diff options
| author | Xiyuan Xia <xiyuan@chromium.org> | 2015-01-15 09:54:00 -0800 |
|---|---|---|
| committer | Xiyuan Xia <xiyuan@chromium.org> | 2015-01-15 17:55:15 +0000 |
| commit | 2290285b91630dd8fb5ece8fe39072a7745c9aa6 (patch) | |
| tree | 20c826718a63eea5cb08ff5387377855f27b937c | |
| parent | e0f818fa4fe75b9b0353e9729fbaf8debe9ea903 (diff) | |
| download | chromium_src-2290285b91630dd8fb5ece8fe39072a7745c9aa6.zip chromium_src-2290285b91630dd8fb5ece8fe39072a7745c9aa6.tar.gz chromium_src-2290285b91630dd8fb5ece8fe39072a7745c9aa6.tar.bz2 | |
Merge "Don't allow HTTP origins for the CryptoToken extension."
> BUG=448214
>
> Review URL: https://codereview.chromium.org/847193003
>
> Cr-Commit-Position: refs/heads/master@{#311410}
> (cherry picked from commit 0ee19a51ca3622065360d895415feb0bef6a3a06)
TBR=juanlang@chromium.org
Review URL: https://codereview.chromium.org/845403005
Cr-Commit-Position: refs/branch-heads/2272@{#22}
Cr-Branched-From: 827a380cfdb31aa54c8d56e63ce2c3fd8c3ba4d4-refs/heads/master@{#310958}
| -rw-r--r-- | chrome/browser/resources/cryptotoken/cryptotokenbackground.js | 3 | ||||
| -rw-r--r-- | chrome/browser/resources/cryptotoken/enroller.js | 8 | ||||
| -rw-r--r-- | chrome/browser/resources/cryptotoken/signer.js | 8 |
3 files changed, 19 insertions, 0 deletions
diff --git a/chrome/browser/resources/cryptotoken/cryptotokenbackground.js b/chrome/browser/resources/cryptotoken/cryptotokenbackground.js index 702023a..800cdf8 100644 --- a/chrome/browser/resources/cryptotoken/cryptotokenbackground.js +++ b/chrome/browser/resources/cryptotoken/cryptotokenbackground.js @@ -12,6 +12,9 @@ var BROWSER_SUPPORTS_TLS_CHANNEL_ID = true; /** @const */ +var HTTP_ORIGINS_ALLOWED = false; + +/** @const */ var LOG_SAVER_EXTENSION_ID = 'fjajfjhkeibgmiggdfehjplbhmfkialk'; // Singleton tracking available devices. diff --git a/chrome/browser/resources/cryptotoken/enroller.js b/chrome/browser/resources/cryptotoken/enroller.js index d8ef537..ebc7f58 100644 --- a/chrome/browser/resources/cryptotoken/enroller.js +++ b/chrome/browser/resources/cryptotoken/enroller.js @@ -50,6 +50,10 @@ function handleWebEnrollRequest(messageSender, request, sendResponse) { sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST}); return null; } + if (sender.origin.indexOf('http://') == 0 && !HTTP_ORIGINS_ALLOWED) { + sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST}); + return null; + } if (!isValidEnrollRequest(request, 'enrollChallenges', 'signData')) { sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST}); @@ -124,6 +128,10 @@ function handleU2fEnrollRequest(messageSender, request, sendResponse) { sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST}); return null; } + if (sender.origin.indexOf('http://') == 0 && !HTTP_ORIGINS_ALLOWED) { + sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST}); + return null; + } if (!isValidEnrollRequest(request, 'registerRequests', 'signRequests', 'registeredKeys')) { diff --git a/chrome/browser/resources/cryptotoken/signer.js b/chrome/browser/resources/cryptotoken/signer.js index f0af2a1..9397670 100644 --- a/chrome/browser/resources/cryptotoken/signer.js +++ b/chrome/browser/resources/cryptotoken/signer.js @@ -43,6 +43,10 @@ function handleWebSignRequest(messageSender, request, sendResponse) { sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST}); return null; } + if (sender.origin.indexOf('http://') == 0 && !HTTP_ORIGINS_ALLOWED) { + sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST}); + return null; + } queuedSignRequest = validateAndEnqueueSignRequest( @@ -82,6 +86,10 @@ function handleU2fSignRequest(messageSender, request, sendResponse) { sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST}); return null; } + if (sender.origin.indexOf('http://') == 0 && !HTTP_ORIGINS_ALLOWED) { + sendErrorResponse({errorCode: ErrorCodes.BAD_REQUEST}); + return null; + } queuedSignRequest = validateAndEnqueueSignRequest( |