| Index: extensions/browser/api/web_request/web_request_api.cc
|
| diff --git a/extensions/browser/api/web_request/web_request_api.cc b/extensions/browser/api/web_request/web_request_api.cc
|
| index 8071003b9d416aff4a365fbc3b53ddbd6a3a5e63..8f2d6fdbdb1d0f1ad3e7130a50e2485d28bf4c39 100644
|
| --- a/extensions/browser/api/web_request/web_request_api.cc
|
| +++ b/extensions/browser/api/web_request/web_request_api.cc
|
| @@ -23,6 +23,7 @@
|
| #include "base/strings/utf_string_conversions.h"
|
| #include "base/time/time.h"
|
| #include "base/values.h"
|
| +#include "chromeos/login/login_state.h"
|
| #include "content/public/browser/browser_thread.h"
|
| #include "content/public/browser/resource_request_info.h"
|
| #include "content/public/browser/user_metrics.h"
|
| @@ -339,6 +340,16 @@ bool ShouldHideEvent(void* browser_context,
|
| navigation_ui_data));
|
| }
|
|
|
| +// Returns true if we're in a Public Session.
|
| +bool IsPublicSession() {
|
| +#if defined(OS_CHROMEOS)
|
| + if (chromeos::LoginState::IsInitialized()) {
|
| + return chromeos::LoginState::Get()->IsPublicSessionUser();
|
| + }
|
| +#endif
|
| + return false;
|
| +}
|
| +
|
| } // namespace
|
|
|
| WebRequestAPI::WebRequestAPI(content::BrowserContext* context)
|
| @@ -1123,6 +1134,13 @@ void ExtensionWebRequestEventRouter::DispatchEventToListeners(
|
| cross_browser_context ? &listeners_[cross_browser_context][event_name]
|
| : nullptr;
|
|
|
| + // In Public Sessions we want to restrict access to security or privacy
|
| + // sensitive data. Data is filtered for *all* listeners, not only extensions
|
| + // which are force-installed by policy.
|
| + if (IsPublicSession()) {
|
| + event_details->FilterForPublicSession();
|
| + }
|
| +
|
| for (const EventListener::ID& id : *listener_ids) {
|
| // It's possible that the listener is no longer present. Check to make sure
|
| // it's still there.
|
| @@ -2133,7 +2151,10 @@ WebRequestInternalAddEventListenerFunction::Run() {
|
| // http://www.example.com/bar/*.
|
| // For this reason we do only a coarse check here to warn the extension
|
| // developer if they do something obviously wrong.
|
| - if (extension->permissions_data()
|
| + // When we are in a Public Session, allow all URLs for webRequests initiated
|
| + // by a regular extension.
|
| + if (!(IsPublicSession() && extension->is_extension()) &&
|
| + extension->permissions_data()
|
| ->GetEffectiveHostPermissions()
|
| .is_empty() &&
|
| extension->permissions_data()
|
| @@ -2197,6 +2218,16 @@ WebRequestInternalEventHandledFunction::Run() {
|
| extension_id_safe(), install_time));
|
| }
|
|
|
| + // In Public Session we only want to allow "cancel".
|
| + if (IsPublicSession() &&
|
| + (value->HasKey("redirectUrl") ||
|
| + value->HasKey(keys::kAuthCredentialsKey) ||
|
| + value->HasKey("requestHeaders") ||
|
| + value->HasKey("responseHeaders"))) {
|
| + OnError(event_name, sub_event_name, request_id, std::move(response));
|
| + return RespondNow(Error(keys::kInvalidPublicSessionBlockingResponse));
|
| + }
|
| +
|
| if (value->HasKey("cancel")) {
|
| // Don't allow cancel mixed with other keys.
|
| if (value->size() != 1) {
|
|
|
Chromium Code Reviews
Issue 2455393002:
PS - Adjusting webRequest API for use in Public Sessions (Closed)
