Chromium Code Reviews Chromium Code Reviews| Index: chrome/browser/chrome_content_browser_client.cc |
| diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc |
| index 260c28e23b0541928285fb393f15dd3911d183e2..c5abcfb88c15e0718e9cfd1db5480cde21320dea 100644 |
| --- a/chrome/browser/chrome_content_browser_client.cc |
| +++ b/chrome/browser/chrome_content_browser_client.cc |
| @@ -2443,22 +2443,47 @@ bool ChromeContentBrowserClient::CanCreateWindow( |
| const blink::mojom::WindowFeatures& features, |
| bool user_gesture, |
| bool opener_suppressed, |
| - content::ResourceContext* context, |
| bool* no_javascript_access) { |
| - DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| + DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| + content::RenderFrameHost* opener = content::RenderFrameHost::FromID( |
| + opener_render_process_id, opener_render_frame_id); |
| + content::WebContents* web_contents = |
| + content::WebContents::FromRenderFrameHost(opener); |
| + Profile* profile = |
| + Profile::FromBrowserContext(web_contents->GetBrowserContext()); |
| + DCHECK(profile); |
| *no_javascript_access = false; |
| // If the opener is trying to create a background window but doesn't have |
| // the appropriate permission, fail the attempt. |
| if (container_type == content::mojom::WindowContainerType::BACKGROUND) { |
| #if BUILDFLAG(ENABLE_EXTENSIONS) |
| - ProfileIOData* io_data = ProfileIOData::FromResourceContext(context); |
| - InfoMap* map = io_data->GetExtensionInfoMap(); |
| - if (!map->SecurityOriginHasAPIPermission(source_origin, |
| - opener_render_process_id, |
| - APIPermission::kBackground)) { |
| - return false; |
| + // TODO(csharrison): Consider moving this logic into a static method |
| + // somewhere. |
| + auto* process_map = extensions::ProcessMap::Get(profile); |
| + auto* registry = extensions::ExtensionRegistry::Get(profile); |
| + if (source_origin.SchemeIs(extensions::kExtensionScheme)) { |
| + const std::string& id = source_origin.host(); |
| + const Extension* extension = registry->GetExtensionById( |
| + id, extensions::ExtensionRegistry::ENABLED); |
| + return extension && |
| + extension->permissions_data()->HasAPIPermission( |
|
alexmos
2017/04/17 19:41:07
This doesn't seem to quite match the old check. T
Charlie Harrison
2017/04/17 20:10:51
Yep, fixed.
|
| + APIPermission::kBackground) && |
| + process_map->Contains(id, opener_render_process_id); |
| + } |
| + bool has_permission = false; |
| + for (const auto& extension_id : |
| + process_map->GetExtensionsInProcess(opener_render_process_id)) { |
| + const Extension* extension = registry->GetExtensionById( |
| + extension_id, extensions::ExtensionRegistry::ENABLED); |
| + if (extension->web_extent().MatchesSecurityOrigin(source_origin) && |
| + extension->permissions_data()->HasAPIPermission( |
| + APIPermission::kBackground)) { |
| + has_permission = true; |
| + } |
| + if (!has_permission) |
|
alexmos
2017/04/17 19:41:07
Is this right? Or should it be outside the loop (
Charlie Harrison
2017/04/17 20:10:52
Yep, fixed.
|
| + return false; |
| } |
| // Note: this use of GetExtensionOrAppByURL is safe but imperfect. It may |
| @@ -2468,7 +2493,7 @@ bool ChromeContentBrowserClient::CanCreateWindow( |
| // already. We must use the full URL to find hosted apps, though, and not |
| // just the origin. |
| const Extension* extension = |
| - map->extensions().GetExtensionOrAppByURL(opener_url); |
| + registry->enabled_extensions().GetExtensionOrAppByURL(opener_url); |
| if (extension && !extensions::BackgroundInfo::AllowJSAccess(extension)) |
| *no_javascript_access = true; |
| #endif |
| @@ -2486,10 +2511,9 @@ bool ChromeContentBrowserClient::CanCreateWindow( |
| // Intentionally duplicating |io_data| and |map| code from above because we |
| // want to reduce calls to retrieve them as this function is a SYNC IPC |
| // handler. |
| - ProfileIOData* io_data = ProfileIOData::FromResourceContext(context); |
| - InfoMap* map = io_data->GetExtensionInfoMap(); |
| + auto* registry = extensions::ExtensionRegistry::Get(profile); |
| const Extension* extension = |
| - map->extensions().GetExtensionOrAppByURL(opener_url); |
| + registry->enabled_extensions().GetExtensionOrAppByURL(opener_url); |
| if (extension && extension->is_platform_app()) { |
| AppLoadedInTabSource source = |
| opener_top_level_frame_url == |
| @@ -2509,17 +2533,15 @@ bool ChromeContentBrowserClient::CanCreateWindow( |
| #endif |
| HostContentSettingsMap* content_settings = |
| - ProfileIOData::FromResourceContext(context)->GetHostContentSettingsMap(); |
| + HostContentSettingsMapFactory::GetForProfile(profile); |
| #if BUILDFLAG(ENABLE_PLUGINS) |
| if (FlashDownloadInterception::ShouldStopFlashDownloadAction( |
| content_settings, opener_top_level_frame_url, target_url, |
| user_gesture)) { |
| - BrowserThread::PostTask( |
| - BrowserThread::UI, FROM_HERE, |
| - base::Bind(&HandleFlashDownloadActionOnUIThread, |
| - opener_render_process_id, opener_render_frame_id, |
| - opener_top_level_frame_url)); |
| + HandleFlashDownloadActionOnUIThread(opener_render_process_id, |
| + opener_render_frame_id, |
| + opener_top_level_frame_url); |
| return false; |
| } |
| #endif |
| @@ -2531,15 +2553,11 @@ bool ChromeContentBrowserClient::CanCreateWindow( |
| if (!user_gesture && |
| !base::CommandLine::ForCurrentProcess()->HasSwitch( |
| switches::kDisablePopupBlocking)) { |
| - if (content_settings->GetContentSetting(opener_top_level_frame_url, |
| - opener_top_level_frame_url, |
| - CONTENT_SETTINGS_TYPE_POPUPS, |
| - std::string()) != |
| - CONTENT_SETTING_ALLOW) { |
| - BrowserThread::PostTask(BrowserThread::UI, |
| - FROM_HERE, |
| - base::Bind(&HandleBlockedPopupOnUIThread, |
| - blocked_params)); |
| + if (content_settings->GetContentSetting( |
| + opener_top_level_frame_url, opener_top_level_frame_url, |
| + CONTENT_SETTINGS_TYPE_POPUPS, |
| + std::string()) != CONTENT_SETTING_ALLOW) { |
| + HandleBlockedPopupOnUIThread(blocked_params); |
| return false; |
| } |
| } |
