Ignore insecure parts of CSP in extensions and allow extension to load

Previously, insecure CSP directive values caused refusal of Chrome to load the Chrome extension. Now, insecure values are stripped from the CSP, and a list of detailed warnings is printed at the extensions page. Renamed ContentSecurityPolicyIsSecure to SanitizeContentSecurityPolicy and let it return a string (the sanitized CSP) instead of a boolean that tells whether the CSP was considered secure. BUG=434773 R=kalman@chromium.org R=mkwst@chromium.org TEST=extensions_unittests=ExtensionCSPValidator.* unit_tests=ContentSecurityPolicyManifestTest.*:PlatformAppsManifestTest:PlatformAppContentSecurityPolicy Review URL: https://codereview.chromium.org/747403002 Cr-Commit-Position: refs/heads/master@{#310191}
author: rob <rob@robwu.nl> 2015-01-06 16:38:35 -0800
committer: Commit bot <commit-bot@chromium.org> 2015-01-07 00:39:30 +0000
commit: f19335614f1a7f78b76a640aba422b13e51a2391 (patch)
tree: 9b10dd3bbab8e07575d775c721b1d736217aa86b /extensions/common/manifest_handlers
parent: 1531d38e8a150190c83c87ca6676cb809b39e376 (diff)
download: chromium_src-f19335614f1a7f78b76a640aba422b13e51a2391.zip
chromium_src-f19335614f1a7f78b76a640aba422b13e51a2391.tar.gz
chromium_src-f19335614f1a7f78b76a640aba422b13e51a2391.tar.bz2
1 files changed, 21 insertions, 15 deletions
diff --git a/extensions/common/manifest_handlers/csp_info.cc b/extensions/common/manifest_handlers/csp_info.cc
index 2c3838f..e756995 100644
--- a/extensions/common/manifest_handlers/csp_info.cc
+++ b/extensions/common/manifest_handlers/csp_info.cc
@@ -9,6 +9,7 @@
 #include "base/strings/utf_string_conversions.h"
 #include "base/values.h"
 #include "extensions/common/csp_validator.h"
+#include "extensions/common/install_warning.h"
 #include "extensions/common/manifest_constants.h"
 #include "extensions/common/manifest_handlers/sandboxed_page_info.h"
 
@@ -18,12 +19,12 @@ namespace keys = manifest_keys;
 namespace errors = manifest_errors;
 
 using csp_validator::ContentSecurityPolicyIsLegal;
-using csp_validator::ContentSecurityPolicyIsSecure;
+using csp_validator::SanitizeContentSecurityPolicy;
 
 namespace {
 
 const char kDefaultContentSecurityPolicy[] =
-    "script-src 'self' chrome-extension-resource:; object-src 'self'";
+    "script-src 'self' chrome-extension-resource:; object-src 'self';";
 
 #define PLATFORM_APP_LOCAL_CSP_SOURCES \
     "'self' data: chrome-extension-resource:"
@@ -31,18 +32,18 @@ const char kDefaultPlatformAppContentSecurityPolicy[] =
     // Platform apps can only use local resources by default.
     "default-src 'self' chrome-extension-resource:;"
     // For remote resources, they can fetch them via XMLHttpRequest.
-    "connect-src *;"
+    " connect-src *;"
     // And serve them via data: or same-origin (blob:, filesystem:) URLs
-    "style-src " PLATFORM_APP_LOCAL_CSP_SOURCES " 'unsafe-inline';"
-    "img-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";"
-    "frame-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";"
-    "font-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";"
+    " style-src " PLATFORM_APP_LOCAL_CSP_SOURCES " 'unsafe-inline';"
+    " img-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";"
+    " frame-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";"
+    " font-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";"
     // Media can be loaded from remote resources since:
     // 1. <video> and <audio> have good fallback behavior when offline or under
     //    spotty connectivity.
     // 2. Fetching via XHR and serving via blob: URLs currently does not allow
     //    streaming or partial buffering.
-    "media-src *;";
+    " media-src *;";
 
 int GetValidatorOptions(Extension* extension) {
   int options = csp_validator::OPTIONS_NONE;
@@ -108,8 +109,10 @@ bool CSPHandler::Parse(Extension* extension, base::string16* error) {
           kDefaultPlatformAppContentSecurityPolicy :
           kDefaultContentSecurityPolicy;
 
-      CHECK(ContentSecurityPolicyIsSecure(content_security_policy,
-                                          GetValidatorOptions(extension)));
+      CHECK_EQ(content_security_policy,
+               SanitizeContentSecurityPolicy(content_security_policy,
+                                             GetValidatorOptions(extension),
+                                             NULL));
       extension->SetManifestData(keys::kContentSecurityPolicy,
                                  new CSPInfo(content_security_policy));
     }
@@ -125,11 +128,14 @@ bool CSPHandler::Parse(Extension* extension, base::string16* error) {
     *error = base::ASCIIToUTF16(errors::kInvalidContentSecurityPolicy);
     return false;
   }
-  if (extension->manifest_version() >= 2 &&
-      !ContentSecurityPolicyIsSecure(content_security_policy,
-                                     GetValidatorOptions(extension))) {
-    *error = base::ASCIIToUTF16(errors::kInsecureContentSecurityPolicy);
-    return false;
+  std::string sanitized_csp;
+  if (extension->manifest_version() >= 2) {
+    std::vector<InstallWarning> warnings;
+    content_security_policy =
+        SanitizeContentSecurityPolicy(content_security_policy,
+                                      GetValidatorOptions(extension),
+                                      &warnings);
+    extension->AddInstallWarnings(warnings);
   }
 
   extension->SetManifestData(keys::kContentSecurityPolicy,
author	rob <rob@robwu.nl>	2015-01-06 16:38:35 -0800
committer	Commit bot <commit-bot@chromium.org>	2015-01-07 00:39:30 +0000
commit	f19335614f1a7f78b76a640aba422b13e51a2391 (patch)
tree	9b10dd3bbab8e07575d775c721b1d736217aa86b /extensions/common/manifest_handlers
parent	1531d38e8a150190c83c87ca6676cb809b39e376 (diff)
download	chromium_src-f19335614f1a7f78b76a640aba422b13e51a2391.zip chromium_src-f19335614f1a7f78b76a640aba422b13e51a2391.tar.gz chromium_src-f19335614f1a7f78b76a640aba422b13e51a2391.tar.bz2