chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc - Issue 2803963002: Don't kill Chrome Apps that make XHRs from guests.

Side by Side Diff: chrome/browser/extensions/chrome_content_browser_client_extensions_part.cc

Issue 2803963002: Don't kill Chrome Apps that make XHRs from guests. (Closed)

Patch Set: Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « chrome/browser/apps/guest_view/web_view_browsertest.cc ('k') | chrome/test/data/extensions/platform_apps/web_view/content_script_fetch/content_script.js » ('j') | chrome/test/data/extensions/platform_apps/web_view/content_script_fetch/content_script.js » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/extensions/chrome_content_browser_client_extensions_par t.h"	5 #include "chrome/browser/extensions/chrome_content_browser_client_extensions_par t.h"

6	6

7 #include <stddef.h>	7 #include <stddef.h>

8	8

9 #include <set>	9 #include <set>

10	10

(...skipping 189 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
200 extension_info_map->extensions().GetExtensionOrAppByURL(origin);	200 extension_info_map->extensions().GetExtensionOrAppByURL(origin);

201 if (!extension)	201 if (!extension)

202 return content::HeaderInterceptorResult::FAIL;	202 return content::HeaderInterceptorResult::FAIL;

203	203

204 // Check for platform app origins. These can only be committed by the app	204 // Check for platform app origins. These can only be committed by the app

205 // itself, or by one if its guests if there are accessible_resources.	205 // itself, or by one if its guests if there are accessible_resources.

206 // Processes that incorrectly claim to be an app should be killed.	206 // Processes that incorrectly claim to be an app should be killed.

207 const ProcessMap& process_map = extension_info_map->process_map();	207 const ProcessMap& process_map = extension_info_map->process_map();

208 if (extension->is_platform_app() &&	208 if (extension->is_platform_app() &&

209 !process_map.Contains(extension->id(), child_id)) {	209 !process_map.Contains(extension->id(), child_id)) {

210 // This is a platform app origin not in the app's own process. If there	210 // This is a platform app origin not in the app's own process. If it cannot

211 // are no accessible resources, this is illegal.	211 // create webviews, this is illegal.

212 if (!extension->GetManifestData(manifest_keys::kWebviewAccessibleResources))	212 if (!extension->permissions_data()->HasAPIPermission(

	213 extensions::APIPermission::kWebView))
	ncarter (slow) 2017/04/06 17:16:44 Do we actually need this check, or would just chec Do we actually need this check, or would just checking the GetOwnerInfo suffice? (I'm fine with either way, mostly just curious if there's a meaningful difference) Charlie Reis 2017/04/06 18:15:46 In theory, the check below that you mention would Show quoted text On 2017/04/06 17:16:44, ncarter wrote: > Do we actually need this check, or would just checking the GetOwnerInfo suffice? > > (I'm fine with either way, mostly just curious if there's a meaningful > difference) In theory, the check below that you mention would be sufficient without also checking for the webview permission. I think it's probably reasonable to enforce here that an app shouldn't have a webview without that permission, though, so I'd like to keep it for now.
213 return content::HeaderInterceptorResult::KILL;	214 return content::HeaderInterceptorResult::KILL;

214	215

215 // If there are accessible resources, the origin is only legal if the	216 // If there are accessible resources, the origin is only legal if the

216 // given process is a guest of the app.	217 // given process is a guest of the app.

217 std::string owner_extension_id;	218 std::string owner_extension_id;

218 int owner_process_id;	219 int owner_process_id;

219 WebViewRendererState::GetInstance()->GetOwnerInfo(	220 WebViewRendererState::GetInstance()->GetOwnerInfo(

220 child_id, &owner_process_id, &owner_extension_id);	221 child_id, &owner_process_id, &owner_extension_id);

221 const Extension* owner_extension =	222 const Extension* owner_extension =

222 extension_info_map->extensions().GetByID(owner_extension_id);	223 extension_info_map->extensions().GetByID(owner_extension_id);

(...skipping 644 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
867 command_line->AppendSwitch(switches::kExtensionProcess);	868 command_line->AppendSwitch(switches::kExtensionProcess);

868 }	869 }

869 }	870 }

870	871

871 void ChromeContentBrowserClientExtensionsPart::ResourceDispatcherHostCreated() {	872 void ChromeContentBrowserClientExtensionsPart::ResourceDispatcherHostCreated() {

872 content::ResourceDispatcherHost::Get()->RegisterInterceptor(	873 content::ResourceDispatcherHost::Get()->RegisterInterceptor(

873 "Origin", kExtensionScheme, base::Bind(&OnHttpHeaderReceived));	874 "Origin", kExtensionScheme, base::Bind(&OnHttpHeaderReceived));

874 }	875 }

875	876

876 } // namespace extensions	877 } // namespace extensions

OLD	NEW