Allow navigations to non-web-accessible resources from chrome schemes.

chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/chrome_content_browser_client_extensions_part.h"
 
 #include <stddef.h>
 
 #include <set>
 
 #include "base/command_line.h"
 #include "base/debug/alias.h"
 #include "base/debug/dump_without_crashing.h"
 #include "base/metrics/histogram_macros.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/extension_web_ui.h"
 #include "chrome/browser/extensions/extension_webkit_preferences.h"
 #include "chrome/browser/media_galleries/fileapi/media_file_system_backend.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_io_data.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/renderer_host/chrome_extension_message_filter.h"
 #include "chrome/browser/sync_file_system/local/sync_file_system_backend.h"
 #include "chrome/common/chrome_constants.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/extensions/extension_process_policy.h"
+#include "chrome/common/url_constants.h"
 #include "components/guest_view/browser/guest_view_message_filter.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/browser_url_handler.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/resource_dispatcher_host.h"
 #include "content/public/browser/site_instance.h"
 #include "content/public/browser/storage_partition.h"
 #include "content/public/browser/vpn_service_proxy.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/content_switches.h"
+#include "content/public/common/url_constants.h"
 #include "extensions/browser/api/web_request/web_request_api.h"
 #include "extensions/browser/api/web_request/web_request_api_helpers.h"
 #include "extensions/browser/bad_message.h"
 #include "extensions/browser/extension_host.h"
 #include "extensions/browser/extension_message_filter.h"
 #include "extensions/browser/extension_registry.h"
 #include "extensions/browser/extension_service_worker_message_filter.h"
 #include "extensions/browser/extension_system.h"
 #include "extensions/browser/guest_view/extensions_guest_view_message_filter.h"
 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h"
@@ skipping 465 matching lines @@
   // could happen in the case of, e.g., an unloaded extension).
   return extension != nullptr;
 }
 
 // static
 bool ChromeContentBrowserClientExtensionsPart::ShouldAllowOpenURL(
     content::SiteInstance* site_instance,
     const GURL& to_url,
     bool* result) {
   DCHECK(result);
-
   // Using url::Origin is important to properly handle blob: and filesystem:
   // URLs.
   url::Origin to_origin(to_url);
   if (to_origin.scheme() != kExtensionScheme) {
     // We're not responsible for protecting this resource.  Note that hosted
     // apps fall into this category.
     return false;
   }
 
+  // Navigations from chrome:// or chrome-search:// pages need to be allowed,
+  // even if |to_url| is not web-accessible.  See https://crbug.com/662602.
+  GURL site_url(site_instance->GetSiteURL());
+  if (site_url.SchemeIs(content::kChromeUIScheme) ||
+      site_url.SchemeIs(chrome::kChromeSearchScheme)) {

[ncarter (slow), 2016/11/09 18:44:21]

Are we sure we want to allow this for extension blob/filesystem targets too? Or
can we limit this to "&& to_url.SchemeIs(kExtensionScheme)" ?

I don't have a particular case in mind, other than minimizing privileges.

[alexmos, 2016/11/09 22:20:31]

Done, given the observation that Blink already blocks this.  Instead of adding
the scheme check, I just moved this down to happen after the nested URL check
(and added a comment).  Can you check if that makes sense?

+    *result = true;
+    return true;
+  }
+
   // Do not allow pages from the web or other extensions navigate to
   // non-web-accessible extension resources.
 
   ExtensionRegistry* registry =
       ExtensionRegistry::Get(site_instance->GetBrowserContext());
   const Extension* to_extension =
       registry->enabled_extensions().GetByID(to_origin.host());
   if (!to_extension) {
     *result = true;
     return true;
   }
 
-  GURL site_url(site_instance->GetSiteURL());
   const Extension* from_extension =
       registry->enabled_extensions().GetExtensionOrAppByURL(site_url);
   if (from_extension && from_extension == to_extension) {
     *result = true;
     return true;
   }
 
   // Blob and filesystem URLs are never considered web-accessible.  See
   // https://crbug.com/656752.
   if (to_url.SchemeIsFileSystem() || to_url.SchemeIsBlob()) {
@@ skipping 200 matching lines @@
     command_line->AppendSwitch(switches::kExtensionProcess);
   }
 }
 
 void ChromeContentBrowserClientExtensionsPart::ResourceDispatcherHostCreated() {
   content::ResourceDispatcherHost::Get()->RegisterInterceptor(
       "Origin", kExtensionScheme, base::Bind(&OnHttpHeaderReceived));
 }
 
 }  // namespace extensions