| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/api/web_request/web_request_api.h" | 5 #include "extensions/browser/api/web_request/web_request_api.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| 11 #include <utility> | 11 #include <utility> |
| 12 #include <vector> | 12 #include <vector> |
| 13 | 13 |
| 14 #include "base/bind.h" | 14 #include "base/bind.h" |
| 15 #include "base/bind_helpers.h" | 15 #include "base/bind_helpers.h" |
| 16 #include "base/json/json_writer.h" | 16 #include "base/json/json_writer.h" |
| 17 #include "base/lazy_instance.h" | 17 #include "base/lazy_instance.h" |
| 18 #include "base/macros.h" | 18 #include "base/macros.h" |
| 19 #include "base/memory/ptr_util.h" | 19 #include "base/memory/ptr_util.h" |
| 20 #include "base/metrics/histogram_macros.h" | 20 #include "base/metrics/histogram_macros.h" |
| 21 #include "base/strings/string_number_conversions.h" | 21 #include "base/strings/string_number_conversions.h" |
| 22 #include "base/strings/string_util.h" | 22 #include "base/strings/string_util.h" |
| 23 #include "base/strings/utf_string_conversions.h" | 23 #include "base/strings/utf_string_conversions.h" |
| 24 #include "base/time/time.h" | 24 #include "base/time/time.h" |
| 25 #include "base/values.h" | 25 #include "base/values.h" |
| 26 #include "chromeos/login/login_state.h" |
| 26 #include "content/public/browser/browser_thread.h" | 27 #include "content/public/browser/browser_thread.h" |
| 27 #include "content/public/browser/resource_request_info.h" | 28 #include "content/public/browser/resource_request_info.h" |
| 28 #include "content/public/browser/user_metrics.h" | 29 #include "content/public/browser/user_metrics.h" |
| 29 #include "content/public/common/browser_side_navigation_policy.h" | 30 #include "content/public/common/browser_side_navigation_policy.h" |
| 30 #include "content/public/common/child_process_host.h" | 31 #include "content/public/common/child_process_host.h" |
| 31 #include "extensions/browser/api/activity_log/web_request_constants.h" | 32 #include "extensions/browser/api/activity_log/web_request_constants.h" |
| 32 #include "extensions/browser/api/declarative/rules_registry_service.h" | 33 #include "extensions/browser/api/declarative/rules_registry_service.h" |
| 33 #include "extensions/browser/api/declarative_webrequest/request_stage.h" | 34 #include "extensions/browser/api/declarative_webrequest/request_stage.h" |
| 34 #include "extensions/browser/api/declarative_webrequest/webrequest_constants.h" | 35 #include "extensions/browser/api/declarative_webrequest/webrequest_constants.h" |
| 35 #include "extensions/browser/api/declarative_webrequest/webrequest_rules_registr
y.h" | 36 #include "extensions/browser/api/declarative_webrequest/webrequest_rules_registr
y.h" |
| (...skipping 296 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 332 // We hide events from the system context as well as sensitive requests. | 333 // We hide events from the system context as well as sensitive requests. |
| 333 bool ShouldHideEvent(void* browser_context, | 334 bool ShouldHideEvent(void* browser_context, |
| 334 const InfoMap* extension_info_map, | 335 const InfoMap* extension_info_map, |
| 335 const net::URLRequest* request, | 336 const net::URLRequest* request, |
| 336 ExtensionNavigationUIData* navigation_ui_data) { | 337 ExtensionNavigationUIData* navigation_ui_data) { |
| 337 return (!browser_context || | 338 return (!browser_context || |
| 338 WebRequestPermissions::HideRequest(extension_info_map, request, | 339 WebRequestPermissions::HideRequest(extension_info_map, request, |
| 339 navigation_ui_data)); | 340 navigation_ui_data)); |
| 340 } | 341 } |
| 341 | 342 |
| 343 // Returns true if we're in a Public Session. |
| 344 bool IsPublicSession() { |
| 345 #if defined(OS_CHROMEOS) |
| 346 if (chromeos::LoginState::IsInitialized()) { |
| 347 return chromeos::LoginState::Get()->IsPublicSessionUser(); |
| 348 } |
| 349 #endif |
| 350 return false; |
| 351 } |
| 352 |
| 342 } // namespace | 353 } // namespace |
| 343 | 354 |
| 344 WebRequestAPI::WebRequestAPI(content::BrowserContext* context) | 355 WebRequestAPI::WebRequestAPI(content::BrowserContext* context) |
| 345 : browser_context_(context) { | 356 : browser_context_(context) { |
| 346 EventRouter* event_router = EventRouter::Get(browser_context_); | 357 EventRouter* event_router = EventRouter::Get(browser_context_); |
| 347 for (size_t i = 0; i < arraysize(kWebRequestEvents); ++i) { | 358 for (size_t i = 0; i < arraysize(kWebRequestEvents); ++i) { |
| 348 // Observe the webRequest event. | 359 // Observe the webRequest event. |
| 349 std::string event_name = kWebRequestEvents[i]; | 360 std::string event_name = kWebRequestEvents[i]; |
| 350 event_router->RegisterObserver(this, event_name); | 361 event_router->RegisterObserver(this, event_name); |
| 351 | 362 |
| (...skipping 764 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1116 std::string event_name = | 1127 std::string event_name = |
| 1117 EventRouter::GetBaseEventName((*listener_ids)[0].sub_event_name); | 1128 EventRouter::GetBaseEventName((*listener_ids)[0].sub_event_name); |
| 1118 DCHECK(IsWebRequestEvent(event_name)); | 1129 DCHECK(IsWebRequestEvent(event_name)); |
| 1119 | 1130 |
| 1120 Listeners& event_listeners = listeners_[browser_context][event_name]; | 1131 Listeners& event_listeners = listeners_[browser_context][event_name]; |
| 1121 void* cross_browser_context = GetCrossBrowserContext(browser_context); | 1132 void* cross_browser_context = GetCrossBrowserContext(browser_context); |
| 1122 Listeners* cross_event_listeners = | 1133 Listeners* cross_event_listeners = |
| 1123 cross_browser_context ? &listeners_[cross_browser_context][event_name] | 1134 cross_browser_context ? &listeners_[cross_browser_context][event_name] |
| 1124 : nullptr; | 1135 : nullptr; |
| 1125 | 1136 |
| 1137 // In Public Sessions we want to restrict access to security or privacy |
| 1138 // sensitive data. Data is filtered for *all* listeners, not only extensions |
| 1139 // which are force-installed by policy. |
| 1140 if (IsPublicSession()) { |
| 1141 event_details->FilterForPublicSession(); |
| 1142 } |
| 1143 |
| 1126 for (const EventListener::ID& id : *listener_ids) { | 1144 for (const EventListener::ID& id : *listener_ids) { |
| 1127 // It's possible that the listener is no longer present. Check to make sure | 1145 // It's possible that the listener is no longer present. Check to make sure |
| 1128 // it's still there. | 1146 // it's still there. |
| 1129 const EventListener* listener = | 1147 const EventListener* listener = |
| 1130 FindEventListenerInContainer(id, event_listeners); | 1148 FindEventListenerInContainer(id, event_listeners); |
| 1131 if (!listener && cross_event_listeners) { | 1149 if (!listener && cross_event_listeners) { |
| 1132 listener = FindEventListenerInContainer(id, *cross_event_listeners); | 1150 listener = FindEventListenerInContainer(id, *cross_event_listeners); |
| 1133 } | 1151 } |
| 1134 if (!listener) | 1152 if (!listener) |
| 1135 continue; | 1153 continue; |
| (...skipping 990 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2126 APIPermission::kWebRequestBlocking)) { | 2144 APIPermission::kWebRequestBlocking)) { |
| 2127 return RespondNow(Error(keys::kBlockingPermissionRequired)); | 2145 return RespondNow(Error(keys::kBlockingPermissionRequired)); |
| 2128 } | 2146 } |
| 2129 | 2147 |
| 2130 // We allow to subscribe to patterns that are broader than the host | 2148 // We allow to subscribe to patterns that are broader than the host |
| 2131 // permissions. E.g., we could subscribe to http://www.example.com/* | 2149 // permissions. E.g., we could subscribe to http://www.example.com/* |
| 2132 // while having host permissions for http://www.example.com/foo/* and | 2150 // while having host permissions for http://www.example.com/foo/* and |
| 2133 // http://www.example.com/bar/*. | 2151 // http://www.example.com/bar/*. |
| 2134 // For this reason we do only a coarse check here to warn the extension | 2152 // For this reason we do only a coarse check here to warn the extension |
| 2135 // developer if they do something obviously wrong. | 2153 // developer if they do something obviously wrong. |
| 2136 if (extension->permissions_data() | 2154 // When we are in a Public Session, allow all URLs for webRequests initiated |
| 2155 // by a regular extension. |
| 2156 if (!(IsPublicSession() && extension->is_extension()) && |
| 2157 extension->permissions_data() |
| 2137 ->GetEffectiveHostPermissions() | 2158 ->GetEffectiveHostPermissions() |
| 2138 .is_empty() && | 2159 .is_empty() && |
| 2139 extension->permissions_data() | 2160 extension->permissions_data() |
| 2140 ->withheld_permissions() | 2161 ->withheld_permissions() |
| 2141 .explicit_hosts() | 2162 .explicit_hosts() |
| 2142 .is_empty()) { | 2163 .is_empty()) { |
| 2143 return RespondNow(Error(keys::kHostPermissionsRequired)); | 2164 return RespondNow(Error(keys::kHostPermissionsRequired)); |
| 2144 } | 2165 } |
| 2145 } | 2166 } |
| 2146 | 2167 |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2190 base::DictionaryValue* value = NULL; | 2211 base::DictionaryValue* value = NULL; |
| 2191 EXTENSION_FUNCTION_VALIDATE(args_->GetDictionary(3, &value)); | 2212 EXTENSION_FUNCTION_VALIDATE(args_->GetDictionary(3, &value)); |
| 2192 | 2213 |
| 2193 if (!value->empty()) { | 2214 if (!value->empty()) { |
| 2194 base::Time install_time = | 2215 base::Time install_time = |
| 2195 extension_info_map()->GetInstallTime(extension_id_safe()); | 2216 extension_info_map()->GetInstallTime(extension_id_safe()); |
| 2196 response.reset(new ExtensionWebRequestEventRouter::EventResponse( | 2217 response.reset(new ExtensionWebRequestEventRouter::EventResponse( |
| 2197 extension_id_safe(), install_time)); | 2218 extension_id_safe(), install_time)); |
| 2198 } | 2219 } |
| 2199 | 2220 |
| 2221 // In Public Session we only want to allow "cancel". |
| 2222 if (IsPublicSession() && |
| 2223 (value->HasKey("redirectUrl") || |
| 2224 value->HasKey(keys::kAuthCredentialsKey) || |
| 2225 value->HasKey("requestHeaders") || |
| 2226 value->HasKey("responseHeaders"))) { |
| 2227 OnError(event_name, sub_event_name, request_id, std::move(response)); |
| 2228 return RespondNow(Error(keys::kInvalidPublicSessionBlockingResponse)); |
| 2229 } |
| 2230 |
| 2200 if (value->HasKey("cancel")) { | 2231 if (value->HasKey("cancel")) { |
| 2201 // Don't allow cancel mixed with other keys. | 2232 // Don't allow cancel mixed with other keys. |
| 2202 if (value->size() != 1) { | 2233 if (value->size() != 1) { |
| 2203 OnError(event_name, sub_event_name, request_id, std::move(response)); | 2234 OnError(event_name, sub_event_name, request_id, std::move(response)); |
| 2204 return RespondNow(Error(keys::kInvalidBlockingResponse)); | 2235 return RespondNow(Error(keys::kInvalidBlockingResponse)); |
| 2205 } | 2236 } |
| 2206 | 2237 |
| 2207 bool cancel = false; | 2238 bool cancel = false; |
| 2208 EXTENSION_FUNCTION_VALIDATE(value->GetBoolean("cancel", &cancel)); | 2239 EXTENSION_FUNCTION_VALIDATE(value->GetBoolean("cancel", &cancel)); |
| 2209 response->cancel = cancel; | 2240 response->cancel = cancel; |
| (...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2359 // Since EventListeners are segmented by browser_context, check that | 2390 // Since EventListeners are segmented by browser_context, check that |
| 2360 // last, as it is exceedingly unlikely to be different. | 2391 // last, as it is exceedingly unlikely to be different. |
| 2361 return extension_id == that.extension_id && | 2392 return extension_id == that.extension_id && |
| 2362 sub_event_name == that.sub_event_name && | 2393 sub_event_name == that.sub_event_name && |
| 2363 web_view_instance_id == that.web_view_instance_id && | 2394 web_view_instance_id == that.web_view_instance_id && |
| 2364 embedder_process_id == that.embedder_process_id && | 2395 embedder_process_id == that.embedder_process_id && |
| 2365 browser_context == that.browser_context; | 2396 browser_context == that.browser_context; |
| 2366 } | 2397 } |
| 2367 | 2398 |
| 2368 } // namespace extensions | 2399 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2455393002:
PS - Adjusting webRequest API for use in Public Sessions (Closed)
