1 files changed, 20 insertions, 17 deletions

diff --git a/chrome/browser/extensions/crx_installer.cc b/chrome/browser/extensions/crx_installer.cc
index 40d8cd2..28f873b 100644
--- a/chrome/browser/extensions/crx_installer.cc
+++ b/chrome/browser/extensions/crx_installer.cc
@@ -187,10 +187,26 @@ bool CrxInstaller::AllowInstall(Extension* extension, std::string* error) {
       return false;
     }
 
-    // For self-hosted apps, verify that the entire extent is on the same
-    // host (or a subdomain of the host) the download happened from.  There's
-    // no way for us to verify that the app controls any other hosts.
-    if (!is_gallery_install_) {
+    // If the client_ is NULL, then the app is either being installed via
+    // an internal mechanism like sync, external_extensions, or default apps.
+    // In that case, we don't want to enforce things like the install origin.
+    if (!is_gallery_install_ && client_) {
+      // For apps with a gallery update URL, require that they be installed
+      // from the gallery.
+      // TODO(erikkay) Apply this rule for paid extensions and themes as well.
+      if ((extension->update_url() ==
+           GURL(extension_urls::kGalleryUpdateHttpsUrl)) ||
+          (extension->update_url() ==
+           GURL(extension_urls::kGalleryUpdateHttpUrl))) {
+        *error = l10n_util::GetStringFUTF8(
+            IDS_EXTENSION_DISALLOW_NON_DOWNLOADED_GALLERY_INSTALLS,
+            l10n_util::GetStringUTF16(IDS_EXTENSION_WEB_STORE_TITLE));
+        return false;
+      }
+
+      // For self-hosted apps, verify that the entire extent is on the same
+      // host (or a subdomain of the host) the download happened from.  There's
+      // no way for us to verify that the app controls any other hosts.
       URLPattern pattern(UserScript::kValidUserScriptSchemes);
       pattern.set_host(original_url_.host());
       pattern.set_match_subdomains(true);
@@ -204,19 +220,6 @@ bool CrxInstaller::AllowInstall(Extension* extension, std::string* error) {
           return false;
         }
       }
-
-      // For apps with a gallery update URL, require that they be installed
-      // from the gallery.
-      // TODO(erikkay) Apply this rule for paid extensions and themes as well.
-      if ((extension->update_url() ==
-           GURL(extension_urls::kGalleryUpdateHttpsUrl)) ||
-          (extension->update_url() ==
-           GURL(extension_urls::kGalleryUpdateHttpUrl))) {
-        *error = l10n_util::GetStringFUTF8(
-            IDS_EXTENSION_DISALLOW_NON_DOWNLOADED_GALLERY_INSTALLS,
-            l10n_util::GetStringUTF16(IDS_EXTENSION_WEB_STORE_TITLE));
-        return false;
-      }
     }
   }