Implement granular cross-origin XHR for extensions.

I left the temporary hack that allows all origins until we are
ready to break everything all at once.

Also, I still need to devise some way to test this.

BUG=12129

Review URL: http://codereview.chromium.org/173166

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@24089 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 28 insertions, 5 deletions

diff --git a/chrome/renderer/extensions/extension_process_bindings.cc b/chrome/renderer/extensions/extension_process_bindings.cc
index d28adb0..ed56ba5 100644
--- a/chrome/renderer/extensions/extension_process_bindings.cc
+++ b/chrome/renderer/extensions/extension_process_bindings.cc
@@ -6,6 +6,7 @@
 
 #include "base/singleton.h"
 #include "chrome/common/extensions/extension.h"
+#include "chrome/common/extensions/url_pattern.h"
 #include "chrome/common/render_messages.h"
 #include "chrome/common/url_constants.h"
 #include "chrome/renderer/extensions/bindings_utils.h"
@@ -16,6 +17,8 @@
 #include "grit/common_resources.h"
 #include "grit/renderer_resources.h"
 #include "webkit/api/public/WebFrame.h"
+#include "webkit/api/public/WebURL.h"
+#include "webkit/api/public/WebKit.h"
 
 using bindings_utils::GetStringResource;
 using bindings_utils::ContextInfo;
@@ -326,18 +329,31 @@ void ExtensionProcessBindings::SetPageActions(
 }
 
 // static
-void ExtensionProcessBindings::SetPermissions(
+void ExtensionProcessBindings::SetAPIPermissions(
     const std::string& extension_id,
     const std::vector<std::string>& permissions) {
   PermissionsMap& permissions_map = *GetPermissionsMap(extension_id);
 
-  // Default all permissions to false, then enable the ones in the vector.
+  // Default all the API permissions to off. We will reset them below.
   for (size_t i = 0; i < Extension::kNumPermissions; ++i)
     permissions_map[Extension::kPermissionNames[i]] = false;
   for (size_t i = 0; i < permissions.size(); ++i)
     permissions_map[permissions[i]] = true;
 }
 
+// static
+void ExtensionProcessBindings::SetHostPermissions(
+    const GURL& extension_url,
+    const std::vector<URLPattern>& permissions) {
+  for (size_t i = 0; i < permissions.size(); ++i) {
+    WebKit::whiteListAccessFromOrigin(
+        extension_url,
+        WebKit::WebString::fromUTF8(permissions[i].scheme()),
+        WebKit::WebString::fromUTF8(permissions[i].host()),
+        permissions[i].match_subdomains());
+  }
+}
+
 // Given a name like "tabs.onConnect", return the permission name required
 // to access that API ("tabs" in this example).
 static std::string GetPermissionName(const std::string& function_name) {
diff --git a/chrome/renderer/extensions/extension_process_bindings.h b/chrome/renderer/extensions/extension_process_bindings.h
index dd212c5..bea3e91 100644
--- a/chrome/renderer/extensions/extension_process_bindings.h
+++ b/chrome/renderer/extensions/extension_process_bindings.h
@@ -13,6 +13,9 @@
 
 #include "v8/include/v8.h"
 
+class GURL;
+class URLPattern;
+
 class ExtensionProcessBindings {
  public:
   static void SetFunctionNames(const std::vector<std::string>& names);
@@ -27,9 +30,13 @@ class ExtensionProcessBindings {
   static void SetPageActions(const std::string& extension_id,
                              const std::vector<std::string>& page_actions);
 
-  // Sets the permissions for a particular extension.
-  static void SetPermissions(const std::string& extension_id,
-                             const std::vector<std::string>& permissions);
+  // Sets the API permissions for a particular extension.
+  static void SetAPIPermissions(const std::string& extension_id,
+                                const std::vector<std::string>& permissions);
+
+  // Sets the host permissions for a particular extension.
+  static void SetHostPermissions(const GURL& extension_url,
+                                const std::vector<URLPattern>& permissions);
 
   // Check if the extension in the currently running context has permission to
   // access the given extension function. Must be called with a valid V8