diff options
| -rw-r--r-- | chrome/browser/extensions/extension_browsertests_misc.cc | 15 | ||||
| -rw-r--r-- | chrome/browser/extensions/extension_protocols.cc | 21 | ||||
| -rw-r--r-- | chrome/test/data/extensions/origin_privileges/extension2/index.html | 3 | ||||
| -rw-r--r-- | chrome/test/data/extensions/origin_privileges/extension2/manifest.json | 6 | ||||
| -rw-r--r-- | chrome/test/data/extensions/origin_privileges/extension2/test.png | bin | 0 -> 275 bytes |
5 files changed, 39 insertions, 6 deletions
diff --git a/chrome/browser/extensions/extension_browsertests_misc.cc b/chrome/browser/extensions/extension_browsertests_misc.cc index 457b224..b6c582c 100644 --- a/chrome/browser/extensions/extension_browsertests_misc.cc +++ b/chrome/browser/extensions/extension_browsertests_misc.cc @@ -182,6 +182,7 @@ IN_PROC_BROWSER_TEST_F(ExtensionBrowserTest, OriginPrivileges) { ASSERT_TRUE(LoadExtension(test_data_dir_ .AppendASCII("origin_privileges").AppendASCII("extension"))); + // A web host that has permission. ui_test_utils::NavigateToURL(browser(), GURL("http://a.com:1337/files/extensions/origin_privileges/index.html")); std::string result; @@ -191,6 +192,7 @@ IN_PROC_BROWSER_TEST_F(ExtensionBrowserTest, OriginPrivileges) { &result); EXPECT_EQ(result, "Loaded"); + // A web host that does not have permission. ui_test_utils::NavigateToURL(browser(), GURL("http://b.com:1337/files/extensions/origin_privileges/index.html")); ui_test_utils::ExecuteJavaScriptAndExtractString( @@ -198,6 +200,19 @@ IN_PROC_BROWSER_TEST_F(ExtensionBrowserTest, OriginPrivileges) { L"window.domAutomationController.send(document.title)", &result); EXPECT_EQ(result, "Image failed to load"); + + // A different extension. Extensions should always be able to load each + // other's resources. + ASSERT_TRUE(LoadExtension(test_data_dir_ + .AppendASCII("origin_privileges").AppendASCII("extension2"))); + ui_test_utils::NavigateToURL( + browser(), + GURL("chrome-extension://pbkkcbgdkliohhfaeefcijaghglkahja/index.html")); + ui_test_utils::ExecuteJavaScriptAndExtractString( + browser()->GetSelectedTabContents()->render_view_host(), L"", + L"window.domAutomationController.send(document.title)", + &result); + EXPECT_EQ(result, "Loaded"); } // Tests that we can load extension pages into the tab area and they can call diff --git a/chrome/browser/extensions/extension_protocols.cc b/chrome/browser/extensions/extension_protocols.cc index 7caa170..d88e045 100644 --- a/chrome/browser/extensions/extension_protocols.cc +++ b/chrome/browser/extensions/extension_protocols.cc @@ -77,13 +77,22 @@ static URLRequestJob* CreateExtensionURLRequestJob(URLRequest* request, const ResourceDispatcherHostRequestInfo* info = ResourceDispatcherHost::InfoForRequest(request); - // Don't allow extension resources to be loaded from origins which are not - // present in the extension's effective host permissions with the exception - // of empty origins and extension schemes. - if (!info->frame_origin().empty() && - !GURL(info->frame_origin()).SchemeIs(chrome::kExtensionScheme)) { + // Extension resources should only be loadable from web pages which the + // extension has host permissions to (and therefore could be running script + // in, which might need access to the extension resources). + // + // chrome:// pages are exempt. We allow them to load any extension resource. + // This is used for, eg, the app launcher in the NTP. + // + // chrome-extension:// pages are also exempt, mostly for legacy reasons. Some + // extensions did this to integrate with each other before we added this code. + GURL origin_url(info->frame_origin()); + if (!origin_url.is_empty() && + !origin_url.SchemeIs(chrome::kChromeUIScheme) && + !origin_url.SchemeIs(chrome::kExtensionScheme)) { ExtensionExtent host_permissions = - context->GetEffectiveHostPermissionsForExtension(request->url().host()); + context->GetEffectiveHostPermissionsForExtension( + request->url().host()); if (!host_permissions.ContainsURL(GURL(info->frame_origin()))) return new URLRequestErrorJob(request, net::ERR_ADDRESS_UNREACHABLE); } diff --git a/chrome/test/data/extensions/origin_privileges/extension2/index.html b/chrome/test/data/extensions/origin_privileges/extension2/index.html new file mode 100644 index 0000000..4183769 --- /dev/null +++ b/chrome/test/data/extensions/origin_privileges/extension2/index.html @@ -0,0 +1,3 @@ +<title>Unmodified</title> + +<img onload="document.title='Loaded'" onerror="document.title='Image failed to load'" src="chrome-extension://fnbdbepgnidhjejikpionpfohdjjogpm/test.png">
\ No newline at end of file diff --git a/chrome/test/data/extensions/origin_privileges/extension2/manifest.json b/chrome/test/data/extensions/origin_privileges/extension2/manifest.json new file mode 100644 index 0000000..970fcf0 --- /dev/null +++ b/chrome/test/data/extensions/origin_privileges/extension2/manifest.json @@ -0,0 +1,6 @@ +{ + "description": "test", + "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPOziAf8MbTjdUo6DysZ4nAU/2f/kwYnftyKkxI1GyTlbStprGy+Y2ek4/59QbE3xEE+dIIuYeObM4QTptpcFMg956ZLFoeDg41Pg3tzUrbltgG8hXTbBxN852FJx2kdaqa/MKUUsJKGSD5hkUmvZRADGGWhMWzvz64ao1h02xJQIDAQAC", + "name": "test", + "version": "0.1" +} diff --git a/chrome/test/data/extensions/origin_privileges/extension2/test.png b/chrome/test/data/extensions/origin_privileges/extension2/test.png Binary files differnew file mode 100644 index 0000000..4421311 --- /dev/null +++ b/chrome/test/data/extensions/origin_privileges/extension2/test.png |
