| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/extension_navigation_throttle.h" | 5 #include "extensions/browser/extension_navigation_throttle.h" |
| 6 | 6 |
| 7 #include "content/public/browser/browser_thread.h" | 7 #include "content/public/browser/browser_thread.h" |
| 8 #include "content/public/browser/navigation_handle.h" | 8 #include "content/public/browser/navigation_handle.h" |
| 9 #include "content/public/browser/render_frame_host.h" | 9 #include "content/public/browser/render_frame_host.h" |
| 10 #include "content/public/browser/render_process_host.h" |
| 10 #include "content/public/browser/web_contents.h" | 11 #include "content/public/browser/web_contents.h" |
| 11 #include "content/public/common/url_constants.h" | 12 #include "content/public/common/url_constants.h" |
| 12 #include "extensions/browser/extension_registry.h" | 13 #include "extensions/browser/extension_registry.h" |
| 14 #include "extensions/browser/process_map.h" |
| 13 #include "extensions/common/constants.h" | 15 #include "extensions/common/constants.h" |
| 14 #include "extensions/common/extension.h" | 16 #include "extensions/common/extension.h" |
| 15 #include "extensions/common/extension_set.h" | 17 #include "extensions/common/extension_set.h" |
| 16 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h" | 18 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h" |
| 19 #include "extensions/common/permissions/api_permission.h" |
| 20 #include "extensions/common/permissions/permissions_data.h" |
| 17 | 21 |
| 18 namespace extensions { | 22 namespace extensions { |
| 19 | 23 |
| 20 ExtensionNavigationThrottle::ExtensionNavigationThrottle( | 24 ExtensionNavigationThrottle::ExtensionNavigationThrottle( |
| 21 content::NavigationHandle* navigation_handle) | 25 content::NavigationHandle* navigation_handle) |
| 22 : content::NavigationThrottle(navigation_handle) {} | 26 : content::NavigationThrottle(navigation_handle) {} |
| 23 | 27 |
| 24 ExtensionNavigationThrottle::~ExtensionNavigationThrottle() {} | 28 ExtensionNavigationThrottle::~ExtensionNavigationThrottle() {} |
| 25 | 29 |
| 26 content::NavigationThrottle::ThrottleCheckResult | 30 content::NavigationThrottle::ThrottleCheckResult |
| 27 ExtensionNavigationThrottle::WillStartRequest() { | 31 ExtensionNavigationThrottle::WillStartRequest() { |
| 28 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 32 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| 33 GURL url(navigation_handle()->GetURL()); |
| 34 content::BrowserContext* browser_context = |
| 35 navigation_handle()->GetWebContents()->GetBrowserContext(); |
| 36 ExtensionRegistry* registry = ExtensionRegistry::Get(browser_context); |
| 29 | 37 |
| 30 // This method for now enforces only web_accessible_resources for navigations. | 38 if (navigation_handle()->IsInMainFrame()) { |
| 31 // Top-level navigations should always be allowed. | 39 // Block top-level navigations to blob: or filesystem: URLs with extension |
| 32 DCHECK(!navigation_handle()->IsInMainFrame()); | 40 // origin from non-extension processes. See https://crbug.com/645028. |
| 41 bool is_nested_url = url.SchemeIsFileSystem() || url.SchemeIsBlob(); |
| 42 bool is_extension = false; |
| 43 if (registry) { |
| 44 is_extension = !!registry->enabled_extensions().GetExtensionOrAppByURL( |
| 45 navigation_handle()->GetCreatorSiteInstance()->GetSiteURL()); |
| 46 if (is_extension) { |
| 47 int child_id = navigation_handle() |
| 48 ->GetCreatorSiteInstance() |
| 49 ->GetProcess() |
| 50 ->GetID(); |
| 51 DCHECK(ProcessMap::Get(browser_context)->Contains(child_id)); |
| 52 } |
| 53 } |
| 54 |
| 55 url::Origin origin(url); |
| 56 if (is_nested_url && origin.scheme() == extensions::kExtensionScheme && |
| 57 !is_extension) { |
| 58 // Relax this restriction for apps that use <webview>. See |
| 59 // https://crbug.com/652077. |
| 60 const extensions::Extension* extension = |
| 61 registry->enabled_extensions().GetByID(origin.host()); |
| 62 bool has_webview_permission = |
| 63 extension && |
| 64 extension->permissions_data()->HasAPIPermission( |
| 65 extensions::APIPermission::kWebView); |
| 66 if (!has_webview_permission) |
| 67 return content::NavigationThrottle::CANCEL; |
| 68 } |
| 69 |
| 70 return content::NavigationThrottle::PROCEED; |
| 71 } |
| 72 |
| 73 // Now enforce web_accessible_resources for navigations. Top-level navigations |
| 74 // should always be allowed. |
| 33 | 75 |
| 34 // If the navigation is not to a chrome-extension:// URL, no need to perform | 76 // If the navigation is not to a chrome-extension:// URL, no need to perform |
| 35 // any more checks. | 77 // any more checks. |
| 36 if (!navigation_handle()->GetURL().SchemeIs(extensions::kExtensionScheme)) | 78 if (!url.SchemeIs(extensions::kExtensionScheme)) |
| 37 return content::NavigationThrottle::PROCEED; | 79 return content::NavigationThrottle::PROCEED; |
| 38 | 80 |
| 39 // The subframe which is navigated needs to have all of its ancestors be | 81 // The subframe which is navigated needs to have all of its ancestors be |
| 40 // at the same origin, otherwise the resource needs to be explicitly listed | 82 // at the same origin, otherwise the resource needs to be explicitly listed |
| 41 // in web_accessible_resources. | 83 // in web_accessible_resources. |
| 42 // Since the RenderFrameHost is not known until navigation has committed, | 84 // Since the RenderFrameHost is not known until navigation has committed, |
| 43 // we can't get it from NavigationHandle. However, this code only cares about | 85 // we can't get it from NavigationHandle. However, this code only cares about |
| 44 // the ancestor chain, so find the current RenderFrameHost and use it to | 86 // the ancestor chain, so find the current RenderFrameHost and use it to |
| 45 // traverse up to the main frame. | 87 // traverse up to the main frame. |
| 46 content::RenderFrameHost* navigating_frame = nullptr; | 88 content::RenderFrameHost* navigating_frame = nullptr; |
| 47 for (auto* frame : navigation_handle()->GetWebContents()->GetAllFrames()) { | 89 for (auto* frame : navigation_handle()->GetWebContents()->GetAllFrames()) { |
| 48 if (frame->GetFrameTreeNodeId() == | 90 if (frame->GetFrameTreeNodeId() == |
| 49 navigation_handle()->GetFrameTreeNodeId()) { | 91 navigation_handle()->GetFrameTreeNodeId()) { |
| 50 navigating_frame = frame; | 92 navigating_frame = frame; |
| 51 break; | 93 break; |
| 52 } | 94 } |
| 53 } | 95 } |
| 54 DCHECK(navigating_frame); | 96 DCHECK(navigating_frame); |
| 55 | 97 |
| 56 // Traverse the chain of parent frames, checking if they are the same origin | 98 // Traverse the chain of parent frames, checking if they are the same origin |
| 57 // as the URL of this navigation. | 99 // as the URL of this navigation. |
| 58 content::RenderFrameHost* ancestor = navigating_frame->GetParent(); | 100 content::RenderFrameHost* ancestor = navigating_frame->GetParent(); |
| 59 bool external_ancestor = false; | 101 bool external_ancestor = false; |
| 60 while (ancestor) { | 102 while (ancestor) { |
| 61 if (ancestor->GetLastCommittedURL().GetOrigin() != | 103 if (ancestor->GetLastCommittedURL().GetOrigin() != url.GetOrigin()) { |
| 62 navigation_handle()->GetURL().GetOrigin()) { | |
| 63 // Ignore DevTools, as it is allowed to embed extension pages. | 104 // Ignore DevTools, as it is allowed to embed extension pages. |
| 64 if (!ancestor->GetLastCommittedURL().SchemeIs( | 105 if (!ancestor->GetLastCommittedURL().SchemeIs( |
| 65 content::kChromeDevToolsScheme)) { | 106 content::kChromeDevToolsScheme)) { |
| 66 external_ancestor = true; | 107 external_ancestor = true; |
| 67 break; | 108 break; |
| 68 } | 109 } |
| 69 } | 110 } |
| 70 ancestor = ancestor->GetParent(); | 111 ancestor = ancestor->GetParent(); |
| 71 } | 112 } |
| 72 | 113 |
| 73 if (!external_ancestor) | 114 if (!external_ancestor) |
| 74 return content::NavigationThrottle::PROCEED; | 115 return content::NavigationThrottle::PROCEED; |
| 75 | 116 |
| 76 // Since there was at least one origin different than the navigation URL, | 117 // Since there was at least one origin different than the navigation URL, |
| 77 // explicitly check for the resource in web_accessible_resources. | 118 // explicitly check for the resource in web_accessible_resources. |
| 78 std::string resource_path = navigation_handle()->GetURL().path(); | 119 std::string resource_path = url.path(); |
| 79 ExtensionRegistry* registry = ExtensionRegistry::Get( | |
| 80 navigation_handle()->GetWebContents()->GetBrowserContext()); | |
| 81 if (!registry) | 120 if (!registry) |
| 82 return content::NavigationThrottle::BLOCK_REQUEST; | 121 return content::NavigationThrottle::BLOCK_REQUEST; |
| 83 | 122 |
| 84 const extensions::Extension* extension = | 123 const extensions::Extension* extension = |
| 85 registry->enabled_extensions().GetByID( | 124 registry->enabled_extensions().GetByID(url.host()); |
| 86 navigation_handle()->GetURL().host()); | |
| 87 if (!extension) | 125 if (!extension) |
| 88 return content::NavigationThrottle::BLOCK_REQUEST; | 126 return content::NavigationThrottle::BLOCK_REQUEST; |
| 89 | 127 |
| 90 if (WebAccessibleResourcesInfo::IsResourceWebAccessible(extension, | 128 if (WebAccessibleResourcesInfo::IsResourceWebAccessible(extension, |
| 91 resource_path)) { | 129 resource_path)) { |
| 92 return content::NavigationThrottle::PROCEED; | 130 return content::NavigationThrottle::PROCEED; |
| 93 } | 131 } |
| 94 | 132 |
| 95 return content::NavigationThrottle::BLOCK_REQUEST; | 133 return content::NavigationThrottle::BLOCK_REQUEST; |
| 96 } | 134 } |
| 97 | 135 |
| 98 } // namespace extensions | 136 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2411693003:
Move blocking of top-level navigations to nested URLs with extension origins from non-extension pro… (Closed)
