Whitelist hangouts.google.com further to allow video effects plugin access.

chrome/renderer/app_categorizer.cc

Index: chrome/renderer/app_categorizer.cc
diff --git a/chrome/renderer/app_categorizer.cc b/chrome/renderer/app_categorizer.cc
new file mode 100644
index 0000000000000000000000000000000000000000..afb0cea56f5cabfc6a2d96963195997343baf53b
--- /dev/null
+++ b/chrome/renderer/app_categorizer.cc
@@ -0,0 +1,79 @@
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/renderer/app_categorizer.h"
+
+#include "base/macros.h"
+#include "base/strings/string_util.h"
+
+namespace {
+// Note: all domain names here must be in lowercase (see GURL::DomainIs, which
+// properly handles sub-domains).
+
+const char* const kPredefinedHangoutsDomains[] = {
+  "hangouts.google.com",
+  "meet.google.com",
+  "talkgadget.google.com",
+  "plus.google.com",
+  "plus.sandbox.google.com"
+};
+
+const char* const kPredefinedPlusDomains[] = {
+  "plus.google.com",
+  "plus.sandbox.google.com"
+};
+
+bool isInWhitelistedDomain(
+    const GURL& url, const char* const domains[], size_t numberOfDomains) {
+  for (size_t i = 0; i < numberOfDomains; ++i) {
+    if (url.DomainIs(domains[i])) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+}  // namespace
+
+namespace app_categorizer {
+// Whitelisted apps must be served over https.
+
+bool IsHangoutsUrl(const GURL& url) {

[Tom Sepez, 2016/05/18 23:42:19]

I think we need to lowercase the domain in both of these before making the
comparisons.

[AlexZ, 2016/05/19 16:18:51]

No, GURL handles this. Added a test for this and it passed.

[Tom Sepez, 2016/05/20 16:35:09]

Acknowledged.

+  return url.SchemeIsCryptographic() &&
+      base::StartsWith(url.path(), "/hangouts/",

[Tom Sepez, 2016/05/18 23:42:19]

This doesn't add much security as it turns out, since if I'm running JS under
/non-hangouts/foo/path, I can open an iframe to /hangouts/ and then doc.write()
into it via same origin policy.  You can leave it or remove it as you like.

[AlexZ, 2016/05/19 16:18:51]

Pre-existing. Leaving it as-is.

+                       base::CompareCase::INSENSITIVE_ASCII) &&
+      isInWhitelistedDomain(
+          url,
+          kPredefinedHangoutsDomains,
+          arraysize(kPredefinedHangoutsDomains));
+}
+
+bool IsWhitelistedApp(const GURL& manifest_url, const GURL& app_url) {
+  if (!app_url.SchemeIsCryptographic())
+    return false;
+
+  std::string manifest_url_path = manifest_url.path();
+  bool is_photo_app =
+      manifest_url.SchemeIsCryptographic() &&
+      manifest_url.DomainIs("ssl.gstatic.com") &&
+      (manifest_url_path.find("s2/oz/nacl/") == 1 ||

[Tom Sepez, 2016/05/18 23:42:19]

put in a leading "/" in your literal and check for == 0.

[AlexZ, 2016/05/19 16:18:52]

No idea why this was written this way but base::StartsWith makes more sense.

+       manifest_url_path.find("photos/nacl/") == 1) &&
+      isInWhitelistedDomain(
+          app_url,
+          kPredefinedPlusDomains,
+          arraysize(kPredefinedPlusDomains));
+
+  bool is_hangouts_app =
+      manifest_url.SchemeIsFileSystem() &&
+      manifest_url.inner_url() != NULL &&
+      manifest_url.inner_url()->SchemeIsCryptographic() &&
+      // The manifest must be loaded from the host's FileSystem.
+      (manifest_url.inner_url()->host() == app_url.host()) &&
+      IsHangoutsUrl(app_url);
+
+  return is_photo_app || is_hangouts_app;
+}
+
+}  // namespace app_categorizer