Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(89)

Side by Side Diff: extensions/browser/url_request_util.cc

Issue 2007133004: Disallow navigation to documents not explicitly listed as web accessible. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix issues from code review. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/test/data/extensions/api_test/extension_resource_request_policy/some_accessible/public.html ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/browser/url_request_util.h" 5 #include "extensions/browser/url_request_util.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "content/public/browser/resource_request_info.h" 9 #include "content/public/browser/resource_request_info.h"
10 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" 10 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h"
(...skipping 21 matching lines...) Expand all
32 std::string owner_extension_id; 32 std::string owner_extension_id;
33 int owner_process_id; 33 int owner_process_id;
34 WebViewRendererState::GetInstance()->GetOwnerInfo( 34 WebViewRendererState::GetInstance()->GetOwnerInfo(
35 info->GetChildID(), &owner_process_id, &owner_extension_id); 35 info->GetChildID(), &owner_process_id, &owner_extension_id);
36 const Extension* owner_extension = 36 const Extension* owner_extension =
37 extension_info_map->extensions().GetByID(owner_extension_id); 37 extension_info_map->extensions().GetByID(owner_extension_id);
38 std::string partition_id; 38 std::string partition_id;
39 bool is_guest = WebViewRendererState::GetInstance()->GetPartitionID( 39 bool is_guest = WebViewRendererState::GetInstance()->GetPartitionID(
40 info->GetChildID(), &partition_id); 40 info->GetChildID(), &partition_id);
41 std::string resource_path = request->url().path(); 41 std::string resource_path = request->url().path();
42
42 // |owner_extension == extension| needs to be checked because extension 43 // |owner_extension == extension| needs to be checked because extension
43 // resources should only be accessible to WebViews owned by that extension. 44 // resources should only be accessible to WebViews owned by that extension.
44 if (is_guest && owner_extension == extension && 45 if (is_guest && owner_extension == extension &&
45 WebviewInfo::IsResourceWebviewAccessible(extension, partition_id, 46 WebviewInfo::IsResourceWebviewAccessible(extension, partition_id,
46 resource_path)) { 47 resource_path)) {
47 *allowed = true; 48 *allowed = true;
48 return true; 49 return true;
49 } 50 }
50 51
51 // If the request is for navigations outside of webviews, then it should be
52 // allowed. The navigation logic in CrossSiteResourceHandler will properly
53 // transfer the navigation to a privileged process before it commits.
54 if (content::IsResourceTypeFrame(info->GetResourceType()) && !is_guest) {
55 *allowed = true;
56 return true;
57 }
58
59 if (!ui::PageTransitionIsWebTriggerable(info->GetPageTransition())) { 52 if (!ui::PageTransitionIsWebTriggerable(info->GetPageTransition())) {
60 *allowed = false; 53 *allowed = false;
61 return true; 54 return true;
62 } 55 }
63 56
64 // The following checks require that we have an actual extension object. If we 57 // The following checks require that we have an actual extension object. If we
65 // don't have it, allow the request handling to continue with the rest of the 58 // don't have it, allow the request handling to continue with the rest of the
66 // checks. 59 // checks.
67 if (!extension) { 60 if (!extension) {
68 *allowed = true; 61 *allowed = true;
69 return true; 62 return true;
70 } 63 }
71 64
72 // Disallow loading of packaged resources for hosted apps. We don't allow 65 // Disallow loading of packaged resources for hosted apps. We don't allow
73 // hybrid hosted/packaged apps. The one exception is access to icons, since 66 // hybrid hosted/packaged apps. The one exception is access to icons, since
74 // some extensions want to be able to do things like create their own 67 // some extensions want to be able to do things like create their own
75 // launchers. 68 // launchers.
76 std::string resource_root_relative_path = 69 std::string resource_root_relative_path =
77 request->url().path().empty() ? std::string() 70 request->url().path().empty() ? std::string()
78 : request->url().path().substr(1); 71 : request->url().path().substr(1);
79 if (extension->is_hosted_app() && 72 if (extension->is_hosted_app() &&
80 !IconsInfo::GetIcons(extension) 73 !IconsInfo::GetIcons(extension)
81 .ContainsPath(resource_root_relative_path)) { 74 .ContainsPath(resource_root_relative_path)) {
82 LOG(ERROR) << "Denying load of " << request->url().spec() << " from " 75 LOG(ERROR) << "Denying load of " << request->url().spec() << " from "
83 << "hosted app."; 76 << "hosted app.";
84 *allowed = false; 77 *allowed = false;
85 return true; 78 return true;
86 } 79 }
87 80
88 // Extensions with web_accessible_resources: allow loading by regular 81 DCHECK_EQ(extension->url(), request->url().GetWithEmptyPath());
89 // renderers. Since not all subresources are required to be listed in a v2 82
90 // manifest, we must allow all loads if there are any web accessible 83 // Extensions with manifest before v2 did not have web_accessible_resource
91 // resources. See http://crbug.com/179127. 84 // section, therefore the request needs to be allowed.
92 if (extension->manifest_version() < 2 || 85 if (extension->manifest_version() < 2) {
86 *allowed = true;
87 return true;
88 }
89
90 // Navigating the main frame to an extension URL is allowed, even if not
91 // explicitly listed as web_accessible_resource.
92 if (info->GetResourceType() == content::RESOURCE_TYPE_MAIN_FRAME) {
93 *allowed = true;
94 return true;
95 } else if (info->GetResourceType() == content::RESOURCE_TYPE_SUB_FRAME) {
96 // When navigating in subframe, allow if it is the same origin
97 // as the top-level frame. This can only be the case if the subframe
98 // request is coming from the extension process.
99 if (extension_info_map->process_map().Contains(info->GetChildID())) {
100 *allowed = true;
101 return true;
102 }
103
104 // Also allow if the file is explicitly listed as a web_accessible_resource.
105 if (WebAccessibleResourcesInfo::IsResourceWebAccessible(extension,
106 resource_path)) {
107 *allowed = true;
108 return true;
109 }
110 }
111
112 // Since not all subresources are required to be listed in a v2
113 // manifest, we must allow all subresource loads if there are any web
114 // accessible resources. See http://crbug.com/179127.
115 if (!content::IsResourceTypeFrame(info->GetResourceType()) &&
93 WebAccessibleResourcesInfo::HasWebAccessibleResources(extension)) { 116 WebAccessibleResourcesInfo::HasWebAccessibleResources(extension)) {
94 *allowed = true; 117 *allowed = true;
95 return true; 118 return true;
96 } 119 }
97 120
98 // Couldn't determine if the resource is allowed or not. 121 // Couldn't determine if the resource is allowed or not.
99 return false; 122 return false;
100 } 123 }
101 124
102 bool IsWebViewRequest(const net::URLRequest* request) { 125 bool IsWebViewRequest(const net::URLRequest* request) {
103 const content::ResourceRequestInfo* info = 126 const content::ResourceRequestInfo* info =
104 content::ResourceRequestInfo::ForRequest(request); 127 content::ResourceRequestInfo::ForRequest(request);
105 // |info| can be NULL sometimes: http://crbug.com/370070. 128 // |info| can be NULL sometimes: http://crbug.com/370070.
106 if (!info) 129 if (!info)
107 return false; 130 return false;
108 return WebViewRendererState::GetInstance()->IsGuest(info->GetChildID()); 131 return WebViewRendererState::GetInstance()->IsGuest(info->GetChildID());
109 } 132 }
110 133
111 } // namespace url_request_util 134 } // namespace url_request_util
112 } // namespace extensions 135 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/test/data/extensions/api_test/extension_resource_request_policy/some_accessible/public.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698