Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(496)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/browser/url_request_util.cc

Issue 2768863003: Fix webview-accessible resource checks in AllowCrossRendererResourceLoadHelper (Closed)
Patch Set: Cleanup Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/test/data/extensions/platform_apps/web_view/load_webview_accessible_resource/embedder.js ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/browser/url_request_util.h" 5 #include "extensions/browser/url_request_util.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "content/public/browser/resource_request_info.h" 9 #include "content/public/browser/resource_request_info.h"
10 #include "content/public/common/browser_side_navigation_policy.h" 10 #include "content/public/common/browser_side_navigation_policy.h"
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after
145 return data && data->is_web_view(); 145 return data && data->is_web_view();
146 } 146 }
147 147
148 bool AllowCrossRendererResourceLoadHelper(bool is_guest, 148 bool AllowCrossRendererResourceLoadHelper(bool is_guest,
149 const Extension* extension, 149 const Extension* extension,
150 const Extension* owner_extension, 150 const Extension* owner_extension,
151 const std::string& partition_id, 151 const std::string& partition_id,
152 const std::string& resource_path, 152 const std::string& resource_path,
153 ui::PageTransition page_transition, 153 ui::PageTransition page_transition,
154 bool* allowed) { 154 bool* allowed) {
155 // |owner_extension == extension| needs to be checked because extension 155 if (is_guest) {
156 // resources should only be accessible to WebViews owned by that extension. 156 // An extension's resources should only be accessible to WebViews owned by
157 if (is_guest && owner_extension == extension && 157 // that extension.
158 WebviewInfo::IsResourceWebviewAccessible(extension, partition_id, 158 if (owner_extension != extension) {
alexmos 2017/03/23 18:23:53 Seems like the old check also allowed web-triggera
lfg 2017/03/23 18:49:40 This is a bug I fixed in the past, but Paul reintr
159 resource_path)) { 159 *allowed = false;
160 *allowed = true; 160 return true;
161 }
162
163 *allowed = WebviewInfo::IsResourceWebviewAccessible(extension, partition_id,
164 resource_path);
161 return true; 165 return true;
162 } 166 }
163 167
164 if (is_guest && !ui::PageTransitionIsWebTriggerable(page_transition)) {
165 *allowed = false;
166 return true;
167 }
168
169 return false; 168 return false;
170 } 169 }
171 170
172 } // namespace url_request_util 171 } // namespace url_request_util
173 } // namespace extensions 172 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/test/data/extensions/platform_apps/web_view/load_webview_accessible_resource/embedder.js ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698