1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/extensions/chrome_url_request_util.h"
6
7#include <string>
8
9#include "base/files/file_path.h"
10#include "base/memory/weak_ptr.h"
11#include "base/path_service.h"
12#include "base/strings/string_number_conversions.h"
13#include "base/strings/string_util.h"
14#include "base/strings/stringprintf.h"
15#include "base/task_runner_util.h"
16#include "chrome/common/chrome_paths.h"
17#include "chrome/common/extensions/manifest_url_handler.h"
18#include "content/public/browser/browser_thread.h"
19#include "content/public/browser/resource_request_info.h"
20#include "extensions/browser/component_extension_resource_manager.h"
21#include "extensions/browser/extension_protocols.h"
22#include "extensions/browser/extensions_browser_client.h"
23#include "extensions/browser/info_map.h"
24#include "extensions/browser/url_request_util.h"
25#include "extensions/common/file_util.h"
26#include "net/base/mime_util.h"
27#include "net/base/net_errors.h"
28#include "net/http/http_request_headers.h"
29#include "net/http/http_response_headers.h"
30#include "net/http/http_response_info.h"
31#include "net/url_request/url_request.h"
32#include "net/url_request/url_request_simple_job.h"
33#include "ui/base/resource/resource_bundle.h"
34
35using content::BrowserThread;
36using content::ResourceType;
37using extensions::ExtensionsBrowserClient;
38
39namespace {
40
41// A request for an extension resource in a Chrome .pak file. These are used
42// by component extensions.
43class URLRequestResourceBundleJob : public net::URLRequestSimpleJob {
44 public:
45  URLRequestResourceBundleJob(net::URLRequest* request,
46                              net::NetworkDelegate* network_delegate,
47                              const base::FilePath& filename,
48                              int resource_id,
49                              const std::string& content_security_policy,
50                              bool send_cors_header)
51      : net::URLRequestSimpleJob(request, network_delegate),
52        filename_(filename),
53        resource_id_(resource_id),
54        weak_factory_(this) {
55    // Leave cache headers out of resource bundle requests.
56    response_info_.headers = extensions::BuildHttpHeaders(
57        content_security_policy, send_cors_header, base::Time());
58  }
59
60  // Overridden from URLRequestSimpleJob:
61  virtual int GetData(std::string* mime_type,
62                      std::string* charset,
63                      std::string* data,
64                      const net::CompletionCallback& callback) const OVERRIDE {
65    const ResourceBundle& rb = ResourceBundle::GetSharedInstance();
66    *data = rb.GetRawDataResource(resource_id_).as_string();
67
68    // Add the Content-Length header now that we know the resource length.
69    response_info_.headers->AddHeader(
70        base::StringPrintf("%s: %s",
71                           net::HttpRequestHeaders::kContentLength,
72                           base::UintToString(data->size()).c_str()));
73
74    std::string* read_mime_type = new std::string;
75    bool posted = base::PostTaskAndReplyWithResult(
76        BrowserThread::GetBlockingPool(),
77        FROM_HERE,
78        base::Bind(&net::GetMimeTypeFromFile,
79                   filename_,
80                   base::Unretained(read_mime_type)),
81        base::Bind(&URLRequestResourceBundleJob::OnMimeTypeRead,
82                   weak_factory_.GetWeakPtr(),
83                   mime_type,
84                   charset,
85                   data,
86                   base::Owned(read_mime_type),
87                   callback));
88    DCHECK(posted);
89
90    return net::ERR_IO_PENDING;
91  }
92
93  virtual void GetResponseInfo(net::HttpResponseInfo* info) OVERRIDE {
94    *info = response_info_;
95  }
96
97 private:
98  virtual ~URLRequestResourceBundleJob() {}
99
100  void OnMimeTypeRead(std::string* out_mime_type,
101                      std::string* charset,
102                      std::string* data,
103                      std::string* read_mime_type,
104                      const net::CompletionCallback& callback,
105                      bool read_result) {
106    *out_mime_type = *read_mime_type;
107    if (StartsWithASCII(*read_mime_type, "text/", false)) {
108      // All of our HTML files should be UTF-8 and for other resource types
109      // (like images), charset doesn't matter.
110      DCHECK(base::IsStringUTF8(*data));
111      *charset = "utf-8";
112    }
113    int result = read_result ? net::OK : net::ERR_INVALID_URL;
114    callback.Run(result);
115  }
116
117  // We need the filename of the resource to determine the mime type.
118  base::FilePath filename_;
119
120  // The resource bundle id to load.
121  int resource_id_;
122
123  net::HttpResponseInfo response_info_;
124
125  mutable base::WeakPtrFactory<URLRequestResourceBundleJob> weak_factory_;
126};
127
128}  // namespace
129
130namespace extensions {
131namespace chrome_url_request_util {
132
133bool AllowCrossRendererResourceLoad(net::URLRequest* request,
134                                    bool is_incognito,
135                                    const Extension* extension,
136                                    InfoMap* extension_info_map,
137                                    bool* allowed) {
138  if (url_request_util::AllowCrossRendererResourceLoad(
139          request, is_incognito, extension, extension_info_map, allowed)) {
140    return true;
141  }
142
143  // If there aren't any explicitly marked web accessible resources, the
144  // load should be allowed only if it is by DevTools. A close approximation is
145  // checking if the extension contains a DevTools page.
146  if (!ManifestURL::GetDevToolsPage(extension).is_empty()) {
147    *allowed = true;
148    return true;
149  }
150
151  // Couldn't determine if the resource is allowed or not.
152  return false;
153}
154
155net::URLRequestJob* MaybeCreateURLRequestResourceBundleJob(
156    net::URLRequest* request,
157    net::NetworkDelegate* network_delegate,
158    const base::FilePath& directory_path,
159    const std::string& content_security_policy,
160    bool send_cors_header) {
161  base::FilePath resources_path;
162  base::FilePath relative_path;
163  // Try to load extension resources from chrome resource file if
164  // directory_path is a descendant of resources_path. resources_path
165  // corresponds to src/chrome/browser/resources in source tree.
166  if (PathService::Get(chrome::DIR_RESOURCES, &resources_path) &&
167      // Since component extension resources are included in
168      // component_extension_resources.pak file in resources_path, calculate
169      // extension relative path against resources_path.
170      resources_path.AppendRelativePath(directory_path, &relative_path)) {
171    base::FilePath request_path =
172        extensions::file_util::ExtensionURLToRelativeFilePath(request->url());
173    int resource_id = 0;
174    if (ExtensionsBrowserClient::Get()
175            ->GetComponentExtensionResourceManager()
176            ->IsComponentExtensionResource(
177                directory_path, request_path, &resource_id)) {
178      relative_path = relative_path.Append(request_path);
179      relative_path = relative_path.NormalizePathSeparators();
180      return new URLRequestResourceBundleJob(request,
181                                             network_delegate,
182                                             relative_path,
183                                             resource_id,
184                                             content_security_policy,
185                                             send_cors_header);
186    }
187  }
188  return NULL;
189}
190
191}  // namespace chrome_url_request_util
192}  // namespace extensions
193