Use default CSP for resource loading in webview (instead of platform app's CSP)

<webview> loads page in an isolated context inside platform app and hosts drive-by web. Platform app's CSP is too restrictive for <webview>, we stop using that CSP and use the default instead in this CL. BUG=363437 Test=Load an chrome app. Load a webview html from accessible resources. Make the webview page contain inline JS. Check that the JS loads. It didn't use to load w/o this CL. Review URL: https://codereview.chromium.org/237793003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@264253 0039d316-1c4b-4281-b951-d872f2087c98
author: lazyboy@chromium.org <lazyboy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2014-04-16 18:25:16 +0000
committer: lazyboy@chromium.org <lazyboy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2014-04-16 18:25:16 +0000
commit: b32f2173f2b0bd1276e4c91b8cdddd494ce4742d (patch)
tree: 542c976e52ed45b1219967bb76c2686e4d5646cd /extensions
parent: 90533fc237fdf77185ab4b4dcb92da546cbe69f1 (diff)
download: chromium_src-b32f2173f2b0bd1276e4c91b8cdddd494ce4742d.zip
chromium_src-b32f2173f2b0bd1276e4c91b8cdddd494ce4742d.tar.gz
chromium_src-b32f2173f2b0bd1276e4c91b8cdddd494ce4742d.tar.bz2
4 files changed, 21 insertions, 4 deletions
diff --git a/extensions/browser/extension_protocols.cc b/extensions/browser/extension_protocols.cc
index 53315cb..bb61b25 100644
--- a/extensions/browser/extension_protocols.cc
+++ b/extensions/browser/extension_protocols.cc
@@ -411,17 +411,24 @@ ExtensionProtocolHandler::MaybeCreateJob(
   std::string content_security_policy;
   bool send_cors_header = false;
   bool follow_symlinks_anywhere = false;
+
   if (extension) {
     std::string resource_path = request->url().path();
-    content_security_policy =
-        extensions::CSPInfo::GetResourceContentSecurityPolicy(extension,
-                                                              resource_path);
+
+    // Use default CSP for <webview>.
+    if (!ExtensionsBrowserClient::Get()->IsWebViewRequest(request)) {
+      content_security_policy =
+          extensions::CSPInfo::GetResourceContentSecurityPolicy(extension,
+                                                                resource_path);
+    }
+
     if ((extension->manifest_version() >= 2 ||
          extensions::WebAccessibleResourcesInfo::HasWebAccessibleResources(
              extension)) &&
         extensions::WebAccessibleResourcesInfo::IsResourceWebAccessible(
-            extension, resource_path))
+            extension, resource_path)) {
       send_cors_header = true;
+    }
 
     follow_symlinks_anywhere =
         (extension->creation_flags() & Extension::FOLLOW_SYMLINKS_ANYWHERE)
diff --git a/extensions/browser/extensions_browser_client.h b/extensions/browser/extensions_browser_client.h
index d7c02d9..e3b91b2 100644
--- a/extensions/browser/extensions_browser_client.h
+++ b/extensions/browser/extensions_browser_client.h
@@ -96,6 +96,10 @@ class ExtensionsBrowserClient {
       const extensions::Extension* extension,
       content::BrowserContext* context) const = 0;
 
+  // Returns true if |request| corresponds to a resource request from a
+  // <webview>.
+  virtual bool IsWebViewRequest(net::URLRequest* request) const = 0;
+
   // Returns an URLRequestJob to load an extension resource from the embedder's
   // resource bundle (.pak) files. Returns NULL if the request is not for a
   // resource bundle resource or if the embedder does not support this feature.
diff --git a/extensions/browser/test_extensions_browser_client.cc b/extensions/browser/test_extensions_browser_client.cc
index 132ac19..6e919ea 100644
--- a/extensions/browser/test_extensions_browser_client.cc
+++ b/extensions/browser/test_extensions_browser_client.cc
@@ -83,6 +83,11 @@ bool TestExtensionsBrowserClient::CanExtensionCrossIncognito(
   return false;
 }
 
+bool TestExtensionsBrowserClient::IsWebViewRequest(
+    net::URLRequest* request) const {
+  return false;
+}
+
 net::URLRequestJob*
 TestExtensionsBrowserClient::MaybeCreateResourceBundleRequestJob(
     net::URLRequest* request,
diff --git a/extensions/browser/test_extensions_browser_client.h b/extensions/browser/test_extensions_browser_client.h
index ee3a625..f7401fe 100644
--- a/extensions/browser/test_extensions_browser_client.h
+++ b/extensions/browser/test_extensions_browser_client.h
@@ -42,6 +42,7 @@ class TestExtensionsBrowserClient : public ExtensionsBrowserClient {
   virtual bool CanExtensionCrossIncognito(
       const extensions::Extension* extension,
       content::BrowserContext* context) const OVERRIDE;
+  virtual bool IsWebViewRequest(net::URLRequest* request) const OVERRIDE;
   virtual net::URLRequestJob* MaybeCreateResourceBundleRequestJob(
       net::URLRequest* request,
       net::NetworkDelegate* network_delegate,
author	lazyboy@chromium.org <lazyboy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2014-04-16 18:25:16 +0000
committer	lazyboy@chromium.org <lazyboy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2014-04-16 18:25:16 +0000
commit	b32f2173f2b0bd1276e4c91b8cdddd494ce4742d (patch)
tree	542c976e52ed45b1219967bb76c2686e4d5646cd /extensions
parent	90533fc237fdf77185ab4b4dcb92da546cbe69f1 (diff)
download	chromium_src-b32f2173f2b0bd1276e4c91b8cdddd494ce4742d.zip chromium_src-b32f2173f2b0bd1276e4c91b8cdddd494ce4742d.tar.gz chromium_src-b32f2173f2b0bd1276e4c91b8cdddd494ce4742d.tar.bz2