| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/extensions/url_request_util.h" | |
| 6 | |
| 7 #include <string> | |
| 8 | |
| 9 #include "base/files/file_path.h" | |
| 10 #include "base/memory/weak_ptr.h" | |
| 11 #include "base/path_service.h" | |
| 12 #include "base/strings/string_number_conversions.h" | |
| 13 #include "base/strings/string_util.h" | |
| 14 #include "base/strings/stringprintf.h" | |
| 15 #include "base/task_runner_util.h" | |
| 16 #include "chrome/common/chrome_paths.h" | |
| 17 #include "chrome/common/extensions/manifest_url_handler.h" | |
| 18 #include "content/public/browser/browser_thread.h" | |
| 19 #include "content/public/browser/resource_request_info.h" | |
| 20 #include "extensions/browser/component_extension_resource_manager.h" | |
| 21 #include "extensions/browser/extension_protocols.h" | |
| 22 #include "extensions/browser/extensions_browser_client.h" | |
| 23 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" | |
| 24 #include "extensions/browser/info_map.h" | |
| 25 #include "extensions/common/file_util.h" | |
| 26 #include "extensions/common/manifest_handlers/icons_handler.h" | |
| 27 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h" | |
| 28 #include "extensions/common/manifest_handlers/webview_info.h" | |
| 29 #include "net/base/mime_util.h" | |
| 30 #include "net/base/net_errors.h" | |
| 31 #include "net/http/http_request_headers.h" | |
| 32 #include "net/http/http_response_headers.h" | |
| 33 #include "net/http/http_response_info.h" | |
| 34 #include "net/url_request/url_request.h" | |
| 35 #include "net/url_request/url_request_simple_job.h" | |
| 36 #include "ui/base/resource/resource_bundle.h" | |
| 37 | |
| 38 using content::BrowserThread; | |
| 39 using content::ResourceType; | |
| 40 using extensions::ExtensionsBrowserClient; | |
| 41 | |
| 42 namespace { | |
| 43 | |
| 44 // A request for an extension resource in a Chrome .pak file. These are used | |
| 45 // by component extensions. | |
| 46 class URLRequestResourceBundleJob : public net::URLRequestSimpleJob { | |
| 47 public: | |
| 48 URLRequestResourceBundleJob(net::URLRequest* request, | |
| 49 net::NetworkDelegate* network_delegate, | |
| 50 const base::FilePath& filename, | |
| 51 int resource_id, | |
| 52 const std::string& content_security_policy, | |
| 53 bool send_cors_header) | |
| 54 : net::URLRequestSimpleJob(request, network_delegate), | |
| 55 filename_(filename), | |
| 56 resource_id_(resource_id), | |
| 57 weak_factory_(this) { | |
| 58 // Leave cache headers out of resource bundle requests. | |
| 59 response_info_.headers = extensions::BuildHttpHeaders( | |
| 60 content_security_policy, send_cors_header, base::Time()); | |
| 61 } | |
| 62 | |
| 63 // Overridden from URLRequestSimpleJob: | |
| 64 virtual int GetData(std::string* mime_type, | |
| 65 std::string* charset, | |
| 66 std::string* data, | |
| 67 const net::CompletionCallback& callback) const OVERRIDE { | |
| 68 const ResourceBundle& rb = ResourceBundle::GetSharedInstance(); | |
| 69 *data = rb.GetRawDataResource(resource_id_).as_string(); | |
| 70 | |
| 71 // Add the Content-Length header now that we know the resource length. | |
| 72 response_info_.headers->AddHeader( | |
| 73 base::StringPrintf("%s: %s", | |
| 74 net::HttpRequestHeaders::kContentLength, | |
| 75 base::UintToString(data->size()).c_str())); | |
| 76 | |
| 77 std::string* read_mime_type = new std::string; | |
| 78 bool posted = base::PostTaskAndReplyWithResult( | |
| 79 BrowserThread::GetBlockingPool(), | |
| 80 FROM_HERE, | |
| 81 base::Bind(&net::GetMimeTypeFromFile, | |
| 82 filename_, | |
| 83 base::Unretained(read_mime_type)), | |
| 84 base::Bind(&URLRequestResourceBundleJob::OnMimeTypeRead, | |
| 85 weak_factory_.GetWeakPtr(), | |
| 86 mime_type, | |
| 87 charset, | |
| 88 data, | |
| 89 base::Owned(read_mime_type), | |
| 90 callback)); | |
| 91 DCHECK(posted); | |
| 92 | |
| 93 return net::ERR_IO_PENDING; | |
| 94 } | |
| 95 | |
| 96 virtual void GetResponseInfo(net::HttpResponseInfo* info) OVERRIDE { | |
| 97 *info = response_info_; | |
| 98 } | |
| 99 | |
| 100 private: | |
| 101 virtual ~URLRequestResourceBundleJob() {} | |
| 102 | |
| 103 void OnMimeTypeRead(std::string* out_mime_type, | |
| 104 std::string* charset, | |
| 105 std::string* data, | |
| 106 std::string* read_mime_type, | |
| 107 const net::CompletionCallback& callback, | |
| 108 bool read_result) { | |
| 109 *out_mime_type = *read_mime_type; | |
| 110 if (StartsWithASCII(*read_mime_type, "text/", false)) { | |
| 111 // All of our HTML files should be UTF-8 and for other resource types | |
| 112 // (like images), charset doesn't matter. | |
| 113 DCHECK(base::IsStringUTF8(*data)); | |
| 114 *charset = "utf-8"; | |
| 115 } | |
| 116 int result = read_result ? net::OK : net::ERR_INVALID_URL; | |
| 117 callback.Run(result); | |
| 118 } | |
| 119 | |
| 120 // We need the filename of the resource to determine the mime type. | |
| 121 base::FilePath filename_; | |
| 122 | |
| 123 // The resource bundle id to load. | |
| 124 int resource_id_; | |
| 125 | |
| 126 net::HttpResponseInfo response_info_; | |
| 127 | |
| 128 mutable base::WeakPtrFactory<URLRequestResourceBundleJob> weak_factory_; | |
| 129 }; | |
| 130 | |
| 131 } // namespace | |
| 132 | |
| 133 namespace extensions { | |
| 134 namespace url_request_util { | |
| 135 | |
| 136 bool AllowCrossRendererResourceLoad(net::URLRequest* request, | |
| 137 bool is_incognito, | |
| 138 const Extension* extension, | |
| 139 InfoMap* extension_info_map) { | |
| 140 const content::ResourceRequestInfo* info = | |
| 141 content::ResourceRequestInfo::ForRequest(request); | |
| 142 | |
| 143 bool is_guest = false; | |
| 144 | |
| 145 // Extensions with webview: allow loading certain resources by guest renderers | |
| 146 // with privileged partition IDs as specified in the manifest file. | |
| 147 WebViewRendererState* web_view_renderer_state = | |
| 148 WebViewRendererState::GetInstance(); | |
| 149 std::string partition_id; | |
| 150 is_guest = web_view_renderer_state->GetPartitionID(info->GetChildID(), | |
| 151 &partition_id); | |
| 152 std::string resource_path = request->url().path(); | |
| 153 if (is_guest && WebviewInfo::IsResourceWebviewAccessible( | |
| 154 extension, partition_id, resource_path)) { | |
| 155 return true; | |
| 156 } | |
| 157 | |
| 158 // If the request is for navigations outside of webviews, then it should be | |
| 159 // allowed. The navigation logic in CrossSiteResourceHandler will properly | |
| 160 // transfer the navigation to a privileged process before it commits. | |
| 161 if (content::IsResourceTypeFrame(info->GetResourceType()) && !is_guest) | |
| 162 return true; | |
| 163 | |
| 164 if (!content::PageTransitionIsWebTriggerable(info->GetPageTransition())) | |
| 165 return false; | |
| 166 | |
| 167 // The following checks require that we have an actual extension object. If we | |
| 168 // don't have it, allow the request handling to continue with the rest of the | |
| 169 // checks. | |
| 170 if (!extension) | |
| 171 return true; | |
| 172 | |
| 173 // Disallow loading of packaged resources for hosted apps. We don't allow | |
| 174 // hybrid hosted/packaged apps. The one exception is access to icons, since | |
| 175 // some extensions want to be able to do things like create their own | |
| 176 // launchers. | |
| 177 std::string resource_root_relative_path = | |
| 178 request->url().path().empty() ? std::string() | |
| 179 : request->url().path().substr(1); | |
| 180 if (extension->is_hosted_app() && | |
| 181 !IconsInfo::GetIcons(extension) | |
| 182 .ContainsPath(resource_root_relative_path)) { | |
| 183 LOG(ERROR) << "Denying load of " << request->url().spec() << " from " | |
| 184 << "hosted app."; | |
| 185 return false; | |
| 186 } | |
| 187 | |
| 188 // Extensions with web_accessible_resources: allow loading by regular | |
| 189 // renderers. Since not all subresources are required to be listed in a v2 | |
| 190 // manifest, we must allow all loads if there are any web accessible | |
| 191 // resources. See http://crbug.com/179127. | |
| 192 if (extension->manifest_version() < 2 || | |
| 193 WebAccessibleResourcesInfo::HasWebAccessibleResources(extension)) { | |
| 194 return true; | |
| 195 } | |
| 196 | |
| 197 // If there aren't any explicitly marked web accessible resources, the | |
| 198 // load should be allowed only if it is by DevTools. A close approximation is | |
| 199 // checking if the extension contains a DevTools page. | |
| 200 if (!ManifestURL::GetDevToolsPage(extension).is_empty()) | |
| 201 return true; | |
| 202 | |
| 203 // No special exception. Block the load. | |
| 204 return false; | |
| 205 } | |
| 206 | |
| 207 net::URLRequestJob* MaybeCreateURLRequestResourceBundleJob( | |
| 208 net::URLRequest* request, | |
| 209 net::NetworkDelegate* network_delegate, | |
| 210 const base::FilePath& directory_path, | |
| 211 const std::string& content_security_policy, | |
| 212 bool send_cors_header) { | |
| 213 base::FilePath resources_path; | |
| 214 base::FilePath relative_path; | |
| 215 // Try to load extension resources from chrome resource file if | |
| 216 // directory_path is a descendant of resources_path. resources_path | |
| 217 // corresponds to src/chrome/browser/resources in source tree. | |
| 218 if (PathService::Get(chrome::DIR_RESOURCES, &resources_path) && | |
| 219 // Since component extension resources are included in | |
| 220 // component_extension_resources.pak file in resources_path, calculate | |
| 221 // extension relative path against resources_path. | |
| 222 resources_path.AppendRelativePath(directory_path, &relative_path)) { | |
| 223 base::FilePath request_path = | |
| 224 extensions::file_util::ExtensionURLToRelativeFilePath(request->url()); | |
| 225 int resource_id = 0; | |
| 226 if (ExtensionsBrowserClient::Get()->GetComponentExtensionResourceManager()-> | |
| 227 IsComponentExtensionResource( | |
| 228 directory_path, request_path, &resource_id)) { | |
| 229 relative_path = relative_path.Append(request_path); | |
| 230 relative_path = relative_path.NormalizePathSeparators(); | |
| 231 return new URLRequestResourceBundleJob(request, | |
| 232 network_delegate, | |
| 233 relative_path, | |
| 234 resource_id, | |
| 235 content_security_policy, | |
| 236 send_cors_header); | |
| 237 } | |
| 238 } | |
| 239 return NULL; | |
| 240 } | |
| 241 | |
| 242 bool IsWebViewRequest(net::URLRequest* request) { | |
| 243 const content::ResourceRequestInfo* info = | |
| 244 content::ResourceRequestInfo::ForRequest(request); | |
| 245 // |info| can be NULL sometimes: http://crbug.com/370070. | |
| 246 if (!info) | |
| 247 return false; | |
| 248 return WebViewRendererState::GetInstance()->IsGuest(info->GetChildID()); | |
| 249 } | |
| 250 | |
| 251 } // namespace url_request_util | |
| 252 } // namespace extensions | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 573843002:
Allows webview to access extension resources. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master