Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(105)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/renderer/extensions/resource_request_policy.cc

Issue 2382973002: Convert WebSecurityOrigin -> GURL without re-parsing the url (Closed)
Patch Set: rebase on #427122 Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/renderer/extensions/media_galleries_custom_bindings.cc ('k') | chrome/renderer/plugins/chrome_plugin_placeholder.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/renderer/extensions/resource_request_policy.h" 5 #include "chrome/renderer/extensions/resource_request_policy.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/strings/stringprintf.h" 8 #include "base/strings/stringprintf.h"
9 #include "chrome/common/extensions/chrome_manifest_url_handlers.h" 9 #include "chrome/common/extensions/chrome_manifest_url_handlers.h"
10 #include "chrome/common/url_constants.h" 10 #include "chrome/common/url_constants.h"
11 #include "extensions/common/constants.h" 11 #include "extensions/common/constants.h"
12 #include "extensions/common/extension.h" 12 #include "extensions/common/extension.h"
13 #include "extensions/common/manifest_constants.h" 13 #include "extensions/common/manifest_constants.h"
14 #include "extensions/common/manifest_handlers/icons_handler.h" 14 #include "extensions/common/manifest_handlers/icons_handler.h"
15 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h" 15 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h"
16 #include "extensions/common/manifest_handlers/webview_info.h" 16 #include "extensions/common/manifest_handlers/webview_info.h"
17 #include "extensions/renderer/dispatcher.h" 17 #include "extensions/renderer/dispatcher.h"
18 #include "extensions/renderer/renderer_extension_registry.h" 18 #include "extensions/renderer/renderer_extension_registry.h"
19 #include "third_party/WebKit/public/platform/URLConversion.h" 19 #include "third_party/WebKit/public/platform/URLConversion.h"
20 #include "third_party/WebKit/public/platform/WebString.h" 20 #include "third_party/WebKit/public/platform/WebString.h"
21 #include "third_party/WebKit/public/web/WebConsoleMessage.h" 21 #include "third_party/WebKit/public/web/WebConsoleMessage.h"
22 #include "third_party/WebKit/public/web/WebDocument.h" 22 #include "third_party/WebKit/public/web/WebDocument.h"
23 #include "third_party/WebKit/public/web/WebFrame.h" 23 #include "third_party/WebKit/public/web/WebFrame.h"
24 #include "ui/base/page_transition_types.h" 24 #include "ui/base/page_transition_types.h"
25 #include "url/gurl.h" 25 #include "url/gurl.h"
26 #include "url/origin.h"
26 27
27 namespace extensions { 28 namespace extensions {
28 29
29 ResourceRequestPolicy::ResourceRequestPolicy(Dispatcher* dispatcher) 30 ResourceRequestPolicy::ResourceRequestPolicy(Dispatcher* dispatcher)
30 : dispatcher_(dispatcher) {} 31 : dispatcher_(dispatcher) {}
31 32
32 // This method does a security check whether chrome-extension:// URLs can be 33 // This method does a security check whether chrome-extension:// URLs can be
33 // requested by the renderer. Since this is in an untrusted process, the browser 34 // requested by the renderer. Since this is in an untrusted process, the browser
34 // has a similar check to enforce the policy, in case this process is exploited. 35 // has a similar check to enforce the policy, in case this process is exploited.
35 // If you are changing this function, ensure equivalent checks are added to 36 // If you are changing this function, ensure equivalent checks are added to
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
68 if (!WebAccessibleResourcesInfo::IsResourceWebAccessible( 69 if (!WebAccessibleResourcesInfo::IsResourceWebAccessible(
69 extension, resource_url.path()) && 70 extension, resource_url.path()) &&
70 !WebviewInfo::IsResourceWebviewAccessible( 71 !WebviewInfo::IsResourceWebviewAccessible(
71 extension, dispatcher_->webview_partition_id(), 72 extension, dispatcher_->webview_partition_id(),
72 resource_url.path())) { 73 resource_url.path())) {
73 GURL frame_url = frame->document().url(); 74 GURL frame_url = frame->document().url();
74 75
75 // The page_origin may be GURL("null") for unique origins like data URLs, 76 // The page_origin may be GURL("null") for unique origins like data URLs,
76 // but this is ok for the checks below. We only care if it matches the 77 // but this is ok for the checks below. We only care if it matches the
77 // current extension or has a devtools scheme. 78 // current extension or has a devtools scheme.
78 GURL page_origin = 79 GURL page_origin = url::Origin(frame->top()->getSecurityOrigin()).GetURL();
79 blink::WebStringToGURL(frame->top()->getSecurityOrigin().toString());
80 80
81 // Exceptions are: 81 // Exceptions are:
82 // - empty origin (needed for some edge cases when we have empty origins) 82 // - empty origin (needed for some edge cases when we have empty origins)
83 bool is_empty_origin = frame_url.is_empty(); 83 bool is_empty_origin = frame_url.is_empty();
84 // - extensions requesting their own resources (frame_url check is for 84 // - extensions requesting their own resources (frame_url check is for
85 // images, page_url check is for iframes) 85 // images, page_url check is for iframes)
86 bool is_own_resource = frame_url.GetOrigin() == extension->url() || 86 bool is_own_resource = frame_url.GetOrigin() == extension->url() ||
87 page_origin == extension->url(); 87 page_origin == extension->url();
88 // - devtools (chrome-extension:// URLs are loaded into frames of devtools 88 // - devtools (chrome-extension:// URLs are loaded into frames of devtools
89 // to support the devtools extension APIs) 89 // to support the devtools extension APIs)
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
127 frame->addMessageToConsole( 127 frame->addMessageToConsole(
128 blink::WebConsoleMessage(blink::WebConsoleMessage::LevelError, 128 blink::WebConsoleMessage(blink::WebConsoleMessage::LevelError,
129 blink::WebString::fromUTF8(message))); 129 blink::WebString::fromUTF8(message)));
130 return false; 130 return false;
131 } 131 }
132 132
133 return true; 133 return true;
134 } 134 }
135 135
136 } // namespace extensions 136 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/renderer/extensions/media_galleries_custom_bindings.cc ('k') | chrome/renderer/plugins/chrome_plugin_placeholder.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698