Chromium Code Reviews Chromium Code Reviews
Issue 23466009:
Expand whitelist for media stream APIs. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/chrome_content_renderer_client.h" | 5 #include "chrome/renderer/chrome_content_renderer_client.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/metrics/histogram.h" | 9 #include "base/metrics/histogram.h" |
| 10 #include "base/path_service.h" | 10 #include "base/path_service.h" |
| (...skipping 761 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 772 WebPluginParams* params) { | 772 WebPluginParams* params) { |
| 773 // Temporarily allow these URLs to run NaCl apps, as long as the manifest is | 773 // Temporarily allow these URLs to run NaCl apps, as long as the manifest is |
| 774 // also whitelisted. We should remove this code when PNaCl ships. | 774 // also whitelisted. We should remove this code when PNaCl ships. |
| 775 bool is_whitelisted_url = | 775 bool is_whitelisted_url = |
| 776 app_url.SchemeIs("https") && | 776 app_url.SchemeIs("https") && |
| 777 (app_url.host() == "plus.google.com" || | 777 (app_url.host() == "plus.google.com" || |
| 778 app_url.host() == "plus.sandbox.google.com") && | 778 app_url.host() == "plus.sandbox.google.com") && |
| 779 manifest_url.SchemeIs("https") && | 779 manifest_url.SchemeIs("https") && |
| 780 manifest_url.host() == "ssl.gstatic.com" && | 780 manifest_url.host() == "ssl.gstatic.com" && |
| 781 ((manifest_url.path().find("s2/oz/nacl/") == 1) || | 781 ((manifest_url.path().find("s2/oz/nacl/") == 1) || |
| 782 (manifest_url.path().find("photos/nacl/") == 1)); | 782 (manifest_url.path().find("photos/nacl/") == 1) || |
| 783 (manifest_url.path().find("hangouts/nacl/") == 1)); | |
|
bbudge
2013/09/06 18:50:57
This expands the NaCl whitelist to hangouts.
| |
| 783 | 784 |
| 784 bool is_extension_from_webstore = | 785 bool is_extension_from_webstore = |
| 785 extension && extension->from_webstore(); | 786 extension && extension->from_webstore(); |
| 786 | 787 |
| 787 bool is_invoked_by_hosted_app = extension && | 788 bool is_invoked_by_hosted_app = extension && |
| 788 extension->is_hosted_app() && | 789 extension->is_hosted_app() && |
| 789 extension->web_extent().MatchesURL(app_url); | 790 extension->web_extent().MatchesURL(app_url); |
| 790 | 791 |
| 791 // Allow built-in extensions and extensions under development. | 792 // Allow built-in extensions and extensions under development. |
| 792 bool is_extension_unrestricted = extension && | 793 bool is_extension_unrestricted = extension && |
| (...skipping 482 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1275 return false; | 1276 return false; |
| 1276 | 1277 |
| 1277 WebString tag_name = container->element().shadowHost().tagName(); | 1278 WebString tag_name = container->element().shadowHost().tagName(); |
| 1278 return tag_name.equals(WebString::fromUTF8(kWebViewTagName)) || | 1279 return tag_name.equals(WebString::fromUTF8(kWebViewTagName)) || |
| 1279 tag_name.equals(WebString::fromUTF8(kAdViewTagName)); | 1280 tag_name.equals(WebString::fromUTF8(kAdViewTagName)); |
| 1280 } | 1281 } |
| 1281 | 1282 |
| 1282 bool ChromeContentRendererClient::AllowPepperMediaStreamAPI( | 1283 bool ChromeContentRendererClient::AllowPepperMediaStreamAPI( |
| 1283 const GURL& url) { | 1284 const GURL& url) { |
| 1284 #if !defined(OS_ANDROID) | 1285 #if !defined(OS_ANDROID) |
| 1285 std::string host = url.host(); | |
| 1286 // Allow only the Hangouts app to use the MediaStream APIs. It's OK to check | 1286 // Allow only the Hangouts app to use the MediaStream APIs. It's OK to check |
| 1287 // the whitelist in the renderer, since we're only preventing access until | 1287 // the whitelist in the renderer, since we're only preventing access until |
| 1288 // these APIs are public and stable. | 1288 // these APIs are public and stable. |
| 1289 if (url.SchemeIs(extensions::kExtensionScheme) && | 1289 if (url.SchemeIs("https") && |
| 1290 !host.compare("hpcogiolnobbkijnnkdahioejpdcdoph")) { | 1290 (url.host() == "plus.google.com" || |
| 1291 url.host() == "plus.sandbox.google.com") && | |
| 1292 url.path().find("hangouts/") == 1) { | |
|
bbudge
2013/09/06 18:50:57
This changes the way we identify the hangouts app.
| |
| 1291 return true; | 1293 return true; |
| 1292 } | 1294 } |
| 1293 // Allow access for tests. | 1295 // Allow access for tests. |
| 1294 if (CommandLine::ForCurrentProcess()->HasSwitch( | 1296 if (CommandLine::ForCurrentProcess()->HasSwitch( |
| 1295 switches::kEnablePepperTesting)) { | 1297 switches::kEnablePepperTesting)) { |
| 1296 return true; | 1298 return true; |
| 1297 } | 1299 } |
| 1298 #endif // !defined(OS_ANDROID) | 1300 #endif // !defined(OS_ANDROID) |
| 1299 return false; | 1301 return false; |
| 1300 } | 1302 } |
| 1301 | 1303 |
| 1302 bool ChromeContentRendererClient::ShouldReportDetailedMessageForSource( | 1304 bool ChromeContentRendererClient::ShouldReportDetailedMessageForSource( |
| 1303 const base::string16& source) const { | 1305 const base::string16& source) const { |
| 1304 return GURL(source).SchemeIs(extensions::kExtensionScheme); | 1306 return GURL(source).SchemeIs(extensions::kExtensionScheme); |
| 1305 } | 1307 } |
| 1306 | 1308 |
| 1307 } // namespace chrome | 1309 } // namespace chrome |
| OLD | NEW |
