| Index: chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc
|
| diff --git a/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc b/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc
|
| index 315fe0fd68b3d7c6628f1d74f625d7c68b820939..728147c04dc9019959591529c1ae7525ddea374f 100644
|
| --- a/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc
|
| +++ b/chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc
|
| @@ -9,6 +9,7 @@
|
| #include <set>
|
|
|
| #include "base/command_line.h"
|
| +#include "base/metrics/histogram_macros.h"
|
| #include "chrome/browser/browser_process.h"
|
| #include "chrome/browser/extensions/extension_service.h"
|
| #include "chrome/browser/extensions/extension_web_ui.h"
|
| @@ -22,6 +23,7 @@
|
| #include "chrome/common/chrome_constants.h"
|
| #include "chrome/common/chrome_switches.h"
|
| #include "chrome/common/extensions/extension_process_policy.h"
|
| +#include "chrome/common/url_constants.h"
|
| #include "components/guest_view/browser/guest_view_message_filter.h"
|
| #include "content/public/browser/browser_thread.h"
|
| #include "content/public/browser/browser_url_handler.h"
|
| @@ -32,6 +34,7 @@
|
| #include "content/public/browser/vpn_service_proxy.h"
|
| #include "content/public/browser/web_contents.h"
|
| #include "content/public/common/content_switches.h"
|
| +#include "content/public/common/url_constants.h"
|
| #include "extensions/browser/api/web_request/web_request_api.h"
|
| #include "extensions/browser/api/web_request/web_request_api_helpers.h"
|
| #include "extensions/browser/bad_message.h"
|
| @@ -82,6 +85,20 @@ enum RenderProcessHostPrivilege {
|
| PRIV_EXTENSION,
|
| };
|
|
|
| +// Specifies reasons why web-accessible resource checks in ShouldAllowOpenURL
|
| +// might fail.
|
| +//
|
| +// This enum backs an UMA histogram. The order of existing values
|
| +// should not be changed, and new values should only be added before
|
| +// FAILURE_LAST.
|
| +enum ShouldAllowOpenURLFailureReason {
|
| + FAILURE_FILE_SYSTEM_URL = 0,
|
| + FAILURE_BLOB_URL,
|
| + FAILURE_SCHEME_NOT_HTTP_OR_HTTPS_OR_EXTENSION,
|
| + FAILURE_RESOURCE_NOT_WEB_ACCESSIBLE,
|
| + FAILURE_LAST,
|
| +};
|
| +
|
| RenderProcessHostPrivilege GetPrivilegeRequiredByUrl(
|
| const GURL& url,
|
| ExtensionRegistry* registry) {
|
| @@ -196,6 +213,11 @@ void OnHttpHeaderReceived(const std::string& header,
|
| }
|
| }
|
|
|
| +void RecordShowAllowOpenURLFailure(ShouldAllowOpenURLFailureReason reason) {
|
| + UMA_HISTOGRAM_ENUMERATION("Extensions.ShouldAllowOpenURL.Failure", reason,
|
| + FAILURE_LAST);
|
| +}
|
| +
|
| } // namespace
|
|
|
| ChromeContentBrowserClientExtensionsPart::
|
| @@ -496,43 +518,82 @@ bool ChromeContentBrowserClientExtensionsPart::AllowServiceWorker(
|
| // static
|
| bool ChromeContentBrowserClientExtensionsPart::ShouldAllowOpenURL(
|
| content::SiteInstance* site_instance,
|
| - const GURL& from_url,
|
| const GURL& to_url,
|
| bool* result) {
|
| DCHECK(result);
|
|
|
| + // Using url::Origin is important to properly handle blob: and filesystem:
|
| + // URLs.
|
| + url::Origin to_origin(to_url);
|
| + if (to_origin.scheme() != kExtensionScheme) {
|
| + // We're not responsible for protecting this resource. Note that hosted
|
| + // apps fall into this category.
|
| + return false;
|
| + }
|
| +
|
| // Do not allow pages from the web or other extensions navigate to
|
| // non-web-accessible extension resources.
|
| - if (to_url.SchemeIs(kExtensionScheme) &&
|
| - (from_url.SchemeIsHTTPOrHTTPS() || from_url.SchemeIs(kExtensionScheme))) {
|
| - Profile* profile = Profile::FromBrowserContext(
|
| - site_instance->GetProcess()->GetBrowserContext());
|
| - ExtensionRegistry* registry = ExtensionRegistry::Get(profile);
|
| - if (!registry) {
|
| - *result = true;
|
| - return true;
|
| - }
|
| - const Extension* extension =
|
| - registry->enabled_extensions().GetExtensionOrAppByURL(to_url);
|
| - if (!extension) {
|
| - *result = true;
|
| - return true;
|
| - }
|
| - const Extension* from_extension =
|
| - registry->enabled_extensions().GetExtensionOrAppByURL(
|
| - site_instance->GetSiteURL());
|
| - if (from_extension && from_extension->id() == extension->id()) {
|
| - *result = true;
|
| - return true;
|
| - }
|
|
|
| - if (!WebAccessibleResourcesInfo::IsResourceWebAccessible(
|
| - extension, to_url.path())) {
|
| - *result = false;
|
| - return true;
|
| - }
|
| + ExtensionRegistry* registry =
|
| + ExtensionRegistry::Get(site_instance->GetBrowserContext());
|
| + const Extension* to_extension =
|
| + registry->enabled_extensions().GetByID(to_origin.host());
|
| + if (!to_extension) {
|
| + *result = true;
|
| + return true;
|
| }
|
| - return false;
|
| +
|
| + GURL site_url(site_instance->GetSiteURL());
|
| + const Extension* from_extension =
|
| + registry->enabled_extensions().GetExtensionOrAppByURL(site_url);
|
| + if (from_extension && from_extension == to_extension) {
|
| + *result = true;
|
| + return true;
|
| + }
|
| +
|
| + // Blob and filesystem URLs are never considered web-accessible. See
|
| + // https://crbug.com/656752.
|
| + if (to_url.SchemeIsFileSystem() || to_url.SchemeIsBlob()) {
|
| + if (to_url.SchemeIsFileSystem())
|
| + RecordShowAllowOpenURLFailure(FAILURE_FILE_SYSTEM_URL);
|
| + else
|
| + RecordShowAllowOpenURLFailure(FAILURE_BLOB_URL);
|
| +
|
| + *result = false;
|
| + return true;
|
| + }
|
| +
|
| + // Navigations from chrome:// or chrome-search:// pages need to be allowed,
|
| + // even if |to_url| is not web-accessible. See https://crbug.com/662602.
|
| + //
|
| + // Note that this is intentionally done after the check for blob: and
|
| + // filesystem: URLs above, for consistency with the renderer-side checks
|
| + // which already disallow navigations from chrome URLs to blob/filesystem
|
| + // URLs.
|
| + if (site_url.SchemeIs(content::kChromeUIScheme) ||
|
| + site_url.SchemeIs(chrome::kChromeSearchScheme)) {
|
| + *result = true;
|
| + return true;
|
| + }
|
| +
|
| + if (WebAccessibleResourcesInfo::IsResourceWebAccessible(to_extension,
|
| + to_url.path())) {
|
| + *result = true;
|
| + return true;
|
| + }
|
| +
|
| + if (!site_url.SchemeIsHTTPOrHTTPS() && !site_url.SchemeIs(kExtensionScheme)) {
|
| + // Previous version of this function skipped the web-accessible
|
| + // resource checks in this case. Collect data to see how often this
|
| + // happened.
|
| + RecordShowAllowOpenURLFailure(
|
| + FAILURE_SCHEME_NOT_HTTP_OR_HTTPS_OR_EXTENSION);
|
| + } else {
|
| + RecordShowAllowOpenURLFailure(FAILURE_RESOURCE_NOT_WEB_ACCESSIBLE);
|
| + }
|
| +
|
| + *result = false;
|
| + return true;
|
| }
|
|
|
| // static
|
|
|
Chromium Code Reviews
Issue 2506503003:
Fix web accessible resource checks in ShouldAllowOpenURL for M55 (Closed)
