Budget API calls should only succeed on secure origins

chrome/browser/budget_service/budget_manager.cc

Index: chrome/browser/budget_service/budget_manager.cc
diff --git a/chrome/browser/budget_service/budget_manager.cc b/chrome/browser/budget_service/budget_manager.cc
index 24f6d26b26f1ca6b851df189475b1e5c871a67b2..d54c18c537b154cc1af6dd5917c4d4d03a8bc714 100644
--- a/chrome/browser/budget_service/budget_manager.cc
+++ b/chrome/browser/budget_service/budget_manager.cc
@@ -17,6 +17,7 @@
 #include "components/pref_registry/pref_registry_syncable.h"
 #include "components/prefs/pref_service.h"
 #include "content/public/browser/browser_thread.h"
+#include "content/public/common/origin_util.h"
 #include "third_party/WebKit/public/platform/modules/budget_service/budget_service.mojom.h"
 #include "url/origin.h"
 
@@ -68,12 +69,24 @@ double BudgetManager::GetCost(blink::mojom::BudgetOperationType type) {
 
 void BudgetManager::GetBudget(const url::Origin& origin,
                               const GetBudgetCallback& callback) {
+  const GURL url(origin.Serialize());
+  if (!url.SchemeIsHTTPOrHTTPS() || !content::IsOriginSecure(url)) {

[Peter Beverloo, 2016/09/22 14:27:29]

What's the added value of checking SchemeIsHTTPOrHTTPS()? I think we can just
rely on IsOriginSecure(). Elsewhere too.

[harkness, 2016/09/22 15:35:46]

By my reading of IsOriginSecure, it looks like it will allow file schemes, which
are not allowed by ServiceWorkers. 

I suppose it's really up to us what we want to allow in the spec, but my plan
was to mirror the service worker limits, and OriginCanAccessServiceWorkers has
botht he IsOriginSecure and the SchemeIsHTTPOrHTTPS check.

+    callback.Run(blink::mojom::BudgetServiceErrorType::NOT_SUPPORTED,
+                 mojo::Array<blink::mojom::BudgetStatePtr>());
+    return;
+  }
   db_.GetBudgetDetails(origin, callback);
 }
 
 void BudgetManager::Reserve(const url::Origin& origin,
                             blink::mojom::BudgetOperationType type,
                             const ReserveCallback& callback) {
+  const GURL url(origin.Serialize());
+  if (!url.SchemeIsHTTPOrHTTPS() || !content::IsOriginSecure(url)) {
+    callback.Run(blink::mojom::BudgetServiceErrorType::NOT_SUPPORTED,
+                 false /* success */);
+    return;
+  }
   db_.SpendBudget(origin, GetCost(type),
                   base::Bind(&BudgetManager::DidReserve,
                              weak_ptr_factory_.GetWeakPtr(), origin, callback));
@@ -82,6 +95,12 @@ void BudgetManager::Reserve(const url::Origin& origin,
 void BudgetManager::Consume(const url::Origin& origin,
                             blink::mojom::BudgetOperationType type,
                             const ConsumeCallback& callback) {
+  const GURL url(origin.Serialize());
+  if (!url.SchemeIsHTTPOrHTTPS() || !content::IsOriginSecure(url)) {
+    callback.Run(false /* success */);
+    return;
+  }
+
   bool found_reservation = false;
 
   // First, see if there is a reservation already.