Implement granular cross-origin XHR for extensions.

I left the temporary hack that allows all origins until we are
ready to break everything all at once.

Also, I still need to devise some way to test this.

BUG=12129

Review URL: http://codereview.chromium.org/173166

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@24089 0039d316-1c4b-4281-b951-d872f2087c98

9 files changed, 77 insertions, 19 deletions

diff --git a/chrome/browser/extensions/extension_function_dispatcher.cc b/chrome/browser/extensions/extension_function_dispatcher.cc
index 5a3bb34..812e277 100644
--- a/chrome/browser/extensions/extension_function_dispatcher.cc
+++ b/chrome/browser/extensions/extension_function_dispatcher.cc
@@ -224,8 +224,10 @@ ExtensionFunctionDispatcher::ExtensionFunctionDispatcher(
   // Update the extension permissions. Doing this each time we create an EFD
   // ensures that new processes are informed of permissions for newly installed
   // extensions.
-  render_view_host->Send(new ViewMsg_Extension_SetPermissions(
+  render_view_host->Send(new ViewMsg_Extension_SetAPIPermissions(
       extension->id(), extension->api_permissions()));
+  render_view_host->Send(new ViewMsg_Extension_SetHostPermissions(
+      extension->url(), extension->host_permissions()));
 }
 
 ExtensionFunctionDispatcher::~ExtensionFunctionDispatcher() {
diff --git a/chrome/common/render_messages.h b/chrome/common/render_messages.h
index fcbf0a4..aeda43d 100644
--- a/chrome/common/render_messages.h
+++ b/chrome/common/render_messages.h
@@ -17,6 +17,7 @@
 #include "chrome/common/common_param_traits.h"
 #include "chrome/common/css_colors.h"
 #include "chrome/common/extensions/update_manifest.h"
+#include "chrome/common/extensions/url_pattern.h"
 #include "chrome/common/filter_policy.h"
 #include "chrome/common/modal_dialog_event.h"
 #include "chrome/common/page_transition_types.h"
@@ -2103,6 +2104,25 @@ struct ParamTraits<UpdateManifest::Result> {
   }
 };
 
+// Traits for URLPattern.
+template <>
+struct ParamTraits<URLPattern> {
+  typedef URLPattern param_type;
+  static void Write(Message* m, const param_type& p) {
+    WriteParam(m, p.GetAsString());
+  }
+  static bool Read(const Message* m, void** iter, param_type* p) {
+    std::string spec;
+    if (!ReadParam(m, iter, &spec))
+      return false;
+
+    return p->Parse(spec);
+  }
+  static void Log(const param_type& p, std::wstring* l) {
+    LogParam(p.GetAsString(), l);
+  }
+};
+
 }  // namespace IPC
 
 
diff --git a/chrome/common/render_messages_internal.h b/chrome/common/render_messages_internal.h
index 6f15991..45a409b 100644
--- a/chrome/common/render_messages_internal.h
+++ b/chrome/common/render_messages_internal.h
@@ -600,10 +600,16 @@ IPC_BEGIN_MESSAGES(View)
 
   // Tell the renderer process which permissions the given extension has. See
   // Extension::Permissions for which elements correspond to which permissions.
-  IPC_MESSAGE_CONTROL2(ViewMsg_Extension_SetPermissions,
+  IPC_MESSAGE_CONTROL2(ViewMsg_Extension_SetAPIPermissions,
                        std::string /* extension_id */,
                        std::vector<std::string> /* permissions */)
 
+  // Tell the renderer process which host permissions the given extension has.
+  IPC_MESSAGE_CONTROL2(
+      ViewMsg_Extension_SetHostPermissions,
+      GURL /* source extension's origin */,
+      std::vector<URLPattern> /* URLPatterns the extension can access */)
+
   // Tell the renderer process all known page action ids for a particular
   // extension.
   IPC_MESSAGE_CONTROL2(ViewMsg_Extension_UpdatePageActions,
diff --git a/chrome/renderer/extensions/extension_process_bindings.cc b/chrome/renderer/extensions/extension_process_bindings.cc
index d28adb0..ed56ba5 100644
--- a/chrome/renderer/extensions/extension_process_bindings.cc
+++ b/chrome/renderer/extensions/extension_process_bindings.cc
@@ -6,6 +6,7 @@
 
 #include "base/singleton.h"
 #include "chrome/common/extensions/extension.h"
+#include "chrome/common/extensions/url_pattern.h"
 #include "chrome/common/render_messages.h"
 #include "chrome/common/url_constants.h"
 #include "chrome/renderer/extensions/bindings_utils.h"
@@ -16,6 +17,8 @@
 #include "grit/common_resources.h"
 #include "grit/renderer_resources.h"
 #include "webkit/api/public/WebFrame.h"
+#include "webkit/api/public/WebURL.h"
+#include "webkit/api/public/WebKit.h"
 
 using bindings_utils::GetStringResource;
 using bindings_utils::ContextInfo;
@@ -326,18 +329,31 @@ void ExtensionProcessBindings::SetPageActions(
 }
 
 // static
-void ExtensionProcessBindings::SetPermissions(
+void ExtensionProcessBindings::SetAPIPermissions(
     const std::string& extension_id,
     const std::vector<std::string>& permissions) {
   PermissionsMap& permissions_map = *GetPermissionsMap(extension_id);
 
-  // Default all permissions to false, then enable the ones in the vector.
+  // Default all the API permissions to off. We will reset them below.
   for (size_t i = 0; i < Extension::kNumPermissions; ++i)
     permissions_map[Extension::kPermissionNames[i]] = false;
   for (size_t i = 0; i < permissions.size(); ++i)
     permissions_map[permissions[i]] = true;
 }
 
+// static
+void ExtensionProcessBindings::SetHostPermissions(
+    const GURL& extension_url,
+    const std::vector<URLPattern>& permissions) {
+  for (size_t i = 0; i < permissions.size(); ++i) {
+    WebKit::whiteListAccessFromOrigin(
+        extension_url,
+        WebKit::WebString::fromUTF8(permissions[i].scheme()),
+        WebKit::WebString::fromUTF8(permissions[i].host()),
+        permissions[i].match_subdomains());
+  }
+}
+
 // Given a name like "tabs.onConnect", return the permission name required
 // to access that API ("tabs" in this example).
 static std::string GetPermissionName(const std::string& function_name) {
diff --git a/chrome/renderer/extensions/extension_process_bindings.h b/chrome/renderer/extensions/extension_process_bindings.h
index dd212c5..bea3e91 100644
--- a/chrome/renderer/extensions/extension_process_bindings.h
+++ b/chrome/renderer/extensions/extension_process_bindings.h
@@ -13,6 +13,9 @@
 
 #include "v8/include/v8.h"
 
+class GURL;
+class URLPattern;
+
 class ExtensionProcessBindings {
  public:
   static void SetFunctionNames(const std::vector<std::string>& names);
@@ -27,9 +30,13 @@ class ExtensionProcessBindings {
   static void SetPageActions(const std::string& extension_id,
                              const std::vector<std::string>& page_actions);
 
-  // Sets the permissions for a particular extension.
-  static void SetPermissions(const std::string& extension_id,
-                             const std::vector<std::string>& permissions);
+  // Sets the API permissions for a particular extension.
+  static void SetAPIPermissions(const std::string& extension_id,
+                                const std::vector<std::string>& permissions);
+
+  // Sets the host permissions for a particular extension.
+  static void SetHostPermissions(const GURL& extension_url,
+                                const std::vector<URLPattern>& permissions);
 
   // Check if the extension in the currently running context has permission to
   // access the given extension function. Must be called with a valid V8
diff --git a/chrome/renderer/render_thread.cc b/chrome/renderer/render_thread.cc
index b160bed..af5e4c5 100644
--- a/chrome/renderer/render_thread.cc
+++ b/chrome/renderer/render_thread.cc
@@ -196,10 +196,15 @@ void RenderThread::OnPageActionsUpdated(
   ExtensionProcessBindings::SetPageActions(extension_id, page_actions);
 }
 
-void RenderThread::OnExtensionSetPermissions(
+void RenderThread::OnExtensionSetAPIPermissions(
     const std::string& extension_id,
     const std::vector<std::string>& permissions) {
-  ExtensionProcessBindings::SetPermissions(extension_id, permissions);
+  ExtensionProcessBindings::SetAPIPermissions(extension_id, permissions);
+}
+
+void RenderThread::OnExtensionSetHostPermissions(
+    const GURL& extension_url, const std::vector<URLPattern>& permissions) {
+  ExtensionProcessBindings::SetHostPermissions(extension_url, permissions);
 }
 
 void RenderThread::OnControlMessageReceived(const IPC::Message& msg) {
@@ -233,8 +238,10 @@ void RenderThread::OnControlMessageReceived(const IPC::Message& msg) {
                         OnPurgePluginListCache)
     IPC_MESSAGE_HANDLER(ViewMsg_Extension_UpdatePageActions,
                         OnPageActionsUpdated)
-    IPC_MESSAGE_HANDLER(ViewMsg_Extension_SetPermissions,
-                        OnExtensionSetPermissions)
+    IPC_MESSAGE_HANDLER(ViewMsg_Extension_SetAPIPermissions,
+                        OnExtensionSetAPIPermissions)
+    IPC_MESSAGE_HANDLER(ViewMsg_Extension_SetHostPermissions,
+                        OnExtensionSetHostPermissions)
   IPC_END_MESSAGE_MAP()
 }
 
diff --git a/chrome/renderer/render_thread.h b/chrome/renderer/render_thread.h
index 4df083f..5c22236 100644
--- a/chrome/renderer/render_thread.h
+++ b/chrome/renderer/render_thread.h
@@ -22,12 +22,13 @@ class DBMessageFilter;
 class DevToolsAgentFilter;
 class FilePath;
 class ListValue;
-
 class RenderDnsMaster;
 class RendererHistogram;
 class RendererWebKitClientImpl;
 class SkBitmap;
 class UserScriptSlave;
+class URLPattern;
+
 struct ModalDialogEvent;
 struct RendererPreferences;
 struct WebPreferences;
@@ -130,8 +131,10 @@ class RenderThread : public RenderThreadBase,
   void OnSetExtensionFunctionNames(const std::vector<std::string>& names);
   void OnPageActionsUpdated(const std::string& extension_id,
                             const std::vector<std::string>& page_actions);
-  void OnExtensionSetPermissions(const std::string& extension_id,
-                                 const std::vector<std::string>& permissions);
+  void OnExtensionSetAPIPermissions(const std::string& extension_id,
+                                    const std::vector<std::string>& permissions);
+  void OnExtensionSetHostPermissions(const GURL& extension_url,
+                                     const std::vector<URLPattern>& permissions);
   void OnSetNextPageID(int32 next_page_id);
   void OnSetCSSColors(const std::vector<CSSColors::CSSColorMapping>& colors);
   void OnCreateNewView(gfx::NativeViewId parent_hwnd,
diff --git a/chrome/renderer/render_view.cc b/chrome/renderer/render_view.cc
index 23c916b..7d2d9f7 100644
--- a/chrome/renderer/render_view.cc
+++ b/chrome/renderer/render_view.cc
@@ -1567,10 +1567,7 @@ void RenderView::WindowObjectCleared(WebFrame* frame) {
 }
 
 void RenderView::DocumentElementAvailable(WebFrame* frame) {
-  // TODO(mpcomplete): remove this before Chrome extensions ship.
-  // HACK.  This is a temporary workaround to allow cross-origin XHR for Chrome
-  // extensions.  It grants full access to every origin, when we really want
-  // to be able to restrict them more specifically.
+  // TODO(aa): Remove this before dev release.
   GURL url = frame->url();
   if (url.SchemeIs(chrome::kExtensionScheme))
     frame->grantUniversalAccess();
diff --git a/chrome/test/render_view_test.cc b/chrome/test/render_view_test.cc
index 2530dbe..134256b 100644
--- a/chrome/test/render_view_test.cc
+++ b/chrome/test/render_view_test.cc
@@ -84,7 +84,7 @@ void RenderViewTest::SetUp() {
   std::vector<std::string> permissions(
       Extension::kPermissionNames,
       Extension::kPermissionNames + Extension::kNumPermissions);
-  ExtensionProcessBindings::SetPermissions("", permissions);
+  ExtensionProcessBindings::SetAPIPermissions("", permissions);
 
   mock_process_.reset(new MockProcess());