| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/api/web_request/web_request_api_helpers.h" | 5 #include "chrome/browser/extensions/api/web_request/web_request_api_helpers.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/string_util.h" | 8 #include "base/string_util.h" |
| 9 #include "base/stringprintf.h" | 9 #include "base/stringprintf.h" |
| 10 #include "base/values.h" | 10 #include "base/values.h" |
| (...skipping 519 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 530 net_log->AddEvent( | 530 net_log->AddEvent( |
| 531 net::NetLog::TYPE_CHROME_EXTENSION_PROVIDE_AUTH_CREDENTIALS, | 531 net::NetLog::TYPE_CHROME_EXTENSION_PROVIDE_AUTH_CREDENTIALS, |
| 532 CreateNetLogExtensionIdCallback(delta->get())); | 532 CreateNetLogExtensionIdCallback(delta->get())); |
| 533 *auth_credentials = *(*delta)->auth_credentials; | 533 *auth_credentials = *(*delta)->auth_credentials; |
| 534 credentials_set = true; | 534 credentials_set = true; |
| 535 } | 535 } |
| 536 } | 536 } |
| 537 return credentials_set; | 537 return credentials_set; |
| 538 } | 538 } |
| 539 | 539 |
| 540 namespace { | |
| 541 | |
| 542 // Returns true if the URL is sensitive and requests to this URL must not be | |
| 543 // modified/canceled by extensions, e.g. because it is targeted to the webstore | |
| 544 // to check for updates, extension blacklisting, etc. | |
| 545 bool IsSensitiveURL(const GURL& url) { | |
| 546 // TODO(battre) Merge this, CanExtensionAccessURL of web_request_api.cc and | |
| 547 // Extension::CanExecuteScriptOnPage into one function. | |
| 548 bool is_webstore_gallery_url = | |
| 549 StartsWithASCII(url.spec(), extension_urls::kGalleryBrowsePrefix, true); | |
| 550 bool sensitive_chrome_url = false; | |
| 551 if (EndsWith(url.host(), "google.com", true)) { | |
| 552 sensitive_chrome_url |= (url.host() == "www.google.com") && | |
| 553 StartsWithASCII(url.path(), "/chrome", true); | |
| 554 sensitive_chrome_url |= (url.host() == "chrome.google.com"); | |
| 555 if (StartsWithASCII(url.host(), "client", true)) { | |
| 556 for (int i = 0; i < 10; ++i) { | |
| 557 sensitive_chrome_url |= | |
| 558 (StringPrintf("client%d.google.com", i) == url.host()); | |
| 559 } | |
| 560 } | |
| 561 } | |
| 562 GURL::Replacements replacements; | |
| 563 replacements.ClearQuery(); | |
| 564 replacements.ClearRef(); | |
| 565 GURL url_without_query = url.ReplaceComponents(replacements); | |
| 566 return is_webstore_gallery_url || sensitive_chrome_url || | |
| 567 extension_urls::IsWebstoreUpdateUrl(url_without_query) || | |
| 568 extension_urls::IsBlacklistUpdateUrl(url); | |
| 569 } | |
| 570 | |
| 571 // Returns true if the scheme is one we want to allow extensions to have access | |
| 572 // to. Extensions still need specific permissions for a given URL, which is | |
| 573 // covered by CanExtensionAccessURL. | |
| 574 bool HasWebRequestScheme(const GURL& url) { | |
| 575 return (url.SchemeIs(chrome::kAboutScheme) || | |
| 576 url.SchemeIs(chrome::kFileScheme) || | |
| 577 url.SchemeIs(chrome::kFileSystemScheme) || | |
| 578 url.SchemeIs(chrome::kFtpScheme) || | |
| 579 url.SchemeIs(chrome::kHttpScheme) || | |
| 580 url.SchemeIs(chrome::kHttpsScheme) || | |
| 581 url.SchemeIs(chrome::kExtensionScheme)); | |
| 582 } | |
| 583 | |
| 584 } // namespace | |
| 585 | |
| 586 bool HideRequest(const net::URLRequest* request) { | |
| 587 const GURL& url = request->url(); | |
| 588 const GURL& first_party_url = request->first_party_for_cookies(); | |
| 589 bool hide = false; | |
| 590 if (first_party_url.is_valid()) { | |
| 591 hide = IsSensitiveURL(first_party_url) || | |
| 592 !HasWebRequestScheme(first_party_url); | |
| 593 } | |
| 594 if (!hide) | |
| 595 hide = IsSensitiveURL(url) || !HasWebRequestScheme(url); | |
| 596 return hide; | |
| 597 } | |
| 598 | 540 |
| 599 #define ARRAYEND(array) (array + arraysize(array)) | 541 #define ARRAYEND(array) (array + arraysize(array)) |
| 600 | 542 |
| 601 bool IsRelevantResourceType(ResourceType::Type type) { | 543 bool IsRelevantResourceType(ResourceType::Type type) { |
| 602 ResourceType::Type* iter = | 544 ResourceType::Type* iter = |
| 603 std::find(kResourceTypeValues, ARRAYEND(kResourceTypeValues), type); | 545 std::find(kResourceTypeValues, ARRAYEND(kResourceTypeValues), type); |
| 604 return iter != ARRAYEND(kResourceTypeValues); | 546 return iter != ARRAYEND(kResourceTypeValues); |
| 605 } | 547 } |
| 606 | 548 |
| 607 const char* ResourceTypeToString(ResourceType::Type type) { | 549 const char* ResourceTypeToString(ResourceType::Type type) { |
| (...skipping 17 matching lines...) Expand all Loading... |
| 625 | 567 |
| 626 bool CanExtensionAccessURL(const extensions::Extension* extension, | 568 bool CanExtensionAccessURL(const extensions::Extension* extension, |
| 627 const GURL& url) { | 569 const GURL& url) { |
| 628 // about: URLs are not covered in host permissions, but are allowed anyway. | 570 // about: URLs are not covered in host permissions, but are allowed anyway. |
| 629 return (url.SchemeIs(chrome::kAboutScheme) || | 571 return (url.SchemeIs(chrome::kAboutScheme) || |
| 630 extension->HasHostPermission(url) || | 572 extension->HasHostPermission(url) || |
| 631 url.GetOrigin() == extension->url()); | 573 url.GetOrigin() == extension->url()); |
| 632 } | 574 } |
| 633 | 575 |
| 634 } // namespace extension_web_request_api_helpers | 576 } // namespace extension_web_request_api_helpers |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10831008:
Refactor and fix declarative webRequest API permissions (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src