Make extensions use a correct same-origin check.

GURL::GetOrigin does not do the right thing for all types of URLs. BUG=573317 Review URL: https://codereview.chromium.org/1658913002 Cr-Commit-Position: refs/heads/master@{#373381}
author: palmer <palmer@chromium.org> 2016-02-03 15:21:36 -0800
committer: Commit bot <commit-bot@chromium.org> 2016-02-03 23:22:25 +0000
commit: 5c437bcc7a51edbef45242c5173cf7871fde2866 (patch)
tree: cff6102f961c969435e9698cb821715f69ca64b2 /extensions
parent: a2280cd27bd434f6033d3ab0c70886c06e3882b0 (diff)
download: chromium_src-5c437bcc7a51edbef45242c5173cf7871fde2866.zip
chromium_src-5c437bcc7a51edbef45242c5173cf7871fde2866.tar.gz
chromium_src-5c437bcc7a51edbef45242c5173cf7871fde2866.tar.bz2
7 files changed, 24 insertions, 16 deletions
diff --git a/extensions/browser/api/web_request/web_request_permissions.cc b/extensions/browser/api/web_request/web_request_permissions.cc
index fd73304..ec0aa17 100644
--- a/extensions/browser/api/web_request/web_request_permissions.cc
+++ b/extensions/browser/api/web_request/web_request_permissions.cc
@@ -15,6 +15,7 @@
 #include "extensions/common/permissions/permissions_data.h"
 #include "net/url_request/url_request.h"
 #include "url/gurl.h"
+#include "url/origin.h"
 
 using content::ResourceRequestInfo;
 
@@ -128,9 +129,9 @@ bool WebRequestPermissions::CanExtensionAccessURL(
     case REQUIRE_HOST_PERMISSION:
       // about: URLs are not covered in host permissions, but are allowed
       // anyway.
-      if (!((url.SchemeIs(url::kAboutScheme) ||
-             extension->permissions_data()->HasHostPermission(url) ||
-             url.GetOrigin() == extension->url()))) {
+      if (!url.SchemeIs(url::kAboutScheme) &&
+          !extension->permissions_data()->HasHostPermission(url) &&
+          !url::IsSameOriginWith(url, extension->url())) {
         return false;
       }
       break;
diff --git a/extensions/browser/guest_view/extension_options/extension_options_guest.cc b/extensions/browser/guest_view/extension_options/extension_options_guest.cc
index 9f3c07a..a3d8c7c 100644
--- a/extensions/browser/guest_view/extension_options/extension_options_guest.cc
+++ b/extensions/browser/guest_view/extension_options/extension_options_guest.cc
@@ -231,7 +231,7 @@ void ExtensionOptionsGuest::DidNavigateMainFrame(
         ui_zoom::ZoomController::ZOOM_MODE_ISOLATED);
     SetGuestZoomLevelToMatchEmbedder();
 
-    if (params.url.GetOrigin() != options_page_.GetOrigin()) {
+    if (!url::IsSameOriginWith(params.url, options_page_)) {
       bad_message::ReceivedBadMessage(web_contents()->GetRenderProcessHost(),
                                       bad_message::EOG_BAD_ORIGIN);
     }
diff --git a/extensions/browser/guest_view/extension_view/extension_view_guest.cc b/extensions/browser/guest_view/extension_view/extension_view_guest.cc
index cb2f60e..64dc571 100644
--- a/extensions/browser/guest_view/extension_view/extension_view_guest.cc
+++ b/extensions/browser/guest_view/extension_view/extension_view_guest.cc
@@ -17,6 +17,7 @@
 #include "extensions/common/constants.h"
 #include "extensions/common/extension_messages.h"
 #include "extensions/strings/grit/extensions_strings.h"
+#include "url/origin.h"
 
 using content::WebContents;
 using guest_view::GuestViewBase;
@@ -45,8 +46,8 @@ bool ExtensionViewGuest::NavigateGuest(const std::string& src,
 
   // If the URL is not valid, about:blank, or the same origin as the extension,
   // then navigate to about:blank.
-  bool url_not_allowed = (url != GURL(url::kAboutBlankURL)) &&
-      (url.GetOrigin() != extension_url_.GetOrigin());
+  bool url_not_allowed = url != GURL(url::kAboutBlankURL) &&
+                         !url::IsSameOriginWith(url, extension_url_);
   if (!url.is_valid() || url_not_allowed)
     return NavigateGuest(url::kAboutBlankURL, true /* force_navigation */);
 
@@ -135,7 +136,7 @@ void ExtensionViewGuest::DidCommitProvisionalLoadForFrame(
 void ExtensionViewGuest::DidNavigateMainFrame(
     const content::LoadCommittedDetails& details,
     const content::FrameNavigateParams& params) {
-  if (attached() && (params.url.GetOrigin() != url_.GetOrigin())) {
+  if (attached() && !url::IsSameOriginWith(params.url, url_)) {
     bad_message::ReceivedBadMessage(web_contents()->GetRenderProcessHost(),
                                     bad_message::EVG_BAD_ORIGIN);
   }
diff --git a/extensions/common/url_pattern_set.cc b/extensions/common/url_pattern_set.cc
index 52db387..5f09564 100644
--- a/extensions/common/url_pattern_set.cc
+++ b/extensions/common/url_pattern_set.cc
@@ -14,6 +14,7 @@
 #include "extensions/common/error_utils.h"
 #include "extensions/common/url_pattern.h"
 #include "url/gurl.h"
+#include "url/origin.h"
 #include "url/url_constants.h"
 
 namespace extensions {
@@ -152,11 +153,13 @@ void URLPatternSet::ClearPatterns() {
 }
 
 bool URLPatternSet::AddOrigin(int valid_schemes, const GURL& origin) {
-  DCHECK_EQ(origin.GetOrigin(), origin);
+  if (origin.is_empty())
+    return false;
+  const url::Origin real_origin(origin);
+  DCHECK(real_origin.IsSameOriginWith(url::Origin(origin.GetOrigin())));
   URLPattern origin_pattern(valid_schemes);
   // Origin adding could fail if |origin| does not match |valid_schemes|.
-  if (origin_pattern.Parse(origin.GetOrigin().spec()) !=
-      URLPattern::PARSE_SUCCESS) {
+  if (origin_pattern.Parse(origin.spec()) != URLPattern::PARSE_SUCCESS) {
     return false;
   }
   origin_pattern.SetPath("/*");
diff --git a/extensions/components/javascript_dialog_extensions_client/javascript_dialog_extension_client_impl.cc b/extensions/components/javascript_dialog_extensions_client/javascript_dialog_extension_client_impl.cc
index 52f3e7e..d2f5d50 100644
--- a/extensions/components/javascript_dialog_extensions_client/javascript_dialog_extension_client_impl.cc
+++ b/extensions/components/javascript_dialog_extensions_client/javascript_dialog_extension_client_impl.cc
@@ -11,6 +11,7 @@
 #include "extensions/browser/process_manager.h"
 #include "extensions/common/extension.h"
 #include "ui/gfx/native_widget_types.h"
+#include "url/origin.h"
 
 namespace javascript_dialog_extensions_client {
 namespace {
@@ -62,8 +63,8 @@ class JavaScriptDialogExtensionsClientImpl
                         const GURL& origin_url,
                         std::string* name_out) override {
     const Extension* extension = GetExtensionForWebContents(web_contents);
-    if (extension &&
-        web_contents->GetLastCommittedURL().GetOrigin() == origin_url) {
+    if (extension && url::IsSameOriginWith(
+                         origin_url, web_contents->GetLastCommittedURL())) {
       *name_out = extension->name();
       return true;
     }
diff --git a/extensions/renderer/file_system_natives.cc b/extensions/renderer/file_system_natives.cc
index 1274509..2b70062 100644
--- a/extensions/renderer/file_system_natives.cc
+++ b/extensions/renderer/file_system_natives.cc
@@ -13,6 +13,7 @@
 #include "third_party/WebKit/public/platform/WebString.h"
 #include "third_party/WebKit/public/web/WebDOMFileSystem.h"
 #include "third_party/WebKit/public/web/WebLocalFrame.h"
+#include "url/origin.h"
 
 namespace extensions {
 
@@ -42,8 +43,8 @@ void FileSystemNatives::GetIsolatedFileSystem(
       extensions::ScriptContext::GetDataSourceURLForFrame(webframe);
   CHECK(context_url.SchemeIs(extensions::kExtensionScheme));
 
-  std::string name(storage::GetIsolatedFileSystemName(context_url.GetOrigin(),
-                                                      file_system_id));
+  const GURL origin(url::Origin(context_url).Serialize());
+  std::string name(storage::GetIsolatedFileSystemName(origin, file_system_id));
 
   // The optional second argument is the subfolder within the isolated file
   // system at which to root the DOMFileSystem we're returning to the caller.
@@ -54,7 +55,7 @@ void FileSystemNatives::GetIsolatedFileSystem(
   }
 
   GURL root_url(storage::GetIsolatedFileSystemRootURIString(
-      context_url.GetOrigin(), file_system_id, optional_root_name));
+      origin, file_system_id, optional_root_name));
 
   args.GetReturnValue().Set(
       blink::WebDOMFileSystem::create(webframe,
diff --git a/extensions/renderer/programmatic_script_injector.cc b/extensions/renderer/programmatic_script_injector.cc
index f576305..13f0a20 100644
--- a/extensions/renderer/programmatic_script_injector.cc
+++ b/extensions/renderer/programmatic_script_injector.cc
@@ -20,6 +20,7 @@
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebLocalFrame.h"
 #include "third_party/WebKit/public/web/WebScriptSource.h"
+#include "url/origin.h"
 
 namespace extensions {
 
@@ -132,7 +133,7 @@ void ProgrammaticScriptInjector::OnWillNotInject(
       if (url_.SchemeIs(url::kAboutScheme)) {
         error = ErrorUtils::FormatErrorMessage(
             manifest_errors::kCannotAccessAboutUrl, url_.spec(),
-            effective_url_.GetOrigin().spec());
+            url::Origin(effective_url_).Serialize());
       } else {
         // TODO(?) It would be nice to show kCannotAccessPageWithUrl here if
         // this is triggered by an extension with tabs permission. See
author	palmer <palmer@chromium.org>	2016-02-03 15:21:36 -0800
committer	Commit bot <commit-bot@chromium.org>	2016-02-03 23:22:25 +0000
commit	5c437bcc7a51edbef45242c5173cf7871fde2866 (patch)
tree	cff6102f961c969435e9698cb821715f69ca64b2 /extensions
parent	a2280cd27bd434f6033d3ab0c70886c06e3882b0 (diff)
download	chromium_src-5c437bcc7a51edbef45242c5173cf7871fde2866.zip chromium_src-5c437bcc7a51edbef45242c5173cf7871fde2866.tar.gz chromium_src-5c437bcc7a51edbef45242c5173cf7871fde2866.tar.bz2