Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(170)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/renderer/extensions/resource_request_policy.cc

Issue 2481923002: [WIP] make GURL::path() return a StringPiece (Closed)
Patch Set: thanks asan Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/renderer/chrome_content_renderer_client.cc ('k') | chrome/renderer/extensions/webstore_bindings.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/renderer/extensions/resource_request_policy.h" 5 #include "chrome/renderer/extensions/resource_request_policy.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/strings/stringprintf.h" 8 #include "base/strings/stringprintf.h"
9 #include "chrome/common/extensions/chrome_manifest_url_handlers.h" 9 #include "chrome/common/extensions/chrome_manifest_url_handlers.h"
10 #include "chrome/common/url_constants.h" 10 #include "chrome/common/url_constants.h"
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
49 // 404 from the browser process. 49 // 404 from the browser process.
50 return true; 50 return true;
51 } 51 }
52 52
53 // Disallow loading of packaged resources for hosted apps. We don't allow 53 // Disallow loading of packaged resources for hosted apps. We don't allow
54 // hybrid hosted/packaged apps. The one exception is access to icons, since 54 // hybrid hosted/packaged apps. The one exception is access to icons, since
55 // some extensions want to be able to do things like create their own 55 // some extensions want to be able to do things like create their own
56 // launchers. 56 // launchers.
57 std::string resource_root_relative_path = 57 std::string resource_root_relative_path =
58 resource_url.path().empty() ? std::string() 58 resource_url.path().empty() ? std::string()
59 : resource_url.path().substr(1); 59 : resource_url.path().substr(1).as_string();
60 if (extension->is_hosted_app() && 60 if (extension->is_hosted_app() &&
61 !IconsInfo::GetIcons(extension) 61 !IconsInfo::GetIcons(extension)
62 .ContainsPath(resource_root_relative_path)) { 62 .ContainsPath(resource_root_relative_path)) {
63 LOG(ERROR) << "Denying load of " << resource_url.spec() << " from " 63 LOG(ERROR) << "Denying load of " << resource_url.spec() << " from "
64 << "hosted app."; 64 << "hosted app.";
65 return false; 65 return false;
66 } 66 }
67 67
68 // Disallow loading of extension resources which are not explicitly listed 68 // Disallow loading of extension resources which are not explicitly listed
69 // as web or WebView accessible if the manifest version is 2 or greater. 69 // as web or WebView accessible if the manifest version is 2 or greater.
70 if (!WebAccessibleResourcesInfo::IsResourceWebAccessible( 70 if (!WebAccessibleResourcesInfo::IsResourceWebAccessible(
71 extension, resource_url.path()) && 71 extension, resource_url.path().as_string()) &&
72 !WebviewInfo::IsResourceWebviewAccessible( 72 !WebviewInfo::IsResourceWebviewAccessible(
73 extension, dispatcher_->webview_partition_id(), 73 extension, dispatcher_->webview_partition_id(),
74 resource_url.path())) { 74 resource_url.path().as_string())) {
75 GURL frame_url = frame->document().url(); 75 GURL frame_url = frame->document().url();
76 76
77 // The page_origin may be GURL("null") for unique origins like data URLs, 77 // The page_origin may be GURL("null") for unique origins like data URLs,
78 // but this is ok for the checks below. We only care if it matches the 78 // but this is ok for the checks below. We only care if it matches the
79 // current extension or has a devtools scheme. 79 // current extension or has a devtools scheme.
80 GURL page_origin = url::Origin(frame->top()->getSecurityOrigin()).GetURL(); 80 GURL page_origin = url::Origin(frame->top()->getSecurityOrigin()).GetURL();
81 81
82 // Exceptions are: 82 // Exceptions are:
83 // - empty origin (needed for some edge cases when we have empty origins) 83 // - empty origin (needed for some edge cases when we have empty origins)
84 bool is_empty_origin = frame_url.is_empty(); 84 bool is_empty_origin = frame_url.is_empty();
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
128 frame->addMessageToConsole( 128 frame->addMessageToConsole(
129 blink::WebConsoleMessage(blink::WebConsoleMessage::LevelError, 129 blink::WebConsoleMessage(blink::WebConsoleMessage::LevelError,
130 blink::WebString::fromUTF8(message))); 130 blink::WebString::fromUTF8(message)));
131 return false; 131 return false;
132 } 132 }
133 133
134 return true; 134 return true;
135 } 135 }
136 136
137 } // namespace extensions 137 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/renderer/chrome_content_renderer_client.cc ('k') | chrome/renderer/extensions/webstore_bindings.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698