Google Git
Sign in
chromium / chromium / src / be9915fbccfaab301759501d888579976427acfb^! / . / chrome / browser / extensions / extension_service.cc
commitbe9915fbccfaab301759501d888579976427acfb[log] [tgz]
author[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Thu Jul 18 09:28:55 2013
committer[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Thu Jul 18 09:28:55 2013
treec7072e00db4305cb6b65a33895dbd1dbb47e709a
parentacdaa9963d419b7b72bd8201857a23f29f626959 [diff] [blame]
Remove ExtensionURLInfo, make security decisions in render process

When asking if an extension should have access to a given frame, we need to
consider the frame's URL and also if the frame is sandboxed. We check the latter
by asking if the frame's security origin is the unique origin. However, we can
only usefully do this in the render process when examining a frame. In the
browser process or other common code, there's no useful origin to use other than
one that duplicates information in the URL.

This does security checks in the render process before doing any URL-based
lookups and then uses URLs from that point on.

R=abarth, mpcomplete
BUG=259982,237267

Review URL: https://chromiumcodereview.appspot.com/16625012

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@212302 0039d316-1c4b-4281-b951-d872f2087c98

diff --git a/chrome/browser/extensions/extension_service.cc b/chrome/browser/extensions/extension_service.cc
index 73a7c635..94e68120 100644
--- a/chrome/browser/extensions/extension_service.cc
+++ b/chrome/browser/extensions/extension_service.cc

@@ -264,8 +264,7 @@
 }
 
 const Extension* ExtensionService::GetInstalledApp(const GURL& url) const {
-  const Extension* extension = extensions_.GetExtensionOrAppByURL(
-      ExtensionURLInfo(url));
+  const Extension* extension = extensions_.GetExtensionOrAppByURL(url);
   return (extension && extension->is_app()) ? extension : NULL;
 }
 
@@ -2584,15 +2583,13 @@
 
 bool ExtensionService::ExtensionBindingsAllowed(const GURL& url) {
   // Allow bindings for all packaged extensions and component hosted apps.
-  const Extension* extension = extensions_.GetExtensionOrAppByURL(
-      ExtensionURLInfo(url));
+  const Extension* extension = extensions_.GetExtensionOrAppByURL(url);
   return extension && (!extension->is_hosted_app() ||
                        extension->location() == Manifest::COMPONENT);
 }
 
 bool ExtensionService::ShouldBlockUrlInBrowserTab(GURL* url) {
-  const Extension* extension = extensions_.GetExtensionOrAppByURL(
-      ExtensionURLInfo(*url));
+  const Extension* extension = extensions_.GetExtensionOrAppByURL(*url);
   if (extension && extension->is_platform_app()) {
     *url = GURL(chrome::kExtensionInvalidRequestURL);
     return true;