chrome/browser/resources/cryptotoken/signer.js - Issue 847193003: Don't allow HTTP origins for the CryptoToken extension. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(259)

My Issues | Starred Open | Closed | All

Side by Side Diff: chrome/browser/resources/cryptotoken/signer.js

Issue 847193003: Don't allow HTTP origins for the CryptoToken extension. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « chrome/browser/resources/cryptotoken/enroller.js ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 /**	5 /**

6 * @fileoverview Handles web page requests for gnubby sign requests.	6 * @fileoverview Handles web page requests for gnubby sign requests.

7 *	7 *

8 */	8 */

9	9

10 'use strict';	10 'use strict';

(...skipping 25 matching lines...) Expand all Loading...
36 'browserData');	36 'browserData');

37 var response = makeWebSuccessResponse(request, responseData);	37 var response = makeWebSuccessResponse(request, responseData);

38 sendResponseOnce(sentResponse, queuedSignRequest, response, sendResponse);	38 sendResponseOnce(sentResponse, queuedSignRequest, response, sendResponse);

39 }	39 }

40	40

41 var sender = createSenderFromMessageSender(messageSender);	41 var sender = createSenderFromMessageSender(messageSender);

42 if (!sender) {	42 if (!sender) {

43 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});	43 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});

44 return null;	44 return null;

45 }	45 }

	46 if (sender.origin.indexOf('http://') == 0 && !HTTP_ORIGINS_ALLOWED) {

	47 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});

	48 return null;

	49 }

46	50

47 queuedSignRequest =	51 queuedSignRequest =

48 validateAndEnqueueSignRequest(	52 validateAndEnqueueSignRequest(

49 sender, request, 'signData', sendErrorResponse,	53 sender, request, 'signData', sendErrorResponse,

50 sendSuccessResponse);	54 sendSuccessResponse);

51 return queuedSignRequest;	55 return queuedSignRequest;

52 }	56 }

53	57

54 /**	58 /**

55 * Handles a U2F sign request.	59 * Handles a U2F sign request.

(...skipping 19 matching lines...) Expand all Loading...
75 'clientData');	79 'clientData');

76 var response = makeU2fSuccessResponse(request, responseData);	80 var response = makeU2fSuccessResponse(request, responseData);

77 sendResponseOnce(sentResponse, queuedSignRequest, response, sendResponse);	81 sendResponseOnce(sentResponse, queuedSignRequest, response, sendResponse);

78 }	82 }

79	83

80 var sender = createSenderFromMessageSender(messageSender);	84 var sender = createSenderFromMessageSender(messageSender);

81 if (!sender) {	85 if (!sender) {

82 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});	86 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});

83 return null;	87 return null;

84 }	88 }

	89 if (sender.origin.indexOf('http://') == 0 && !HTTP_ORIGINS_ALLOWED) {

	90 sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST});

	91 return null;

	92 }

85	93

86 queuedSignRequest =	94 queuedSignRequest =

87 validateAndEnqueueSignRequest(	95 validateAndEnqueueSignRequest(

88 sender, request, 'signRequests', sendErrorResponse,	96 sender, request, 'signRequests', sendErrorResponse,

89 sendSuccessResponse);	97 sendSuccessResponse);

90 return queuedSignRequest;	98 return queuedSignRequest;

91 }	99 }

92	100

93 /**	101 /**

94 * Creates a base U2F responseData object from the server challenge.	102 * Creates a base U2F responseData object from the server challenge.

(...skipping 501 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
596	604

597 var key = reply.responseData['keyHandle'];	605 var key = reply.responseData['keyHandle'];

598 var browserData = this.browserData_[key];	606 var browserData = this.browserData_[key];

599 // Notify with server-provided challenge, not the encoded one: the	607 // Notify with server-provided challenge, not the encoded one: the

600 // server-provided challenge contains additional fields it relies on.	608 // server-provided challenge contains additional fields it relies on.

601 var serverChallenge = this.serverChallenges_[key];	609 var serverChallenge = this.serverChallenges_[key];

602 this.notifySuccess_(serverChallenge, reply.responseData.signatureData,	610 this.notifySuccess_(serverChallenge, reply.responseData.signatureData,

603 browserData);	611 browserData);

604 }	612 }

605 };	613 };

OLD	NEW

« no previous file with comments | « chrome/browser/resources/cryptotoken/enroller.js ('k') | no next file » | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698