Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / extensions / chrome_url_request_util.cc
blob60d1eb62bd3dcfd7312ed004367cd442ce83cb07
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/extensions/chrome_url_request_util.h"
7 #include <string>
9 #include "base/files/file_path.h"
10 #include "base/memory/weak_ptr.h"
11 #include "base/path_service.h"
12 #include "base/strings/string_number_conversions.h"
13 #include "base/strings/string_util.h"
14 #include "base/strings/stringprintf.h"
15 #include "base/task_runner_util.h"
16 #include "chrome/common/chrome_paths.h"
17 #include "chrome/common/extensions/chrome_manifest_url_handlers.h"
18 #include "content/public/browser/browser_thread.h"
19 #include "content/public/browser/resource_request_info.h"
20 #include "extensions/browser/component_extension_resource_manager.h"
21 #include "extensions/browser/extension_protocols.h"
22 #include "extensions/browser/extensions_browser_client.h"
23 #include "extensions/browser/info_map.h"
24 #include "extensions/browser/url_request_util.h"
25 #include "extensions/common/file_util.h"
26 #include "net/base/mime_util.h"
27 #include "net/base/net_errors.h"
28 #include "net/http/http_request_headers.h"
29 #include "net/http/http_response_headers.h"
30 #include "net/http/http_response_info.h"
31 #include "net/url_request/url_request.h"
32 #include "net/url_request/url_request_simple_job.h"
33 #include "ui/base/resource/resource_bundle.h"
35 using content::BrowserThread;
36 using content::ResourceType;
37 using extensions::ExtensionsBrowserClient;
39 namespace {
41 // A request for an extension resource in a Chrome .pak file. These are used
42 // by component extensions.
43 class URLRequestResourceBundleJob : public net::URLRequestSimpleJob {
44 public:
45 URLRequestResourceBundleJob(net::URLRequest* request,
46 net::NetworkDelegate* network_delegate,
47 const base::FilePath& filename,
48 int resource_id,
49 const std::string& content_security_policy,
50 bool send_cors_header)
51 : net::URLRequestSimpleJob(request, network_delegate),
52 filename_(filename),
53 resource_id_(resource_id),
54 weak_factory_(this) {
55 // Leave cache headers out of resource bundle requests.
56 response_info_.headers = extensions::BuildHttpHeaders(
57 content_security_policy, send_cors_header, base::Time());
60 // Overridden from URLRequestSimpleJob:
61 int GetRefCountedData(
62 std::string* mime_type,
63 std::string* charset,
64 scoped_refptr<base::RefCountedMemory>* data,
65 const net::CompletionCallback& callback) const override {
66 const ResourceBundle& rb = ResourceBundle::GetSharedInstance();
67 *data = rb.LoadDataResourceBytes(resource_id_);
69 // Add the Content-Length header now that we know the resource length.
70 response_info_.headers->AddHeader(
71 base::StringPrintf("%s: %s", net::HttpRequestHeaders::kContentLength,
72 base::UintToString((*data)->size()).c_str()));
74 std::string* read_mime_type = new std::string;
75 bool posted = base::PostTaskAndReplyWithResult(
76 BrowserThread::GetBlockingPool(), FROM_HERE,
77 base::Bind(&net::GetMimeTypeFromFile, filename_,
78 base::Unretained(read_mime_type)),
79 base::Bind(&URLRequestResourceBundleJob::OnMimeTypeRead,
80 weak_factory_.GetWeakPtr(), mime_type, charset, *data,
81 base::Owned(read_mime_type), callback));
82 DCHECK(posted);
84 return net::ERR_IO_PENDING;
87 void GetResponseInfo(net::HttpResponseInfo* info) override {
88 *info = response_info_;
91 private:
92 ~URLRequestResourceBundleJob() override {}
94 void OnMimeTypeRead(std::string* out_mime_type,
95 std::string* charset,
96 scoped_refptr<base::RefCountedMemory> data,
97 std::string* read_mime_type,
98 const net::CompletionCallback& callback,
99 bool read_result) {
100 *out_mime_type = *read_mime_type;
101 if (base::StartsWith(*read_mime_type, "text/",
102 base::CompareCase::INSENSITIVE_ASCII)) {
103 // All of our HTML files should be UTF-8 and for other resource types
104 // (like images), charset doesn't matter.
105 DCHECK(base::IsStringUTF8(base::StringPiece(
106 reinterpret_cast<const char*>(data->front()), data->size())));
107 *charset = "utf-8";
109 int result = read_result ? net::OK : net::ERR_INVALID_URL;
110 callback.Run(result);
113 // We need the filename of the resource to determine the mime type.
114 base::FilePath filename_;
116 // The resource bundle id to load.
117 int resource_id_;
119 net::HttpResponseInfo response_info_;
121 mutable base::WeakPtrFactory<URLRequestResourceBundleJob> weak_factory_;
124 } // namespace
126 namespace extensions {
127 namespace chrome_url_request_util {
129 bool AllowCrossRendererResourceLoad(net::URLRequest* request,
130 bool is_incognito,
131 const Extension* extension,
132 InfoMap* extension_info_map,
133 bool* allowed) {
134 if (url_request_util::AllowCrossRendererResourceLoad(
135 request, is_incognito, extension, extension_info_map, allowed)) {
136 return true;
139 // If there aren't any explicitly marked web accessible resources, the
140 // load should be allowed only if it is by DevTools. A close approximation is
141 // checking if the extension contains a DevTools page.
142 if (!chrome_manifest_urls::GetDevToolsPage(extension).is_empty()) {
143 *allowed = true;
144 return true;
147 // Couldn't determine if the resource is allowed or not.
148 return false;
151 net::URLRequestJob* MaybeCreateURLRequestResourceBundleJob(
152 net::URLRequest* request,
153 net::NetworkDelegate* network_delegate,
154 const base::FilePath& directory_path,
155 const std::string& content_security_policy,
156 bool send_cors_header) {
157 base::FilePath resources_path;
158 base::FilePath relative_path;
159 // Try to load extension resources from chrome resource file if
160 // directory_path is a descendant of resources_path. resources_path
161 // corresponds to src/chrome/browser/resources in source tree.
162 if (PathService::Get(chrome::DIR_RESOURCES, &resources_path) &&
163 // Since component extension resources are included in
164 // component_extension_resources.pak file in resources_path, calculate
165 // extension relative path against resources_path.
166 resources_path.AppendRelativePath(directory_path, &relative_path)) {
167 base::FilePath request_path =
168 extensions::file_util::ExtensionURLToRelativeFilePath(request->url());
169 int resource_id = 0;
170 if (ExtensionsBrowserClient::Get()
171 ->GetComponentExtensionResourceManager()
172 ->IsComponentExtensionResource(
173 directory_path, request_path, &resource_id)) {
174 relative_path = relative_path.Append(request_path);
175 relative_path = relative_path.NormalizePathSeparators();
176 return new URLRequestResourceBundleJob(request,
177 network_delegate,
178 relative_path,
179 resource_id,
180 content_security_policy,
181 send_cors_header);
184 return NULL;
187 } // namespace chrome_url_request_util
188 } // namespace extensions