commit b9164c43d2900c967f4fdb5ebfc4812f7e914116
author nasko <nasko@chromium.org> Tue Jun 07 01:21:35 2016
committer Commit bot <commit-bot@chromium.org> Tue Jun 07 01:24:43 2016
tree d98bc019f4d9e641a0bc7059ad1db58130bc518a
parent fade21eff0b7bbc3df25c0593de180717470650e

Fix web_accesible_resources enforcement for Site Isolation.

When --isolate-extensions or --site-per-process modes are enabled, all
extensions frames run in extension processes and are not mixed in regular
web renderers. This causes a problem with security checks for
web_accessible_resources, which allow all navigations to extension pages
when they are performed in extension process. This is no longer true and
this patch addresses this by using a NavigationThrottle to perform the
proper checks on the UI thread (also PlzNavigate compatible).

BUG=616488
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2042483002
Cr-Commit-Position: refs/heads/master@{#398189}

extensions/browser/extension_navigation_throttle.h

diff --git a/extensions/browser/extension_navigation_throttle.h b/extensions/browser/extension_navigation_throttle.h
new file mode 100644
index 0000000..3542693
--- /dev/null
+++ b/extensions/browser/extension_navigation_throttle.h
@@ -0,0 +1,36 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef EXTENSIONS_BROWSER_EXTENSION_NAVIGATION_THROTTLE_H_
+#define EXTENSIONS_BROWSER_EXTENSION_NAVIGATION_THROTTLE_H_
+
+#include "base/macros.h"
+#include "content/public/browser/navigation_throttle.h"
+
+namespace content {
+class NavigationHandle;
+}
+
+namespace extensions {
+
+class NavigationParams;
+
+// This class allows the extensions subsystem to have control over navigations
+// and optionally cancel/block them. This is a UI thread class.
+class ExtensionNavigationThrottle : public content::NavigationThrottle {
+ public:
+  explicit ExtensionNavigationThrottle(
+      content::NavigationHandle* navigation_handle);
+  ~ExtensionNavigationThrottle() override;
+
+  // content::NavigationThrottle implementation:
+  ThrottleCheckResult WillStartRequest() override;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(ExtensionNavigationThrottle);
+};
+
+}  // namespace extensions
+
+#endif  // EXTENSIONS_BROWSER_EXTENSION_NAVIGATION_THROTTLE_H_