15d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved.
25d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be
35d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// found in the LICENSE file.
45d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
55d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/policy/policy_helpers.h"
65d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
7c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch#include "net/base/net_errors.h"
85d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "url/gurl.h"
95d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
10effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch#if defined(OS_CHROMEOS)
11effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch#include "base/command_line.h"
12effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch#include "chromeos/chromeos_switches.h"
13effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch#endif
14effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch
155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#if !defined(OS_CHROMEOS) && !defined(OS_IOS)
16e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch#include "components/signin/core/browser/signin_manager.h"
175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "google_apis/gaia/gaia_urls.h"
185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#endif
195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)namespace policy {
215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
22c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdochbool OverrideBlacklistForURL(const GURL& url, bool* block, int* reason) {
23effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch#if defined(OS_CHROMEOS)
24effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch  // On ChromeOS browsing is only allowed once OOBE has completed. Therefore all
25effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch  // requests are blocked until this condition is met.
26effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch  if (CommandLine::ForCurrentProcess()->HasSwitch(
27effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch          chromeos::switches::kOobeGuestSession)) {
28effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch    if (!url.SchemeIs("chrome") && !url.SchemeIs("chrome-extension")) {
295c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liu      *reason = net::ERR_BLOCKED_ENROLLMENT_CHECK_PENDING;
30effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch      *block = true;
31effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch      return true;
32effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch    }
33effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch  }
34effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch  return false;
35effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch#elif defined(OS_IOS)
365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  return false;
375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#else
385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  static const char kServiceLoginAuth[] = "/ServiceLoginAuth";
395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
40a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)  *block = false;
415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // Whitelist all the signin flow URLs flagged by the SigninManager.
425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  if (SigninManager::IsWebBasedSigninFlowURL(url))
435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    return true;
445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // Additionally whitelist /ServiceLoginAuth.
465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  if (url.GetOrigin() != GaiaUrls::GetInstance()->gaia_url().GetOrigin())
475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)    return false;
485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  return url.path() == kServiceLoginAuth;
505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#endif
515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}
525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}  // namespace policy
54