Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/browser/api/web_request/web_request_permissions.cc

Issue 2455393002: PS - Adjusting webRequest API for use in Public Sessions (Closed)
Patch Set: webRequest and webRequestBlocking are safe permissions now Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « extensions/browser/api/web_request/web_request_permissions.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/browser/api/web_request/web_request_permissions.cc
diff --git a/extensions/browser/api/web_request/web_request_permissions.cc b/extensions/browser/api/web_request/web_request_permissions.cc
index b98ab2b88ae97c68d8cffd9a608400d0d6fc0231..11e8c9d1054ae421e7a14d0b209c8610959e574f 100644
--- a/extensions/browser/api/web_request/web_request_permissions.cc
+++ b/extensions/browser/api/web_request/web_request_permissions.cc
@@ -7,6 +7,7 @@
#include "base/strings/string_piece.h"
#include "base/strings/string_util.h"
#include "base/strings/stringprintf.h"
+#include "chromeos/login/login_state.h"
#include "content/public/browser/resource_request_info.h"
#include "extensions/browser/extension_navigation_ui_data.h"
#include "extensions/browser/guest_view/web_view/web_view_renderer_state.h"
@@ -35,6 +36,8 @@ bool HasWebRequestScheme(const GURL& url) {
url.SchemeIs(extensions::kExtensionScheme));
}
+bool g_allow_all_extension_locations_in_public_session = false;
+
} // namespace
// Returns true if the URL is sensitive and requests to this URL must not be
@@ -105,6 +108,12 @@ bool WebRequestPermissions::HideRequest(
}
// static
+void WebRequestPermissions::
+ AllowAllExtensionLocationsInPublicSessionForTesting(bool value) {
+ g_allow_all_extension_locations_in_public_session = value;
+}
+
+// static
PermissionsData::AccessType WebRequestPermissions::CanExtensionAccessURL(
const extensions::InfoMap* extension_info_map,
const std::string& extension_id,
@@ -121,6 +130,21 @@ PermissionsData::AccessType WebRequestPermissions::CanExtensionAccessURL(
if (!extension)
return PermissionsData::ACCESS_DENIED;
+ // When we are in a Public Session, allow all URLs for webRequests initiated
+ // by a regular extension (but don't allow chrome:// URLs).
+#if defined(OS_CHROMEOS)
+ if (chromeos::LoginState::IsInitialized() &&
+ chromeos::LoginState::Get()->IsPublicSessionUser() &&
+ extension->is_extension() &&
+ !url.SchemeIs("chrome")) {
+ // Make sure that the extension is truly installed by policy (the assumption
+ // in Public Session is that all extensions are installed by policy).
+ CHECK(g_allow_all_extension_locations_in_public_session ||
+ extensions::Manifest::IsPolicyLocation(extension->location()));
+ return PermissionsData::ACCESS_ALLOWED;
+ }
+#endif
+
// Check if this event crosses incognito boundaries when it shouldn't.
if (crosses_incognito && !extension_info_map->CanCrossIncognito(extension))
return PermissionsData::ACCESS_DENIED;
« no previous file with comments | « extensions/browser/api/web_request/web_request_permissions.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698