Do not require DevTools extension resources to be white-listed in manifest.

Currently, resources used by DevTools extensions need to be white-listed as web_accessible_resources in manifest. This is quite inconvenitent and appears to be an overkill, given the fact that DevTools front-end is (a) trusted and (b) picky on the frames it loads. This change adds resources that belong to DevTools extensions and are being loaded into a DevTools front-end page to the list of exceptions from web_accessible_resources check. BUG=none TEST=DevToolsExtensionTest.* Review URL: https://chromiumcodereview.appspot.com/9663076 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@126378 0039d316-1c4b-4281-b951-d872f2087c98
author: caseq@google.com <caseq@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2012-03-13 12:15:45 +0000
committer: caseq@google.com <caseq@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2012-03-13 12:15:45 +0000
commit: 23a52bd208885df236cde3ad2cd162b094c0bbe4 (patch)
tree: 1ec9de9f829f7b1fa4c4e05ac793e2bec0f14ff9 /chrome/renderer
parent: 875ffe9ed038950bbed3da725c15fda85559c945 (diff)
download: chromium_src-23a52bd208885df236cde3ad2cd162b094c0bbe4.zip
chromium_src-23a52bd208885df236cde3ad2cd162b094c0bbe4.tar.gz
chromium_src-23a52bd208885df236cde3ad2cd162b094c0bbe4.tar.bz2
3 files changed, 16 insertions, 5 deletions
diff --git a/chrome/renderer/chrome_content_renderer_client.cc b/chrome/renderer/chrome_content_renderer_client.cc
index 6da46db..3935a66 100644
--- a/chrome/renderer/chrome_content_renderer_client.cc
+++ b/chrome/renderer/chrome_content_renderer_client.cc
@@ -712,7 +712,7 @@ bool ChromeContentRendererClient::WillSendRequest(WebKit::WebFrame* frame,
   if (url.SchemeIs(chrome::kExtensionScheme) &&
       !ExtensionResourceRequestPolicy::CanRequestResource(
           url,
-          GURL(frame->document().url()),
+          frame,
           extension_dispatcher_->extensions())) {
     *new_url = GURL("chrome-extension://invalid/");
     return true;
diff --git a/chrome/renderer/extensions/extension_resource_request_policy.cc b/chrome/renderer/extensions/extension_resource_request_policy.cc
index fb23ca3..6e7e6c8 100644
--- a/chrome/renderer/extensions/extension_resource_request_policy.cc
+++ b/chrome/renderer/extensions/extension_resource_request_policy.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -11,11 +11,13 @@
 #include "chrome/common/extensions/extension.h"
 #include "chrome/common/extensions/extension_set.h"
 #include "googleurl/src/gurl.h"
+#include "third_party/WebKit/Source/WebKit/chromium/public/WebDocument.h"
+#include "third_party/WebKit/Source/WebKit/chromium/public/WebFrame.h"
 
 // static
 bool ExtensionResourceRequestPolicy::CanRequestResource(
     const GURL& resource_url,
-    const GURL& frame_url,
+    const WebKit::WebFrame* frame,
     const ExtensionSet* loaded_extensions) {
   CHECK(resource_url.SchemeIs(chrome::kExtensionScheme));
 
@@ -43,13 +45,19 @@ bool ExtensionResourceRequestPolicy::CanRequestResource(
   // Disallow loading of extension resources which are not explicitely listed
   // as web accessible if the manifest version is 2 or greater.
 
+  GURL frame_url = frame->document().url();
+  GURL page_url = frame->top()->document().url();
   // Exceptions are:
   // - empty origin (needed for some edge cases when we have empty origins)
   // - chrome-extension:// (for legacy reasons -- some extensions interop)
+  // - devtools (chrome-extension:// URLs are loaded into frames of devtools
+  //     to support the devtools extension APIs)
   if (!CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kDisableExtensionsResourceWhitelist) &&
       !frame_url.is_empty() &&
       !frame_url.SchemeIs(chrome::kExtensionScheme) &&
+      !(page_url.SchemeIs(chrome::kChromeDevToolsScheme) &&
+          !extension->devtools_url().is_empty()) &&
       !extension->IsResourceWebAccessible(resource_url.path())) {
     LOG(ERROR) << "Denying load of " << resource_url.spec() << " which "
                << "is not a web accessible resource.";
diff --git a/chrome/renderer/extensions/extension_resource_request_policy.h b/chrome/renderer/extensions/extension_resource_request_policy.h
index adfc816..f9283b0 100644
--- a/chrome/renderer/extensions/extension_resource_request_policy.h
+++ b/chrome/renderer/extensions/extension_resource_request_policy.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -8,13 +8,16 @@
 
 class ExtensionSet;
 class GURL;
+namespace WebKit {
+class WebFrame;
+}
 
 // Encapsulates the policy for when chrome-extension:// URLs can be requested.
 class ExtensionResourceRequestPolicy {
  public:
   // Returns true if the |resource_url| can be requested from |frame_url|.
   static bool CanRequestResource(const GURL& resource_url,
-                                 const GURL& frame_url,
+                                 const WebKit::WebFrame* frame,
                                  const ExtensionSet* loaded_extensions);
 
  private:
author	caseq@google.com <caseq@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2012-03-13 12:15:45 +0000
committer	caseq@google.com <caseq@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2012-03-13 12:15:45 +0000
commit	23a52bd208885df236cde3ad2cd162b094c0bbe4 (patch)
tree	1ec9de9f829f7b1fa4c4e05ac793e2bec0f14ff9 /chrome/renderer
parent	875ffe9ed038950bbed3da725c15fda85559c945 (diff)
download	chromium_src-23a52bd208885df236cde3ad2cd162b094c0bbe4.zip chromium_src-23a52bd208885df236cde3ad2cd162b094c0bbe4.tar.gz chromium_src-23a52bd208885df236cde3ad2cd162b094c0bbe4.tar.bz2