Chromium Code Reviews Chromium Code Reviews
Issue 2947413002:
Restrict CM API interface request and message dispatch. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/password_manager/chrome_password_manager_client.h" | 5 #include "chrome/browser/password_manager/chrome_password_manager_client.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 418 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 429 safe_browsing::PasswordProtectionService* pps = | 429 safe_browsing::PasswordProtectionService* pps = |
| 430 GetPasswordProtectionService(); | 430 GetPasswordProtectionService(); |
| 431 if (pps) { | 431 if (pps) { |
| 432 pps->MaybeStartProtectedPasswordEntryRequest( | 432 pps->MaybeStartProtectedPasswordEntryRequest( |
| 433 web_contents(), GetMainFrameURL(), password_saved_domain, | 433 web_contents(), GetMainFrameURL(), password_saved_domain, |
| 434 password_field_exists); | 434 password_field_exists); |
| 435 } | 435 } |
| 436 } | 436 } |
| 437 #endif | 437 #endif |
| 438 | 438 |
| 439 // TODO(crbug.com/706392): Fix password reuse detection for Android. | |
| 440 #if !defined(OS_ANDROID) | |
| 441 void ChromePasswordManagerClient::DidFinishNavigation( | 439 void ChromePasswordManagerClient::DidFinishNavigation( |
| 442 content::NavigationHandle* navigation_handle) { | 440 content::NavigationHandle* navigation_handle) { |
| 443 if (!navigation_handle->IsInMainFrame() || !navigation_handle->HasCommitted()) | 441 if (!navigation_handle->IsInMainFrame() || !navigation_handle->HasCommitted()) |
| 444 return; | 442 return; |
| 445 | 443 |
| 444 // From this point on, the CredentialManagerImpl will service API calls in the | |
| 445 // context of the new WebContents::GetLastCommittedURL, which may very well be | |
| 446 // cross-origin. Disconnect existing client, and drop pending requests. | |
| 447 if (!navigation_handle->IsSameDocument()) | |
| 448 credential_manager_impl_.DisconnectBinding(); | |
| 449 | |
| 450 // TODO(crbug.com/706392): Fix password reuse detection for Android. | |
| 451 #if !defined(OS_ANDROID) | |
| 446 password_reuse_detection_manager_.DidNavigateMainFrame(GetMainFrameURL()); | 452 password_reuse_detection_manager_.DidNavigateMainFrame(GetMainFrameURL()); |
| 447 // After some navigations RenderViewHost persists and just adding the observer | 453 // After some navigations RenderViewHost persists and just adding the observer |
| 448 // will cause multiple call of OnInputEvent. Since Widget API doesn't allow to | 454 // will cause multiple call of OnInputEvent. Since Widget API doesn't allow to |
| 449 // check whether the observer is already added, the observer is removed and | 455 // check whether the observer is already added, the observer is removed and |
| 450 // added again, to ensure that it is added only once. | 456 // added again, to ensure that it is added only once. |
| 451 web_contents()->GetRenderViewHost()->GetWidget()->RemoveInputEventObserver( | 457 web_contents()->GetRenderViewHost()->GetWidget()->RemoveInputEventObserver( |
| 452 this); | 458 this); |
| 453 web_contents()->GetRenderViewHost()->GetWidget()->AddInputEventObserver(this); | 459 web_contents()->GetRenderViewHost()->GetWidget()->AddInputEventObserver(this); |
| 460 #endif | |
| 454 } | 461 } |
| 455 | 462 |
| 463 #if !defined(OS_ANDROID) | |
| 456 void ChromePasswordManagerClient::OnInputEvent( | 464 void ChromePasswordManagerClient::OnInputEvent( |
| 457 const blink::WebInputEvent& event) { | 465 const blink::WebInputEvent& event) { |
| 458 if (event.GetType() != blink::WebInputEvent::kChar) | 466 if (event.GetType() != blink::WebInputEvent::kChar) |
| 459 return; | 467 return; |
| 460 const blink::WebKeyboardEvent& key_event = | 468 const blink::WebKeyboardEvent& key_event = |
| 461 static_cast<const blink::WebKeyboardEvent&>(event); | 469 static_cast<const blink::WebKeyboardEvent&>(event); |
| 462 password_reuse_detection_manager_.OnKeyPressed(key_event.text); | 470 password_reuse_detection_manager_.OnKeyPressed(key_event.text); |
| 463 } | 471 } |
| 464 #endif | 472 #endif |
| 465 | 473 |
| (...skipping 231 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 697 password_manager::mojom::CredentialManagerRequest request, | 705 password_manager::mojom::CredentialManagerRequest request, |
| 698 content::RenderFrameHost* render_frame_host) { | 706 content::RenderFrameHost* render_frame_host) { |
| 699 // Only valid for the main frame. | 707 // Only valid for the main frame. |
| 700 if (render_frame_host->GetParent()) | 708 if (render_frame_host->GetParent()) |
| 701 return; | 709 return; |
| 702 | 710 |
| 703 content::WebContents* web_contents = | 711 content::WebContents* web_contents = |
| 704 content::WebContents::FromRenderFrameHost(render_frame_host); | 712 content::WebContents::FromRenderFrameHost(render_frame_host); |
| 705 DCHECK(web_contents); | 713 DCHECK(web_contents); |
| 706 | 714 |
| 715 // Only valid for the currently committed RenderFrameHost, and not, e.g. old | |
| 716 // zombie RFH's being swapped out following cross-origin navigations. | |
| 717 if (web_contents->GetMainFrame() != render_frame_host) | |
|
vasilii
2017/06/23 18:58:28
I don't mind this check to be on the safe side. Ou
engedy
2017/06/28 16:26:58
I have added browser tests to exercise this scenar
| |
| 718 return; | |
| 719 | |
| 707 ChromePasswordManagerClient* instance = | 720 ChromePasswordManagerClient* instance = |
| 708 ChromePasswordManagerClient::FromWebContents(web_contents); | 721 ChromePasswordManagerClient::FromWebContents(web_contents); |
| 709 | 722 |
| 710 // Try to bind to the driver, but if driver is not available for this render | 723 // Try to bind to the driver, but if driver is not available for this render |
| 711 // frame host, the request will be just dropped. This will cause the message | 724 // frame host, the request will be just dropped. This will cause the message |
| 712 // pipe to be closed, which will raise a connection error on the peer side. | 725 // pipe to be closed, which will raise a connection error on the peer side. |
| 713 if (!instance) | 726 if (!instance) |
| 714 return; | 727 return; |
| 715 | 728 |
| 716 instance->credential_manager_impl_.BindRequest(std::move(request)); | 729 instance->credential_manager_impl_.BindRequest(std::move(request)); |
| 717 } | 730 } |
| 718 | 731 |
| 719 // static | 732 // static |
| 720 bool ChromePasswordManagerClient::CanShowBubbleOnURL(const GURL& url) { | 733 bool ChromePasswordManagerClient::CanShowBubbleOnURL(const GURL& url) { |
| 721 std::string scheme = url.scheme(); | 734 std::string scheme = url.scheme(); |
| 722 return (content::ChildProcessSecurityPolicy::GetInstance()->IsWebSafeScheme( | 735 return (content::ChildProcessSecurityPolicy::GetInstance()->IsWebSafeScheme( |
| 723 scheme) && | 736 scheme) && |
| 724 #if BUILDFLAG(ENABLE_EXTENSIONS) | 737 #if BUILDFLAG(ENABLE_EXTENSIONS) |
| 725 scheme != extensions::kExtensionScheme && | 738 scheme != extensions::kExtensionScheme && |
| 726 #endif | 739 #endif |
| 727 scheme != content::kChromeDevToolsScheme); | 740 scheme != content::kChromeDevToolsScheme); |
| 728 } | 741 } |
| OLD | NEW |
