| Index: chrome/browser/extensions/api/web_request/web_request_permissions.cc
|
| diff --git a/chrome/browser/extensions/api/web_request/web_request_permissions.cc b/chrome/browser/extensions/api/web_request/web_request_permissions.cc
|
| index ca84616cef269801c45ad9761d46ccdcb5c36387..bd295c362abea603777bf693f495c181a1ab24b6 100644
|
| --- a/chrome/browser/extensions/api/web_request/web_request_permissions.cc
|
| +++ b/chrome/browser/extensions/api/web_request/web_request_permissions.cc
|
| @@ -8,37 +8,51 @@
|
| #include "base/stringprintf.h"
|
| #include "chrome/browser/extensions/extension_info_map.h"
|
| #include "chrome/common/extensions/extension.h"
|
| +#include "chrome/common/extensions/extension_constants.h"
|
| #include "chrome/common/url_constants.h"
|
| +#include "content/public/browser/resource_request_info.h"
|
| #include "googleurl/src/gurl.h"
|
| #include "net/url_request/url_request.h"
|
|
|
| +using content::ResourceRequestInfo;
|
| +
|
| namespace {
|
|
|
| // Returns true if the URL is sensitive and requests to this URL must not be
|
| // modified/canceled by extensions, e.g. because it is targeted to the webstore
|
| // to check for updates, extension blacklisting, etc.
|
| bool IsSensitiveURL(const GURL& url) {
|
| - // TODO(battre) Merge this, CanExtensionAccessURL of web_request_api.cc and
|
| + // TODO(battre) Merge this, CanExtensionAccessURL and
|
| // Extension::CanExecuteScriptOnPage into one function.
|
| - bool is_webstore_gallery_url =
|
| - StartsWithASCII(url.spec(), extension_urls::kGalleryBrowsePrefix, true);
|
| bool sensitive_chrome_url = false;
|
| - if (EndsWith(url.host(), "google.com", true)) {
|
| - sensitive_chrome_url |= (url.host() == "www.google.com") &&
|
| - StartsWithASCII(url.path(), "/chrome", true);
|
| - sensitive_chrome_url |= (url.host() == "chrome.google.com");
|
| - if (StartsWithASCII(url.host(), "client", true)) {
|
| - for (int i = 0; i < 10; ++i) {
|
| - sensitive_chrome_url |=
|
| - (StringPrintf("client%d.google.com", i) == url.host());
|
| + const std::string host = url.host();
|
| + const char kGoogleCom[] = ".google.com";
|
| + const char kClient[] = "clients";
|
| + if (EndsWith(host, kGoogleCom, true)) {
|
| + // Check for "clients[0-9]*.google.com" hosts.
|
| + // This protects requests to several internal services such as sync,
|
| + // extension update pings, captive portal detection, fraudulent certificate
|
| + // reporting, autofill and others.
|
| + if (StartsWithASCII(host, kClient, true)) {
|
| + bool match = true;
|
| + for (std::string::const_iterator i = host.begin() + strlen(kClient),
|
| + end = host.end() - strlen(kGoogleCom); i != end; ++i) {
|
| + if (!isdigit(*i))
|
| + match = false;
|
| }
|
| + sensitive_chrome_url = sensitive_chrome_url || match;
|
| }
|
| + // This protects requests to safe browsing, link doctor, and possibly
|
| + // others.
|
| + sensitive_chrome_url = sensitive_chrome_url ||
|
| + EndsWith(url.host(), ".clients.google.com", true) ||
|
| + url.host() == "sb-ssl.google.com";
|
| }
|
| GURL::Replacements replacements;
|
| replacements.ClearQuery();
|
| replacements.ClearRef();
|
| GURL url_without_query = url.ReplaceComponents(replacements);
|
| - return is_webstore_gallery_url || sensitive_chrome_url ||
|
| + return sensitive_chrome_url ||
|
| extension_urls::IsWebstoreUpdateUrl(url_without_query) ||
|
| extension_urls::IsBlacklistUpdateUrl(url);
|
| }
|
| @@ -59,17 +73,21 @@ bool HasWebRequestScheme(const GURL& url) {
|
| } // namespace
|
|
|
| // static
|
| -bool WebRequestPermissions::HideRequest(const net::URLRequest* request) {
|
| - const GURL& url = request->url();
|
| - const GURL& first_party_url = request->first_party_for_cookies();
|
| - bool hide = false;
|
| - if (first_party_url.is_valid()) {
|
| - hide = IsSensitiveURL(first_party_url) ||
|
| - !HasWebRequestScheme(first_party_url);
|
| +bool WebRequestPermissions::HideRequest(
|
| + const ExtensionInfoMap* extension_info_map,
|
| + const net::URLRequest* request) {
|
| + // Hide requests from the Chrome WebStore App.
|
| + const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request);
|
| + if (info && extension_info_map) {
|
| + int process_id = info->GetChildID();
|
| + const extensions::ProcessMap& process_map =
|
| + extension_info_map->process_map();
|
| + if (process_map.Contains(extension_misc::kWebStoreAppId, process_id))
|
| + return true;
|
| }
|
| - if (!hide)
|
| - hide = IsSensitiveURL(url) || !HasWebRequestScheme(url);
|
| - return hide;
|
| +
|
| + const GURL& url = request->url();
|
| + return IsSensitiveURL(url) || !HasWebRequestScheme(url);
|
| }
|
|
|
| // static
|
|
|
Chromium Code Reviews
Issue 10825102:
Protect Chrome WebStore based on process IDs (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src