Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(12)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/browser/url_request_util.cc

Issue 2261043002: Do not immediately block cross-renderer extension resource loads for non-web-triggered transitions (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@2785
Patch Set: Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/extensions/chrome_url_request_util.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/browser/url_request_util.h" 5 #include "extensions/browser/url_request_util.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "content/public/browser/resource_request_info.h" 9 #include "content/public/browser/resource_request_info.h"
10 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" 10 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h"
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
42 42
43 // |owner_extension == extension| needs to be checked because extension 43 // |owner_extension == extension| needs to be checked because extension
44 // resources should only be accessible to WebViews owned by that extension. 44 // resources should only be accessible to WebViews owned by that extension.
45 if (is_guest && owner_extension == extension && 45 if (is_guest && owner_extension == extension &&
46 WebviewInfo::IsResourceWebviewAccessible(extension, partition_id, 46 WebviewInfo::IsResourceWebviewAccessible(extension, partition_id,
47 resource_path)) { 47 resource_path)) {
48 *allowed = true; 48 *allowed = true;
49 return true; 49 return true;
50 } 50 }
51 51
52 if (!ui::PageTransitionIsWebTriggerable(info->GetPageTransition())) { 52 if (is_guest &&
53 !ui::PageTransitionIsWebTriggerable(info->GetPageTransition())) {
53 *allowed = false; 54 *allowed = false;
54 return true; 55 return true;
55 } 56 }
56 57
57 // The following checks require that we have an actual extension object. If we 58 // The following checks require that we have an actual extension object. If we
58 // don't have it, allow the request handling to continue with the rest of the 59 // don't have it, allow the request handling to continue with the rest of the
59 // checks. 60 // checks.
60 if (!extension) { 61 if (!extension) {
61 *allowed = true; 62 *allowed = true;
62 return true; 63 return true;
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
111 112
112 // Since not all subresources are required to be listed in a v2 113 // Since not all subresources are required to be listed in a v2
113 // manifest, we must allow all subresource loads if there are any web 114 // manifest, we must allow all subresource loads if there are any web
114 // accessible resources. See http://crbug.com/179127. 115 // accessible resources. See http://crbug.com/179127.
115 if (!content::IsResourceTypeFrame(info->GetResourceType()) && 116 if (!content::IsResourceTypeFrame(info->GetResourceType()) &&
116 WebAccessibleResourcesInfo::HasWebAccessibleResources(extension)) { 117 WebAccessibleResourcesInfo::HasWebAccessibleResources(extension)) {
117 *allowed = true; 118 *allowed = true;
118 return true; 119 return true;
119 } 120 }
120 121
122 if (!ui::PageTransitionIsWebTriggerable(info->GetPageTransition())) {
123 *allowed = false;
124 return true;
125 }
126
121 // Couldn't determine if the resource is allowed or not. 127 // Couldn't determine if the resource is allowed or not.
122 return false; 128 return false;
123 } 129 }
124 130
125 bool IsWebViewRequest(const net::URLRequest* request) { 131 bool IsWebViewRequest(const net::URLRequest* request) {
126 const content::ResourceRequestInfo* info = 132 const content::ResourceRequestInfo* info =
127 content::ResourceRequestInfo::ForRequest(request); 133 content::ResourceRequestInfo::ForRequest(request);
128 // |info| can be NULL sometimes: http://crbug.com/370070. 134 // |info| can be NULL sometimes: http://crbug.com/370070.
129 if (!info) 135 if (!info)
130 return false; 136 return false;
131 return WebViewRendererState::GetInstance()->IsGuest(info->GetChildID()); 137 return WebViewRendererState::GetInstance()->IsGuest(info->GetChildID());
132 } 138 }
133 139
134 } // namespace url_request_util 140 } // namespace url_request_util
135 } // namespace extensions 141 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/browser/extensions/chrome_url_request_util.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698