Add "origin" to the app object in the extension manifest.

Review URL: http://codereview.chromium.org/897002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41422 0039d316-1c4b-4281-b951-d872f2087c98

6 files changed, 114 insertions, 14 deletions

diff --git a/chrome/browser/extensions/extensions_service.cc b/chrome/browser/extensions/extensions_service.cc
index 4e9cb54..92a9dcd 100644
--- a/chrome/browser/extensions/extensions_service.cc
+++ b/chrome/browser/extensions/extensions_service.cc
@@ -692,6 +692,17 @@ void ExtensionsService::OnExtensionLoaded(Extension* extension,
   // The extension is now loaded, remove its data from unloaded extension map.
   unloaded_extension_paths_.erase(extension->id());
 
+  if (extension->IsApp() &&
+      !CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kEnableExtensionApps)) {
+    ReportExtensionLoadError(extension->path(), errors::kAppsDisabled,
+                             NotificationType::EXTENSION_INSTALL_ERROR,
+                             true);  // be noisy
+    return;
+  }
+
+  // TODO(aa): Need to re-evaluate this branch. Does this still make sense now
+  // that extensions are enabled by default?
   if (extensions_enabled() ||
       extension->IsTheme() ||
       extension->location() == Extension::LOAD ||
diff --git a/chrome/common/extensions/extension.cc b/chrome/common/extensions/extension.cc
index db70ebf..90158b9 100644
--- a/chrome/common/extensions/extension.cc
+++ b/chrome/common/extensions/extension.cc
@@ -495,12 +495,6 @@ bool Extension::ContainsNonAppKeys(const DictionaryValue& source) {
 }
 
 bool Extension::LoadAppHelper(const DictionaryValue* app, std::string* error) {
-  if (!CommandLine::ForCurrentProcess()->HasSwitch(
-      switches::kEnableExtensionApps)) {
-    *error = errors::kInvalidApp;
-    return false;
-  }
-
   // launch URL
   std::string launch_url_spec;
   if (!app->GetString(keys::kAppLaunchUrl, &launch_url_spec)) {
@@ -556,6 +550,36 @@ bool Extension::LoadAppHelper(const DictionaryValue* app, std::string* error) {
     }
   }
 
+  if (app->HasKey(keys::kAppOrigin)) {
+    std::string origin_string;
+    if (!app->GetString(keys::kAppOrigin, &origin_string)) {
+      *error = errors::kInvalidAppOrigin;
+      return false;
+    }
+
+    // Origin must be a valid URL.
+    GURL origin_gurl(origin_string);
+    if (!origin_gurl.is_valid() || origin_gurl.is_empty()) {
+      *error = errors::kInvalidAppOrigin;
+      return false;
+    }
+
+    // Origins can only be http or https.
+    if (!origin_gurl.SchemeIs(chrome::kHttpScheme) &&
+        !origin_gurl.SchemeIs(chrome::kHttpsScheme)) {
+      *error = errors::kInvalidAppOrigin;
+      return false;
+    }
+
+    // Check that the origin doesn't include any extraneous information.
+    if (origin_gurl.GetOrigin() != origin_gurl) {
+      *error = errors::kInvalidAppOrigin;
+      return false;
+    }
+
+    app_origin_ = origin_gurl;
+  }
+
   return true;
 }
 
diff --git a/chrome/common/extensions/extension.h b/chrome/common/extensions/extension.h
index 6df1c5a..0877369 100644
--- a/chrome/common/extensions/extension.h
+++ b/chrome/common/extensions/extension.h
@@ -280,6 +280,15 @@ class Extension {
     return chrome_url_overrides_;
   }
 
+  // App stuff.
+  const URLPatternList& app_extent() const { return app_extent_; }
+  const GURL& app_launch_url() const { return app_launch_url_; }
+  bool IsApp() const { return !app_launch_url_.is_empty(); }
+  AppLaunchWindowType app_launch_window_type() {
+    return app_launch_window_type_;
+  }
+  const GURL& app_origin() const { return app_origin_; }
+
   // Runtime data:
   // Put dynamic data about the state of a running extension below.
 
@@ -294,14 +303,6 @@ class Extension {
   bool being_upgraded() const { return being_upgraded_; }
   void set_being_upgraded(bool value) { being_upgraded_ = value; }
 
-  // App stuff.
-  const URLPatternList& app_extent() const { return app_extent_; }
-  const GURL& app_launch_url() const { return app_launch_url_; }
-  bool IsApp() const { return !app_launch_url_.is_empty(); }
-  AppLaunchWindowType app_launch_window_type() {
-    return app_launch_window_type_;
-  }
-
  private:
   // Helper method that loads a UserScript object from a
   // dictionary in the content_script list of the manifest.
@@ -441,6 +442,10 @@ class Extension {
   // The type of window to start when the application is launched.
   AppLaunchWindowType app_launch_window_type_;
 
+  // The web security origin associated with the app. This origin will be
+  // granted the permissions the app requests.
+  GURL app_origin_;
+
   // Runtime data:
 
   // True if the background page is ready.
diff --git a/chrome/common/extensions/extension_constants.cc b/chrome/common/extensions/extension_constants.cc
index bfb968d..173b4fa 100644
--- a/chrome/common/extensions/extension_constants.cc
+++ b/chrome/common/extensions/extension_constants.cc
@@ -11,6 +11,7 @@ const wchar_t* kApp = L"app";
 const wchar_t* kAppExtent = L"extent";
 const wchar_t* kAppLaunchUrl = L"launch.url";
 const wchar_t* kAppLaunchWindowType = L"launch.window_type";
+const wchar_t* kAppOrigin = L"origin";
 const wchar_t* kBackground = L"background_page";
 const wchar_t* kBrowserAction = L"browser_action";
 const wchar_t* kChromeURLOverrides = L"chrome_url_overrides";
@@ -74,6 +75,7 @@ const char* kWindowTypePanel = "panel";
 // printf because we want to unit test them and scanf is hard to make
 // cross-platform.
 namespace extension_manifest_errors {
+const char* kAppsDisabled = "Apps are disabled.";
 const char* kChromeVersionTooLow =
     "This extension requires * version * or greater.";
 const char* kInvalidAllFrames =
@@ -85,6 +87,9 @@ const char* kInvalidAppLaunchUrl =
     "Required value 'app.launch.url' is missing or invalid.";
 const char* kInvalidAppLaunchWindowType =
     "Invalid value for 'app.launch.window_type'.";
+const char* kInvalidAppOrigin =
+    "Invalid value for 'app.origin'. Value must be a URL of the form "
+    "scheme://host[:port]/ where scheme is http or https.";
 const char* kInvalidBrowserAction =
     "Invalid value for 'browser_action'.";
 const char* kInvalidChromeURLOverrides =
diff --git a/chrome/common/extensions/extension_constants.h b/chrome/common/extensions/extension_constants.h
index b990022..f06a0e5 100644
--- a/chrome/common/extensions/extension_constants.h
+++ b/chrome/common/extensions/extension_constants.h
@@ -12,6 +12,7 @@ namespace extension_manifest_keys {
   extern const wchar_t* kAppExtent;
   extern const wchar_t* kAppLaunchUrl;
   extern const wchar_t* kAppLaunchWindowType;
+  extern const wchar_t* kAppOrigin;
   extern const wchar_t* kBackground;
   extern const wchar_t* kBrowserAction;
   extern const wchar_t* kMinimumChromeVersion;
@@ -73,6 +74,7 @@ namespace extension_manifest_values {
 
 // Error messages returned from Extension::InitFromValue().
 namespace extension_manifest_errors {
+  extern const char* kAppsDisabled;
   extern const char* kChromeVersionTooLow;
   extern const char* kInvalidAllFrames;
   extern const char* kInvalidApp;
@@ -80,6 +82,7 @@ namespace extension_manifest_errors {
   extern const char* kInvalidAppExtentPattern;
   extern const char* kInvalidAppLaunchUrl;
   extern const char* kInvalidAppLaunchWindowType;
+  extern const char* kInvalidAppOrigin;
   extern const char* kInvalidBackground;
   extern const char* kInvalidBrowserAction;
   extern const char* kInvalidChromeURLOverrides;
diff --git a/chrome/common/extensions/extension_unittest.cc b/chrome/common/extensions/extension_unittest.cc
index 29ba032e..4dbb7e3 100644
--- a/chrome/common/extensions/extension_unittest.cc
+++ b/chrome/common/extensions/extension_unittest.cc
@@ -274,6 +274,58 @@ TEST(ExtensionTest, InitFromValueInvalid) {
   EXPECT_FALSE(extension.InitFromValue(*input_value, true, &error));
   EXPECT_TRUE(MatchPatternASCII(error, errors::kChromeVersionTooLow));
 #endif
+
+  // Test invalid app.
+  input_value.reset(static_cast<DictionaryValue*>(valid_value->DeepCopy()));
+  input_value->Set(keys::kApp, Value::CreateIntegerValue(42));
+  EXPECT_FALSE(extension.InitFromValue(*input_value, true, &error));
+  EXPECT_EQ(errors::kInvalidApp, error);
+
+  // Test invalid launch URLs.
+  DictionaryValue* app = new DictionaryValue();
+  input_value->Set(keys::kApp, app);
+
+  EXPECT_FALSE(extension.InitFromValue(*input_value, true, &error));
+  EXPECT_EQ(errors::kInvalidAppLaunchUrl, error);
+
+  Value* invalid_launch_urls[] = {
+    Value::CreateStringValue(""),
+    Value::CreateIntegerValue(42),
+    Value::CreateStringValue("foobar")
+  };
+
+  for (size_t i = 0; i < arraysize(invalid_launch_urls); ++i) {
+    app->Set(keys::kAppLaunchUrl, invalid_launch_urls[i]);
+    error.clear();
+    EXPECT_FALSE(extension.InitFromValue(*input_value, true, &error));
+    EXPECT_EQ(errors::kInvalidAppLaunchUrl, error);
+  }
+
+  // Test valid launch URL.
+  app->Set(keys::kAppLaunchUrl,
+           Value::CreateStringValue("http://www.google.com/index.html"));
+  EXPECT_TRUE(extension.InitFromValue(*input_value, true, &error));
+
+  // Test invalid app origins.
+  Value* invalid_origins[] = {
+    Value::CreateStringValue(""),
+    Value::CreateIntegerValue(42),
+    Value::CreateStringValue("foobar"),
+    Value::CreateStringValue("file:///c:/foo.txt"),
+    Value::CreateStringValue("ftp://www.google.com/")
+  };
+
+  for (size_t i = 0; i < arraysize(invalid_origins); ++i) {
+    app->Set(keys::kAppOrigin, invalid_origins[i]);
+    error.clear();
+    EXPECT_FALSE(extension.InitFromValue(*input_value, true, &error));
+    EXPECT_EQ(errors::kInvalidAppOrigin, error);
+  }
+
+  // Test valid origin.
+  app->Set(keys::kAppOrigin,
+           Value::CreateStringValue("http://www.google.com/"));
+  EXPECT_TRUE(extension.InitFromValue(*input_value, true, &error));
 }
 
 TEST(ExtensionTest, InitFromValueValid) {