Don't share Push API message payloads unless explicitly enabled.

chrome/browser/services/gcm/push_messaging_service_impl.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/services/gcm/push_messaging_service_impl.h"
 
 #include <vector>
 
 #include "base/bind.h"
 #include "base/command_line.h"
@@ skipping 13 matching lines @@
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/grit/generated_resources.h"
 #include "components/content_settings/core/common/permission_request_id.h"
 #include "components/gcm_driver/gcm_driver.h"
 #include "components/pref_registry/pref_registry_syncable.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/child_process_host.h"
+#include "content/public/common/content_switches.h"
 #include "content/public/common/platform_notification_data.h"
 #include "third_party/skia/include/core/SkBitmap.h"
 #include "ui/base/l10n/l10n_util.h"
 
 namespace gcm {
 
 namespace {
 const int kMaxRegistrations = 1000000;
 
 blink::WebPushPermissionStatus ToPushPermission(ContentSetting setting) {
@@ skipping 97 matching lines @@
 
 void PushMessagingServiceImpl::ShutdownHandler() {
   // TODO(johnme): Do any necessary cleanup.
 }
 
 void PushMessagingServiceImpl::OnMessage(
     const std::string& app_id,
     const GCMClient::IncomingMessage& message) {
   // The Push API only exposes a single string of data in the push event fired
   // on the Service Worker. When developers send messages using GCM to the Push
-  // API, they must pass a single key-value pair, where the key is "data" and
-  // the value is the string they want to be passed to their Service Worker.
-  // For example, they could send the following JSON using the HTTPS GCM API:
+  // API and want to include a message payload, they must pass a single key-
+  // value pair, where the key is "data" and the value is the string they want
+  // to be passed to their Service Worker. For example, they could send the
+  // following JSON using the HTTPS GCM API:
   // {
   //     "registration_ids": ["FOO", "BAR"],
   //     "data": {
   //         "data": "BAZ",
   //     },
   //     "delay_while_idle": true,
   // }
   // TODO(johnme): Make sure this is clearly documented for developers.
   PushMessagingApplicationId application_id =
       PushMessagingApplicationId::Parse(app_id);
-  GCMClient::MessageData::const_iterator it = message.data.find("data");
-  if (application_id.IsValid() && it != message.data.end()) {
-    if (!HasPermission(application_id.origin)) {
-      // The |origin| lost push permission. We need to unregister and drop this
-      // message.
-      Unregister(application_id, UnregisterCallback());
-      return;
-    }
 
-    const std::string& data = it->second;
-    content::BrowserContext::DeliverPushMessage(
-        profile_,
-        application_id.origin,
-        application_id.service_worker_registration_id,
-        data,
-        base::Bind(&PushMessagingServiceImpl::DeliverMessageCallback,
-                   weak_factory_.GetWeakPtr(),
-                   application_id,
-                   message));
-  } else {
-    // Drop the message, as it is invalid.
+  // Drop messages whose application is is invalid.
+  if (!application_id.IsValid()) {
     DeliverMessageCallback(application_id, message,
                            content::PUSH_DELIVERY_STATUS_INVALID_MESSAGE);
+    return;
   }
+
+  // |origin| may have lost push permission. Unregister and drop this message.
+  if (!HasPermission(application_id.origin)) {
+    Unregister(application_id, UnregisterCallback());
+    return;
+  }
+
+  std::string data;
+
+  // TODO(peter): Message payloads are disabled pending mandatory encryption.
+  // https://crbug.com/449184
+  if (base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kEnablePushMessagePayload)) {
+    GCMClient::MessageData::const_iterator it = message.data.find("data");
+    if (it != message.data.end())
+      data = it->second;
+  }
+
+  content::BrowserContext::DeliverPushMessage(
+      profile_,
+      application_id.origin,
+      application_id.service_worker_registration_id,
+      data,
+      base::Bind(&PushMessagingServiceImpl::DeliverMessageCallback,
+                 weak_factory_.GetWeakPtr(),
+                 application_id,
+                 message));
 }
 
 void PushMessagingServiceImpl::SetProfileForTesting(Profile* profile) {
   profile_ = profile;
 }
 
 void PushMessagingServiceImpl::DeliverMessageCallback(
     const PushMessagingApplicationId& application_id,
     const GCMClient::IncomingMessage& message,
     content::PushDeliveryStatus status) {
@@ skipping 294 matching lines @@
 bool PushMessagingServiceImpl::HasPermission(const GURL& origin) {
   gcm::PushMessagingPermissionContext* permission_context =
       gcm::PushMessagingPermissionContextFactory::GetForProfile(profile_);
   DCHECK(permission_context);
 
   return permission_context->GetPermissionStatus(origin, origin) ==
       CONTENT_SETTING_ALLOW;
 }
 
 }  // namespace gcm