chrome/android/java/src/org/chromium/chrome/browser/customtabs/PostMessageHandler.java - Issue 2767333006: Add Digital Asset Links verification for postMessage API

Unified Diff: chrome/android/java/src/org/chromium/chrome/browser/customtabs/PostMessageHandler.java

Issue 2767333006: Add Digital Asset Links verification for postMessage API (Closed)

Patch Set: lizeb@ commetns Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « chrome/android/java/src/org/chromium/chrome/browser/customtabs/OriginVerifier.java ('k') | chrome/android/java_sources.gni » ('j') | chrome/browser/android/customtabs/origin_verifier.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/android/java/src/org/chromium/chrome/browser/customtabs/PostMessageHandler.java

diff --git a/chrome/android/java/src/org/chromium/chrome/browser/customtabs/PostMessageHandler.java b/chrome/android/java/src/org/chromium/chrome/browser/customtabs/PostMessageHandler.java

index f49c1957d3d354510e502a3fa2231237cb0c8bca..aa12ddfd9208925be34e8600d263923fbaa2746d 100644

--- a/chrome/android/java/src/org/chromium/chrome/browser/customtabs/PostMessageHandler.java

+++ b/chrome/android/java/src/org/chromium/chrome/browser/customtabs/PostMessageHandler.java

@@ -12,6 +12,7 @@ import android.support.customtabs.PostMessageServiceConnection;

import org.chromium.base.ContextUtils;

import org.chromium.base.ThreadUtils;

+import org.chromium.chrome.browser.customtabs.OriginVerifier.OriginVerificationListener;

import org.chromium.chrome.browser.tab.Tab;

import org.chromium.content.browser.AppWebMessagePort;

import org.chromium.content_public.browser.MessagePort;

@@ -22,8 +23,10 @@ import org.chromium.content_public.browser.WebContentsObserver;

/**

* A class that handles postMessage communications with a designated {@link CustomTabsSessionToken}.

-public class PostMessageHandler extends PostMessageServiceConnection {

+public class PostMessageHandler

+ extends PostMessageServiceConnection implements OriginVerificationListener {

private final MessageCallback mMessageCallback;

+ private OriginVerifier mOriginVerifier;

private WebContents mWebContents;

private boolean mMessageChannelCreated;

private boolean mBoundToService;

@@ -127,6 +130,18 @@ public class PostMessageHandler extends PostMessageServiceConnection {

}

/**

+ * Asynchronously verify the postMessage origin for the given package name and initialize with

+ * it if the result is a success. Can be called multiple times. If so, the previous requests

+ * will be overridden.

+ * @param packageName The package name to use.

+ * @param origin The origin to verify for.

+ */

+ public void verifyAndInitializeWithOrigin(String packageName, Uri origin) {

+ if (mOriginVerifier == null) mOriginVerifier = new OriginVerifier(this, packageName);

+ mOriginVerifier.start(origin);

+ }

+ /**

* Relay a postMessage request through the current channel assigned to this session.

* @param message The message to be sent.

* @return The result of the postMessage request. Returning true means the request was accepted,

@@ -166,4 +181,10 @@ public class PostMessageHandler extends PostMessageServiceConnection {

public void onPostMessageServiceDisconnected() {

mBoundToService = false;

}

+ @Override

+ public void onOriginVerified(String packageName, Uri origin, boolean result) {

+ if (!result) return;

+ initializeWithOrigin(origin);

+ }

}