Move most of chrome-extension:// request checks into

renderer. One cannot be moved because we don't have the bit of state we need in the renderer. This should have fixed the bug 57263, but it doesn't. So maybe something else is going on? BUG=57263 TEST= Review URL: http://codereview.chromium.org/6296025 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@73760 0039d316-1c4b-4281-b951-d872f2087c98
author: aa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-02-04 04:17:58 +0000
committer: aa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-02-04 04:17:58 +0000
commit: dd591bbb5a82cd8b27b648e39d2a869a7b95a52b (patch)
tree: eae16491dc293ee76f951d98d9b34575ca764baf /chrome/browser/extensions/extension_protocols.cc
parent: 8609ae4b7996c49bf07d1986abc238ffe57a8b66 (diff)
download: chromium_src-dd591bbb5a82cd8b27b648e39d2a869a7b95a52b.zip
chromium_src-dd591bbb5a82cd8b27b648e39d2a869a7b95a52b.tar.gz
chromium_src-dd591bbb5a82cd8b27b648e39d2a869a7b95a52b.tar.bz2
1 files changed, 6 insertions, 46 deletions
diff --git a/chrome/browser/extensions/extension_protocols.cc b/chrome/browser/extensions/extension_protocols.cc
index 1ee6952..91222c7 100644
--- a/chrome/browser/extensions/extension_protocols.cc
+++ b/chrome/browser/extensions/extension_protocols.cc
@@ -67,6 +67,8 @@ class URLRequestResourceBundleJob : public net::URLRequestSimpleJob {
 };
 
 // Returns true if an chrome-extension:// resource should be allowed to load.
+// TODO(aa): This should be moved into ExtensionResourceRequestPolicy, but we
+// first need to find a way to get CanLoadInIncognito state into the renderers.
 bool AllowExtensionResourceLoad(net::URLRequest* request,
                                 ChromeURLRequestContext* context,
                                 const std::string& scheme) {
@@ -81,27 +83,6 @@ bool AllowExtensionResourceLoad(net::URLRequest* request,
     return true;
   }
 
-  GURL origin_url(info->frame_origin());
-
-  // chrome:// URLs are always allowed to load chrome-extension:// resources.
-  // The app launcher in the NTP uses this feature, as does dev tools.
-  if (origin_url.SchemeIs(chrome::kChromeDevToolsScheme) ||
-      origin_url.SchemeIs(chrome::kChromeUIScheme))
-    return true;
-
-  // Disallow loading of packaged resources for hosted apps. We don't allow
-  // hybrid hosted/packaged apps. The one exception is access to icons, since
-  // some extensions want to be able to do things like create their own
-  // launchers.
-  if (context->extension_info_map()->
-          ExtensionHasWebExtent(request->url().host())) {
-    if (!context->extension_info_map()->URLIsForExtensionIcon(request->url())) {
-      LOG(ERROR) << "Denying load of " << request->url().spec() << " from "
-                 << "hosted app.";
-      return false;
-    }
-  }
-
   // Don't allow toplevel navigations to extension resources in incognito mode.
   // This is because an extension must run in a single process, and an
   // incognito tab prevents that.
@@ -114,30 +95,7 @@ bool AllowExtensionResourceLoad(net::URLRequest* request,
     return false;
   }
 
-  // Otherwise, pages are allowed to load resources from extensions if the
-  // extension has host permissions to (and therefore could be running script
-  // in, which might need access to the extension resources).
-  //
-  // Exceptions are:
-  // - empty origin (needed for some edge cases when we have empty origins)
-  // - chrome-extension:// (for legacy reasons -- some extensions interop)
-  // - data: (basic HTML notifications use data URLs internally)
-  if (origin_url.is_empty() ||
-      origin_url.SchemeIs(chrome::kExtensionScheme) |
-      origin_url.SchemeIs(chrome::kDataScheme)) {
-    return true;
-  } else {
-    ExtensionExtent host_permissions = context->extension_info_map()->
-        GetEffectiveHostPermissionsForExtension(request->url().host());
-    if (host_permissions.ContainsURL(origin_url)) {
-      return true;
-    } else {
-      LOG(ERROR) << "Denying load of " << request->url().spec() << " from "
-                 << origin_url.spec() << " because the extension does not have "
-                 << "access to the requesting page.";
-      return false;
-    }
-  }
+  return true;
 }
 
 }  // namespace
@@ -151,8 +109,10 @@ static net::URLRequestJob* CreateExtensionURLRequestJob(
       static_cast<ChromeURLRequestContext*>(request->context());
 
   // TODO(mpcomplete): better error code.
-  if (!AllowExtensionResourceLoad(request, context, scheme))
+  if (!AllowExtensionResourceLoad(request, context, scheme)) {
+    LOG(ERROR) << "disallowed in extension protocols";
     return new net::URLRequestErrorJob(request, net::ERR_ADDRESS_UNREACHABLE);
+  }
 
   // chrome-extension://extension-id/resource/path.js
   const std::string& extension_id = request->url().host();
author	aa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-02-04 04:17:58 +0000
committer	aa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-02-04 04:17:58 +0000
commit	dd591bbb5a82cd8b27b648e39d2a869a7b95a52b (patch)
tree	eae16491dc293ee76f951d98d9b34575ca764baf /chrome/browser/extensions/extension_protocols.cc
parent	8609ae4b7996c49bf07d1986abc238ffe57a8b66 (diff)
download	chromium_src-dd591bbb5a82cd8b27b648e39d2a869a7b95a52b.zip chromium_src-dd591bbb5a82cd8b27b648e39d2a869a7b95a52b.tar.gz chromium_src-dd591bbb5a82cd8b27b648e39d2a869a7b95a52b.tar.bz2