Chromium Code Reviews Chromium Code Reviews
Issue 2875493002:
Block navigations to hosted apps non-icon resources with PlzNavigate. (Closed)
| Index: extensions/browser/extension_navigation_throttle.cc |
| diff --git a/extensions/browser/extension_navigation_throttle.cc b/extensions/browser/extension_navigation_throttle.cc |
| index 9412f16d6ef98f342a477e7b81046a69956b38f6..3703b8d091d49de272b4cb68499b4d6db68b3a24 100644 |
| --- a/extensions/browser/extension_navigation_throttle.cc |
| +++ b/extensions/browser/extension_navigation_throttle.cc |
| @@ -17,6 +17,7 @@ |
| #include "extensions/common/constants.h" |
| #include "extensions/common/extension.h" |
| #include "extensions/common/extension_set.h" |
| +#include "extensions/common/manifest_handlers/icons_handler.h" |
| #include "extensions/common/manifest_handlers/web_accessible_resources_info.h" |
| #include "extensions/common/manifest_handlers/webview_info.h" |
| #include "extensions/common/permissions/api_permission.h" |
| @@ -65,6 +66,18 @@ ExtensionNavigationThrottle::WillStartOrRedirectRequest() { |
| return content::NavigationThrottle::BLOCK_REQUEST; |
| } |
| + // Hosted apps don't have any associated resources outside of icons, so |
| + // block any requests to URLs in their extension origin. |
| + if (target_extension->is_hosted_app()) { |
|
Devlin
2017/05/24 17:27:19
Will the old check in chrome/renderer/extensions/r
nasko
2017/05/24 17:37:16
Yes, it can be removed, as it will be redundant an
|
| + base::StringPiece resource_root_relative_path = |
| + url.path_piece().empty() ? base::StringPiece() |
| + : url.path_piece().substr(1); |
| + if (!IconsInfo::GetIcons(target_extension) |
| + .ContainsPath(resource_root_relative_path)) { |
| + return content::NavigationThrottle::BLOCK_REQUEST; |
| + } |
| + } |
| + |
| if (navigation_handle()->IsInMainFrame()) { |
| // Block top-level navigations to blob: or filesystem: URLs with extension |
| // origin from non-extension processes. See https://crbug.com/645028. |
