1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/extensions/api/web_request/web_request_permissions.h"
7 #include "base/strings/string_util.h"
8 #include "base/strings/stringprintf.h"
9 #include "chrome/browser/extensions/extension_info_map.h"
10 #include "chrome/browser/extensions/extension_renderer_state.h"
11 #include "chrome/common/extensions/extension.h"
12 #include "chrome/common/extensions/extension_constants.h"
13 #include "chrome/common/extensions/permissions/permissions_data.h"
14 #include "chrome/common/url_constants.h"
15 #include "content/public/browser/resource_request_info.h"
16 #include "extensions/common/constants.h"
17 #include "net/url_request/url_request.h"
20 using content::ResourceRequestInfo;
24 // Returns true if the URL is sensitive and requests to this URL must not be
25 // modified/canceled by extensions, e.g. because it is targeted to the webstore
26 // to check for updates, extension blacklisting, etc.
27 bool IsSensitiveURL(const GURL& url) {
28 // TODO(battre) Merge this, CanExtensionAccessURL and
29 // PermissionsData::CanExecuteScriptOnPage into one function.
30 bool sensitive_chrome_url = false;
31 const std::string host = url.host();
32 const char kGoogleCom[] = ".google.com";
33 const char kClient[] = "clients";
34 if (EndsWith(host, kGoogleCom, true)) {
35 // Check for "clients[0-9]*.google.com" hosts.
36 // This protects requests to several internal services such as sync,
37 // extension update pings, captive portal detection, fraudulent certificate
38 // reporting, autofill and others.
39 if (StartsWithASCII(host, kClient, true)) {
41 for (std::string::const_iterator i = host.begin() + strlen(kClient),
42 end = host.end() - strlen(kGoogleCom); i != end; ++i) {
48 sensitive_chrome_url = sensitive_chrome_url || match;
50 // This protects requests to safe browsing, link doctor, and possibly
52 sensitive_chrome_url = sensitive_chrome_url ||
53 EndsWith(url.host(), ".clients.google.com", true) ||
54 url.host() == "sb-ssl.google.com";
56 GURL::Replacements replacements;
57 replacements.ClearQuery();
58 replacements.ClearRef();
59 GURL url_without_query = url.ReplaceComponents(replacements);
60 return sensitive_chrome_url ||
61 extension_urls::IsWebstoreUpdateUrl(url_without_query) ||
62 extension_urls::IsBlacklistUpdateUrl(url);
65 // Returns true if the scheme is one we want to allow extensions to have access
66 // to. Extensions still need specific permissions for a given URL, which is
67 // covered by CanExtensionAccessURL.
68 bool HasWebRequestScheme(const GURL& url) {
69 return (url.SchemeIs(chrome::kAboutScheme) ||
70 url.SchemeIs(chrome::kFileScheme) ||
71 url.SchemeIs(chrome::kFileSystemScheme) ||
72 url.SchemeIs(chrome::kFtpScheme) ||
73 url.SchemeIs(content::kHttpScheme) ||
74 url.SchemeIs(content::kHttpsScheme) ||
75 url.SchemeIs(extensions::kExtensionScheme));
81 bool WebRequestPermissions::HideRequest(
82 const ExtensionInfoMap* extension_info_map,
83 const net::URLRequest* request) {
84 // Hide requests from the Chrome WebStore App or signin process.
85 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request);
87 int process_id = info->GetChildID();
88 int route_id = info->GetRouteID();
89 ExtensionRendererState::WebViewInfo webview_info;
90 // Never hide requests from guest processes.
91 if (ExtensionRendererState::GetInstance()->GetWebViewInfo(
92 process_id, route_id, &webview_info)) {
95 if (extension_info_map && (
96 extension_info_map->IsSigninProcess(process_id) ||
97 extension_info_map->process_map().Contains(
98 extension_misc::kWebStoreAppId, process_id))) {
103 const GURL& url = request->url();
104 return IsSensitiveURL(url) || !HasWebRequestScheme(url);
108 bool WebRequestPermissions::CanExtensionAccessURL(
109 const ExtensionInfoMap* extension_info_map,
110 const std::string& extension_id,
112 bool crosses_incognito,
113 HostPermissionsCheck host_permissions_check) {
114 // extension_info_map can be NULL in testing.
115 if (!extension_info_map)
118 const extensions::Extension* extension =
119 extension_info_map->extensions().GetByID(extension_id);
123 // Check if this event crosses incognito boundaries when it shouldn't.
124 if (crosses_incognito && !extension_info_map->CanCrossIncognito(extension))
127 switch (host_permissions_check) {
128 case DO_NOT_CHECK_HOST:
130 case REQUIRE_HOST_PERMISSION:
131 // about: URLs are not covered in host permissions, but are allowed
133 if (!((url.SchemeIs(chrome::kAboutScheme) ||
134 extensions::PermissionsData::HasHostPermission(extension, url) ||
135 url.GetOrigin() == extension->url()))) {
139 case REQUIRE_ALL_URLS:
140 if (!extensions::PermissionsData::HasEffectiveAccessToAllHosts(extension))
projects / platform / framework / web / crosswalk.git / blob