Toro: Move ExtensionProtocolHandler to //extensions

chrome/browser/extensions/url_request_util.cc

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/extensions/url_request_util.h"
+
+#include <string>
+
+#include "base/files/file_path.h"
+#include "base/memory/weak_ptr.h"
+#include "base/path_service.h"
+#include "base/strings/string_number_conversions.h"
+#include "base/strings/string_util.h"
+#include "base/strings/stringprintf.h"
+#include "base/task_runner_util.h"
+#include "chrome/browser/extensions/extension_renderer_state.h"
+#include "chrome/browser/extensions/image_loader.h"
+#include "chrome/common/chrome_paths.h"
+#include "chrome/common/extensions/manifest_url_handler.h"
+#include "content/public/browser/browser_thread.h"
+#include "content/public/browser/resource_request_info.h"
+#include "extensions/browser/extension_protocols.h"
+#include "extensions/browser/info_map.h"
+#include "extensions/common/file_util.h"
+#include "extensions/common/manifest_handlers/icons_handler.h"
+#include "extensions/common/manifest_handlers/web_accessible_resources_info.h"
+#include "extensions/common/manifest_handlers/webview_info.h"
+#include "net/base/mime_util.h"
+#include "net/base/net_errors.h"
+#include "net/http/http_request_headers.h"
+#include "net/http/http_response_headers.h"
+#include "net/http/http_response_info.h"
+#include "net/url_request/url_request.h"
+#include "net/url_request/url_request_simple_job.h"
+#include "ui/base/resource/resource_bundle.h"
+
+using content::BrowserThread;
+
+namespace {
+
+// A request for an extension resource in a Chrome .pak file. These are used
+// by component extensions.
+class URLRequestResourceBundleJob : public net::URLRequestSimpleJob {
+ public:
+  URLRequestResourceBundleJob(net::URLRequest* request,
+                              net::NetworkDelegate* network_delegate,
+                              const base::FilePath& filename,
+                              int resource_id,
+                              const std::string& content_security_policy,
+                              bool send_cors_header)
+      : net::URLRequestSimpleJob(request, network_delegate),
+        filename_(filename),
+        resource_id_(resource_id),
+        weak_factory_(this) {
+    // Leave cache headers out of resource bundle requests.
+    response_info_.headers = extensions::BuildHttpHeaders(
+        content_security_policy, send_cors_header, base::Time());
+  }
+
+  // Overridden from URLRequestSimpleJob:
+  virtual int GetData(std::string* mime_type,
+                      std::string* charset,
+                      std::string* data,
+                      const net::CompletionCallback& callback) const OVERRIDE {
+    const ResourceBundle& rb = ResourceBundle::GetSharedInstance();
+    *data = rb.GetRawDataResource(resource_id_).as_string();
+
+    // Add the Content-Length header now that we know the resource length.
+    response_info_.headers->AddHeader(
+        base::StringPrintf("%s: %s",
+                           net::HttpRequestHeaders::kContentLength,
+                           base::UintToString(data->size()).c_str()));
+
+    std::string* read_mime_type = new std::string;
+    bool posted = base::PostTaskAndReplyWithResult(
+        BrowserThread::GetBlockingPool(),
+        FROM_HERE,
+        base::Bind(&net::GetMimeTypeFromFile,
+                   filename_,
+                   base::Unretained(read_mime_type)),
+        base::Bind(&URLRequestResourceBundleJob::OnMimeTypeRead,
+                   weak_factory_.GetWeakPtr(),
+                   mime_type,
+                   charset,
+                   data,
+                   base::Owned(read_mime_type),
+                   callback));
+    DCHECK(posted);
+
+    return net::ERR_IO_PENDING;
+  }
+
+  virtual void GetResponseInfo(net::HttpResponseInfo* info) OVERRIDE {
+    *info = response_info_;
+  }
+
+ private:
+  virtual ~URLRequestResourceBundleJob() {}
+
+  void OnMimeTypeRead(std::string* out_mime_type,
+                      std::string* charset,
+                      std::string* data,
+                      std::string* read_mime_type,
+                      const net::CompletionCallback& callback,
+                      bool read_result) {
+    *out_mime_type = *read_mime_type;
+    if (StartsWithASCII(*read_mime_type, "text/", false)) {
+      // All of our HTML files should be UTF-8 and for other resource types
+      // (like images), charset doesn't matter.
+      DCHECK(IsStringUTF8(*data));
+      *charset = "utf-8";
+    }
+    int result = read_result ? net::OK : net::ERR_INVALID_URL;
+    callback.Run(result);
+  }
+
+  // We need the filename of the resource to determine the mime type.
+  base::FilePath filename_;
+
+  // The resource bundle id to load.
+  int resource_id_;
+
+  net::HttpResponseInfo response_info_;
+
+  mutable base::WeakPtrFactory<URLRequestResourceBundleJob> weak_factory_;
+};
+
+}  // namespace
+
+namespace extensions {
+namespace url_request_util {
+
+bool AllowCrossRendererResourceLoad(net::URLRequest* request,
+                                    bool is_incognito,
+                                    const Extension* extension,
+                                    InfoMap* extension_info_map) {
+  const content::ResourceRequestInfo* info =
+      content::ResourceRequestInfo::ForRequest(request);
+
+  // Check workers so that importScripts works from extension workers.
+  if (extension_info_map->worker_process_map().Contains(request->url().host(),
+                                                        info->GetChildID())) {
+    return true;
+  }
+
+  // Extensions with webview: allow loading certain resources by guest renderers
+  // with privileged partition IDs as specified in the manifest file.
+  ExtensionRendererState* renderer_state =
+      ExtensionRendererState::GetInstance();
+  ExtensionRendererState::WebViewInfo webview_info;
+  bool is_guest = renderer_state->GetWebViewInfo(
+      info->GetChildID(), info->GetRouteID(), &webview_info);
+  std::string resource_path = request->url().path();
+  if (is_guest && WebviewInfo::IsResourceWebviewAccessible(
+                      extension, webview_info.partition_id, resource_path)) {
+    return true;
+  }
+
+  // If the request is for navigations outside of webviews, then it should be
+  // allowed. The navigation logic in CrossSiteResourceHandler will properly
+  // transfer the navigation to a privileged process before it commits.
+  if (ResourceType::IsFrame(info->GetResourceType()) && !is_guest)
+    return true;
+
+  if (!content::PageTransitionIsWebTriggerable(info->GetPageTransition()))
+    return false;
+
+  // The following checks require that we have an actual extension object. If we
+  // don't have it, allow the request handling to continue with the rest of the
+  // checks.
+  if (!extension)
+    return true;
+
+  // Disallow loading of packaged resources for hosted apps. We don't allow
+  // hybrid hosted/packaged apps. The one exception is access to icons, since
+  // some extensions want to be able to do things like create their own
+  // launchers.
+  std::string resource_root_relative_path =
+      request->url().path().empty() ? std::string()
+                                    : request->url().path().substr(1);
+  if (extension->is_hosted_app() &&
+      !IconsInfo::GetIcons(extension)
+           .ContainsPath(resource_root_relative_path)) {
+    LOG(ERROR) << "Denying load of " << request->url().spec() << " from "
+               << "hosted app.";
+    return false;
+  }
+
+  // Extensions with web_accessible_resources: allow loading by regular
+  // renderers. Since not all subresources are required to be listed in a v2
+  // manifest, we must allow all loads if there are any web accessible
+  // resources. See http://crbug.com/179127.
+  if (extension->manifest_version() < 2 ||
+      WebAccessibleResourcesInfo::HasWebAccessibleResources(extension)) {
+    return true;
+  }
+
+  // If there aren't any explicitly marked web accessible resources, the
+  // load should be allowed only if it is by DevTools. A close approximation is
+  // checking if the extension contains a DevTools page.
+  if (!ManifestURL::GetDevToolsPage(extension).is_empty())
+    return true;
+
+  // No special exception. Block the load.
+  return false;
+}
+
+net::URLRequestJob* MaybeCreateURLRequestResourceBundleJob(
+    net::URLRequest* request,
+    net::NetworkDelegate* network_delegate,
+    const base::FilePath& directory_path,
+    const std::string& content_security_policy,
+    bool send_cors_header) {
+  base::FilePath resources_path;
+  base::FilePath relative_path;
+  // Try to load extension resources from chrome resource file if
+  // directory_path is a descendant of resources_path. resources_path
+  // corresponds to src/chrome/browser/resources in source tree.
+  if (PathService::Get(chrome::DIR_RESOURCES, &resources_path) &&
+      // Since component extension resources are included in
+      // component_extension_resources.pak file in resources_path, calculate
+      // extension relative path against resources_path.
+      resources_path.AppendRelativePath(directory_path, &relative_path)) {
+    base::FilePath request_path =
+        extensions::file_util::ExtensionURLToRelativeFilePath(request->url());
+    int resource_id = 0;
+    if (extensions::ImageLoader::IsComponentExtensionResource(
+            directory_path, request_path, &resource_id)) {
+      relative_path = relative_path.Append(request_path);
+      relative_path = relative_path.NormalizePathSeparators();
+      return new URLRequestResourceBundleJob(request,
+                                             network_delegate,
+                                             relative_path,
+                                             resource_id,
+                                             content_security_policy,
+                                             send_cors_header);
+    }
+  }
+  return NULL;
+}
+
+}  // namespace url_request_util
+}  // namespace extensions