extensions: Support Extensions APIs in chrome-untrusted:// URLs
Adds a new context (WEBUI_UNTRUSTED_CONTEXT) for chrome-untrusted://
URLs. Also only grants access to chrome.extension.test for now.
What's chrome-untrusted://?
chrome:// URLs get granted many special powers that make it unsuitable
for WebUIs that need to process untrusted data. chrome-untrusted://
gives WebUIs a separate unprivileged URL where they can process
untrusted data.
Why a new WEBUI_UNTRUSTED_CONTEXT?
Similarly to chrome:// URLs, WEBUI_CONTEXT implies extra privileges
that we don't want to grant to chrome-untrusted:// URLs. To avoid
granting these privileges, we introduce a new context.
As part of this change we did an audit of WEBUI_CONTEXT to ensure
we don't accidentally grant WEBUI_UNTRUSTED_CONTEXT more privilege than
WEBUI_CONTEXT.
The audit is at:
https://docs.google.com/spreadsheets/d/1rppZ7Kqh9dIJ-ElHTmsi9W4DSy-7NSKTtwwhSxO92OI/edit?usp=sharing
Bug: 1012150
Change-Id: Ic7d49241b0526b75d9f58d3f7967483dfc327ff4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2014341
Commit-Queue: Giovanni Ortuño Urquidi <[email protected]>
Reviewed-by: Devlin <[email protected]>
Reviewed-by: Karan Bhatia <[email protected]>
Cr-Commit-Position: refs/heads/master@{#745794}
diff --git a/extensions/browser/extension_function_dispatcher.h b/extensions/browser/extension_function_dispatcher.h
index 44d5385..e5a060b 100644
--- a/extensions/browser/extension_function_dispatcher.h
+++ b/extensions/browser/extension_function_dispatcher.h
@@ -129,6 +129,7 @@
const ExtensionHostMsg_Request_Params& params,
const Extension* extension,
int requesting_process_id,
+ const GURL* rfh_url,
const ProcessMap& process_map,
ExtensionAPI* api,
void* profile_id,
