| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/extension_navigation_throttle.h" | 5 #include "extensions/browser/extension_navigation_throttle.h" |
| 6 | 6 |
| 7 #include "components/guest_view/browser/guest_view_base.h" |
| 7 #include "content/public/browser/browser_thread.h" | 8 #include "content/public/browser/browser_thread.h" |
| 8 #include "content/public/browser/navigation_handle.h" | 9 #include "content/public/browser/navigation_handle.h" |
| 9 #include "content/public/browser/render_frame_host.h" | 10 #include "content/public/browser/render_frame_host.h" |
| 10 #include "content/public/browser/web_contents.h" | 11 #include "content/public/browser/web_contents.h" |
| 12 #include "content/public/common/browser_side_navigation_policy.h" |
| 11 #include "content/public/common/url_constants.h" | 13 #include "content/public/common/url_constants.h" |
| 12 #include "extensions/browser/extension_registry.h" | 14 #include "extensions/browser/extension_registry.h" |
| 15 #include "extensions/browser/guest_view/web_view/web_view_guest.h" |
| 16 #include "extensions/browser/url_request_util.h" |
| 13 #include "extensions/common/constants.h" | 17 #include "extensions/common/constants.h" |
| 14 #include "extensions/common/extension.h" | 18 #include "extensions/common/extension.h" |
| 15 #include "extensions/common/extension_set.h" | 19 #include "extensions/common/extension_set.h" |
| 16 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h" | 20 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h" |
| 21 #include "extensions/common/manifest_handlers/webview_info.h" |
| 17 #include "extensions/common/permissions/api_permission.h" | 22 #include "extensions/common/permissions/api_permission.h" |
| 18 #include "extensions/common/permissions/permissions_data.h" | 23 #include "extensions/common/permissions/permissions_data.h" |
| 24 #include "ui/base/page_transition_types.h" |
| 19 | 25 |
| 20 namespace extensions { | 26 namespace extensions { |
| 21 | 27 |
| 22 ExtensionNavigationThrottle::ExtensionNavigationThrottle( | 28 ExtensionNavigationThrottle::ExtensionNavigationThrottle( |
| 23 content::NavigationHandle* navigation_handle) | 29 content::NavigationHandle* navigation_handle) |
| 24 : content::NavigationThrottle(navigation_handle) {} | 30 : content::NavigationThrottle(navigation_handle) {} |
| 25 | 31 |
| 26 ExtensionNavigationThrottle::~ExtensionNavigationThrottle() {} | 32 ExtensionNavigationThrottle::~ExtensionNavigationThrottle() {} |
| 27 | 33 |
| 28 content::NavigationThrottle::ThrottleCheckResult | 34 content::NavigationThrottle::ThrottleCheckResult |
| 29 ExtensionNavigationThrottle::WillStartRequest() { | 35 ExtensionNavigationThrottle::WillStartRequest() { |
| 30 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 36 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| 31 GURL url(navigation_handle()->GetURL()); | 37 GURL url(navigation_handle()->GetURL()); |
| 32 ExtensionRegistry* registry = ExtensionRegistry::Get( | 38 content::WebContents* web_contents = navigation_handle()->GetWebContents(); |
| 33 navigation_handle()->GetWebContents()->GetBrowserContext()); | 39 ExtensionRegistry* registry = |
| 40 ExtensionRegistry::Get(web_contents->GetBrowserContext()); |
| 34 | 41 |
| 35 if (navigation_handle()->IsInMainFrame()) { | 42 if (navigation_handle()->IsInMainFrame()) { |
| 36 // Block top-level navigations to blob: or filesystem: URLs with extension | 43 // Block top-level navigations to blob: or filesystem: URLs with extension |
| 37 // origin from non-extension processes. See https://crbug.com/645028. | 44 // origin from non-extension processes. See https://crbug.com/645028. |
| 38 bool is_nested_url = url.SchemeIsFileSystem() || url.SchemeIsBlob(); | 45 bool is_nested_url = url.SchemeIsFileSystem() || url.SchemeIsBlob(); |
| 39 bool is_extension = false; | 46 bool is_extension = false; |
| 40 if (registry) { | 47 if (registry) { |
| 41 is_extension = !!registry->enabled_extensions().GetExtensionOrAppByURL( | 48 is_extension = !!registry->enabled_extensions().GetExtensionOrAppByURL( |
| 42 navigation_handle()->GetStartingSiteInstance()->GetSiteURL()); | 49 navigation_handle()->GetStartingSiteInstance()->GetSiteURL()); |
| 43 } | 50 } |
| 44 | 51 |
| 45 url::Origin origin(url); | 52 url::Origin origin(url); |
| 46 if (is_nested_url && origin.scheme() == extensions::kExtensionScheme && | 53 if (is_nested_url && origin.scheme() == extensions::kExtensionScheme && |
| 47 !is_extension) { | 54 !is_extension) { |
| 48 // Relax this restriction for apps that use <webview>. See | 55 // Relax this restriction for apps that use <webview>. See |
| 49 // https://crbug.com/652077. | 56 // https://crbug.com/652077. |
| 50 const extensions::Extension* extension = | 57 const extensions::Extension* extension = |
| 51 registry->enabled_extensions().GetByID(origin.host()); | 58 registry->enabled_extensions().GetByID(origin.host()); |
| 52 bool has_webview_permission = | 59 bool has_webview_permission = |
| 53 extension && | 60 extension && |
| 54 extension->permissions_data()->HasAPIPermission( | 61 extension->permissions_data()->HasAPIPermission( |
| 55 extensions::APIPermission::kWebView); | 62 extensions::APIPermission::kWebView); |
| 56 if (!has_webview_permission) | 63 if (!has_webview_permission) |
| 57 return content::NavigationThrottle::CANCEL; | 64 return content::NavigationThrottle::CANCEL; |
| 58 } | 65 } |
| 59 | 66 |
| 67 if (content::IsBrowserSideNavigationEnabled() && |
| 68 url.scheme() == extensions::kExtensionScheme) { |
| 69 // This logic is performed for PlzNavigate sub-resources and for |
| 70 // non-PlzNavigate in |
| 71 // extensions::url_request_util::AllowCrossRendererResourceLoad. |
| 72 const Extension* extension = |
| 73 registry->enabled_extensions().GetExtensionOrAppByURL(url); |
| 74 guest_view::GuestViewBase* guest = |
| 75 guest_view::GuestViewBase::FromWebContents(web_contents); |
| 76 if (guest) { |
| 77 std::string owner_extension_id = guest->owner_host(); |
| 78 const Extension* owner_extension = |
| 79 registry->enabled_extensions().GetByID(owner_extension_id); |
| 80 |
| 81 std::string partition_domain, partition_id; |
| 82 bool in_memory; |
| 83 std::string resource_path = url.path(); |
| 84 bool is_guest = WebViewGuest::GetGuestPartitionConfigForSite( |
| 85 navigation_handle()->GetStartingSiteInstance()->GetSiteURL(), |
| 86 &partition_domain, &partition_id, &in_memory); |
| 87 |
| 88 bool allowed = true; |
| 89 url_request_util::AllowCrossRendererResourceLoad( |
| 90 is_guest, extension, owner_extension, partition_id, resource_path, |
| 91 navigation_handle()->GetPageTransition(), &allowed); |
| 92 if (!allowed) |
| 93 return content::NavigationThrottle::CANCEL; |
| 94 } |
| 95 } |
| 96 |
| 60 return content::NavigationThrottle::PROCEED; | 97 return content::NavigationThrottle::PROCEED; |
| 61 } | 98 } |
| 62 | 99 |
| 63 // Now enforce web_accessible_resources for navigations. Top-level navigations | 100 // Now enforce web_accessible_resources for navigations. Top-level navigations |
| 64 // should always be allowed. | 101 // should always be allowed. |
| 65 | 102 |
| 66 // If the navigation is not to a chrome-extension:// URL, no need to perform | 103 // If the navigation is not to a chrome-extension:// URL, no need to perform |
| 67 // any more checks. | 104 // any more checks. |
| 68 if (!url.SchemeIs(extensions::kExtensionScheme)) | 105 if (!url.SchemeIs(extensions::kExtensionScheme)) |
| 69 return content::NavigationThrottle::PROCEED; | 106 return content::NavigationThrottle::PROCEED; |
| 70 | 107 |
| 71 // The subframe which is navigated needs to have all of its ancestors be | 108 // The subframe which is navigated needs to have all of its ancestors be |
| 72 // at the same origin, otherwise the resource needs to be explicitly listed | 109 // at the same origin, otherwise the resource needs to be explicitly listed |
| 73 // in web_accessible_resources. | 110 // in web_accessible_resources. |
| 74 // Since the RenderFrameHost is not known until navigation has committed, | 111 // Since the RenderFrameHost is not known until navigation has committed, |
| 75 // we can't get it from NavigationHandle. However, this code only cares about | 112 // we can't get it from NavigationHandle. However, this code only cares about |
| 76 // the ancestor chain, so find the current RenderFrameHost and use it to | 113 // the ancestor chain, so find the current RenderFrameHost and use it to |
| 77 // traverse up to the main frame. | 114 // traverse up to the main frame. |
| 78 content::RenderFrameHost* navigating_frame = nullptr; | 115 content::RenderFrameHost* navigating_frame = nullptr; |
| 79 for (auto* frame : navigation_handle()->GetWebContents()->GetAllFrames()) { | 116 for (auto* frame : web_contents->GetAllFrames()) { |
| 80 if (frame->GetFrameTreeNodeId() == | 117 if (frame->GetFrameTreeNodeId() == |
| 81 navigation_handle()->GetFrameTreeNodeId()) { | 118 navigation_handle()->GetFrameTreeNodeId()) { |
| 82 navigating_frame = frame; | 119 navigating_frame = frame; |
| 83 break; | 120 break; |
| 84 } | 121 } |
| 85 } | 122 } |
| 86 DCHECK(navigating_frame); | 123 DCHECK(navigating_frame); |
| 87 | 124 |
| 88 // Traverse the chain of parent frames, checking if they are the same origin | 125 // Traverse the chain of parent frames, checking if they are the same origin |
| 89 // as the URL of this navigation. | 126 // as the URL of this navigation. |
| (...skipping 27 matching lines...) Expand all Loading... |
| 117 | 154 |
| 118 if (WebAccessibleResourcesInfo::IsResourceWebAccessible(extension, | 155 if (WebAccessibleResourcesInfo::IsResourceWebAccessible(extension, |
| 119 resource_path)) { | 156 resource_path)) { |
| 120 return content::NavigationThrottle::PROCEED; | 157 return content::NavigationThrottle::PROCEED; |
| 121 } | 158 } |
| 122 | 159 |
| 123 return content::NavigationThrottle::BLOCK_REQUEST; | 160 return content::NavigationThrottle::BLOCK_REQUEST; |
| 124 } | 161 } |
| 125 | 162 |
| 126 } // namespace extensions | 163 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2411293002:
Fix cross-renderer resource loads for <webview> with PlzNavigate. (Closed)
