Update chrome:// host whitelisting with the network service enabled.

For component platform apps, favicon, extension-icon, resources and theme hosts are whitelisted for the chrome scheme. However, in the network-service-enabled codepath, at most two of those hosts are passed in |allowed_webui_hosts|, leaving out the other two for component platform apps. Change the structure to more-closely match the non-network-service codepath, whitelisting the four hosts when appropriate. Bug: 837328 Change-Id: Ib10e8fa2dcca0cf77be565bab3ebf9dd87daf188 Reviewed-on: https://chromium-review.googlesource.com/1201510Reviewed-by: Anand Mistry <amistry@chromium.org> Commit-Queue: Sam McNally <sammc@chromium.org> Cr-Commit-Position: refs/heads/master@{#588326}

Update chrome:// host whitelisting with the network service enabled.
For component platform apps, favicon, extension-icon, resources and theme hosts are whitelisted for the chrome scheme. However, in the network-service-enabled codepath, at most two of those hosts are passed in |allowed_webui_hosts|, leaving out the other two for component platform apps. Change the structure to more-closely match the non-network-service codepath, whitelisting the four hosts when appropriate. Bug: 837328 Change-Id: Ib10e8fa2dcca0cf77be565bab3ebf9dd87daf188 Reviewed-on: https://chromium-review.googlesource.com/1201510Reviewed-by: Anand Mistry <amistry@chromium.org> Commit-Queue: Sam McNally <sammc@chromium.org> Cr-Commit-Position: refs/heads/master@{#588326}
7414eeb7 · Sam McNally · Commit Bot · 5ce1ec6a · 7414eeb7
Commit 7414eeb7 authored Sep 03, 2018 by Sam McNally Committed by Commit Bot Sep 03, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 11 deletions

chrome/browser/chrome_content_browser_client.cc chrome/browser/chrome_content_browser_client.cc +11 -11

No files found.
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -4453,26 +4453,26 @@ void ChromeContentBrowserClient::
  if (!extension)
    return;
+  std::vector<std::string> allowed_webui_hosts;
  // Support for chrome:// scheme if appropriate.
  if ((extension->is_extension() || extension->is_platform_app()) &&
      Manifest::IsComponentLocation(extension->location())) {
    // Components of chrome that are implemented as extensions or platform apps
    // are allowed to use chrome://resources/ and chrome://theme/ URLs.
-    base::flat_set<std::string> allowed_webui_hosts = {
+    allowed_webui_hosts.emplace_back(content::kChromeUIResourcesHost);
-        content::kChromeUIResourcesHost, chrome::kChromeUIThemeHost};
+    allowed_webui_hosts.emplace_back(chrome::kChromeUIThemeHost);
-    factories->emplace(
+  }
-        content::kChromeUIScheme,
+  if (extension->is_extension() || extension->is_legacy_packaged_app() ||
-        content::CreateWebUIURLLoader(frame_host, content::kChromeUIScheme,
+      (extension->is_platform_app() &&
-                                      std::move(allowed_webui_hosts)));
+       Manifest::IsComponentLocation(extension->location()))) {
-  } else if (extension->is_extension() || extension->is_legacy_packaged_app() ||
-             (extension->is_platform_app() &&
-              Manifest::IsComponentLocation(extension->location()))) {
    // Extensions, legacy packaged apps, and component platform apps are allowed
    // to use chrome://favicon/ and chrome://extension-icon/ URLs. Hosted apps
    // are not allowed because they are served via web servers (and are
    // generally never given access to Chrome APIs).
-    base::flat_set<std::string> allowed_webui_hosts = {
+    allowed_webui_hosts.emplace_back(chrome::kChromeUIExtensionIconHost);
-        chrome::kChromeUIExtensionIconHost, chrome::kChromeUIFaviconHost};
+    allowed_webui_hosts.emplace_back(chrome::kChromeUIFaviconHost);
+  }
+  if (!allowed_webui_hosts.empty()) {
    factories->emplace(
        content::kChromeUIScheme,
        content::CreateWebUIURLLoader(frame_host, content::kChromeUIScheme,