diff options
| author | aa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-12 18:24:57 +0000 |
|---|---|---|
| committer | aa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-12 18:24:57 +0000 |
| commit | cbf4d1916071d74b34b723629bdbefbcc1269b00 (patch) | |
| tree | f318ed779fa940aecb329cf51641de795229eede /chrome/browser/extensions/extension_protocols.cc | |
| parent | 2b4f4598f46f7612014bd65e8f170407d88a71bc (diff) | |
| download | chromium_src-cbf4d1916071d74b34b723629bdbefbcc1269b00.zip chromium_src-cbf4d1916071d74b34b723629bdbefbcc1269b00.tar.gz chromium_src-cbf4d1916071d74b34b723629bdbefbcc1269b00.tar.bz2 | |
Reland r55750. Broke AppApiTest.*.
TBR=mpcomplete@chromium.org
BUG=49234
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55909 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/extensions/extension_protocols.cc')
| -rw-r--r-- | chrome/browser/extensions/extension_protocols.cc | 71 |
1 files changed, 44 insertions, 27 deletions
diff --git a/chrome/browser/extensions/extension_protocols.cc b/chrome/browser/extensions/extension_protocols.cc index d88e045..f1b09eb 100644 --- a/chrome/browser/extensions/extension_protocols.cc +++ b/chrome/browser/extensions/extension_protocols.cc @@ -65,44 +65,61 @@ class URLRequestResourceBundleJob : public URLRequestSimpleJob { int resource_id_; }; -} // namespace - -// Factory registered with URLRequest to create URLRequestJobs for extension:// -// URLs. -static URLRequestJob* CreateExtensionURLRequestJob(URLRequest* request, - const std::string& scheme) { - ChromeURLRequestContext* context = - static_cast<ChromeURLRequestContext*>(request->context()); - +// Returns true if an chrome-extension:// resource should be allowed to load. +bool AllowExtensionResourceLoad(URLRequest* request, + ChromeURLRequestContext* context, + const std::string& scheme) { const ResourceDispatcherHostRequestInfo* info = ResourceDispatcherHost::InfoForRequest(request); + GURL origin_url(info->frame_origin()); + + // chrome:// URLs are always allowed to load chrome-extension:// resources. + // The app launcher in the NTP uses this feature, as does dev tools. + if (origin_url.SchemeIs(chrome::kChromeUIScheme)) + return true; + + // Disallow loading of packaged resources for hosted apps. We don't allow + // hybrid hosted/packaged apps. + if (context->ExtensionHasWebExtent(request->url().host())) + return false; + + // chrome-extension:// pages can load resources from extensions and packaged + // apps. This is allowed for legacy reasons. + if (origin_url.SchemeIs(chrome::kExtensionScheme)) + return true; + // Extension resources should only be loadable from web pages which the // extension has host permissions to (and therefore could be running script // in, which might need access to the extension resources). - // - // chrome:// pages are exempt. We allow them to load any extension resource. - // This is used for, eg, the app launcher in the NTP. - // - // chrome-extension:// pages are also exempt, mostly for legacy reasons. Some - // extensions did this to integrate with each other before we added this code. - GURL origin_url(info->frame_origin()); - if (!origin_url.is_empty() && - !origin_url.SchemeIs(chrome::kChromeUIScheme) && - !origin_url.SchemeIs(chrome::kExtensionScheme)) { - ExtensionExtent host_permissions = - context->GetEffectiveHostPermissionsForExtension( - request->url().host()); - if (!host_permissions.ContainsURL(GURL(info->frame_origin()))) - return new URLRequestErrorJob(request, net::ERR_ADDRESS_UNREACHABLE); - } + ExtensionExtent host_permissions = + context->GetEffectiveHostPermissionsForExtension(request->url().host()); + if (!origin_url.is_empty() && !host_permissions.ContainsURL(origin_url)) + return false; // Don't allow toplevel navigations to extension resources in incognito mode. // This is because an extension must run in a single process, and an // incognito tab prevents that. - // TODO(mpcomplete): better error code. if (context->is_off_the_record() && - info && info->resource_type() == ResourceType::MAIN_FRAME) + info->resource_type() == ResourceType::MAIN_FRAME) { + return false; + } + + // Otherwise, the resource load is allowed. + return true; +} + +} // namespace + +// Factory registered with URLRequest to create URLRequestJobs for extension:// +// URLs. +static URLRequestJob* CreateExtensionURLRequestJob(URLRequest* request, + const std::string& scheme) { + ChromeURLRequestContext* context = + static_cast<ChromeURLRequestContext*>(request->context()); + + // TODO(mpcomplete): better error code. + if (!AllowExtensionResourceLoad(request, context, scheme)) return new URLRequestErrorJob(request, net::ERR_ADDRESS_UNREACHABLE); // chrome-extension://extension-id/resource/path.js |