Chromium Code Reviews Chromium Code Reviews
Issue 2563843002:
Restrict app sandbox's CSP to disallow loading web content in them. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/chrome_content_browser_client_extensions_par t.h" | 5 #include "chrome/browser/extensions/chrome_content_browser_client_extensions_par t.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <set> | 9 #include <set> |
| 10 | 10 |
| (...skipping 287 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 298 if (IsIsolateExtensionsEnabled()) { | 298 if (IsIsolateExtensionsEnabled()) { |
| 299 const Extension* extension = | 299 const Extension* extension = |
| 300 ExtensionRegistry::Get(browser_context) | 300 ExtensionRegistry::Get(browser_context) |
| 301 ->enabled_extensions() | 301 ->enabled_extensions() |
| 302 .GetExtensionOrAppByURL(effective_site_url); | 302 .GetExtensionOrAppByURL(effective_site_url); |
| 303 if (extension) { | 303 if (extension) { |
| 304 // Always isolate Chrome Web Store. | 304 // Always isolate Chrome Web Store. |
| 305 if (extension->id() == kWebStoreAppId) | 305 if (extension->id() == kWebStoreAppId) |
| 306 return true; | 306 return true; |
| 307 | 307 |
| 308 // --isolate-extensions should isolate extensions, except for a) hosted | 308 // --isolate-extensions should isolate extensions, except for hosted |
| 309 // apps, b) platform apps. | 309 // app. Isolating hosted apps is a good idea, but ought to be a separate |
|
Charlie Reis
2016/12/09 19:55:07
nit: s/app/apps/
lazyboy
2016/12/14 00:49:04
Done.
| |
| 310 // a) Isolating hosted apps is a good idea, but ought to be a separate | 310 // knob. |
| 311 // knob. | 311 if (extension->is_hosted_app()) |
| 312 // b) Sandbox pages in platform app can load web content in iframes; | |
| 313 // isolating the app and the iframe leads to StoragePartition mismatch | |
| 314 // in the two processes. | |
| 315 // TODO(lazyboy): We should deprecate this behaviour and not let web | |
| 316 // content load in platform app's process; see http://crbug.com/615585. | |
| 317 if (extension->is_hosted_app() || extension->is_platform_app()) | |
| 318 return false; | 312 return false; |
| 319 | 313 |
| 320 // Isolate all extensions. | 314 // Isolate all extensions. |
| 321 return true; | 315 return true; |
| 322 } | 316 } |
| 323 } | 317 } |
| 324 return false; | 318 return false; |
| 325 } | 319 } |
| 326 | 320 |
| 327 // static | 321 // static |
| (...skipping 473 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 801 command_line->AppendSwitch(switches::kExtensionProcess); | 795 command_line->AppendSwitch(switches::kExtensionProcess); |
| 802 } | 796 } |
| 803 } | 797 } |
| 804 | 798 |
| 805 void ChromeContentBrowserClientExtensionsPart::ResourceDispatcherHostCreated() { | 799 void ChromeContentBrowserClientExtensionsPart::ResourceDispatcherHostCreated() { |
| 806 content::ResourceDispatcherHost::Get()->RegisterInterceptor( | 800 content::ResourceDispatcherHost::Get()->RegisterInterceptor( |
| 807 "Origin", kExtensionScheme, base::Bind(&OnHttpHeaderReceived)); | 801 "Origin", kExtensionScheme, base::Bind(&OnHttpHeaderReceived)); |
| 808 } | 802 } |
| 809 | 803 |
| 810 } // namespace extensions | 804 } // namespace extensions |
| OLD | NEW |
