OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/extensions/chrome_content_browser_client_extensions_par t.h" | 5 #include "chrome/browser/extensions/chrome_content_browser_client_extensions_par t.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include <set> | 9 #include <set> |
10 | 10 |
11 #include "base/command_line.h" | 11 #include "base/command_line.h" |
12 #include "base/debug/alias.h" | |
13 #include "base/debug/dump_without_crashing.h" | |
12 #include "chrome/browser/browser_process.h" | 14 #include "chrome/browser/browser_process.h" |
13 #include "chrome/browser/extensions/extension_service.h" | 15 #include "chrome/browser/extensions/extension_service.h" |
14 #include "chrome/browser/extensions/extension_web_ui.h" | 16 #include "chrome/browser/extensions/extension_web_ui.h" |
15 #include "chrome/browser/extensions/extension_webkit_preferences.h" | 17 #include "chrome/browser/extensions/extension_webkit_preferences.h" |
16 #include "chrome/browser/media_galleries/fileapi/media_file_system_backend.h" | 18 #include "chrome/browser/media_galleries/fileapi/media_file_system_backend.h" |
17 #include "chrome/browser/profiles/profile.h" | 19 #include "chrome/browser/profiles/profile.h" |
18 #include "chrome/browser/profiles/profile_io_data.h" | 20 #include "chrome/browser/profiles/profile_io_data.h" |
19 #include "chrome/browser/profiles/profile_manager.h" | 21 #include "chrome/browser/profiles/profile_manager.h" |
20 #include "chrome/browser/renderer_host/chrome_extension_message_filter.h" | 22 #include "chrome/browser/renderer_host/chrome_extension_message_filter.h" |
21 #include "chrome/browser/sync_file_system/local/sync_file_system_backend.h" | 23 #include "chrome/browser/sync_file_system/local/sync_file_system_backend.h" |
(...skipping 467 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
489 const Extension* extension = | 491 const Extension* extension = |
490 extension_info_map->extensions().GetExtensionOrAppByURL(first_party_url); | 492 extension_info_map->extensions().GetExtensionOrAppByURL(first_party_url); |
491 // Don't allow a service worker for an extension url with no extension (this | 493 // Don't allow a service worker for an extension url with no extension (this |
492 // could happen in the case of, e.g., an unloaded extension). | 494 // could happen in the case of, e.g., an unloaded extension). |
493 return extension != nullptr; | 495 return extension != nullptr; |
494 } | 496 } |
495 | 497 |
496 // static | 498 // static |
497 bool ChromeContentBrowserClientExtensionsPart::ShouldAllowOpenURL( | 499 bool ChromeContentBrowserClientExtensionsPart::ShouldAllowOpenURL( |
498 content::SiteInstance* site_instance, | 500 content::SiteInstance* site_instance, |
499 const GURL& from_url, | |
500 const GURL& to_url, | 501 const GURL& to_url, |
501 bool* result) { | 502 bool* result) { |
502 DCHECK(result); | 503 DCHECK(result); |
503 | 504 |
505 url::Origin to_origin(to_url); | |
506 if (to_origin.scheme() != kExtensionScheme) { | |
507 // We're not responsible for protecting this resource. | |
508 return false; | |
509 } | |
510 | |
504 // Do not allow pages from the web or other extensions navigate to | 511 // Do not allow pages from the web or other extensions navigate to |
505 // non-web-accessible extension resources. | 512 // non-web-accessible extension resources. |
506 if (to_url.SchemeIs(kExtensionScheme) && | |
507 (from_url.SchemeIsHTTPOrHTTPS() || from_url.SchemeIs(kExtensionScheme))) { | |
alexmos
2016/10/28 00:29:41
Lifting the (bogus) scheme restriction on from_url
| |
508 Profile* profile = Profile::FromBrowserContext( | |
509 site_instance->GetProcess()->GetBrowserContext()); | |
510 ExtensionRegistry* registry = ExtensionRegistry::Get(profile); | |
511 if (!registry) { | |
512 *result = true; | |
513 return true; | |
514 } | |
515 const Extension* extension = | |
516 registry->enabled_extensions().GetExtensionOrAppByURL(to_url); | |
517 if (!extension) { | |
518 *result = true; | |
519 return true; | |
520 } | |
521 const Extension* from_extension = | |
522 registry->enabled_extensions().GetExtensionOrAppByURL( | |
523 site_instance->GetSiteURL()); | |
524 if (from_extension && from_extension->id() == extension->id()) { | |
525 *result = true; | |
526 return true; | |
527 } | |
528 | 513 |
529 if (!WebAccessibleResourcesInfo::IsResourceWebAccessible( | 514 Profile* profile = Profile::FromBrowserContext( |
530 extension, to_url.path())) { | 515 site_instance->GetProcess()->GetBrowserContext()); |
531 *result = false; | 516 ExtensionRegistry* registry = ExtensionRegistry::Get(profile); |
532 return true; | 517 if (!registry) { |
533 } | 518 *result = true; |
519 return true; | |
534 } | 520 } |
535 return false; | 521 |
522 const Extension* extension = | |
523 registry->enabled_extensions().GetByID(to_origin.host()); | |
524 if (!extension) { | |
525 *result = true; | |
526 return true; | |
527 } | |
528 | |
529 GURL site_url(site_instance->GetSiteURL()); | |
530 const Extension* from_extension = | |
531 registry->enabled_extensions().GetExtensionOrAppByURL(site_url); | |
532 if (from_extension && from_extension->id() == extension->id()) { | |
533 *result = true; | |
534 return true; | |
535 } | |
536 | |
537 // Blob and filesystem URLs are never considered web-accessible. See | |
538 // https://crbug.com/656752. | |
539 if (to_url.SchemeIsFileSystem() || to_url.SchemeIsBlob()) { | |
540 // TODO(alexmos): Temporary instrumentation to find any regressions for | |
541 // this blocking. Remove after verifying that this is not breaking any | |
542 // legitimate use cases. | |
543 char site_url_copy[256]; | |
544 base::strlcpy(site_url_copy, site_url.spec().c_str(), | |
545 arraysize(site_url_copy)); | |
546 base::debug::Alias(&site_url_copy); | |
547 char to_origin_copy[256]; | |
548 base::strlcpy(to_origin_copy, to_origin.Serialize().c_str(), | |
549 arraysize(to_origin_copy)); | |
550 base::debug::Alias(&to_origin_copy); | |
551 base::debug::DumpWithoutCrashing(); | |
552 | |
553 *result = false; | |
554 return true; | |
555 } | |
556 | |
557 if (WebAccessibleResourcesInfo::IsResourceWebAccessible(extension, | |
558 to_url.path())) { | |
559 *result = true; | |
560 return true; | |
561 } | |
562 | |
563 if (!site_url.SchemeIsHTTPOrHTTPS() && !site_url.SchemeIs(kExtensionScheme)) { | |
564 // TODO(alexmos): Previous version of this function skipped the | |
565 // web-accessible resource checks in this case. Collect data to catch | |
566 // any regressions, and then remove this. | |
567 char site_url_copy[256]; | |
568 base::strlcpy(site_url_copy, site_url.spec().c_str(), | |
569 arraysize(site_url_copy)); | |
570 base::debug::Alias(&site_url_copy); | |
571 char to_origin_copy[256]; | |
572 base::strlcpy(to_origin_copy, to_origin.Serialize().c_str(), | |
573 arraysize(to_origin_copy)); | |
574 base::debug::Alias(&to_origin_copy); | |
575 base::debug::DumpWithoutCrashing(); | |
alexmos
2016/10/28 00:29:41
Should we also collect UMA stats for some of these
ncarter (slow)
2016/10/28 21:45:03
Let's add UMA metrics too, since they will be merg
alexmos
2016/10/31 23:34:47
Metrics added, PTAL.
| |
576 } | |
577 | |
578 *result = false; | |
579 return true; | |
536 } | 580 } |
537 | 581 |
538 // static | 582 // static |
539 std::unique_ptr<content::VpnServiceProxy> | 583 std::unique_ptr<content::VpnServiceProxy> |
540 ChromeContentBrowserClientExtensionsPart::GetVpnServiceProxy( | 584 ChromeContentBrowserClientExtensionsPart::GetVpnServiceProxy( |
541 content::BrowserContext* browser_context) { | 585 content::BrowserContext* browser_context) { |
542 #if defined(OS_CHROMEOS) | 586 #if defined(OS_CHROMEOS) |
543 chromeos::VpnService* vpn_service = | 587 chromeos::VpnService* vpn_service = |
544 chromeos::VpnServiceFactory::GetForBrowserContext(browser_context); | 588 chromeos::VpnServiceFactory::GetForBrowserContext(browser_context); |
545 if (!vpn_service) | 589 if (!vpn_service) |
(...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
687 command_line->AppendSwitch(switches::kExtensionProcess); | 731 command_line->AppendSwitch(switches::kExtensionProcess); |
688 } | 732 } |
689 } | 733 } |
690 | 734 |
691 void ChromeContentBrowserClientExtensionsPart::ResourceDispatcherHostCreated() { | 735 void ChromeContentBrowserClientExtensionsPart::ResourceDispatcherHostCreated() { |
692 content::ResourceDispatcherHost::Get()->RegisterInterceptor( | 736 content::ResourceDispatcherHost::Get()->RegisterInterceptor( |
693 "Origin", kExtensionScheme, base::Bind(&OnHttpHeaderReceived)); | 737 "Origin", kExtensionScheme, base::Bind(&OnHttpHeaderReceived)); |
694 } | 738 } |
695 | 739 |
696 } // namespace extensions | 740 } // namespace extensions |
OLD | NEW |