mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

fix(extensions): bypass cors in requests made from background pages (#24483)

Browse source
This commit is contained in:
Eryk Rakowski 2020-08-04 01:56:18 +02:00 committed by GitHub
parent 1350dc46ed
commit f53aac97f5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 31 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
shell/browser/electron_browser_client.cc
View file

@ -49,10 +49,6 @@
#include "content/public/common/web_preferences.h" #include "content/public/common/web_preferences.h"
#include "electron/buildflags/buildflags.h" #include "electron/buildflags/buildflags.h"
#include "electron/grit/electron_resources.h" #include "electron/grit/electron_resources.h"
#include "extensions/browser/extension_navigation_ui_data.h"
#include "extensions/browser/extension_protocols.h"
#include "extensions/common/constants.h"
#include "extensions/common/switches.h"
#include "mojo/public/cpp/bindings/binder_map.h" #include "mojo/public/cpp/bindings/binder_map.h"
#include "net/base/escape.h" #include "net/base/escape.h"
#include "net/ssl/ssl_cert_request_info.h" #include "net/ssl/ssl_cert_request_info.h"
@ -142,9 +138,12 @@
#include "content/public/browser/file_url_loader.h" #include "content/public/browser/file_url_loader.h"
#include "content/public/browser/web_ui_url_loader_factory.h" #include "content/public/browser/web_ui_url_loader_factory.h"
#include "extensions/browser/api/mime_handler_private/mime_handler_private.h" #include "extensions/browser/api/mime_handler_private/mime_handler_private.h"
#include "extensions/browser/browser_context_keyed_api_factory.h"
#include "extensions/browser/extension_host.h" #include "extensions/browser/extension_host.h"
#include "extensions/browser/extension_message_filter.h" #include "extensions/browser/extension_message_filter.h"
#include "extensions/browser/extension_navigation_throttle.h" #include "extensions/browser/extension_navigation_throttle.h"
#include "extensions/browser/extension_navigation_ui_data.h"
#include "extensions/browser/extension_protocols.h"
#include "extensions/browser/extension_registry.h" #include "extensions/browser/extension_registry.h"
#include "extensions/browser/extensions_browser_client.h" #include "extensions/browser/extensions_browser_client.h"
#include "extensions/browser/guest_view/extensions_guest_view_message_filter.h" #include "extensions/browser/guest_view/extensions_guest_view_message_filter.h"
@ -152,8 +151,11 @@
#include "extensions/browser/info_map.h" #include "extensions/browser/info_map.h"
#include "extensions/browser/process_manager.h" #include "extensions/browser/process_manager.h"
#include "extensions/browser/process_map.h" #include "extensions/browser/process_map.h"
#include "extensions/browser/url_loader_factory_manager.h"
#include "extensions/common/api/mime_handler.mojom.h" #include "extensions/common/api/mime_handler.mojom.h"
#include "extensions/common/constants.h"
#include "extensions/common/extension.h" #include "extensions/common/extension.h"
#include "extensions/common/switches.h"
#include "shell/browser/extensions/electron_extension_message_filter.h" #include "shell/browser/extensions/electron_extension_message_filter.h"
#include "shell/browser/extensions/electron_extension_system.h" #include "shell/browser/extensions/electron_extension_system.h"
#include "shell/browser/extensions/electron_extension_web_contents_observer.h" #include "shell/browser/extensions/electron_extension_web_contents_observer.h"
@ -1481,6 +1483,7 @@ bool ElectronBrowserClient::WillCreateURLLoaderFactory(
if (bypass_redirect_checks) if (bypass_redirect_checks)
*bypass_redirect_checks = true; *bypass_redirect_checks = true;
return true; return true;
} }
@ -1499,6 +1502,9 @@ void ElectronBrowserClient::OverrideURLLoaderFactoryParams(
factory_params->is_corb_enabled = false; factory_params->is_corb_enabled = false;
} }
} }
extensions::URLLoaderFactoryManager::OverrideURLLoaderFactoryParams(
browser_context, origin, is_for_isolated_world, factory_params);
} }
#if defined(OS_WIN) #if defined(OS_WIN)

20
spec-main/extensions-spec.ts
View file

@ -16,7 +16,12 @@ describe('chrome extensions', () => {
let server: http.Server; let server: http.Server;
let url: string; let url: string;
before(async () => { before(async () => {
server = http.createServer((req, res) => res.end(emptyPage)); server = http.createServer((req, res) => {
if (req.url === '/cors') {
res.setHeader('Access-Control-Allow-Origin', 'http://example.com');
}
res.end(emptyPage);
});
await new Promise(resolve => server.listen(0, '127.0.0.1', () => { await new Promise(resolve => server.listen(0, '127.0.0.1', () => {
url = `http://127.0.0.1:${(server.address() as AddressInfo).port}`; url = `http://127.0.0.1:${(server.address() as AddressInfo).port}`;
resolve(); resolve();
@ -32,6 +37,19 @@ describe('chrome extensions', () => {
}); });
}); });
function fetch (contents: WebContents, url: string) {
return contents.executeJavaScript(`fetch(${JSON.stringify(url)})`);
}
it('bypasses CORS in requests made from extensions', async () => {
const customSession = session.fromPartition(`persist:${require('uuid').v4()}`);
const w = new BrowserWindow({ show: false, webPreferences: { session: customSession, sandbox: true } });
const extension = await customSession.loadExtension(path.join(fixtures, 'extensions', 'ui-page'));
w.loadURL(`${extension.url}bare-page.html`);
await emittedOnce(w.webContents, 'dom-ready');
await expect(fetch(w.webContents, `${url}/cors`)).to.not.be.rejectedWith(TypeError);
});
it('loads an extension', async () => { it('loads an extension', async () => {
// NB. we have to use a persist: session (i.e. non-OTR) because the // NB. we have to use a persist: session (i.e. non-OTR) because the
// extension registry is redirected to the main session. so installing an // extension registry is redirected to the main session. so installing an

3
spec-main/fixtures/extensions/ui-page/manifest.json
View file

@ -1,5 +1,6 @@
{ {
"name": "ui-page", "name": "ui-page",
"version": "1.0", "version": "1.0",
"manifest_version": 2 "manifest_version": 2,
"permissions": ["<all_urls>"]
} }