extension_protocols.cc revision 3345a6884c488ff3a535c2c9acdd33d74b37e311
1// Copyright (c) 2010 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/extensions/extension_protocols.h" 6 7#include <algorithm> 8 9#include "app/resource_bundle.h" 10#include "base/file_path.h" 11#include "base/logging.h" 12#include "base/message_loop.h" 13#include "base/path_service.h" 14#include "base/string_util.h" 15#include "build/build_config.h" 16#include "chrome/browser/net/chrome_url_request_context.h" 17#include "chrome/browser/renderer_host/resource_dispatcher_host.h" 18#include "chrome/browser/renderer_host/resource_dispatcher_host_request_info.h" 19#include "chrome/common/chrome_paths.h" 20#include "chrome/common/extensions/extension.h" 21#include "chrome/common/extensions/extension_file_util.h" 22#include "chrome/common/extensions/extension_resource.h" 23#include "chrome/common/url_constants.h" 24#include "googleurl/src/url_util.h" 25#include "grit/bookmark_manager_resources_map.h" 26#include "net/base/mime_util.h" 27#include "net/base/net_errors.h" 28#include "net/url_request/url_request_error_job.h" 29#include "net/url_request/url_request_file_job.h" 30#include "net/url_request/url_request_simple_job.h" 31 32namespace { 33 34class URLRequestResourceBundleJob : public URLRequestSimpleJob { 35 public: 36 explicit URLRequestResourceBundleJob(URLRequest* request, 37 const FilePath& filename, int resource_id) 38 : URLRequestSimpleJob(request), 39 filename_(filename), 40 resource_id_(resource_id) { } 41 42 // URLRequestSimpleJob method. 43 virtual bool GetData(std::string* mime_type, 44 std::string* charset, 45 std::string* data) const { 46 const ResourceBundle& rb = ResourceBundle::GetSharedInstance(); 47 *data = rb.GetRawDataResource(resource_id_).as_string(); 48 bool result = net::GetMimeTypeFromFile(filename_, mime_type); 49 if (StartsWithASCII(*mime_type, "text/", false)) { 50 // All of our HTML files should be UTF-8 and for other resource types 51 // (like images), charset doesn't matter. 52 DCHECK(IsStringUTF8(*data)); 53 *charset = "utf-8"; 54 } 55 return result; 56 } 57 58 private: 59 virtual ~URLRequestResourceBundleJob() { } 60 61 // We need the filename of the resource to determine the mime type. 62 FilePath filename_; 63 64 // The resource bundle id to load. 65 int resource_id_; 66}; 67 68// Returns true if an chrome-extension:// resource should be allowed to load. 69bool AllowExtensionResourceLoad(URLRequest* request, 70 ChromeURLRequestContext* context, 71 const std::string& scheme) { 72 const ResourceDispatcherHostRequestInfo* info = 73 ResourceDispatcherHost::InfoForRequest(request); 74 75 // We have seen crashes where info is NULL: crbug.com/52374. 76 if (!info) { 77 LOG(ERROR) << "Allowing load of " << request->url().spec() 78 << "from unknown origin. Could not find user data for " 79 << "request."; 80 return true; 81 } 82 83 GURL origin_url(info->frame_origin()); 84 85 // chrome:// URLs are always allowed to load chrome-extension:// resources. 86 // The app launcher in the NTP uses this feature, as does dev tools. 87 if (origin_url.SchemeIs(chrome::kChromeUIScheme)) 88 return true; 89 90 // Disallow loading of packaged resources for hosted apps. We don't allow 91 // hybrid hosted/packaged apps. The one exception is access to icons, since 92 // some extensions want to be able to do things like create their own 93 // launchers. 94 if (context->ExtensionHasWebExtent(request->url().host())) { 95 if (!context->URLIsForExtensionIcon(request->url())) { 96 LOG(ERROR) << "Denying load of " << request->url().spec() << " from " 97 << "hosted app."; 98 return false; 99 } 100 } 101 102 // Don't allow toplevel navigations to extension resources in incognito mode. 103 // This is because an extension must run in a single process, and an 104 // incognito tab prevents that. 105 if (context->is_off_the_record() && 106 info->resource_type() == ResourceType::MAIN_FRAME && 107 !context->ExtensionCanLoadInIncognito(request->url().host())) { 108 LOG(ERROR) << "Denying load of " << request->url().spec() << " from " 109 << "incognito tab."; 110 return false; 111 } 112 113 // Otherwise, pages are allowed to load resources from extensions if the 114 // extension has host permissions to (and therefore could be running script 115 // in, which might need access to the extension resources). 116 // 117 // Exceptions are: 118 // - empty origin (needed for some edge cases when we have empty origins) 119 // - chrome-extension:// (for legacy reasons -- some extensions interop) 120 // - data: (basic HTML notifications use data URLs internally) 121 if (origin_url.is_empty() || 122 origin_url.SchemeIs(chrome::kExtensionScheme) | 123 origin_url.SchemeIs(chrome::kDataScheme)) { 124 return true; 125 } else { 126 ExtensionExtent host_permissions = 127 context->GetEffectiveHostPermissionsForExtension(request->url().host()); 128 if (host_permissions.ContainsURL(origin_url)) { 129 return true; 130 } else { 131 LOG(ERROR) << "Denying load of " << request->url().spec() << " from " 132 << origin_url.spec() << " because the extension does not have " 133 << "access to the requesting page."; 134 return false; 135 } 136 } 137} 138 139} // namespace 140 141// Factory registered with URLRequest to create URLRequestJobs for extension:// 142// URLs. 143static URLRequestJob* CreateExtensionURLRequestJob(URLRequest* request, 144 const std::string& scheme) { 145 ChromeURLRequestContext* context = 146 static_cast<ChromeURLRequestContext*>(request->context()); 147 148 // TODO(mpcomplete): better error code. 149 if (!AllowExtensionResourceLoad(request, context, scheme)) 150 return new URLRequestErrorJob(request, net::ERR_ADDRESS_UNREACHABLE); 151 152 // chrome-extension://extension-id/resource/path.js 153 const std::string& extension_id = request->url().host(); 154 FilePath directory_path = context->GetPathForExtension(extension_id); 155 if (directory_path.value().empty()) { 156 LOG(WARNING) << "Failed to GetPathForExtension: " << extension_id; 157 return NULL; 158 } 159 160 FilePath resources_path; 161 if (PathService::Get(chrome::DIR_RESOURCES, &resources_path) && 162 directory_path.DirName() == resources_path) { 163 FilePath relative_path = directory_path.BaseName().Append( 164 extension_file_util::ExtensionURLToRelativeFilePath(request->url())); 165#if defined(OS_WIN) 166 relative_path = relative_path.NormalizeWindowsPathSeparators(); 167#endif 168 169 // TODO(tc): Make a map of FilePath -> resource ids so we don't have to 170 // covert to FilePaths all the time. This will be more useful as we add 171 // more resources. 172 for (size_t i = 0; i < kBookmarkManagerResourcesSize; ++i) { 173 FilePath bm_resource_path = 174 FilePath().AppendASCII(kBookmarkManagerResources[i].name); 175#if defined(OS_WIN) 176 bm_resource_path = bm_resource_path.NormalizeWindowsPathSeparators(); 177#endif 178 if (relative_path == bm_resource_path) { 179 return new URLRequestResourceBundleJob(request, relative_path, 180 kBookmarkManagerResources[i].value); 181 } 182 } 183 } 184 // TODO(tc): Move all of these files into resources.pak so we don't break 185 // when updating on Linux. 186 ExtensionResource resource(extension_id, directory_path, 187 extension_file_util::ExtensionURLToRelativeFilePath(request->url())); 188 189 return new URLRequestFileJob(request, 190 resource.GetFilePathOnAnyThreadHack()); 191} 192 193// Factory registered with URLRequest to create URLRequestJobs for 194// chrome-user-script:/ URLs. 195static URLRequestJob* CreateUserScriptURLRequestJob(URLRequest* request, 196 const std::string& scheme) { 197 ChromeURLRequestContext* context = 198 static_cast<ChromeURLRequestContext*>(request->context()); 199 200 // chrome-user-script:/user-script-name.user.js 201 FilePath directory_path = context->user_script_dir_path(); 202 203 ExtensionResource resource(request->url().host(), directory_path, 204 extension_file_util::ExtensionURLToRelativeFilePath(request->url())); 205 206 return new URLRequestFileJob(request, resource.GetFilePath()); 207} 208 209void RegisterExtensionProtocols() { 210 URLRequest::RegisterProtocolFactory(chrome::kExtensionScheme, 211 &CreateExtensionURLRequestJob); 212 URLRequest::RegisterProtocolFactory(chrome::kUserScriptScheme, 213 &CreateUserScriptURLRequestJob); 214} 215