Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1843)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/net/chrome_extensions_network_delegate.cc

Issue 2345473003: Block top-level navigations to nested URLs with extension origins from non-extension processes. (Closed)
Patch Set: Cleanup Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/extensions/process_manager_browsertest.cc ('K') | « chrome/browser/extensions/process_manager_browsertest.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/net/chrome_extensions_network_delegate.cc
diff --git a/chrome/browser/net/chrome_extensions_network_delegate.cc b/chrome/browser/net/chrome_extensions_network_delegate.cc
index 0f2f38bc43d83e528e3aa7e19dd57e87c6aef00d..6b88acf93169413bf94ecc0de2ac704bfa72d491 100644
--- a/chrome/browser/net/chrome_extensions_network_delegate.cc
+++ b/chrome/browser/net/chrome_extensions_network_delegate.cc
@@ -20,6 +20,7 @@
#include "extensions/browser/api/web_request/web_request_api.h"
#include "extensions/browser/info_map.h"
#include "extensions/browser/process_manager.h"
+#include "extensions/common/constants.h"
#include "net/url_request/url_request.h"
using content::BrowserThread;
@@ -159,6 +160,21 @@ int ChromeExtensionsNetworkDelegateImpl::OnBeforeURLRequest(
net::URLRequest* request,
const net::CompletionCallback& callback,
GURL* new_url) {
+ const content::ResourceRequestInfo* info =
+ content::ResourceRequestInfo::ForRequest(request);
+ GURL url(request->url());
+
+ // Block top-level navigations to blob: or filesystem: URLs with extension
+ // origin from non-extension processes. See https://crbug.com/645028.
+ bool is_nested_url = url.SchemeIsFileSystem() || url.SchemeIsBlob();
+ bool is_navigation =
+ info && content::IsResourceTypeFrame(info->GetResourceType());
+ if (is_nested_url && is_navigation && info->IsMainFrame() &&
+ url::Origin(url).scheme() == extensions::kExtensionScheme) {
Devlin 2016/09/15 21:05:10 nit: Is there a reason to prefer this over GURL::S
alexmos 2016/09/15 21:45:59 Yes, this uses url::Origin(url).scheme() because w
alexmos 2016/09/15 21:51:40 Also CC-ing mkwst@ for awareness and any thoughts
Devlin 2016/09/15 21:56:48 ...yuck. Regardless, fine for this CL, but...wow.
+ if (!extension_info_map_->process_map().Contains(info->GetChildID()))
Devlin 2016/09/15 21:05:10 optional nit: I'd be fine using and && here with t
alexmos 2016/09/15 21:45:59 Done.
+ return net::ERR_ABORTED;
alexmos 2016/09/15 17:43:02 I considered returning ERR_BLOCKED_BY_CLIENT here,
+ }
+
return ExtensionWebRequestEventRouter::GetInstance()->OnBeforeRequest(
profile_, extension_info_map_.get(), request, callback, new_url);
}
« chrome/browser/extensions/process_manager_browsertest.cc ('K') | « chrome/browser/extensions/process_manager_browsertest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698