From 52a26894a92e0d8b756bcce2bc96cd741f135329 Mon Sep 17 00:00:00 2001
From: "cdn@chromium.org"
 <cdn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Sun, 29 Jan 2012 21:43:24 +0000
Subject: Add Access-Control-Allow-Origin: * header for extension resources
 specifically listed as web accessible.

BUG=109686

Review URL: http://codereview.chromium.org/9152022

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@119646 0039d316-1c4b-4281-b951-d872f2087c98
---
 chrome/browser/extensions/extension_protocols.cc | 35 ++++++++++++++++++------
 1 file changed, 26 insertions(+), 9 deletions(-)

(limited to 'chrome/browser/extensions/extension_protocols.cc')

diff --git a/chrome/browser/extensions/extension_protocols.cc b/chrome/browser/extensions/extension_protocols.cc
index d0a03c5..fd0537e 100644
--- a/chrome/browser/extensions/extension_protocols.cc
+++ b/chrome/browser/extensions/extension_protocols.cc
@@ -38,7 +38,7 @@
 namespace {
 
 net::HttpResponseHeaders* BuildHttpHeaders(
-    const std::string& content_security_policy) {
+    const std::string& content_security_policy, bool send_cors_header) {
   std::string raw_headers;
   raw_headers.append("HTTP/1.1 200 OK");
   if (!content_security_policy.empty()) {
@@ -46,6 +46,11 @@ net::HttpResponseHeaders* BuildHttpHeaders(
     raw_headers.append("X-WebKit-CSP: ");
     raw_headers.append(content_security_policy);
   }
+
+  if (send_cors_header) {
+    raw_headers.append(1, '\0');
+    raw_headers.append("Access-Control-Allow-Origin: *");
+  }
   raw_headers.append(2, '\0');
   return new net::HttpResponseHeaders(raw_headers);
 }
@@ -54,11 +59,12 @@ class URLRequestResourceBundleJob : public net::URLRequestSimpleJob {
  public:
   URLRequestResourceBundleJob(
       net::URLRequest* request, const FilePath& filename, int resource_id,
-      const std::string& content_security_policy)
+      const std::string& content_security_policy, bool send_cors_header)
       : net::URLRequestSimpleJob(request),
         filename_(filename),
         resource_id_(resource_id) {
-    response_info_.headers = BuildHttpHeaders(content_security_policy);
+    response_info_.headers = BuildHttpHeaders(content_security_policy,
+                                              send_cors_header);
   }
 
   // Overridden from URLRequestSimpleJob:
@@ -109,7 +115,9 @@ class GeneratedBackgroundPageJob : public net::URLRequestSimpleJob {
                              const std::string& content_security_policy)
       : net::URLRequestSimpleJob(request),
         extension_(extension) {
-    response_info_.headers = BuildHttpHeaders(content_security_policy);
+    const bool send_cors_headers = false;
+    response_info_.headers = BuildHttpHeaders(content_security_policy,
+                                              send_cors_headers);
   }
 
   // Overridden from URLRequestSimpleJob:
@@ -142,9 +150,11 @@ class URLRequestExtensionJob : public net::URLRequestFileJob {
  public:
   URLRequestExtensionJob(net::URLRequest* request,
                          const FilePath& filename,
-                         const std::string& content_security_policy)
+                         const std::string& content_security_policy,
+                         bool send_cors_header)
     : net::URLRequestFileJob(request, filename) {
-    response_info_.headers = BuildHttpHeaders(content_security_policy);
+      response_info_.headers = BuildHttpHeaders(content_security_policy,
+                                                send_cors_header);
   }
 
   virtual void GetResponseInfo(net::HttpResponseInfo* info) OVERRIDE {
@@ -255,8 +265,14 @@ ExtensionProtocolHandler::MaybeCreateJob(net::URLRequest* request) const {
   }
 
   std::string content_security_policy;
-  if (extension)
+  bool send_cors_header = false;
+  if (extension) {
     content_security_policy = extension->content_security_policy();
+    if ((extension->manifest_version() >= 2 ||
+             extension->HasWebAccessibleResources()) &&
+        extension->IsResourceWebAccessible(request->url().path()))
+      send_cors_header = true;
+  }
 
   std::string path = request->url().path();
   if (path.size() > 1 &&
@@ -285,7 +301,8 @@ ExtensionProtocolHandler::MaybeCreateJob(net::URLRequest* request) const {
 #endif
       if (relative_path == bm_resource_path) {
         return new URLRequestResourceBundleJob(request, relative_path,
-            kComponentExtensionResources[i].value, content_security_policy);
+            kComponentExtensionResources[i].value, content_security_policy,
+            send_cors_header);
       }
     }
   }
@@ -303,7 +320,7 @@ ExtensionProtocolHandler::MaybeCreateJob(net::URLRequest* request) const {
   }
 
   return new URLRequestExtensionJob(request, resource_file_path,
-                                    content_security_policy);
+                                    content_security_policy, send_cors_header);
 }
 
 }  // namespace
-- 
cgit v1.1