extensions/browser/url_request_util.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "extensions/browser/url_request_util.h"
   6
   7 #include <string>
   8
   9 #include "content/public/browser/resource_request_info.h"
  10 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h"
  11 #include "extensions/browser/info_map.h"
  12 #include "extensions/common/extension.h"
  13 #include "extensions/common/manifest_constants.h"
  14 #include "extensions/common/manifest_handlers/icons_handler.h"
  15 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h"
  16 #include "extensions/common/manifest_handlers/webview_info.h"
  17 #include "net/url_request/url_request.h"
  18
  19 namespace extensions {
  20 namespace url_request_util {
  21
  22 bool AllowCrossRendererResourceLoad(net::URLRequest* request,
  23                                     bool is_incognito,
  24                                     const Extension* extension,
  25                                     InfoMap* extension_info_map,
  26                                     bool* allowed) {
  27   const content::ResourceRequestInfo* info =
  28       content::ResourceRequestInfo::ForRequest(request);
  29
  30   // Extensions with webview: allow loading certain resources by guest renderers
  31   // with privileged partition IDs as specified in owner's extension the
  32   // manifest file.
  33   std::string owner_extension_id;
  34   int owner_process_id;
  35   WebViewRendererState::GetInstance()->GetOwnerInfo(
  36       info->GetChildID(), &owner_process_id, &owner_extension_id);
  37   const Extension* owner_extension =
  38       extension_info_map->extensions().GetByID(owner_extension_id);
  39   const WebviewInfo* webview_info =
  40       owner_extension
  41           ? static_cast<const WebviewInfo*>(owner_extension->GetManifestData(
  42                 manifest_keys::kWebviewAccessibleResources))
  43           : nullptr;
  44   std::string partition_id;
  45   bool is_guest = WebViewRendererState::GetInstance()->GetPartitionID(
  46       info->GetChildID(), &partition_id);
  47   std::string resource_path = request->url().path();
  48   if (is_guest && webview_info &&
  49       webview_info->IsResourceWebviewAccessible(extension, partition_id,
  50                                                 resource_path)) {
  51     *allowed = true;
  52     return true;
  53   }
  54
  55   // If the request is for navigations outside of webviews, then it should be
  56   // allowed. The navigation logic in CrossSiteResourceHandler will properly
  57   // transfer the navigation to a privileged process before it commits.
  58   if (content::IsResourceTypeFrame(info->GetResourceType()) && !is_guest) {
  59     *allowed = true;
  60     return true;
  61   }
  62
  63   if (!ui::PageTransitionIsWebTriggerable(info->GetPageTransition())) {
  64     *allowed = false;
  65     return true;
  66   }
  67
  68   // The following checks require that we have an actual extension object. If we
  69   // don't have it, allow the request handling to continue with the rest of the
  70   // checks.
  71   if (!extension) {
  72     *allowed = true;
  73     return true;
  74   }
  75
  76   // Disallow loading of packaged resources for hosted apps. We don't allow
  77   // hybrid hosted/packaged apps. The one exception is access to icons, since
  78   // some extensions want to be able to do things like create their own
  79   // launchers.
  80   std::string resource_root_relative_path =
  81       request->url().path().empty() ? std::string()
  82                                     : request->url().path().substr(1);
  83   if (extension->is_hosted_app() &&
  84       !IconsInfo::GetIcons(extension)
  85            .ContainsPath(resource_root_relative_path)) {
  86     LOG(ERROR) << "Denying load of " << request->url().spec() << " from "
  87                << "hosted app.";
  88     *allowed = false;
  89     return true;
  90   }
  91
  92   // Extensions with web_accessible_resources: allow loading by regular
  93   // renderers. Since not all subresources are required to be listed in a v2
  94   // manifest, we must allow all loads if there are any web accessible
  95   // resources. See http://crbug.com/179127.
  96   if (extension->manifest_version() < 2 ||
  97       WebAccessibleResourcesInfo::HasWebAccessibleResources(extension)) {
  98     *allowed = true;
  99     return true;
 100   }
 101
 102   // Couldn't determine if the resource is allowed or not.
 103   return false;
 104 }
 105
 106 bool IsWebViewRequest(const net::URLRequest* request) {
 107   const content::ResourceRequestInfo* info =
 108       content::ResourceRequestInfo::ForRequest(request);
 109   // |info| can be NULL sometimes: http://crbug.com/370070.
 110   if (!info)
 111     return false;
 112   return WebViewRendererState::GetInstance()->IsGuest(info->GetChildID());
 113 }
 114
 115 }  // namespace url_request_util
 116 }  // namespace extensions