Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(228)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/android/java/src/org/chromium/chrome/browser/IntentHandler.java

Issue 2951883003: android: Stricter android-app:// referrer handling. (Closed)
Patch Set: . Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | chrome/android/javatests/src/org/chromium/chrome/browser/IntentHandlerTest.java » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 package org.chromium.chrome.browser; 5 package org.chromium.chrome.browser;
6 6
7 import android.app.KeyguardManager; 7 import android.app.KeyguardManager;
8 import android.app.PendingIntent; 8 import android.app.PendingIntent;
9 import android.app.SearchManager; 9 import android.app.SearchManager;
10 import android.content.ComponentName; 10 import android.content.ComponentName;
(...skipping 399 matching lines...) Expand 10 before | Expand all | Expand 10 after
410 * @param intent The intent from which to extract the URL. 410 * @param intent The intent from which to extract the URL.
411 * @return The URL string or null if none should be used. 411 * @return The URL string or null if none should be used.
412 */ 412 */
413 private static String getReferrerUrl(Intent intent) { 413 private static String getReferrerUrl(Intent intent) {
414 Uri referrerExtra = getReferrer(intent); 414 Uri referrerExtra = getReferrer(intent);
415 if (referrerExtra == null) return null; 415 if (referrerExtra == null) return null;
416 String referrerUrl = IntentHandler.getPendingReferrerUrl( 416 String referrerUrl = IntentHandler.getPendingReferrerUrl(
417 IntentUtils.safeGetIntExtra(intent, EXTRA_REFERRER_ID, 0)); 417 IntentUtils.safeGetIntExtra(intent, EXTRA_REFERRER_ID, 0));
418 if (!TextUtils.isEmpty(referrerUrl)) { 418 if (!TextUtils.isEmpty(referrerUrl)) {
419 return referrerUrl; 419 return referrerUrl;
420 } else if (isValidReferrerHeader(referrerExtra.toString())) { 420 } else if (isValidReferrerHeader(referrerExtra)) {
421 return referrerExtra.toString(); 421 return referrerExtra.toString();
422 } else if (IntentHandler.isIntentChromeOrFirstParty(intent)) { 422 } else if (IntentHandler.isIntentChromeOrFirstParty(intent)) {
423 return referrerExtra.toString(); 423 return referrerExtra.toString();
424 } 424 }
425 return null; 425 return null;
426 } 426 }
427 427
428 /** 428 /**
429 * Gets the referrer, looking in the Intent extra and in the extra headers e xtra. 429 * Gets the referrer, looking in the Intent extra and in the extra headers e xtra.
430 * 430 *
431 * The referrer extra takes priority over the "extra headers" one. 431 * The referrer extra takes priority over the "extra headers" one.
432 * 432 *
433 * @param intent The Intent containing the extras. 433 * @param intent The Intent containing the extras.
434 * @return The referrer, or null. 434 * @return The referrer, or null.
435 */ 435 */
436 public static String getReferrerUrlIncludingExtraHeaders(Intent intent) { 436 public static String getReferrerUrlIncludingExtraHeaders(Intent intent) {
437 String referrerUrl = getReferrerUrl(intent); 437 String referrerUrl = getReferrerUrl(intent);
438 if (referrerUrl != null) return referrerUrl; 438 if (referrerUrl != null) return referrerUrl;
439 439
440 Bundle bundleExtraHeaders = IntentUtils.safeGetBundleExtra(intent, Brows er.EXTRA_HEADERS); 440 Bundle bundleExtraHeaders = IntentUtils.safeGetBundleExtra(intent, Brows er.EXTRA_HEADERS);
441 if (bundleExtraHeaders == null) return null; 441 if (bundleExtraHeaders == null) return null;
442 for (String key : bundleExtraHeaders.keySet()) { 442 for (String key : bundleExtraHeaders.keySet()) {
443 String value = bundleExtraHeaders.getString(key); 443 String value = bundleExtraHeaders.getString(key);
444 if ("referer".equals(key.toLowerCase(Locale.US)) && isValidReferrerH eader(value)) { 444 if (value != null && "referer".equals(key.toLowerCase(Locale.US))) {
445 return value; 445 Uri referrer = Uri.parse(value).normalizeScheme();
446 if (isValidReferrerHeader(referrer)) return referrer.toString();
446 } 447 }
447 } 448 }
448 return null; 449 return null;
449 } 450 }
450 451
451 /** 452 /**
452 * Add referrer and extra headers to a {@link LoadUrlParams}, if we managed to parse them from 453 * Add referrer and extra headers to a {@link LoadUrlParams}, if we managed to parse them from
453 * the intent. 454 * the intent.
454 * @param params The {@link LoadUrlParams} to add referrer and headers. 455 * @param params The {@link LoadUrlParams} to add referrer and headers.
455 * @param intent The intent we use to parse the extras. 456 * @param intent The intent we use to parse the extras.
456 */ 457 */
457 public static void addReferrerAndHeaders(LoadUrlParams params, Intent intent ) { 458 public static void addReferrerAndHeaders(LoadUrlParams params, Intent intent ) {
458 String referrer = getReferrerUrlIncludingExtraHeaders(intent); 459 String referrer = getReferrerUrlIncludingExtraHeaders(intent);
459 if (referrer != null) { 460 if (referrer != null) {
460 params.setReferrer(new Referrer(referrer, Referrer.REFERRER_POLICY_D EFAULT)); 461 params.setReferrer(new Referrer(referrer, Referrer.REFERRER_POLICY_D EFAULT));
461 } 462 }
462 String headers = getExtraHeadersFromIntent(intent); 463 String headers = getExtraHeadersFromIntent(intent);
463 if (headers != null) params.setVerbatimHeaders(headers); 464 if (headers != null) params.setVerbatimHeaders(headers);
464 } 465 }
465 466
466 /** 467 /**
467 * @return Whether that the given referrer is of the format that Chrome allo ws external 468 * @return Whether that the given referrer is of the format that Chrome allo ws external
468 * apps to specify. 469 * apps to specify.
469 */ 470 */
470 private static boolean isValidReferrerHeader(String referrer) { 471 private static boolean isValidReferrerHeader(Uri referrer) {
471 return referrer != null 472 if (referrer == null) return false;
472 && referrer.toLowerCase(Locale.US).startsWith(ANDROID_APP_REFERR ER_SCHEME + "://"); 473 Uri normalized = referrer.normalizeScheme();
474 return TextUtils.equals(normalized.getScheme(), ANDROID_APP_REFERRER_SCH EME)
475 && !TextUtils.isEmpty(normalized.getHost());
473 } 476 }
474 477
475 /** 478 /**
476 * Constructs a valid referrer using the given authority. 479 * Constructs a valid referrer using the given authority.
477 * @param authority The authority to use. 480 * @param authority The authority to use.
478 * @return Referrer with default policy that uses the valid android app sche me. 481 * @return Referrer with default policy that uses the valid android app sche me.
479 */ 482 */
480 public static Referrer constructValidReferrerForAuthority(String authority) { 483 public static Referrer constructValidReferrerForAuthority(String authority) {
481 return new Referrer(new Uri.Builder().scheme(ANDROID_APP_REFERRER_SCHEME ) 484 return new Referrer(new Uri.Builder().scheme(ANDROID_APP_REFERRER_SCHEME )
482 .authority(authority).build().toString(), Referrer.REFERRER_POLI CY_DEFAULT); 485 .authority(authority).build().toString(), Referrer.REFERRER_POLI CY_DEFAULT);
(...skipping 558 matching lines...) Expand 10 before | Expand all | Expand 10 after
1041 } 1044 }
1042 1045
1043 /** 1046 /**
1044 * @param intent An Intent to be checked. 1047 * @param intent An Intent to be checked.
1045 * @return The launch type of the tab to be created. 1048 * @return The launch type of the tab to be created.
1046 */ 1049 */
1047 public static TabLaunchType getTabLaunchType(Intent intent) { 1050 public static TabLaunchType getTabLaunchType(Intent intent) {
1048 return IntentUtils.safeGetSerializableExtra(intent, EXTRA_TAB_LAUNCH_TYP E); 1051 return IntentUtils.safeGetSerializableExtra(intent, EXTRA_TAB_LAUNCH_TYP E);
1049 } 1052 }
1050 } 1053 }
OLDNEW
« no previous file with comments | « no previous file | chrome/android/javatests/src/org/chromium/chrome/browser/IntentHandlerTest.java » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698