summaryrefslogtreecommitdiffstats
path: root/chrome
diff options
context:
space:
mode:
Diffstat (limited to 'chrome')
-rw-r--r--chrome/browser/net/chrome_network_delegate.cc18
-rw-r--r--chrome/browser/net/chrome_network_delegate.h3
-rw-r--r--chrome/browser/policy/url_blacklist_manager.cc6
-rw-r--r--chrome/browser/policy/url_blacklist_manager.h6
-rw-r--r--chrome/browser/policy/url_blacklist_manager_unittest.cc21
5 files changed, 49 insertions, 5 deletions
diff --git a/chrome/browser/net/chrome_network_delegate.cc b/chrome/browser/net/chrome_network_delegate.cc
index 6ea4eb8..e22fb88 100644
--- a/chrome/browser/net/chrome_network_delegate.cc
+++ b/chrome/browser/net/chrome_network_delegate.cc
@@ -28,6 +28,7 @@
#include "net/cookies/cookie_monster.h"
#include "net/http/http_request_headers.h"
#include "net/http/http_response_headers.h"
+#include "net/socket_stream/socket_stream.h"
#include "net/url_request/url_request.h"
#if defined(OS_CHROMEOS)
@@ -370,3 +371,20 @@ bool ChromeNetworkDelegate::OnCanThrottleRequest(
return request.first_party_for_cookies().scheme() !=
chrome::kExtensionScheme;
}
+
+int ChromeNetworkDelegate::OnBeforeSocketStreamConnect(
+ net::SocketStream* socket,
+ const net::CompletionCallback& callback) {
+#if defined(ENABLE_CONFIGURATION_POLICY)
+ if (url_blacklist_manager_ &&
+ url_blacklist_manager_->IsURLBlocked(socket->url())) {
+ // URL access blocked by policy.
+ scoped_refptr<net::NetLog::EventParameters> params;
+ params = new net::NetLogStringParameter("url", socket->url().spec());
+ socket->net_log()->AddEvent(
+ net::NetLog::TYPE_CHROME_POLICY_ABORTED_REQUEST, params);
+ return net::ERR_NETWORK_ACCESS_DENIED;
+ }
+#endif
+ return net::OK;
+}
diff --git a/chrome/browser/net/chrome_network_delegate.h b/chrome/browser/net/chrome_network_delegate.h
index 2ff6843..bd106f8 100644
--- a/chrome/browser/net/chrome_network_delegate.h
+++ b/chrome/browser/net/chrome_network_delegate.h
@@ -93,6 +93,9 @@ class ChromeNetworkDelegate : public net::NetworkDelegate {
const FilePath& path) const OVERRIDE;
virtual bool OnCanThrottleRequest(
const net::URLRequest& request) const OVERRIDE;
+ virtual int OnBeforeSocketStreamConnect(
+ net::SocketStream* stream,
+ const net::CompletionCallback& callback) OVERRIDE;
scoped_refptr<ExtensionEventRouterForwarder> event_router_;
void* profile_;
diff --git a/chrome/browser/policy/url_blacklist_manager.cc b/chrome/browser/policy/url_blacklist_manager.cc
index 63ccdde..e553d75 100644
--- a/chrome/browser/policy/url_blacklist_manager.cc
+++ b/chrome/browser/policy/url_blacklist_manager.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -206,6 +206,10 @@ bool URLBlacklist::SchemeToFlag(const std::string& scheme, SchemeFlag* flag) {
*flag = SCHEME_HTTPS;
} else if (scheme == "ftp") {
*flag = SCHEME_FTP;
+ } else if (scheme == "ws") {
+ *flag = SCHEME_WS;
+ } else if (scheme == "wss") {
+ *flag = SCHEME_WSS;
} else {
return false;
}
diff --git a/chrome/browser/policy/url_blacklist_manager.h b/chrome/browser/policy/url_blacklist_manager.h
index 8233b37..c0b7ab6 100644
--- a/chrome/browser/policy/url_blacklist_manager.h
+++ b/chrome/browser/policy/url_blacklist_manager.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -32,8 +32,10 @@ class URLBlacklist {
SCHEME_HTTP = 1 << 0,
SCHEME_HTTPS = 1 << 1,
SCHEME_FTP = 1 << 2,
+ SCHEME_WS = 1 << 3,
+ SCHEME_WSS = 1 << 4,
- SCHEME_ALL = (1 << 3) - 1,
+ SCHEME_ALL = (1 << 5) - 1,
};
URLBlacklist();
diff --git a/chrome/browser/policy/url_blacklist_manager_unittest.cc b/chrome/browser/policy/url_blacklist_manager_unittest.cc
index da1760a..4dd3ca6 100644
--- a/chrome/browser/policy/url_blacklist_manager_unittest.cc
+++ b/chrome/browser/policy/url_blacklist_manager_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -250,6 +250,10 @@ TEST_F(URLBlacklistManagerTest, SchemeToFlag) {
EXPECT_EQ(URLBlacklist::SCHEME_HTTPS, flag);
EXPECT_TRUE(URLBlacklist::SchemeToFlag("ftp", &flag));
EXPECT_EQ(URLBlacklist::SCHEME_FTP, flag);
+ EXPECT_TRUE(URLBlacklist::SchemeToFlag("ws", &flag));
+ EXPECT_EQ(URLBlacklist::SCHEME_WS, flag);
+ EXPECT_TRUE(URLBlacklist::SchemeToFlag("wss", &flag));
+ EXPECT_EQ(URLBlacklist::SCHEME_WSS, flag);
EXPECT_TRUE(URLBlacklist::SchemeToFlag("", &flag));
EXPECT_EQ(URLBlacklist::SCHEME_ALL, flag);
EXPECT_FALSE(URLBlacklist::SchemeToFlag("wtf", &flag));
@@ -300,15 +304,19 @@ TEST_F(URLBlacklistManagerTest, Filtering) {
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://x.y.google.com/a/b")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://youtube.com/")));
- // Filter only http and ftp schemes.
+ // Filter only http, ftp and ws schemes.
blacklist.Block("http://secure.com");
blacklist.Block("ftp://secure.com");
+ blacklist.Block("ws://secure.com");
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://secure.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://secure.com/whatever")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ftp://secure.com/")));
+ EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ws://secure.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://secure.com/")));
+ EXPECT_FALSE(blacklist.IsURLBlocked(GURL("wss://secure.com")));
EXPECT_TRUE(blacklist.IsURLBlocked(GURL("http://www.secure.com")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://www.secure.com")));
+ EXPECT_FALSE(blacklist.IsURLBlocked(GURL("wss://www.secure.com")));
// Filter only a certain path prefix.
blacklist.Block("path.to/ruin");
@@ -329,6 +337,15 @@ TEST_F(URLBlacklistManagerTest, Filtering) {
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/bbb")));
EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://s.aaa.com/")));
+ // Filter only ws and wss schemes.
+ blacklist.Block("ws://ws.aaa.com");
+ blacklist.Block("wss://ws.aaa.com");
+ EXPECT_TRUE(blacklist.IsURLBlocked(GURL("ws://ws.aaa.com")));
+ EXPECT_TRUE(blacklist.IsURLBlocked(GURL("wss://ws.aaa.com")));
+ EXPECT_FALSE(blacklist.IsURLBlocked(GURL("http://ws.aaa.com")));
+ EXPECT_FALSE(blacklist.IsURLBlocked(GURL("https://ws.aaa.com")));
+ EXPECT_FALSE(blacklist.IsURLBlocked(GURL("ftp://ws.aaa.com")));
+
// Test exceptions to path prefixes, and most specific matches.
blacklist.Block("s.xxx.com/a");
blacklist.Allow("s.xxx.com/a/b");
generated by cgit v1.1 at 2025-11-28 12:59:18 +0000