Revert 73760 - Move most of chrome-extension:// request checks into

renderer.

One cannot be moved because we don't have the bit of state
we need in the renderer.

This should have fixed the bug 57263, but it doesn't. So
maybe something else is going on?

BUG=57263
TEST=

Review URL: http://codereview.chromium.org/6296025

TBR=aa@chromium.org

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@73763 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 113 insertions, 101 deletions

diff --git a/chrome/browser/extensions/extension_apitest.cc b/chrome/browser/extensions/extension_apitest.cc
index 8ff88e8..dbb47cd 100644
--- a/chrome/browser/extensions/extension_apitest.cc
+++ b/chrome/browser/extensions/extension_apitest.cc
@@ -152,6 +152,7 @@ bool ExtensionApiTest::RunExtensionTestImpl(const char* extension_name,
       url = extension->GetResourceURL(page_url);
     }
 
+    LOG(ERROR) << "Loading page url: " << url.spec();
     ui_test_utils::NavigateToURL(browser(), url);
   }
 
diff --git a/chrome/browser/extensions/extension_browsertests_misc.cc b/chrome/browser/extensions/extension_browsertests_misc.cc
index 63d0402..8ceda4d 100644
--- a/chrome/browser/extensions/extension_browsertests_misc.cc
+++ b/chrome/browser/extensions/extension_browsertests_misc.cc
@@ -79,6 +79,72 @@ static ExtensionHost* FindHostWithPath(ExtensionProcessManager* manager,
   return host;
 }
 
+// Tests that extension resources can be loaded from origins which the
+// extension specifies in permissions but not from others.
+IN_PROC_BROWSER_TEST_F(ExtensionBrowserTest, OriginPrivileges) {
+  host_resolver()->AddRule("*", "127.0.0.1");
+  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(LoadExtension(test_data_dir_
+    .AppendASCII("origin_privileges").AppendASCII("extension")));
+
+  GURL origin_privileges_index(
+      test_server()->GetURL("files/extensions/origin_privileges/index.html"));
+
+  std::string host_a("a.com");
+  GURL::Replacements make_host_a_com;
+  make_host_a_com.SetHostStr(host_a);
+
+  std::string host_b("b.com");
+  GURL::Replacements make_host_b_com;
+  make_host_b_com.SetHostStr(host_b);
+
+  // A web host that has permission.
+  ui_test_utils::NavigateToURL(
+      browser(), origin_privileges_index.ReplaceComponents(make_host_a_com));
+  std::string result;
+  ASSERT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractString(
+    browser()->GetSelectedTabContents()->render_view_host(), L"",
+      L"window.domAutomationController.send(document.title)",
+    &result));
+  EXPECT_EQ(result, "Loaded");
+
+  // A web host that does not have permission.
+  ui_test_utils::NavigateToURL(
+      browser(), origin_privileges_index.ReplaceComponents(make_host_b_com));
+  ASSERT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractString(
+      browser()->GetSelectedTabContents()->render_view_host(), L"",
+      L"window.domAutomationController.send(document.title)",
+      &result));
+  EXPECT_EQ(result, "Image failed to load");
+
+  // A data URL. Data URLs should always be able to load chrome-extension://
+  // resources.
+  std::string file_source;
+  ASSERT_TRUE(file_util::ReadFileToString(
+      test_data_dir_.AppendASCII("origin_privileges")
+                    .AppendASCII("index.html"), &file_source));
+  ui_test_utils::NavigateToURL(browser(),
+      GURL(std::string("data:text/html;charset=utf-8,") + file_source));
+  ASSERT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractString(
+      browser()->GetSelectedTabContents()->render_view_host(), L"",
+      L"window.domAutomationController.send(document.title)",
+      &result));
+  EXPECT_EQ(result, "Loaded");
+
+  // A different extension. Extensions should always be able to load each
+  // other's resources.
+  ASSERT_TRUE(LoadExtension(test_data_dir_
+    .AppendASCII("origin_privileges").AppendASCII("extension2")));
+  ui_test_utils::NavigateToURL(
+      browser(),
+      GURL("chrome-extension://pbkkcbgdkliohhfaeefcijaghglkahja/index.html"));
+  ASSERT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractString(
+      browser()->GetSelectedTabContents()->render_view_host(), L"",
+      L"window.domAutomationController.send(document.title)",
+      &result));
+  EXPECT_EQ(result, "Loaded");
+}
+
 // Tests that we can load extension pages into the tab area and they can call
 // extension APIs.
 IN_PROC_BROWSER_TEST_F(ExtensionBrowserTest, TabContents) {
diff --git a/chrome/browser/extensions/extension_protocols.cc b/chrome/browser/extensions/extension_protocols.cc
index 91222c7..1ee6952 100644
--- a/chrome/browser/extensions/extension_protocols.cc
+++ b/chrome/browser/extensions/extension_protocols.cc
@@ -67,8 +67,6 @@ class URLRequestResourceBundleJob : public net::URLRequestSimpleJob {
 };
 
 // Returns true if an chrome-extension:// resource should be allowed to load.
-// TODO(aa): This should be moved into ExtensionResourceRequestPolicy, but we
-// first need to find a way to get CanLoadInIncognito state into the renderers.
 bool AllowExtensionResourceLoad(net::URLRequest* request,
                                 ChromeURLRequestContext* context,
                                 const std::string& scheme) {
@@ -83,6 +81,27 @@ bool AllowExtensionResourceLoad(net::URLRequest* request,
     return true;
   }
 
+  GURL origin_url(info->frame_origin());
+
+  // chrome:// URLs are always allowed to load chrome-extension:// resources.
+  // The app launcher in the NTP uses this feature, as does dev tools.
+  if (origin_url.SchemeIs(chrome::kChromeDevToolsScheme) ||
+      origin_url.SchemeIs(chrome::kChromeUIScheme))
+    return true;
+
+  // Disallow loading of packaged resources for hosted apps. We don't allow
+  // hybrid hosted/packaged apps. The one exception is access to icons, since
+  // some extensions want to be able to do things like create their own
+  // launchers.
+  if (context->extension_info_map()->
+          ExtensionHasWebExtent(request->url().host())) {
+    if (!context->extension_info_map()->URLIsForExtensionIcon(request->url())) {
+      LOG(ERROR) << "Denying load of " << request->url().spec() << " from "
+                 << "hosted app.";
+      return false;
+    }
+  }
+
   // Don't allow toplevel navigations to extension resources in incognito mode.
   // This is because an extension must run in a single process, and an
   // incognito tab prevents that.
@@ -95,7 +114,30 @@ bool AllowExtensionResourceLoad(net::URLRequest* request,
     return false;
   }
 
-  return true;
+  // Otherwise, pages are allowed to load resources from extensions if the
+  // extension has host permissions to (and therefore could be running script
+  // in, which might need access to the extension resources).
+  //
+  // Exceptions are:
+  // - empty origin (needed for some edge cases when we have empty origins)
+  // - chrome-extension:// (for legacy reasons -- some extensions interop)
+  // - data: (basic HTML notifications use data URLs internally)
+  if (origin_url.is_empty() ||
+      origin_url.SchemeIs(chrome::kExtensionScheme) |
+      origin_url.SchemeIs(chrome::kDataScheme)) {
+    return true;
+  } else {
+    ExtensionExtent host_permissions = context->extension_info_map()->
+        GetEffectiveHostPermissionsForExtension(request->url().host());
+    if (host_permissions.ContainsURL(origin_url)) {
+      return true;
+    } else {
+      LOG(ERROR) << "Denying load of " << request->url().spec() << " from "
+                 << origin_url.spec() << " because the extension does not have "
+                 << "access to the requesting page.";
+      return false;
+    }
+  }
 }
 
 }  // namespace
@@ -109,10 +151,8 @@ static net::URLRequestJob* CreateExtensionURLRequestJob(
       static_cast<ChromeURLRequestContext*>(request->context());
 
   // TODO(mpcomplete): better error code.
-  if (!AllowExtensionResourceLoad(request, context, scheme)) {
-    LOG(ERROR) << "disallowed in extension protocols";
+  if (!AllowExtensionResourceLoad(request, context, scheme))
     return new net::URLRequestErrorJob(request, net::ERR_ADDRESS_UNREACHABLE);
-  }
 
   // chrome-extension://extension-id/resource/path.js
   const std::string& extension_id = request->url().host();
diff --git a/chrome/browser/extensions/extension_resource_request_policy_apitest.cc b/chrome/browser/extensions/extension_resource_request_policy_apitest.cc
deleted file mode 100644
index b5d45c1..0000000
--- a/chrome/browser/extensions/extension_resource_request_policy_apitest.cc
+++ /dev/null
@@ -1,95 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "base/logging.h"
-#include "chrome/browser/extensions/extension_apitest.h"
-#include "chrome/browser/tab_contents/tab_contents.h"
-#include "chrome/browser/ui/browser.h"
-#include "chrome/test/ui_test_utils.h"
-#include "googleurl/src/gurl.h"
-#include "net/base/mock_host_resolver.h"
-
-class ExtensionResourceRequestPolicyTest : public ExtensionApiTest {
-};
-
-// Note, this mostly tests the logic of chrome/renderer/extensions/
-// extension_resource_request_policy.*, but we have it as a browser test so that
-// can make sure it works end-to-end.
-IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, OriginPrivileges) {
-  host_resolver()->AddRule("*", "127.0.0.1");
-  ASSERT_TRUE(test_server()->Start());
-  ASSERT_TRUE(LoadExtension(test_data_dir_
-      .AppendASCII("extension_resource_request_policy")
-      .AppendASCII("extension")));
-
-  GURL web_resource(
-      test_server()->GetURL(
-          "files/extensions/api_test/extension_resource_request_policy/"
-          "index.html"));
-
-  std::string host_a("a.com");
-  GURL::Replacements make_host_a_com;
-  make_host_a_com.SetHostStr(host_a);
-
-  std::string host_b("b.com");
-  GURL::Replacements make_host_b_com;
-  make_host_b_com.SetHostStr(host_b);
-
-  // A web host that has permission.
-  ui_test_utils::NavigateToURL(
-      browser(), web_resource.ReplaceComponents(make_host_a_com));
-  std::string result;
-  ASSERT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractString(
-    browser()->GetSelectedTabContents()->render_view_host(), L"",
-      L"window.domAutomationController.send(document.title)",
-    &result));
-  EXPECT_EQ(result, "Loaded");
-
-  // A web host that does not have permission.
-  ui_test_utils::NavigateToURL(
-      browser(), web_resource.ReplaceComponents(make_host_b_com));
-  ASSERT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractString(
-      browser()->GetSelectedTabContents()->render_view_host(), L"",
-      L"window.domAutomationController.send(document.title)",
-      &result));
-  EXPECT_EQ(result, "Image failed to load");
-
-  // A data URL. Data URLs should always be able to load chrome-extension://
-  // resources.
-  std::string file_source;
-  ASSERT_TRUE(file_util::ReadFileToString(
-      test_data_dir_.AppendASCII("extension_resource_request_policy")
-                    .AppendASCII("index.html"), &file_source));
-  ui_test_utils::NavigateToURL(browser(),
-      GURL(std::string("data:text/html;charset=utf-8,") + file_source));
-  ASSERT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractString(
-      browser()->GetSelectedTabContents()->render_view_host(), L"",
-      L"window.domAutomationController.send(document.title)",
-      &result));
-  EXPECT_EQ(result, "Loaded");
-
-  // A different extension. Extensions should always be able to load each
-  // other's resources.
-  ASSERT_TRUE(LoadExtension(test_data_dir_
-      .AppendASCII("extension_resource_request_policy")
-      .AppendASCII("extension2")));
-  ui_test_utils::NavigateToURL(
-      browser(),
-      GURL("chrome-extension://pbkkcbgdkliohhfaeefcijaghglkahja/index.html"));
-  ASSERT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractString(
-      browser()->GetSelectedTabContents()->render_view_host(), L"",
-      L"window.domAutomationController.send(document.title)",
-      &result));
-  EXPECT_EQ(result, "Loaded");
-}
-
-IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, Audio) {
-  EXPECT_TRUE(RunExtensionSubtest("extension_resource_request_policy/media",
-                                  "audio.html"));
-}
-
-IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, Video) {
-  EXPECT_TRUE(RunExtensionSubtest("extension_resource_request_policy/media",
-                                  "video.html"));
-}