Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(232)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/resources/cryptotoken/enroller.js

Issue 847193003: Don't allow HTTP origins for the CryptoToken extension. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/resources/cryptotoken/cryptotokenbackground.js ('k') | chrome/browser/resources/cryptotoken/signer.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 /** 5 /**
6 * @fileoverview Handles web page requests for gnubby enrollment. 6 * @fileoverview Handles web page requests for gnubby enrollment.
7 */ 7 */
8 8
9 'use strict'; 9 'use strict';
10 10
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
43 43
44 function timeout() { 44 function timeout() {
45 sendErrorResponse({errorCode: ErrorCodes.TIMEOUT}); 45 sendErrorResponse({errorCode: ErrorCodes.TIMEOUT});
46 } 46 }
47 47
48 var sender = createSenderFromMessageSender(messageSender); 48 var sender = createSenderFromMessageSender(messageSender);
49 if (!sender) { 49 if (!sender) {
50 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST}); 50 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});
51 return null; 51 return null;
52 } 52 }
53 if (sender.origin.indexOf('http://') == 0 && !HTTP_ORIGINS_ALLOWED) {
54 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});
55 return null;
56 }
53 57
54 if (!isValidEnrollRequest(request, 'enrollChallenges', 'signData')) { 58 if (!isValidEnrollRequest(request, 'enrollChallenges', 'signData')) {
55 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST}); 59 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});
56 return null; 60 return null;
57 } 61 }
58 62
59 var timeoutValueSeconds = getTimeoutValueFromRequest(request); 63 var timeoutValueSeconds = getTimeoutValueFromRequest(request);
60 // Attenuate watchdog timeout value less than the enroller's timeout, so the 64 // Attenuate watchdog timeout value less than the enroller's timeout, so the
61 // watchdog only fires after the enroller could reasonably have called back, 65 // watchdog only fires after the enroller could reasonably have called back,
62 // not before. 66 // not before.
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
117 121
118 function timeout() { 122 function timeout() {
119 sendErrorResponse({errorCode: ErrorCodes.TIMEOUT}); 123 sendErrorResponse({errorCode: ErrorCodes.TIMEOUT});
120 } 124 }
121 125
122 var sender = createSenderFromMessageSender(messageSender); 126 var sender = createSenderFromMessageSender(messageSender);
123 if (!sender) { 127 if (!sender) {
124 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST}); 128 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});
125 return null; 129 return null;
126 } 130 }
131 if (sender.origin.indexOf('http://') == 0 && !HTTP_ORIGINS_ALLOWED) {
132 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});
133 return null;
134 }
127 135
128 if (!isValidEnrollRequest(request, 'registerRequests', 'signRequests', 136 if (!isValidEnrollRequest(request, 'registerRequests', 'signRequests',
129 'registeredKeys')) { 137 'registeredKeys')) {
130 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST}); 138 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});
131 return null; 139 return null;
132 } 140 }
133 141
134 var timeoutValueSeconds = getTimeoutValueFromRequest(request); 142 var timeoutValueSeconds = getTimeoutValueFromRequest(request);
135 // Attenuate watchdog timeout value less than the enroller's timeout, so the 143 // Attenuate watchdog timeout value less than the enroller's timeout, so the
136 // watchdog only fires after the enroller could reasonably have called back, 144 // watchdog only fires after the enroller could reasonably have called back,
(...skipping 525 matching lines...) Expand 10 before | Expand all | Expand 10 after
662 // For U2F_V2, the challenge sent to the gnubby is modified to be the hash 670 // For U2F_V2, the challenge sent to the gnubby is modified to be the hash
663 // of the browser data. Include the browser data. 671 // of the browser data. Include the browser data.
664 browserData = this.browserData_[reply.version]; 672 browserData = this.browserData_[reply.version];
665 } 673 }
666 674
667 this.notifySuccess_(/** @type {string} */ (reply.version), 675 this.notifySuccess_(/** @type {string} */ (reply.version),
668 /** @type {string} */ (reply.enrollData), 676 /** @type {string} */ (reply.enrollData),
669 browserData); 677 browserData);
670 } 678 }
671 }; 679 };
OLDNEW
« no previous file with comments | « chrome/browser/resources/cryptotoken/cryptotokenbackground.js ('k') | chrome/browser/resources/cryptotoken/signer.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698