| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/url_request_util.h" | 5 #include "chrome/browser/extensions/url_request_util.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
| 10 #include "base/memory/weak_ptr.h" | 10 #include "base/memory/weak_ptr.h" |
| 11 #include "base/path_service.h" | 11 #include "base/path_service.h" |
| 12 #include "base/strings/string_number_conversions.h" | 12 #include "base/strings/string_number_conversions.h" |
| 13 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
| 14 #include "base/strings/stringprintf.h" | 14 #include "base/strings/stringprintf.h" |
| 15 #include "base/task_runner_util.h" | 15 #include "base/task_runner_util.h" |
| 16 #include "chrome/common/chrome_paths.h" | 16 #include "chrome/common/chrome_paths.h" |
| 17 #include "chrome/common/extensions/manifest_url_handler.h" | 17 #include "chrome/common/extensions/manifest_url_handler.h" |
| 18 #include "content/public/browser/browser_thread.h" | 18 #include "content/public/browser/browser_thread.h" |
| 19 #include "content/public/browser/resource_request_info.h" | 19 #include "content/public/browser/resource_request_info.h" |
| 20 #include "extensions/browser/component_extension_resource_manager.h" | 20 #include "extensions/browser/component_extension_resource_manager.h" |
| 21 #include "extensions/browser/extension_protocols.h" | 21 #include "extensions/browser/extension_protocols.h" |
| 22 #include "extensions/browser/extensions_browser_client.h" | 22 #include "extensions/browser/extensions_browser_client.h" |
| 23 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" | |
| 24 #include "extensions/browser/info_map.h" | 23 #include "extensions/browser/info_map.h" |
| 24 #include "extensions/browser/url_request_util.h" |
| 25 #include "extensions/common/file_util.h" | 25 #include "extensions/common/file_util.h" |
| 26 #include "extensions/common/manifest_handlers/icons_handler.h" | |
| 27 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h" | |
| 28 #include "extensions/common/manifest_handlers/webview_info.h" | |
| 29 #include "net/base/mime_util.h" | 26 #include "net/base/mime_util.h" |
| 30 #include "net/base/net_errors.h" | 27 #include "net/base/net_errors.h" |
| 31 #include "net/http/http_request_headers.h" | 28 #include "net/http/http_request_headers.h" |
| 32 #include "net/http/http_response_headers.h" | 29 #include "net/http/http_response_headers.h" |
| 33 #include "net/http/http_response_info.h" | 30 #include "net/http/http_response_info.h" |
| 34 #include "net/url_request/url_request.h" | 31 #include "net/url_request/url_request.h" |
| 35 #include "net/url_request/url_request_simple_job.h" | 32 #include "net/url_request/url_request_simple_job.h" |
| 36 #include "ui/base/resource/resource_bundle.h" | 33 #include "ui/base/resource/resource_bundle.h" |
| 37 | 34 |
| 38 using content::BrowserThread; | 35 using content::BrowserThread; |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 126 net::HttpResponseInfo response_info_; | 123 net::HttpResponseInfo response_info_; |
| 127 | 124 |
| 128 mutable base::WeakPtrFactory<URLRequestResourceBundleJob> weak_factory_; | 125 mutable base::WeakPtrFactory<URLRequestResourceBundleJob> weak_factory_; |
| 129 }; | 126 }; |
| 130 | 127 |
| 131 } // namespace | 128 } // namespace |
| 132 | 129 |
| 133 namespace extensions { | 130 namespace extensions { |
| 134 namespace url_request_util { | 131 namespace url_request_util { |
| 135 | 132 |
| 136 bool AllowCrossRendererResourceLoad(net::URLRequest* request, | 133 bool ChromeAllowCrossRendererResourceLoad(net::URLRequest* request, |
| 137 bool is_incognito, | 134 bool is_incognito, |
| 138 const Extension* extension, | 135 const Extension* extension, |
| 139 InfoMap* extension_info_map) { | 136 InfoMap* extension_info_map, |
| 140 const content::ResourceRequestInfo* info = | 137 bool* allowed) { |
| 141 content::ResourceRequestInfo::ForRequest(request); | 138 if (AllowCrossRendererResourceLoad( |
| 142 | 139 request, is_incognito, extension, extension_info_map, allowed)) { |
| 143 bool is_guest = false; | |
| 144 | |
| 145 // Extensions with webview: allow loading certain resources by guest renderers | |
| 146 // with privileged partition IDs as specified in the manifest file. | |
| 147 WebViewRendererState* web_view_renderer_state = | |
| 148 WebViewRendererState::GetInstance(); | |
| 149 std::string partition_id; | |
| 150 is_guest = web_view_renderer_state->GetPartitionID(info->GetChildID(), | |
| 151 &partition_id); | |
| 152 std::string resource_path = request->url().path(); | |
| 153 if (is_guest && WebviewInfo::IsResourceWebviewAccessible( | |
| 154 extension, partition_id, resource_path)) { | |
| 155 return true; | |
| 156 } | |
| 157 | |
| 158 // If the request is for navigations outside of webviews, then it should be | |
| 159 // allowed. The navigation logic in CrossSiteResourceHandler will properly | |
| 160 // transfer the navigation to a privileged process before it commits. | |
| 161 if (content::IsResourceTypeFrame(info->GetResourceType()) && !is_guest) | |
| 162 return true; | |
| 163 | |
| 164 if (!content::PageTransitionIsWebTriggerable(info->GetPageTransition())) | |
| 165 return false; | |
| 166 | |
| 167 // The following checks require that we have an actual extension object. If we | |
| 168 // don't have it, allow the request handling to continue with the rest of the | |
| 169 // checks. | |
| 170 if (!extension) | |
| 171 return true; | |
| 172 | |
| 173 // Disallow loading of packaged resources for hosted apps. We don't allow | |
| 174 // hybrid hosted/packaged apps. The one exception is access to icons, since | |
| 175 // some extensions want to be able to do things like create their own | |
| 176 // launchers. | |
| 177 std::string resource_root_relative_path = | |
| 178 request->url().path().empty() ? std::string() | |
| 179 : request->url().path().substr(1); | |
| 180 if (extension->is_hosted_app() && | |
| 181 !IconsInfo::GetIcons(extension) | |
| 182 .ContainsPath(resource_root_relative_path)) { | |
| 183 LOG(ERROR) << "Denying load of " << request->url().spec() << " from " | |
| 184 << "hosted app."; | |
| 185 return false; | |
| 186 } | |
| 187 | |
| 188 // Extensions with web_accessible_resources: allow loading by regular | |
| 189 // renderers. Since not all subresources are required to be listed in a v2 | |
| 190 // manifest, we must allow all loads if there are any web accessible | |
| 191 // resources. See http://crbug.com/179127. | |
| 192 if (extension->manifest_version() < 2 || | |
| 193 WebAccessibleResourcesInfo::HasWebAccessibleResources(extension)) { | |
| 194 return true; | 140 return true; |
| 195 } | 141 } |
| 196 | 142 |
| 197 // If there aren't any explicitly marked web accessible resources, the | 143 // If there aren't any explicitly marked web accessible resources, the |
| 198 // load should be allowed only if it is by DevTools. A close approximation is | 144 // load should be allowed only if it is by DevTools. A close approximation is |
| 199 // checking if the extension contains a DevTools page. | 145 // checking if the extension contains a DevTools page. |
| 200 if (!ManifestURL::GetDevToolsPage(extension).is_empty()) | 146 if (!ManifestURL::GetDevToolsPage(extension).is_empty()) { |
| 147 *allowed = true; |
| 201 return true; | 148 return true; |
| 149 } |
| 202 | 150 |
| 203 // No special exception. Block the load. | 151 // Couldn't determine if the resource is allowed or not. |
| 204 return false; | 152 return false; |
| 205 } | 153 } |
| 206 | 154 |
| 207 net::URLRequestJob* MaybeCreateURLRequestResourceBundleJob( | 155 net::URLRequestJob* MaybeCreateURLRequestResourceBundleJob( |
| 208 net::URLRequest* request, | 156 net::URLRequest* request, |
| 209 net::NetworkDelegate* network_delegate, | 157 net::NetworkDelegate* network_delegate, |
| 210 const base::FilePath& directory_path, | 158 const base::FilePath& directory_path, |
| 211 const std::string& content_security_policy, | 159 const std::string& content_security_policy, |
| 212 bool send_cors_header) { | 160 bool send_cors_header) { |
| 213 base::FilePath resources_path; | 161 base::FilePath resources_path; |
| (...skipping 18 matching lines...) Expand all Loading... |
| 232 network_delegate, | 180 network_delegate, |
| 233 relative_path, | 181 relative_path, |
| 234 resource_id, | 182 resource_id, |
| 235 content_security_policy, | 183 content_security_policy, |
| 236 send_cors_header); | 184 send_cors_header); |
| 237 } | 185 } |
| 238 } | 186 } |
| 239 return NULL; | 187 return NULL; |
| 240 } | 188 } |
| 241 | 189 |
| 242 bool IsWebViewRequest(net::URLRequest* request) { | |
| 243 const content::ResourceRequestInfo* info = | |
| 244 content::ResourceRequestInfo::ForRequest(request); | |
| 245 // |info| can be NULL sometimes: http://crbug.com/370070. | |
| 246 if (!info) | |
| 247 return false; | |
| 248 return WebViewRendererState::GetInstance()->IsGuest(info->GetChildID()); | |
| 249 } | |
| 250 | |
| 251 } // namespace url_request_util | 190 } // namespace url_request_util |
| 252 } // namespace extensions | 191 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 573843002:
Allows webview to access extension resources. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master