Index: chrome/browser/search/local_ntp_source.cc |
diff --git a/chrome/browser/search/local_ntp_source.cc b/chrome/browser/search/local_ntp_source.cc |
index 4388e6a087d92e4c31ea3e1b8a9f11f371836eb7..d1a46a43edc3f9e3d5d641e51f2a9d61bd55c9ba 100644 |
--- a/chrome/browser/search/local_ntp_source.cc |
+++ b/chrome/browser/search/local_ntp_source.cc |
@@ -6,14 +6,12 @@ |
#include <stddef.h> |
-#include <memory> |
- |
+#include "base/base64.h" |
#include "base/command_line.h" |
#include "base/json/json_string_value_serializer.h" |
#include "base/logging.h" |
#include "base/memory/ptr_util.h" |
#include "base/memory/ref_counted_memory.h" |
-#include "base/metrics/field_trial.h" |
#include "base/strings/string_util.h" |
#include "base/strings/stringprintf.h" |
#include "base/values.h" |
@@ -30,7 +28,11 @@ |
#include "chrome/grit/generated_resources.h" |
#include "chrome/grit/theme_resources.h" |
#include "components/search_engines/template_url_service.h" |
+#include "components/search_engines/template_url_service_observer.h" |
#include "components/strings/grit/components_strings.h" |
+#include "content/public/browser/browser_thread.h" |
+#include "crypto/secure_hash.h" |
+#include "net/base/hash_value.h" |
#include "net/url_request/url_request.h" |
#include "third_party/skia/include/core/SkColor.h" |
#include "ui/base/l10n/l10n_util.h" |
@@ -46,13 +48,14 @@ const int kLocalResource = -1; |
const char kConfigDataFilename[] = "config.js"; |
const char kThemeCSSFilename[] = "theme.css"; |
+const char kMainHtmlFilename[] = "local-ntp.html"; |
const struct Resource{ |
const char* filename; |
int identifier; |
const char* mime_type; |
} kResources[] = { |
- {"local-ntp.html", IDR_LOCAL_NTP_HTML, "text/html"}, |
+ {kMainHtmlFilename, kLocalResource, "text/html"}, |
{"local-ntp.js", IDR_LOCAL_NTP_JS, "application/javascript"}, |
{kConfigDataFilename, kLocalResource, "application/javascript"}, |
{kThemeCSSFilename, kLocalResource, "text/css"}, |
@@ -67,23 +70,6 @@ std::string StripParameters(const std::string& path) { |
return path.substr(0, path.find("?")); |
} |
-bool DefaultSearchProviderIsGoogle(Profile* profile) { |
- if (!profile) |
- return false; |
- |
- TemplateURLService* template_url_service = |
- TemplateURLServiceFactory::GetForProfile(profile); |
- if (!template_url_service) |
- return false; |
- |
- const TemplateURL* default_provider = |
- template_url_service->GetDefaultSearchProvider(); |
- return default_provider && |
- (default_provider->GetEngineType( |
- template_url_service->search_terms_data()) == |
- SEARCH_ENGINE_GOOGLE); |
-} |
- |
// Adds a localized string keyed by resource id to the dictionary. |
void AddString(base::DictionaryValue* dictionary, |
const std::string& key, |
@@ -116,9 +102,8 @@ std::unique_ptr<base::DictionaryValue> GetTranslatedStrings(bool is_google) { |
} |
// Returns a JS dictionary of configuration data for the local NTP. |
-std::string GetConfigData(Profile* profile) { |
+std::string GetConfigData(bool is_google) { |
base::DictionaryValue config_data; |
- bool is_google = DefaultSearchProviderIsGoogle(profile); |
config_data.Set("translatedStrings", GetTranslatedStrings(is_google)); |
config_data.SetBoolean("isGooglePage", is_google); |
@@ -134,6 +119,22 @@ std::string GetConfigData(Profile* profile) { |
return config_data_js; |
} |
+std::string GetIntegritySha256Value(const std::string& data) { |
+ // Compute the sha256 hash. |
+ net::SHA256HashValue hash_value; |
+ std::unique_ptr<crypto::SecureHash> hash( |
+ crypto::SecureHash::Create(crypto::SecureHash::SHA256)); |
+ hash->Update(data.data(), data.size()); |
+ hash->Finish(&hash_value, sizeof(hash_value)); |
+ |
+ // Base64-encode it. |
+ base::StringPiece hash_value_str( |
+ reinterpret_cast<const char*>(hash_value.data), sizeof(hash_value)); |
+ std::string result; |
+ base::Base64Encode(hash_value_str, &result); |
+ return result; |
+} |
+ |
std::string GetThemeCSS(Profile* profile) { |
SkColor background_color = |
ThemeService::GetThemeProviderForProfile(profile) |
@@ -150,9 +151,76 @@ std::string GetLocalNtpPath() { |
std::string(chrome::kChromeSearchLocalNtpHost) + "/"; |
} |
+bool DefaultSearchProviderIsGoogleImpl( |
+ const TemplateURLService* template_url_service) { |
+ const TemplateURL* default_provider = |
+ template_url_service->GetDefaultSearchProvider(); |
+ return default_provider && (default_provider->GetEngineType( |
+ template_url_service->search_terms_data()) == |
+ SEARCH_ENGINE_GOOGLE); |
+} |
+ |
} // namespace |
-LocalNtpSource::LocalNtpSource(Profile* profile) : profile_(profile) {} |
+class LocalNtpSource::GoogleSearchProviderTracker |
+ : public TemplateURLServiceObserver { |
+ public: |
+ using SearchProviderIsGoogleChangedCallback = |
+ base::Callback<void(bool is_google)>; |
+ |
+ GoogleSearchProviderTracker( |
+ TemplateURLService* service, |
+ const SearchProviderIsGoogleChangedCallback& callback) |
+ : service_(service), callback_(callback), is_google_(false) { |
+ DCHECK(service_); |
+ service_->AddObserver(this); |
+ is_google_ = DefaultSearchProviderIsGoogleImpl(service_); |
+ } |
+ |
+ ~GoogleSearchProviderTracker() override { |
+ if (service_) |
+ service_->RemoveObserver(this); |
+ } |
+ |
+ bool DefaultSearchProviderIsGoogle() const { return is_google_; } |
+ |
+ private: |
+ void OnTemplateURLServiceChanged() override { |
+ bool old_is_google = is_google_; |
+ is_google_ = DefaultSearchProviderIsGoogleImpl(service_); |
+ if (is_google_ != old_is_google) |
+ callback_.Run(is_google_); |
+ } |
+ |
+ void OnTemplateURLServiceShuttingDown() override { |
+ service_->RemoveObserver(this); |
+ service_ = nullptr; |
+ } |
+ |
+ TemplateURLService* service_; |
+ SearchProviderIsGoogleChangedCallback callback_; |
+ |
+ bool is_google_; |
+}; |
+ |
+LocalNtpSource::LocalNtpSource(Profile* profile) |
+ : profile_(profile), |
+ default_search_provider_is_google_(false), |
+ default_search_provider_is_google_io_thread_(false), |
+ weak_ptr_factory_(this) { |
+ DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
+ |
+ TemplateURLService* template_url_service = |
+ TemplateURLServiceFactory::GetForProfile(profile_); |
+ if (template_url_service) { |
+ google_tracker_ = base::MakeUnique<GoogleSearchProviderTracker>( |
+ template_url_service, |
+ base::Bind(&LocalNtpSource::DefaultSearchProviderIsGoogleChanged, |
+ base::Unretained(this))); |
+ DefaultSearchProviderIsGoogleChanged( |
+ google_tracker_->DefaultSearchProviderIsGoogle()); |
+ } |
+} |
LocalNtpSource::~LocalNtpSource() = default; |
@@ -164,9 +232,12 @@ void LocalNtpSource::StartDataRequest( |
const std::string& path, |
const content::ResourceRequestInfo::WebContentsGetter& wc_getter, |
const content::URLDataSource::GotDataCallback& callback) { |
+ DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
+ |
std::string stripped_path = StripParameters(path); |
if (stripped_path == kConfigDataFilename) { |
- std::string config_data_js = GetConfigData(profile_); |
+ std::string config_data_js = |
+ GetConfigData(default_search_provider_is_google_); |
callback.Run(base::RefCountedString::TakeString(&config_data_js)); |
return; |
} |
@@ -188,6 +259,19 @@ void LocalNtpSource::StartDataRequest( |
} |
#endif // !defined(GOOGLE_CHROME_BUILD) |
+ if (stripped_path == kMainHtmlFilename) { |
+ std::string html = ResourceBundle::GetSharedInstance() |
+ .GetRawDataResource(IDR_LOCAL_NTP_HTML) |
+ .as_string(); |
+ std::string config_sha256 = |
+ "sha256-" + GetIntegritySha256Value( |
+ GetConfigData(default_search_provider_is_google_)); |
+ base::ReplaceFirstSubstringAfterOffset(&html, 0, "{{CONFIG_INTEGRITY}}", |
+ config_sha256); |
+ callback.Run(base::RefCountedString::TakeString(&html)); |
+ return; |
+ } |
+ |
float scale = 1.0f; |
std::string filename; |
webui::ParsePathAndScale( |
@@ -203,7 +287,7 @@ void LocalNtpSource::StartDataRequest( |
return; |
} |
} |
- callback.Run(NULL); |
+ callback.Run(nullptr); |
} |
std::string LocalNtpSource::GetMimeType( |
@@ -226,13 +310,15 @@ bool LocalNtpSource::AllowCaching() const { |
bool LocalNtpSource::ShouldServiceRequest( |
const net::URLRequest* request) const { |
+ DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
+ |
DCHECK(request->url().host_piece() == chrome::kChromeSearchLocalNtpHost); |
if (!InstantIOContext::ShouldServiceRequest(request)) |
return false; |
if (request->url().SchemeIs(chrome::kChromeSearchScheme)) { |
std::string filename; |
- webui::ParsePathAndScale(request->url(), &filename, NULL); |
+ webui::ParsePathAndScale(request->url(), &filename, nullptr); |
for (size_t i = 0; i < arraysize(kResources); ++i) { |
if (filename == kResources[i].filename) |
return true; |
@@ -241,8 +327,46 @@ bool LocalNtpSource::ShouldServiceRequest( |
return false; |
} |
+std::string LocalNtpSource::GetContentSecurityPolicyScriptSrc() const { |
+ DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
+ |
+#if !defined(GOOGLE_CHROME_BUILD) |
+ base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); |
+ if (command_line->HasSwitch(switches::kLocalNtpReload)) { |
+ // While live-editing the local NTP files, turn off CSP. |
+ return "script-src *;"; |
+ } |
+#endif // !defined(GOOGLE_CHROME_BUILD) |
+ |
+ return "script-src 'strict-dynamic' " |
+ "'sha256-" + |
+ GetIntegritySha256Value( |
+ GetConfigData(default_search_provider_is_google_io_thread_)) + |
+ "' " |
+ "'sha256-g38WaUaxnOIWY7E2LtLZ5ff9r5sn1dBj80jevt/kmx0=';"; |
Dan Beam
2017/05/30 17:09:52
is there perhaps a more dynamic way to do this?
sfiera
2017/05/31 08:22:39
Marc's OOO this week.
Doing it at runtime would b
Dan Beam
2017/05/31 17:49:23
yes, generating at compile time would be great
|
+} |
+ |
std::string LocalNtpSource::GetContentSecurityPolicyChildSrc() const { |
+ DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
+ |
// Allow embedding of most visited iframes. |
return base::StringPrintf("child-src %s;", |
chrome::kChromeSearchMostVisitedUrl); |
} |
+ |
+void LocalNtpSource::DefaultSearchProviderIsGoogleChanged(bool is_google) { |
+ DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
+ |
+ default_search_provider_is_google_ = is_google; |
+ content::BrowserThread::PostTask( |
+ content::BrowserThread::IO, FROM_HERE, |
+ base::Bind(&LocalNtpSource::SetDefaultSearchProviderIsGoogleOnIOThread, |
+ weak_ptr_factory_.GetWeakPtr(), is_google)); |
+} |
+ |
+void LocalNtpSource::SetDefaultSearchProviderIsGoogleOnIOThread( |
+ bool is_google) { |
+ DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
+ |
+ default_search_provider_is_google_io_thread_ = is_google; |
+} |