Index: chrome/browser/extensions/extension_webrequest_api.cc |
=================================================================== |
--- chrome/browser/extensions/extension_webrequest_api.cc (revision 116900) |
+++ chrome/browser/extensions/extension_webrequest_api.cc (working copy) |
@@ -1,4 +1,4 @@ |
-// Copyright (c) 2011 The Chromium Authors. All rights reserved. |
+// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
// Use of this source code is governed by a BSD-style license that can be |
// found in the LICENSE file. |
@@ -10,6 +10,7 @@ |
#include "base/json/json_writer.h" |
#include "base/metrics/histogram.h" |
#include "base/string_number_conversions.h" |
+#include "base/string_util.h" |
#include "base/time.h" |
#include "base/utf_string_conversions.h" |
#include "base/values.h" |
@@ -28,6 +29,7 @@ |
#include "chrome/browser/renderer_host/chrome_render_message_filter.h" |
#include "chrome/browser/renderer_host/web_cache_manager.h" |
#include "chrome/common/extensions/extension.h" |
+#include "chrome/common/extensions/extension_constants.h" |
#include "chrome/common/extensions/extension_error_utils.h" |
#include "chrome/common/extensions/extension_messages.h" |
#include "chrome/common/extensions/url_pattern.h" |
@@ -133,6 +135,22 @@ |
return extension_info_map->process_map().Contains(info->child_id()); |
} |
+// Returns true if the URL is sensitive and requests to this URL must not be |
+// modified/canceled by extensions, e.g. because it is targeted to the webstore |
+// to check for updates, extension blacklisting, etc. |
+bool IsSensitiveURL(const GURL& url) { |
+ bool is_webstore_gallery_url = |
+ StartsWithASCII(url.spec(), extension_urls::kGalleryBrowsePrefix, true); |
+ bool is_google_com_chrome_url = |
+ EndsWith(url.host(), "google.com", true) && |
+ StartsWithASCII(url.path(), "/chrome", true); |
+ std::string url_without_query = |
+ url.spec().substr(0, url.spec().find_first_of('?')); |
+ return is_webstore_gallery_url || is_google_com_chrome_url || |
+ extension_urls::IsWebstoreUpdateUrl(GURL(url_without_query)) || |
+ extension_urls::IsBlacklistUpdateUrl(url); |
+} |
+ |
// Returns true if the scheme is one we want to allow extensions to have access |
// to. Extensions still need specific permissions for a given URL, which is |
// covered by CanExtensionAccessURL. |
@@ -145,6 +163,11 @@ |
url.SchemeIs(chrome::kExtensionScheme)); |
} |
+// Returns true if requests for |url| shall not be reported to extensions. |
+bool HideRequestForURL(const GURL& url) { |
+ return IsSensitiveURL(url) || !HasWebRequestScheme(url); |
+} |
+ |
bool CanExtensionAccessURL(const Extension* extension, const GURL& url) { |
// about: URLs are not covered in host permissions, but are allowed anyway. |
return (url.SchemeIs(chrome::kAboutScheme) || |
@@ -526,16 +549,13 @@ |
net::URLRequest* request, |
const net::CompletionCallback& callback, |
GURL* new_url) { |
- // TODO(jochen): Figure out what to do with events from the system context. |
- if (!profile) |
+ // We hide events from the system context as well as sensitive requests. |
+ if (!profile || HideRequestForURL(request->url())) |
return net::OK; |
if (IsPageLoad(request)) |
NotifyPageLoad(); |
- if (!HasWebRequestScheme(request->url())) |
- return net::OK; |
- |
request_time_tracker_->LogRequestStartTime(request->identifier(), |
base::Time::Now(), |
request->url(), |
@@ -572,13 +592,10 @@ |
net::URLRequest* request, |
const net::CompletionCallback& callback, |
net::HttpRequestHeaders* headers) { |
- // TODO(jochen): Figure out what to do with events from the system context. |
- if (!profile) |
+ // We hide events from the system context as well as sensitive requests. |
+ if (!profile || HideRequestForURL(request->url())) |
return net::OK; |
- if (!HasWebRequestScheme(request->url())) |
- return net::OK; |
- |
if (GetAndSetSignaled(request->identifier(), kOnBeforeSendHeaders)) |
return net::OK; |
@@ -612,12 +629,10 @@ |
ExtensionInfoMap* extension_info_map, |
net::URLRequest* request, |
const net::HttpRequestHeaders& headers) { |
- if (!profile) |
+ // We hide events from the system context as well as sensitive requests. |
+ if (!profile || HideRequestForURL(request->url())) |
return; |
- if (!HasWebRequestScheme(request->url())) |
- return; |
- |
if (GetAndSetSignaled(request->identifier(), kOnSendHeaders)) |
return; |
@@ -647,12 +662,10 @@ |
const net::CompletionCallback& callback, |
net::HttpResponseHeaders* original_response_headers, |
scoped_refptr<net::HttpResponseHeaders>* override_response_headers) { |
- if (!profile) |
+ // We hide events from the system context as well as sensitive requests. |
+ if (!profile || HideRequestForURL(request->url())) |
return net::OK; |
- if (!HasWebRequestScheme(request->url())) |
- return net::OK; |
- |
int extra_info_spec = 0; |
std::vector<const EventListener*> listeners = |
GetMatchingListeners(profile, extension_info_map, |
@@ -698,13 +711,10 @@ |
const net::NetworkDelegate::AuthCallback& callback, |
net::AuthCredentials* credentials) { |
// No profile means that this is for authentication challenges in the |
- // system context. Skip in that case. |
- if (!profile) |
+ // system context. Skip in that case. Also skip sensitive requests. |
+ if (!profile || HideRequestForURL(request->url())) |
return net::NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION; |
- if (!HasWebRequestScheme(request->url())) |
- return net::NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION; |
- |
int extra_info_spec = 0; |
std::vector<const EventListener*> listeners = |
GetMatchingListeners(profile, extension_info_map, |
@@ -746,12 +756,10 @@ |
ExtensionInfoMap* extension_info_map, |
net::URLRequest* request, |
const GURL& new_location) { |
- if (!profile) |
+ // We hide events from the system context as well as sensitive requests. |
+ if (!profile || HideRequestForURL(request->url())) |
return; |
- if (!HasWebRequestScheme(request->url())) |
- return; |
- |
if (GetAndSetSignaled(request->identifier(), kOnBeforeRedirect)) |
return; |
@@ -793,12 +801,10 @@ |
void* profile, |
ExtensionInfoMap* extension_info_map, |
net::URLRequest* request) { |
- if (!profile) |
+ // We hide events from the system context as well as sensitive requests. |
+ if (!profile || HideRequestForURL(request->url())) |
return; |
- if (!HasWebRequestScheme(request->url())) |
- return; |
- |
// OnResponseStarted is even triggered, when the request was cancelled. |
if (request->status().status() != net::URLRequestStatus::SUCCESS) |
return; |
@@ -838,12 +844,10 @@ |
void* profile, |
ExtensionInfoMap* extension_info_map, |
net::URLRequest* request) { |
- if (!profile) |
+ // We hide events from the system context as well as sensitive requests. |
+ if (!profile || HideRequestForURL(request->url())) |
return; |
- if (!HasWebRequestScheme(request->url())) |
- return; |
- |
request_time_tracker_->LogRequestEndTime(request->identifier(), |
base::Time::Now()); |
@@ -886,10 +890,8 @@ |
void* profile, |
ExtensionInfoMap* extension_info_map, |
net::URLRequest* request) { |
- if (!profile) |
- return; |
- |
- if (!HasWebRequestScheme(request->url())) |
+ // We hide events from the system context as well as sensitive requests. |
+ if (!profile || HideRequestForURL(request->url())) |
return; |
request_time_tracker_->LogRequestEndTime(request->identifier(), |