Merge 73784 - Reland r73760: Move most of chrome-extension:// request...

chrome/browser/extensions/extension_protocols.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/extension_protocols.h"
 
 #include <algorithm>
 
 #include "base/file_path.h"
 #include "base/logging.h"
@@ skipping 49 matching lines @@
   virtual ~URLRequestResourceBundleJob() { }
 
   // We need the filename of the resource to determine the mime type.
   FilePath filename_;
 
   // The resource bundle id to load.
   int resource_id_;
 };
 
 // Returns true if an chrome-extension:// resource should be allowed to load.
+// TODO(aa): This should be moved into ExtensionResourceRequestPolicy, but we
+// first need to find a way to get CanLoadInIncognito state into the renderers.
 bool AllowExtensionResourceLoad(net::URLRequest* request,
                                 ChromeURLRequestContext* context,
                                 const std::string& scheme) {
   const ResourceDispatcherHostRequestInfo* info =
       ResourceDispatcherHost::InfoForRequest(request);
 
   // We have seen crashes where info is NULL: crbug.com/52374.
   if (!info) {
     LOG(ERROR) << "Allowing load of " << request->url().spec()
                << "from unknown origin. Could not find user data for "
                << "request.";
     return true;
   }
 
-  GURL origin_url(info->frame_origin());
-
-  // chrome:// URLs are always allowed to load chrome-extension:// resources.
-  // The app launcher in the NTP uses this feature, as does dev tools.
-  if (origin_url.SchemeIs(chrome::kChromeDevToolsScheme) ||
-      origin_url.SchemeIs(chrome::kChromeUIScheme))
-    return true;
-
-  // Disallow loading of packaged resources for hosted apps. We don't allow
-  // hybrid hosted/packaged apps. The one exception is access to icons, since
-  // some extensions want to be able to do things like create their own
-  // launchers.
-  if (context->extension_info_map()->
-          ExtensionHasWebExtent(request->url().host())) {
-    if (!context->extension_info_map()->URLIsForExtensionIcon(request->url())) {
-      LOG(ERROR) << "Denying load of " << request->url().spec() << " from "
-                 << "hosted app.";
-      return false;
-    }
-  }
-
   // Don't allow toplevel navigations to extension resources in incognito mode.
   // This is because an extension must run in a single process, and an
   // incognito tab prevents that.
   if (context->is_off_the_record() &&
       info->resource_type() == ResourceType::MAIN_FRAME &&
       !context->extension_info_map()->
           ExtensionCanLoadInIncognito(request->url().host())) {
     LOG(ERROR) << "Denying load of " << request->url().spec() << " from "
                << "incognito tab.";
     return false;
   }
 
-  // Otherwise, pages are allowed to load resources from extensions if the
-  // extension has host permissions to (and therefore could be running script
-  // in, which might need access to the extension resources).
-  //
-  // Exceptions are:
-  // - empty origin (needed for some edge cases when we have empty origins)
-  // - chrome-extension:// (for legacy reasons -- some extensions interop)
-  // - data: (basic HTML notifications use data URLs internally)
-  if (origin_url.is_empty() ||
-      origin_url.SchemeIs(chrome::kExtensionScheme) |
-      origin_url.SchemeIs(chrome::kDataScheme)) {
-    return true;
-  } else {
-    ExtensionExtent host_permissions = context->extension_info_map()->
-        GetEffectiveHostPermissionsForExtension(request->url().host());
-    if (host_permissions.ContainsURL(origin_url)) {
-      return true;
-    } else {
-      LOG(ERROR) << "Denying load of " << request->url().spec() << " from "
-                 << origin_url.spec() << " because the extension does not have "
-                 << "access to the requesting page.";
-      return false;
-    }
-  }
+  return true;
 }
 
 }  // namespace
 
 // Factory registered with net::URLRequest to create URLRequestJobs for
 // extension:// URLs.
 static net::URLRequestJob* CreateExtensionURLRequestJob(
     net::URLRequest* request,
     const std::string& scheme) {
   ChromeURLRequestContext* context =
       static_cast<ChromeURLRequestContext*>(request->context());
 
   // TODO(mpcomplete): better error code.
-  if (!AllowExtensionResourceLoad(request, context, scheme))
+  if (!AllowExtensionResourceLoad(request, context, scheme)) {
+    LOG(ERROR) << "disallowed in extension protocols";
     return new net::URLRequestErrorJob(request, net::ERR_ADDRESS_UNREACHABLE);
+  }
 
   // chrome-extension://extension-id/resource/path.js
   const std::string& extension_id = request->url().host();
   FilePath directory_path = context->extension_info_map()->
       GetPathForExtension(extension_id);
   if (directory_path.value().empty()) {
     LOG(WARNING) << "Failed to GetPathForExtension: " << extension_id;
     return NULL;
   }
 
@@ skipping 52 matching lines @@
 
   return new net::URLRequestFileJob(request, resource.GetFilePath());
 }
 
 void RegisterExtensionProtocols() {
   net::URLRequest::RegisterProtocolFactory(chrome::kExtensionScheme,
                                            &CreateExtensionURLRequestJob);
   net::URLRequest::RegisterProtocolFactory(chrome::kUserScriptScheme,
                                            &CreateUserScriptURLRequestJob);
 }