summaryrefslogtreecommitdiffstats
path: root/chrome
diff options
context:
space:
mode:
authorcdn@chromium.org <cdn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-01-29 21:43:24 +0000
committercdn@chromium.org <cdn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-01-29 21:43:24 +0000
commit52a26894a92e0d8b756bcce2bc96cd741f135329 (patch)
treeca0400410e8585e469bdb0593467d87d341762f9 /chrome
parentab6627371cb52d504cdc0bb33ca6ead8a7f8ac70 (diff)
downloadchromium_src-52a26894a92e0d8b756bcce2bc96cd741f135329.zip
chromium_src-52a26894a92e0d8b756bcce2bc96cd741f135329.tar.gz
chromium_src-52a26894a92e0d8b756bcce2bc96cd741f135329.tar.bz2
Add Access-Control-Allow-Origin: * header for extension resources specifically listed as web accessible.
BUG=109686 Review URL: http://codereview.chromium.org/9152022 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@119646 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
-rw-r--r--chrome/browser/extensions/extension_protocols.cc35
-rw-r--r--chrome/browser/extensions/extension_resource_request_policy_apitest.cc26
-rw-r--r--chrome/renderer/chrome_content_renderer_client.cc3
-rw-r--r--chrome/test/data/extensions/api_test/extension_resource_request_policy/web_accessible/xhr_accessible_resource.html15
-rw-r--r--chrome/test/data/extensions/api_test/extension_resource_request_policy/web_accessible/xhr_inaccessible_resource.html15
5 files changed, 84 insertions, 10 deletions
diff --git a/chrome/browser/extensions/extension_protocols.cc b/chrome/browser/extensions/extension_protocols.cc
index d0a03c5..fd0537e 100644
--- a/chrome/browser/extensions/extension_protocols.cc
+++ b/chrome/browser/extensions/extension_protocols.cc
@@ -38,7 +38,7 @@
namespace {
net::HttpResponseHeaders* BuildHttpHeaders(
- const std::string& content_security_policy) {
+ const std::string& content_security_policy, bool send_cors_header) {
std::string raw_headers;
raw_headers.append("HTTP/1.1 200 OK");
if (!content_security_policy.empty()) {
@@ -46,6 +46,11 @@ net::HttpResponseHeaders* BuildHttpHeaders(
raw_headers.append("X-WebKit-CSP: ");
raw_headers.append(content_security_policy);
}
+
+ if (send_cors_header) {
+ raw_headers.append(1, '\0');
+ raw_headers.append("Access-Control-Allow-Origin: *");
+ }
raw_headers.append(2, '\0');
return new net::HttpResponseHeaders(raw_headers);
}
@@ -54,11 +59,12 @@ class URLRequestResourceBundleJob : public net::URLRequestSimpleJob {
public:
URLRequestResourceBundleJob(
net::URLRequest* request, const FilePath& filename, int resource_id,
- const std::string& content_security_policy)
+ const std::string& content_security_policy, bool send_cors_header)
: net::URLRequestSimpleJob(request),
filename_(filename),
resource_id_(resource_id) {
- response_info_.headers = BuildHttpHeaders(content_security_policy);
+ response_info_.headers = BuildHttpHeaders(content_security_policy,
+ send_cors_header);
}
// Overridden from URLRequestSimpleJob:
@@ -109,7 +115,9 @@ class GeneratedBackgroundPageJob : public net::URLRequestSimpleJob {
const std::string& content_security_policy)
: net::URLRequestSimpleJob(request),
extension_(extension) {
- response_info_.headers = BuildHttpHeaders(content_security_policy);
+ const bool send_cors_headers = false;
+ response_info_.headers = BuildHttpHeaders(content_security_policy,
+ send_cors_headers);
}
// Overridden from URLRequestSimpleJob:
@@ -142,9 +150,11 @@ class URLRequestExtensionJob : public net::URLRequestFileJob {
public:
URLRequestExtensionJob(net::URLRequest* request,
const FilePath& filename,
- const std::string& content_security_policy)
+ const std::string& content_security_policy,
+ bool send_cors_header)
: net::URLRequestFileJob(request, filename) {
- response_info_.headers = BuildHttpHeaders(content_security_policy);
+ response_info_.headers = BuildHttpHeaders(content_security_policy,
+ send_cors_header);
}
virtual void GetResponseInfo(net::HttpResponseInfo* info) OVERRIDE {
@@ -255,8 +265,14 @@ ExtensionProtocolHandler::MaybeCreateJob(net::URLRequest* request) const {
}
std::string content_security_policy;
- if (extension)
+ bool send_cors_header = false;
+ if (extension) {
content_security_policy = extension->content_security_policy();
+ if ((extension->manifest_version() >= 2 ||
+ extension->HasWebAccessibleResources()) &&
+ extension->IsResourceWebAccessible(request->url().path()))
+ send_cors_header = true;
+ }
std::string path = request->url().path();
if (path.size() > 1 &&
@@ -285,7 +301,8 @@ ExtensionProtocolHandler::MaybeCreateJob(net::URLRequest* request) const {
#endif
if (relative_path == bm_resource_path) {
return new URLRequestResourceBundleJob(request, relative_path,
- kComponentExtensionResources[i].value, content_security_policy);
+ kComponentExtensionResources[i].value, content_security_policy,
+ send_cors_header);
}
}
}
@@ -303,7 +320,7 @@ ExtensionProtocolHandler::MaybeCreateJob(net::URLRequest* request) const {
}
return new URLRequestExtensionJob(request, resource_file_path,
- content_security_policy);
+ content_security_policy, send_cors_header);
}
} // namespace
diff --git a/chrome/browser/extensions/extension_resource_request_policy_apitest.cc b/chrome/browser/extensions/extension_resource_request_policy_apitest.cc
index 1a1d8db..84b565f 100644
--- a/chrome/browser/extensions/extension_resource_request_policy_apitest.cc
+++ b/chrome/browser/extensions/extension_resource_request_policy_apitest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -142,6 +142,30 @@ IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest,
&result));
EXPECT_EQ("Loaded", result);
+ GURL xhr_accessible_resource(
+ test_server()->GetURL(
+ "files/extensions/api_test/extension_resource_request_policy/"
+ "web_accessible/xhr_accessible_resource.html"));
+ ui_test_utils::NavigateToURL(
+ browser(), xhr_accessible_resource);
+ ASSERT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractString(
+ browser()->GetSelectedWebContents()->GetRenderViewHost(), L"",
+ L"window.domAutomationController.send(document.title)",
+ &result));
+ EXPECT_EQ("XHR completed with status: 200", result);
+
+ GURL xhr_inaccessible_resource(
+ test_server()->GetURL(
+ "files/extensions/api_test/extension_resource_request_policy/"
+ "web_accessible/xhr_inaccessible_resource.html"));
+ ui_test_utils::NavigateToURL(
+ browser(), xhr_inaccessible_resource);
+ ASSERT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractString(
+ browser()->GetSelectedWebContents()->GetRenderViewHost(), L"",
+ L"window.domAutomationController.send(document.title)",
+ &result));
+ EXPECT_EQ("XHR failed to load resource", result);
+
GURL nonaccessible_resource(
test_server()->GetURL(
"files/extensions/api_test/extension_resource_request_policy/"
diff --git a/chrome/renderer/chrome_content_renderer_client.cc b/chrome/renderer/chrome_content_renderer_client.cc
index caa5382..88b8b73 100644
--- a/chrome/renderer/chrome_content_renderer_client.cc
+++ b/chrome/renderer/chrome_content_renderer_client.cc
@@ -229,6 +229,9 @@ void ChromeContentRendererClient::RenderThreadStarted() {
WebString extension_scheme(ASCIIToUTF16(chrome::kExtensionScheme));
WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme);
+
+ // chrome-extension: resources should be allowed to receive CORS requests.
+ WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme);
}
void ChromeContentRendererClient::RenderViewCreated(
diff --git a/chrome/test/data/extensions/api_test/extension_resource_request_policy/web_accessible/xhr_accessible_resource.html b/chrome/test/data/extensions/api_test/extension_resource_request_policy/web_accessible/xhr_accessible_resource.html
new file mode 100644
index 0000000..3e1f037
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/extension_resource_request_policy/web_accessible/xhr_accessible_resource.html
@@ -0,0 +1,15 @@
+<script>
+ // Copyright (c) 2012 The Chromium Authors. All rights reserved.
+ // Use of this source code is governed by a BSD-style license that can be
+ // found in the LICENSE file.
+ try {
+ req = new XMLHttpRequest;
+ req.open("GET",
+ "chrome-extension://ggmldgjhdenlnjjjmehkomheglpmijnf/test.png",
+ false);
+ req.send();
+ document.title = 'XHR completed with status: ' + req.status;
+ } catch (e) {
+ document.title='XHR failed to load resource';
+ }
+</script> \ No newline at end of file
diff --git a/chrome/test/data/extensions/api_test/extension_resource_request_policy/web_accessible/xhr_inaccessible_resource.html b/chrome/test/data/extensions/api_test/extension_resource_request_policy/web_accessible/xhr_inaccessible_resource.html
new file mode 100644
index 0000000..90e861e
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/extension_resource_request_policy/web_accessible/xhr_inaccessible_resource.html
@@ -0,0 +1,15 @@
+<script>
+ // Copyright (c) 2012 The Chromium Authors. All rights reserved.
+ // Use of this source code is governed by a BSD-style license that can be
+ // found in the LICENSE file.
+ try {
+ req = new XMLHttpRequest;
+ req.open("GET",
+ "chrome-extension://ggmldgjhdenlnjjjmehkomheglpmijnf/test2.png",
+ false);
+ req.send();
+ document.title = 'XHR completed with status: ' + req.status;
+ } catch (e) {
+ document.title='XHR failed to load resource';
+ }
+</script> \ No newline at end of file
generated by cgit v1.1 at 2025-02-02 16:50:42 +0000