11320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// Copyright 2014 The Chromium Authors. All rights reserved. 21320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// Use of this source code is governed by a BSD-style license that can be 31320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// found in the LICENSE file. 41320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 51320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "extensions/browser/url_request_util.h" 61320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 71320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include <string> 81320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 91320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "content/public/browser/resource_request_info.h" 101320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" 111320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "extensions/browser/info_map.h" 121320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "extensions/common/extension.h" 131320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "extensions/common/manifest_handlers/icons_handler.h" 141320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "extensions/common/manifest_handlers/web_accessible_resources_info.h" 151320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "extensions/common/manifest_handlers/webview_info.h" 161320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "net/url_request/url_request.h" 171320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 181320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tuccinamespace extensions { 191320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tuccinamespace url_request_util { 201320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 211320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tuccibool AllowCrossRendererResourceLoad(net::URLRequest* request, 221320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci bool is_incognito, 231320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci const Extension* extension, 241320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci InfoMap* extension_info_map, 251320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci bool* allowed) { 261320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci const content::ResourceRequestInfo* info = 271320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci content::ResourceRequestInfo::ForRequest(request); 281320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 291320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // Extensions with webview: allow loading certain resources by guest renderers 301320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // with privileged partition IDs as specified in the manifest file. 311320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci std::string partition_id; 321320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci bool is_guest = WebViewRendererState::GetInstance()->GetPartitionID( 331320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci info->GetChildID(), &partition_id); 341320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci std::string resource_path = request->url().path(); 351320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci if (is_guest && WebviewInfo::IsResourceWebviewAccessible( 361320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci extension, partition_id, resource_path)) { 371320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci *allowed = true; 381320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci return true; 391320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci } 401320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 411320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // If the request is for navigations outside of webviews, then it should be 421320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // allowed. The navigation logic in CrossSiteResourceHandler will properly 431320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // transfer the navigation to a privileged process before it commits. 441320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci if (content::IsResourceTypeFrame(info->GetResourceType()) && !is_guest) { 451320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci *allowed = true; 461320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci return true; 471320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci } 481320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 491320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci if (!ui::PageTransitionIsWebTriggerable(info->GetPageTransition())) { 501320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci *allowed = false; 511320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci return true; 521320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci } 531320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 541320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // The following checks require that we have an actual extension object. If we 551320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // don't have it, allow the request handling to continue with the rest of the 561320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // checks. 571320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci if (!extension) { 581320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci *allowed = true; 591320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci return true; 601320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci } 611320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 621320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // Disallow loading of packaged resources for hosted apps. We don't allow 631320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // hybrid hosted/packaged apps. The one exception is access to icons, since 641320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // some extensions want to be able to do things like create their own 651320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // launchers. 661320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci std::string resource_root_relative_path = 671320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci request->url().path().empty() ? std::string() 681320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci : request->url().path().substr(1); 691320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci if (extension->is_hosted_app() && 701320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci !IconsInfo::GetIcons(extension) 711320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci .ContainsPath(resource_root_relative_path)) { 721320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci LOG(ERROR) << "Denying load of " << request->url().spec() << " from " 731320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci << "hosted app."; 741320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci *allowed = false; 751320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci return true; 761320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci } 771320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 781320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // Extensions with web_accessible_resources: allow loading by regular 791320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // renderers. Since not all subresources are required to be listed in a v2 801320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // manifest, we must allow all loads if there are any web accessible 811320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // resources. See http://crbug.com/179127. 821320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci if (extension->manifest_version() < 2 || 831320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci WebAccessibleResourcesInfo::HasWebAccessibleResources(extension)) { 841320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci *allowed = true; 851320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci return true; 861320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci } 871320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 881320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // Couldn't determine if the resource is allowed or not. 891320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci return false; 901320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci} 911320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 921320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tuccibool IsWebViewRequest(net::URLRequest* request) { 931320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci const content::ResourceRequestInfo* info = 941320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci content::ResourceRequestInfo::ForRequest(request); 951320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // |info| can be NULL sometimes: http://crbug.com/370070. 961320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci if (!info) 971320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci return false; 981320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci return WebViewRendererState::GetInstance()->IsGuest(info->GetChildID()); 991320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci} 1001320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 1011320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci} // namespace url_request_util 1021320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci} // namespace extensions 103