AddSupportedKeySystems(

1258 std::vector<std::unique_ptr<::media::KeySystemProperties>>* key_systems) {	1253 std::vector<std::unique_ptr<::media::KeySystemProperties>>* key_systems) {

1259 AddChromeKeySystems(key_systems);	1254 AddChromeKeySystems(key_systems);

1260 }	1255 }

1261	1256

1262 bool ChromeContentRendererClient::ShouldReportDetailedMessageForSource(	1257 bool ChromeContentRendererClient::ShouldReportDetailedMessageForSource(

(...skipping 160 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1423 // chrome.system.network.getNetworkInterfaces provides the same	1418 // chrome.system.network.getNetworkInterfaces provides the same

1424 // information. Also, the enforcement of sending and binding UDP is already done	1419 // information. Also, the enforcement of sending and binding UDP is already done

1425 // by chrome extension permission model.	1420 // by chrome extension permission model.

1426 bool ChromeContentRendererClient::ShouldEnforceWebRTCRoutingPreferences() {	1421 bool ChromeContentRendererClient::ShouldEnforceWebRTCRoutingPreferences() {

1427 #if defined(ENABLE_EXTENSIONS)	1422 #if defined(ENABLE_EXTENSIONS)

1428 return !IsStandaloneExtensionProcess();	1423 return !IsStandaloneExtensionProcess();

1429 #else	1424 #else

1430 return true;	1425 return true;

1431 #endif	1426 #endif

1432 }	1427 }

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »