| Index: chrome/android/java/src/org/chromium/chrome/browser/customtabs/PostMessageHandler.java
|
| diff --git a/chrome/android/java/src/org/chromium/chrome/browser/customtabs/PostMessageHandler.java b/chrome/android/java/src/org/chromium/chrome/browser/customtabs/PostMessageHandler.java
|
| index f49c1957d3d354510e502a3fa2231237cb0c8bca..4ac2c95eb2114b09948930f5bb72fe49347847e8 100644
|
| --- a/chrome/android/java/src/org/chromium/chrome/browser/customtabs/PostMessageHandler.java
|
| +++ b/chrome/android/java/src/org/chromium/chrome/browser/customtabs/PostMessageHandler.java
|
| @@ -6,12 +6,15 @@ package org.chromium.chrome.browser.customtabs;
|
|
|
| import android.content.Context;
|
| import android.net.Uri;
|
| +import android.support.annotation.NonNull;
|
| import android.support.customtabs.CustomTabsService;
|
| import android.support.customtabs.CustomTabsSessionToken;
|
| import android.support.customtabs.PostMessageServiceConnection;
|
|
|
| import org.chromium.base.ContextUtils;
|
| import org.chromium.base.ThreadUtils;
|
| +import org.chromium.base.VisibleForTesting;
|
| +import org.chromium.chrome.browser.customtabs.OriginVerifier.OriginVerificationListener;
|
| import org.chromium.chrome.browser.tab.Tab;
|
| import org.chromium.content.browser.AppWebMessagePort;
|
| import org.chromium.content_public.browser.MessagePort;
|
| @@ -22,13 +25,16 @@ import org.chromium.content_public.browser.WebContentsObserver;
|
| /**
|
| * A class that handles postMessage communications with a designated {@link CustomTabsSessionToken}.
|
| */
|
| -public class PostMessageHandler extends PostMessageServiceConnection {
|
| +public class PostMessageHandler
|
| + extends PostMessageServiceConnection implements OriginVerificationListener {
|
| private final MessageCallback mMessageCallback;
|
| + private OriginVerifier mOriginVerifier;
|
| private WebContents mWebContents;
|
| private boolean mMessageChannelCreated;
|
| private boolean mBoundToService;
|
| private AppWebMessagePort[] mChannel;
|
| private Uri mOrigin;
|
| + private String mPackageName;
|
|
|
| /**
|
| * Basic constructor. Everytime the given {@link CustomTabsSessionToken} is associated with a
|
| @@ -49,6 +55,14 @@ public class PostMessageHandler extends PostMessageServiceConnection {
|
| }
|
|
|
| /**
|
| + * Sets the package name unique to the session.
|
| + * @param packageName The package name for the client app for the owning session.
|
| + */
|
| + void setPackageName(@NonNull String packageName) {
|
| + mPackageName = packageName;
|
| + }
|
| +
|
| + /**
|
| * Resets the internal state of the handler, linking the associated
|
| * {@link CustomTabsSessionToken} with a new {@link WebContents} and the {@link Tab} that
|
| * contains it.
|
| @@ -127,6 +141,22 @@ public class PostMessageHandler extends PostMessageServiceConnection {
|
| }
|
|
|
| /**
|
| + * Asynchronously verify the postMessage origin for the given package name and initialize with
|
| + * it if the result is a success. Can be called multiple times. If so, the previous requests
|
| + * will be overridden.
|
| + * @param origin The origin to verify for.
|
| + */
|
| + public void verifyAndInitializeWithOrigin(final Uri origin) {
|
| + if (mOriginVerifier == null) mOriginVerifier = new OriginVerifier(this, mPackageName);
|
| + ThreadUtils.postOnUiThread(new Runnable() {
|
| + @Override
|
| + public void run() {
|
| + mOriginVerifier.start(origin);
|
| + }
|
| + });
|
| + }
|
| +
|
| + /**
|
| * Relay a postMessage request through the current channel assigned to this session.
|
| * @param message The message to be sent.
|
| * @return The result of the postMessage request. Returning true means the request was accepted,
|
| @@ -166,4 +196,27 @@ public class PostMessageHandler extends PostMessageServiceConnection {
|
| public void onPostMessageServiceDisconnected() {
|
| mBoundToService = false;
|
| }
|
| +
|
| + @Override
|
| + public void onOriginVerified(String packageName, Uri origin, boolean result) {
|
| + if (!result) return;
|
| + initializeWithOrigin(origin);
|
| + }
|
| +
|
| + /**
|
| + * @return The origin that has been declared for this handler.
|
| + */
|
| + @VisibleForTesting
|
| + Uri getOriginForTesting() {
|
| + return mOrigin;
|
| + }
|
| +
|
| + /**
|
| + * Cleans up any dependencies that this handler might have.
|
| + * @param context Context to use for unbinding if necessary.
|
| + */
|
| + void cleanup(Context context) {
|
| + if (mBoundToService) super.unbindFromContext(context);
|
| + if (mOriginVerifier != null) mOriginVerifier.cleanUp();
|
| + }
|
| }
|
|
|
Chromium Code Reviews
Issue 2767333006:
Add Digital Asset Links verification for postMessage API (Closed)
