diff options
| author | battre@chromium.org <battre@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-27 20:10:22 +0000 |
|---|---|---|
| committer | battre@chromium.org <battre@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-27 20:10:22 +0000 |
| commit | 029a50535ea7a9b9a8ac0ba6a7ccda2ae8d9d21f (patch) | |
| tree | ae94debd377011b7aaf83858e689514882669dfc /chrome/browser/extensions/api/web_request | |
| parent | cdd3d6448b96a0aaf138909165721c9ee983ff88 (diff) | |
| download | chromium_src-029a50535ea7a9b9a8ac0ba6a7ccda2ae8d9d21f.zip chromium_src-029a50535ea7a9b9a8ac0ba6a7ccda2ae8d9d21f.tar.gz chromium_src-029a50535ea7a9b9a8ac0ba6a7ccda2ae8d9d21f.tar.bz2 | |
Use the first_party_for_cookies URL to filter which requests the WebRequest API sees
BUG=134101
TEST=see bug report
Review URL: https://chromiumcodereview.appspot.com/10636056
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144529 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/extensions/api/web_request')
4 files changed, 45 insertions, 17 deletions
diff --git a/chrome/browser/extensions/api/web_request/web_request_api.cc b/chrome/browser/extensions/api/web_request/web_request_api.cc index 1c61a18..d79316e 100644 --- a/chrome/browser/extensions/api/web_request/web_request_api.cc +++ b/chrome/browser/extensions/api/web_request/web_request_api.cc @@ -473,7 +473,7 @@ int ExtensionWebRequestEventRouter::OnBeforeRequest( const net::CompletionCallback& callback, GURL* new_url) { // We hide events from the system context as well as sensitive requests. - if (!profile || helpers::HideRequestForURL(request->url())) + if (!profile || helpers::HideRequest(request)) return net::OK; if (IsPageLoad(request)) @@ -531,7 +531,7 @@ int ExtensionWebRequestEventRouter::OnBeforeSendHeaders( const net::CompletionCallback& callback, net::HttpRequestHeaders* headers) { // We hide events from the system context as well as sensitive requests. - if (!profile || helpers::HideRequestForURL(request->url())) + if (!profile || helpers::HideRequest(request)) return net::OK; bool initialize_blocked_requests = false; @@ -582,7 +582,7 @@ void ExtensionWebRequestEventRouter::OnSendHeaders( net::URLRequest* request, const net::HttpRequestHeaders& headers) { // We hide events from the system context as well as sensitive requests. - if (!profile || helpers::HideRequestForURL(request->url())) + if (!profile || helpers::HideRequest(request)) return; if (GetAndSetSignaled(request->identifier(), kOnSendHeaders)) @@ -615,7 +615,7 @@ int ExtensionWebRequestEventRouter::OnHeadersReceived( net::HttpResponseHeaders* original_response_headers, scoped_refptr<net::HttpResponseHeaders>* override_response_headers) { // We hide events from the system context as well as sensitive requests. - if (!profile || helpers::HideRequestForURL(request->url())) + if (!profile || helpers::HideRequest(request)) return net::OK; bool initialize_blocked_requests = false; @@ -679,7 +679,7 @@ ExtensionWebRequestEventRouter::OnAuthRequired( net::AuthCredentials* credentials) { // No profile means that this is for authentication challenges in the // system context. Skip in that case. Also skip sensitive requests. - if (!profile || helpers::HideRequestForURL(request->url())) + if (!profile || helpers::HideRequest(request)) return net::NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION; int extra_info_spec = 0; @@ -724,7 +724,7 @@ void ExtensionWebRequestEventRouter::OnBeforeRedirect( net::URLRequest* request, const GURL& new_location) { // We hide events from the system context as well as sensitive requests. - if (!profile || helpers::HideRequestForURL(request->url())) + if (!profile || helpers::HideRequest(request)) return; if (GetAndSetSignaled(request->identifier(), kOnBeforeRedirect)) @@ -769,7 +769,7 @@ void ExtensionWebRequestEventRouter::OnResponseStarted( ExtensionInfoMap* extension_info_map, net::URLRequest* request) { // We hide events from the system context as well as sensitive requests. - if (!profile || helpers::HideRequestForURL(request->url())) + if (!profile || helpers::HideRequest(request)) return; // OnResponseStarted is even triggered, when the request was cancelled. @@ -812,7 +812,7 @@ void ExtensionWebRequestEventRouter::OnCompleted( ExtensionInfoMap* extension_info_map, net::URLRequest* request) { // We hide events from the system context as well as sensitive requests. - if (!profile || helpers::HideRequestForURL(request->url())) + if (!profile || helpers::HideRequest(request)) return; request_time_tracker_->LogRequestEndTime(request->identifier(), @@ -861,7 +861,7 @@ void ExtensionWebRequestEventRouter::OnErrorOccurred( net::URLRequest* request, bool started) { // We hide events from the system context as well as sensitive requests. - if (!profile || helpers::HideRequestForURL(request->url())) + if (!profile || helpers::HideRequest(request)) return; request_time_tracker_->LogRequestEndTime(request->identifier(), diff --git a/chrome/browser/extensions/api/web_request/web_request_api_helpers.cc b/chrome/browser/extensions/api/web_request/web_request_api_helpers.cc index 6d51b2e..4927fb2 100644 --- a/chrome/browser/extensions/api/web_request/web_request_api_helpers.cc +++ b/chrome/browser/extensions/api/web_request/web_request_api_helpers.cc @@ -12,6 +12,7 @@ #include "chrome/common/url_constants.h" #include "net/base/net_log.h" #include "net/http/http_util.h" +#include "net/url_request/url_request.h" namespace extension_web_request_api_helpers { @@ -543,6 +544,8 @@ namespace { // modified/canceled by extensions, e.g. because it is targeted to the webstore // to check for updates, extension blacklisting, etc. bool IsSensitiveURL(const GURL& url) { + // TODO(battre) Merge this, CanExtensionAccessURL of web_request_api.cc and + // Extension::CanExecuteScriptOnPage into one function. bool is_webstore_gallery_url = StartsWithASCII(url.spec(), extension_urls::kGalleryBrowsePrefix, true); bool sensitive_chrome_url = false; @@ -581,8 +584,17 @@ bool HasWebRequestScheme(const GURL& url) { } // namespace -bool HideRequestForURL(const GURL& url) { - return IsSensitiveURL(url) || !HasWebRequestScheme(url); +bool HideRequest(net::URLRequest* request) { + const GURL& url = request->url(); + const GURL& first_party_url = request->first_party_for_cookies(); + bool hide = false; + if (first_party_url.is_valid()) { + hide = IsSensitiveURL(first_party_url) || + !HasWebRequestScheme(first_party_url); + } + if (!hide) + hide = IsSensitiveURL(url) || !HasWebRequestScheme(url); + return hide; } #define ARRAYEND(array) (array + arraysize(array)) diff --git a/chrome/browser/extensions/api/web_request/web_request_api_helpers.h b/chrome/browser/extensions/api/web_request/web_request_api_helpers.h index 319f82b..3c15fae 100644 --- a/chrome/browser/extensions/api/web_request/web_request_api_helpers.h +++ b/chrome/browser/extensions/api/web_request/web_request_api_helpers.h @@ -29,6 +29,7 @@ class Value; namespace net { class BoundNetLog; +class URLRequest; } namespace extension_web_request_api_helpers { @@ -168,8 +169,8 @@ bool MergeOnAuthRequiredResponses( std::set<std::string>* conflicting_extensions, const net::BoundNetLog* net_log); -// Returns true if requests for |url| shall not be reported to extensions. -bool HideRequestForURL(const GURL& url); +// Returns true if the request shall not be reported to extensions. +bool HideRequest(net::URLRequest* request); // Returns whether |type| is a ResourceType that is handled by the web request // API. diff --git a/chrome/browser/extensions/api/web_request/web_request_api_unittest.cc b/chrome/browser/extensions/api/web_request/web_request_api_unittest.cc index bae78a4..fc3dc17 100644 --- a/chrome/browser/extensions/api/web_request/web_request_api_unittest.cc +++ b/chrome/browser/extensions/api/web_request/web_request_api_unittest.cc @@ -1488,6 +1488,8 @@ TEST(ExtensionWebRequestHelpersTest, TestMergeOnAuthRequiredResponses) { } TEST(ExtensionWebRequestHelpersTest, TestHideRequestForURL) { + MessageLoopForIO message_loop; + TestURLRequestContext context; const char* sensitive_urls[] = { "http://www.google.com/chrome", "https://www.google.com/chrome", @@ -1508,12 +1510,25 @@ TEST(ExtensionWebRequestHelpersTest, TestHideRequestForURL) { const char* non_sensitive_urls[] = { "http://www.google.com/" }; + // Check that requests are rejected based on the destination for (size_t i = 0; i < arraysize(sensitive_urls); ++i) { - EXPECT_TRUE(helpers::HideRequestForURL(GURL(sensitive_urls[i]))) - << sensitive_urls[i]; + GURL sensitive_url(sensitive_urls[i]); + TestURLRequest request(sensitive_url, NULL, &context); + EXPECT_TRUE(helpers::HideRequest(&request)) << sensitive_urls[i]; } + // Check that requests are accepted if they don't touch sensitive urls. for (size_t i = 0; i < arraysize(non_sensitive_urls); ++i) { - EXPECT_FALSE(helpers::HideRequestForURL(GURL(non_sensitive_urls[i]))) - << non_sensitive_urls[i]; + GURL non_sensitive_url(non_sensitive_urls[i]); + TestURLRequest request(non_sensitive_url, NULL, &context); + EXPECT_FALSE(helpers::HideRequest(&request)) << non_sensitive_urls[i]; + } + // Check that requests are rejected if their first party url is sensitive. + ASSERT_GE(arraysize(non_sensitive_urls), 1u); + GURL non_sensitive_url(non_sensitive_urls[0]); + for (size_t i = 0; i < arraysize(sensitive_urls); ++i) { + TestURLRequest request(non_sensitive_url, NULL, &context); + GURL sensitive_url(sensitive_urls[i]); + request.set_first_party_for_cookies(sensitive_url); + EXPECT_TRUE(helpers::HideRequest(&request)) << sensitive_urls[i]; } } |