Fix bug where we'd allow chrome-extension URLs to be loaded in incognito mode

chrome/browser/extensions/extension_protocols.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/extension_protocols.h"
 
 #include <algorithm>
 
 #include "base/compiler_specific.h"
 #include "base/file_path.h"
@@ skipping 147 matching lines @@
                                                 send_cors_header);
   }
 
   virtual void GetResponseInfo(net::HttpResponseInfo* info) OVERRIDE {
     *info = response_info_;
   }
 
   net::HttpResponseInfo response_info_;
 };
 
-bool ExtensionCanLoadInIncognito(const std::string& extension_id,
+bool ExtensionCanLoadInIncognito(const ResourceRequestInfo* info,
+                                 const std::string& extension_id,
                                  ExtensionInfoMap* extension_info_map) {
-  const Extension* extension =
-      extension_info_map->extensions().GetByID(extension_id);
-  // Only split-mode extensions can load in incognito profiles.
-  return extension && extension->incognito_split_mode();
+  if (!extension_info_map->IsIncognitoEnabled(extension_id))
+    return false;
+
+  // Only allow incognito toplevel navigations to extension resources in
+  // split mode. In spanning mode, the extension must run in a single process,
+  // and an incognito tab prevents that.
+  if (info->GetResourceType() == ResourceType::MAIN_FRAME) {

[Aaron Boodman, 2012/03/20 02:19:29]

Why only the main frame? Shouldn't we prevent all resources?

[Matt Perry, 2012/03/20 17:27:33]

We prevent all resources if the extension is not incognito-enabled (line 171).
In addition, we prevent main frame resources if the extension is not split mode.

[Aaron Boodman, 2012/03/21 19:29:44]

Ah, I remember. Thanks.

+    const Extension* extension =
+        extension_info_map->extensions().GetByID(extension_id);
+    return extension && extension->incognito_split_mode();
+  }
+
+  return true;
 }
 
 // Returns true if an chrome-extension:// resource should be allowed to load.
 // TODO(aa): This should be moved into ExtensionResourceRequestPolicy, but we
 // first need to find a way to get CanLoadInIncognito state into the renderers.
 bool AllowExtensionResourceLoad(net::URLRequest* request,
                                 bool is_incognito,
                                 ExtensionInfoMap* extension_info_map) {
   const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request);
 
   // We have seen crashes where info is NULL: crbug.com/52374.
   if (!info) {
     LOG(ERROR) << "Allowing load of " << request->url().spec()
                << "from unknown origin. Could not find user data for "
                << "request.";
     return true;
   }
 
-  // Don't allow toplevel navigations to extension resources in incognito mode.
-  // This is because an extension must run in a single process, and an
-  // incognito tab prevents that.
-  if (is_incognito &&
-      info->GetResourceType() == ResourceType::MAIN_FRAME &&
-      !ExtensionCanLoadInIncognito(request->url().host(), extension_info_map)) {
+  if (is_incognito && !ExtensionCanLoadInIncognito(info, request->url().host(),
+                                                   extension_info_map)) {
     LOG(ERROR) << "Denying load of " << request->url().spec() << " from "
                << "incognito tab.";
     return false;
   }
 
   return true;
 }
 
 // Returns true if the given URL references an icon in the given extension.
 bool URLIsForExtensionIcon(const GURL& url, const Extension* extension) {
@@ skipping 111 matching lines @@
                                     content_security_policy, send_cors_header);
 }
 
 }  // namespace
 
 net::URLRequestJobFactory::ProtocolHandler* CreateExtensionProtocolHandler(
     bool is_incognito,
     ExtensionInfoMap* extension_info_map) {
   return new ExtensionProtocolHandler(is_incognito, extension_info_map);
 }