search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Temporarily re-enabling SizeAfterPrefChange test with traces (this time for Linux...
[chromium-blink-merge.git] / chrome / browser / extensions / url_request_util.cc
blob4670462e866b65a2d08f851e4d678687849974ad
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/extensions/url_request_util.h"
6
7 #include <string>
8
9 #include "base/files/file_path.h"
10 #include "base/memory/weak_ptr.h"
11 #include "base/path_service.h"
12 #include "base/strings/string_number_conversions.h"
13 #include "base/strings/string_util.h"
14 #include "base/strings/stringprintf.h"
15 #include "base/task_runner_util.h"
16 #include "chrome/browser/extensions/extension_renderer_state.h"
17 #include "chrome/browser/extensions/image_loader.h"
18 #include "chrome/common/chrome_paths.h"
19 #include "chrome/common/extensions/manifest_url_handler.h"
20 #include "content/public/browser/browser_thread.h"
21 #include "content/public/browser/resource_request_info.h"
22 #include "extensions/browser/extension_protocols.h"
23 #include "extensions/browser/info_map.h"
24 #include "extensions/common/file_util.h"
25 #include "extensions/common/manifest_handlers/icons_handler.h"
26 #include "extensions/common/manifest_handlers/web_accessible_resources_info.h"
27 #include "extensions/common/manifest_handlers/webview_info.h"
28 #include "net/base/mime_util.h"
29 #include "net/base/net_errors.h"
30 #include "net/http/http_request_headers.h"
31 #include "net/http/http_response_headers.h"
32 #include "net/http/http_response_info.h"
33 #include "net/url_request/url_request.h"
34 #include "net/url_request/url_request_simple_job.h"
35 #include "ui/base/resource/resource_bundle.h"
36
37 using content::BrowserThread;
38
39 namespace {
40
41 // A request for an extension resource in a Chrome .pak file. These are used
42 // by component extensions.
43 class URLRequestResourceBundleJob : public net::URLRequestSimpleJob {
44 public:
45 URLRequestResourceBundleJob(net::URLRequest* request,
46 net::NetworkDelegate* network_delegate,
47 const base::FilePath& filename,
48 int resource_id,
49 const std::string& content_security_policy,
50 bool send_cors_header)
51 : net::URLRequestSimpleJob(request, network_delegate),
52 filename_(filename),
53 resource_id_(resource_id),
54 weak_factory_(this) {
55 // Leave cache headers out of resource bundle requests.
56 response_info_.headers = extensions::BuildHttpHeaders(
57 content_security_policy, send_cors_header, base::Time());
58 }
59
60 // Overridden from URLRequestSimpleJob:
61 virtual int GetData(std::string* mime_type,
62 std::string* charset,
63 std::string* data,
64 const net::CompletionCallback& callback) const OVERRIDE {
65 const ResourceBundle& rb = ResourceBundle::GetSharedInstance();
66 *data = rb.GetRawDataResource(resource_id_).as_string();
67
68 // Add the Content-Length header now that we know the resource length.
69 response_info_.headers->AddHeader(
70 base::StringPrintf("%s: %s",
71 net::HttpRequestHeaders::kContentLength,
72 base::UintToString(data->size()).c_str()));
73
74 std::string* read_mime_type = new std::string;
75 bool posted = base::PostTaskAndReplyWithResult(
76 BrowserThread::GetBlockingPool(),
77 FROM_HERE,
78 base::Bind(&net::GetMimeTypeFromFile,
79 filename_,
80 base::Unretained(read_mime_type)),
81 base::Bind(&URLRequestResourceBundleJob::OnMimeTypeRead,
82 weak_factory_.GetWeakPtr(),
83 mime_type,
84 charset,
85 data,
86 base::Owned(read_mime_type),
87 callback));
88 DCHECK(posted);
89
90 return net::ERR_IO_PENDING;
91 }
92
93 virtual void GetResponseInfo(net::HttpResponseInfo* info) OVERRIDE {
94 *info = response_info_;
95 }
96
97 private:
98 virtual ~URLRequestResourceBundleJob() {}
99
100 void OnMimeTypeRead(std::string* out_mime_type,
101 std::string* charset,
102 std::string* data,
103 std::string* read_mime_type,
104 const net::CompletionCallback& callback,
105 bool read_result) {
106 *out_mime_type = *read_mime_type;
107 if (StartsWithASCII(*read_mime_type, "text/", false)) {
108 // All of our HTML files should be UTF-8 and for other resource types
109 // (like images), charset doesn't matter.
110 DCHECK(base::IsStringUTF8(*data));
111 *charset = "utf-8";
112 }
113 int result = read_result ? net::OK : net::ERR_INVALID_URL;
114 callback.Run(result);
115 }
116
117 // We need the filename of the resource to determine the mime type.
118 base::FilePath filename_;
119
120 // The resource bundle id to load.
121 int resource_id_;
122
123 net::HttpResponseInfo response_info_;
124
125 mutable base::WeakPtrFactory<URLRequestResourceBundleJob> weak_factory_;
126 };
127
128 } // namespace
129
130 namespace extensions {
131 namespace url_request_util {
132
133 bool AllowCrossRendererResourceLoad(net::URLRequest* request,
134 bool is_incognito,
135 const Extension* extension,
136 InfoMap* extension_info_map) {
137 const content::ResourceRequestInfo* info =
138 content::ResourceRequestInfo::ForRequest(request);
139
140 // Check workers so that importScripts works from extension workers.
141 if (extension_info_map->worker_process_map().Contains(request->url().host(),
142 info->GetChildID())) {
143 return true;
144 }
145
146 // Extensions with webview: allow loading certain resources by guest renderers
147 // with privileged partition IDs as specified in the manifest file.
148 ExtensionRendererState* renderer_state =
149 ExtensionRendererState::GetInstance();
150 ExtensionRendererState::WebViewInfo webview_info;
151 bool is_guest = renderer_state->GetWebViewInfo(
152 info->GetChildID(), info->GetRouteID(), &webview_info);
153 std::string resource_path = request->url().path();
154 if (is_guest && WebviewInfo::IsResourceWebviewAccessible(
155 extension, webview_info.partition_id, resource_path)) {
156 return true;
157 }
158
159 // If the request is for navigations outside of webviews, then it should be
160 // allowed. The navigation logic in CrossSiteResourceHandler will properly
161 // transfer the navigation to a privileged process before it commits.
162 if (ResourceType::IsFrame(info->GetResourceType()) && !is_guest)
163 return true;
164
165 if (!content::PageTransitionIsWebTriggerable(info->GetPageTransition()))
166 return false;
167
168 // The following checks require that we have an actual extension object. If we
169 // don't have it, allow the request handling to continue with the rest of the
170 // checks.
171 if (!extension)
172 return true;
173
174 // Disallow loading of packaged resources for hosted apps. We don't allow
175 // hybrid hosted/packaged apps. The one exception is access to icons, since
176 // some extensions want to be able to do things like create their own
177 // launchers.
178 std::string resource_root_relative_path =
179 request->url().path().empty() ? std::string()
180 : request->url().path().substr(1);
181 if (extension->is_hosted_app() &&
182 !IconsInfo::GetIcons(extension)
183 .ContainsPath(resource_root_relative_path)) {
184 LOG(ERROR) << "Denying load of " << request->url().spec() << " from "
185 << "hosted app.";
186 return false;
187 }
188
189 // Extensions with web_accessible_resources: allow loading by regular
190 // renderers. Since not all subresources are required to be listed in a v2
191 // manifest, we must allow all loads if there are any web accessible
192 // resources. See http://crbug.com/179127.
193 if (extension->manifest_version() < 2 ||
194 WebAccessibleResourcesInfo::HasWebAccessibleResources(extension)) {
195 return true;
196 }
197
198 // If there aren't any explicitly marked web accessible resources, the
199 // load should be allowed only if it is by DevTools. A close approximation is
200 // checking if the extension contains a DevTools page.
201 if (!ManifestURL::GetDevToolsPage(extension).is_empty())
202 return true;
203
204 // No special exception. Block the load.
205 return false;
206 }
207
208 net::URLRequestJob* MaybeCreateURLRequestResourceBundleJob(
209 net::URLRequest* request,
210 net::NetworkDelegate* network_delegate,
211 const base::FilePath& directory_path,
212 const std::string& content_security_policy,
213 bool send_cors_header) {
214 base::FilePath resources_path;
215 base::FilePath relative_path;
216 // Try to load extension resources from chrome resource file if
217 // directory_path is a descendant of resources_path. resources_path
218 // corresponds to src/chrome/browser/resources in source tree.
219 if (PathService::Get(chrome::DIR_RESOURCES, &resources_path) &&
220 // Since component extension resources are included in
221 // component_extension_resources.pak file in resources_path, calculate
222 // extension relative path against resources_path.
223 resources_path.AppendRelativePath(directory_path, &relative_path)) {
224 base::FilePath request_path =
225 extensions::file_util::ExtensionURLToRelativeFilePath(request->url());
226 int resource_id = 0;
227 if (extensions::ImageLoader::IsComponentExtensionResource(
228 directory_path, request_path, &resource_id)) {
229 relative_path = relative_path.Append(request_path);
230 relative_path = relative_path.NormalizePathSeparators();
231 return new URLRequestResourceBundleJob(request,
232 network_delegate,
233 relative_path,
234 resource_id,
235 content_security_policy,
236 send_cors_header);
237 }
238 }
239 return NULL;
240 }
241
242 bool IsWebViewRequest(net::URLRequest* request) {
243 const content::ResourceRequestInfo* info =
244 content::ResourceRequestInfo::ForRequest(request);
245 // |info| can be NULL sometimes: http://crbug.com/370070.
246 if (!info)
247 return false;
248 ExtensionRendererState* renderer_state =
249 ExtensionRendererState::GetInstance();
250 ExtensionRendererState::WebViewInfo webview_info;
251 return renderer_state->GetWebViewInfo(
252 info->GetChildID(), info->GetRouteID(), &webview_info);
253 }
254
255 } // namespace url_request_util
256 } // namespace extensions