Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(278)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/common/csp_validator.cc

Issue 673183003: Allow *.googleapis.com to be used in CSP (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | extensions/common/csp_validator_unittest.cc » ('j') | extensions/common/csp_validator_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/common/csp_validator.h" 5 #include "extensions/common/csp_validator.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/strings/string_split.h" 9 #include "base/strings/string_split.h"
10 #include "base/strings/string_tokenizer.h" 10 #include "base/strings/string_tokenizer.h"
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after
80 } 80 }
81 81
82 std::string host(url, start_of_host, end_of_host - start_of_host); 82 std::string host(url, start_of_host, end_of_host - start_of_host);
83 // Global wildcards are not allowed. 83 // Global wildcards are not allowed.
84 if (host.empty() || host.find("*") != std::string::npos) 84 if (host.empty() || host.find("*") != std::string::npos)
85 return false; 85 return false;
86 86
87 if (!is_wildcard_subdomain || !should_check_rcd) 87 if (!is_wildcard_subdomain || !should_check_rcd)
88 return true; 88 return true;
89 89
90 // Allow *.googleapis.com to be whitelisted for backwards-compatibility.
91 // AWS has registered several public suffixes but hosts the user-generated
92 // content directly under the public suffix without a subdomain.
not at google - send to devlin 2014/10/24 22:16:51 Reference that bug here. Also some examples in the
robwu 2014/10/24 22:34:08 Done.
93 if (host == "googleapis.com" || EndsWith(host, ".amazonaws.com", true))
94 return true;
95
90 // Wildcards on subdomains of a TLD are not allowed. 96 // Wildcards on subdomains of a TLD are not allowed.
91 size_t registry_length = net::registry_controlled_domains::GetRegistryLength( 97 size_t registry_length = net::registry_controlled_domains::GetRegistryLength(
92 host, 98 host,
93 net::registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES, 99 net::registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES,
94 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); 100 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);
95 return registry_length != 0; 101 return registry_length != 0;
96 } 102 }
97 103
98 bool HasOnlySecureTokens(base::StringTokenizer& tokenizer, 104 bool HasOnlySecureTokens(base::StringTokenizer& tokenizer,
99 Manifest::Type type) { 105 Manifest::Type type) {
(...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after
237 } 243 }
238 } 244 }
239 } 245 }
240 246
241 return seen_sandbox; 247 return seen_sandbox;
242 } 248 }
243 249
244 } // namespace csp_validator 250 } // namespace csp_validator
245 251
246 } // namespace extensions 252 } // namespace extensions
OLDNEW
« no previous file with comments | « no previous file | extensions/common/csp_validator_unittest.cc » ('j') | extensions/common/csp_validator_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698