Chromium Code Reviews Chromium Code Reviews
Issue 2222723002:
Avoid calling into the ContentBrowserClient interface from ResourceDispatcherHostImpl to determine … (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc |
| diff --git a/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc b/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc |
| index 8adeb96f87829a4b0395e697e12325fb4b7ac245..a7d70f9201cab9c5ba89e52edc867ae1a8dc9d46 100644 |
| --- a/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc |
| +++ b/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc |
| @@ -27,12 +27,15 @@ |
| #include "content/public/browser/browser_url_handler.h" |
| #include "content/public/browser/render_process_host.h" |
| #include "content/public/browser/render_view_host.h" |
| +#include "content/public/browser/resource_dispatcher_host.h" |
| +#include "content/public/browser/resource_dispatcher_host_interceptor.h" |
| #include "content/public/browser/site_instance.h" |
| #include "content/public/browser/vpn_service_proxy.h" |
| #include "content/public/browser/web_contents.h" |
| #include "content/public/common/content_switches.h" |
| #include "extensions/browser/api/web_request/web_request_api.h" |
| #include "extensions/browser/api/web_request/web_request_api_helpers.h" |
| +#include "extensions/browser/bad_message.h" |
| #include "extensions/browser/extension_host.h" |
| #include "extensions/browser/extension_message_filter.h" |
| #include "extensions/browser/extension_registry.h" |
| @@ -272,52 +275,6 @@ bool ChromeContentBrowserClientExtensionsPart::CanCommitURL( |
| return true; |
| } |
| -bool ChromeContentBrowserClientExtensionsPart::IsIllegalOrigin( |
| - content::ResourceContext* resource_context, |
| - int child_process_id, |
| - const GURL& origin) { |
| - DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| - |
| - // Consider non-extension URLs safe; they will be checked elsewhere. |
| - if (!origin.SchemeIs(kExtensionScheme)) |
| - return false; |
| - |
| - // If there is no extension installed for the URL, it couldn't have committed. |
| - // (If the extension was recently uninstalled, the tab would have closed.) |
| - ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); |
| - InfoMap* extension_info_map = io_data->GetExtensionInfoMap(); |
| - const Extension* extension = |
| - extension_info_map->extensions().GetExtensionOrAppByURL(origin); |
| - if (!extension) |
| - return true; |
| - |
| - // Check for platform app origins. These can only be committed by the app |
| - // itself, or by one if its guests if there are accessible_resources. |
| - const ProcessMap& process_map = extension_info_map->process_map(); |
| - if (extension->is_platform_app() && |
| - !process_map.Contains(extension->id(), child_process_id)) { |
| - // This is a platform app origin not in the app's own process. If there are |
| - // no accessible resources, this is illegal. |
| - if (!extension->GetManifestData(manifest_keys::kWebviewAccessibleResources)) |
| - return true; |
| - |
| - // If there are accessible resources, the origin is only legal if the given |
| - // process is a guest of the app. |
| - std::string owner_extension_id; |
| - int owner_process_id; |
| - WebViewRendererState::GetInstance()->GetOwnerInfo( |
| - child_process_id, &owner_process_id, &owner_extension_id); |
| - const Extension* owner_extension = |
| - extension_info_map->extensions().GetByID(owner_extension_id); |
| - return !owner_extension || owner_extension != extension; |
| - } |
| - |
| - // With only the origin and not the full URL, we don't have enough information |
| - // to validate hosted apps or web_accessible_resources in normal extensions. |
| - // Assume they're legal. |
| - return false; |
| -} |
| - |
| // static |
| bool ChromeContentBrowserClientExtensionsPart::IsSuitableHost( |
| Profile* profile, |
| @@ -662,4 +619,84 @@ void ChromeContentBrowserClientExtensionsPart:: |
| } |
| } |
| +void ChromeContentBrowserClientExtensionsPart::ResourceDispatcherHostCreated() { |
| + content::ResourceDispatcherHost::Get()->RegisterInterceptor( |
| + "Origin", |
| + kExtensionScheme, |
| + base::Bind( |
| + &ChromeContentBrowserClientExtensionsPart::OnHttpHeaderReceived)); |
| +} |
| + |
| +// static. |
| +void ChromeContentBrowserClientExtensionsPart::OnHttpHeaderReceived( |
|
jam
2016/08/10 00:19:26
nit: why are these two methods part of ChromeConte
ananta
2016/08/10 00:30:02
I had moved them to the namespace. Forgot to uploa
|
| + const std::string& header, |
| + const std::string& value, |
| + int child_id, |
| + content::ResourceContext* resource_context, |
| + OnHeaderProcessedCallback callback) override { |
| + DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| + |
| + GURL origin(value); |
| + DCHECK(origin.SchemeIs(extensions::kExtensionScheme)); |
| + |
| + if (IsIllegalOrigin(resource_context, child_id, origin)) { |
| + callback.Run(false, bad_message::INVALID_ORIGIN); |
| + } else { |
| + callback.Run(true, 0); |
| + } |
| +} |
| + |
| +// static. |
| +bool ChromeContentBrowserClientExtensionsPart::IsIllegalOrigin( |
| + content::ResourceContext* resource_context, |
| + int child_id, |
| + const GURL& origin) { |
| + DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| + |
| + // Consider non-extension URLs safe; they will be checked elsewhere. |
| + if (!origin.SchemeIs(kExtensionScheme)) |
| + return false; |
| + |
| + // If there is no extension installed for the URL, it couldn't have |
| + // committed. |
| + // (If the extension was recently uninstalled, the tab would have closed.) |
| + ProfileIOData* io_data = |
| + ProfileIOData::FromResourceContext(resource_context); |
| + InfoMap* extension_info_map = io_data->GetExtensionInfoMap(); |
| + const Extension* extension = |
| + extension_info_map->extensions().GetExtensionOrAppByURL(origin); |
| + if (!extension) |
| + return true; |
| + |
| + // Check for platform app origins. These can only be committed by the app |
| + // itself, or by one if its guests if there are accessible_resources. |
| + const ProcessMap& process_map = extension_info_map->process_map(); |
| + if (extension->is_platform_app() && |
| + !process_map.Contains(extension->id(), child_id)) { |
| + // This is a platform app origin not in the app's own process. If there |
| + // are |
| + // no accessible resources, this is illegal. |
| + if (!extension->GetManifestData( |
| + manifest_keys::kWebviewAccessibleResources)) |
| + return true; |
| + |
| + // If there are accessible resources, the origin is only legal if the |
| + // given |
| + // process is a guest of the app. |
| + std::string owner_extension_id; |
| + int owner_process_id; |
| + WebViewRendererState::GetInstance()->GetOwnerInfo( |
| + child_id, &owner_process_id, &owner_extension_id); |
| + const Extension* owner_extension = |
| + extension_info_map->extensions().GetByID(owner_extension_id); |
| + return !owner_extension || owner_extension != extension; |
| + } |
| + |
| + // With only the origin and not the full URL, we don't have enough |
| + // information |
| + // to validate hosted apps or web_accessible_resources in normal extensions. |
| + // Assume they're legal. |
| + return false; |
| +} |
| + |
| } // namespace extensions |
