commit dbb2416d77c8794278aa9e5c396addffee3025d0
author mihaip@chromium.org <mihaip@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> Wed Jun 06 01:41:22 2012
committer mihaip@chromium.org <mihaip@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> Wed Jun 06 01:41:22 2012
tree b7fb5e2b45f1318012848b3ee01520c490bd01a5
parent 210c7bed9de215f7c6e14dcd72ab6544ed68b303

Add sandboxed_pages to allow extension/app pages to be served in a
sandboxed, unique origin. This allows manifest_version 2 extensions to have
pages that are exempt from their Content Security Policy (but these pages
can't call extension APIs either).

Depends on http://webkit.org/b/88014

Review URL: https://chromiumcodereview.appspot.com/10458063

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140689 0039d316-1c4b-4281-b951-d872f2087c98

chrome/common/extensions/extension.h

diff --git a/chrome/common/extensions/extension.h b/chrome/common/extensions/extension.h
index 9b2c83e..9713fd8 100644
--- a/chrome/common/extensions/extension.h
+++ b/chrome/common/extensions/extension.h
@@ -330,6 +330,15 @@
   // Returns true if the specified resource is web accessible.
   bool IsResourceWebAccessible(const std::string& relative_path) const;
 
+  // Returns true if the specified page is sandboxed (served in a unique
+  // origin).
+  bool IsSandboxedPage(const std::string& relative_path) const;
+
+  // Returns the Content Security Policy that the specified resource should be
+  // served with.
+  std::string GetResourceContentSecurityPolicy(const std::string& relative_path)
+      const;
+
   // Returns true when 'web_accessible_resources' are defined for the extension.
   bool HasWebAccessibleResources() const;
 
@@ -630,10 +639,6 @@
   bool from_webstore() const { return (creation_flags_ & FROM_WEBSTORE) != 0; }
   bool from_bookmark() const { return (creation_flags_ & FROM_BOOKMARK) != 0; }
 
-  const std::string& content_security_policy() const {
-    return content_security_policy_;
-  }
-
   // App-related.
   bool is_app() const {
     return is_packaged_app() || is_hosted_app() || is_platform_app();
@@ -742,6 +747,7 @@
   bool LoadPlugins(string16* error);
   bool LoadNaClModules(string16* error);
   bool LoadWebAccessibleResources(string16* error);
+  bool LoadSandboxedPages(string16* error);
   bool CheckRequirements(string16* error);
   bool LoadDefaultLocale(string16* error);
   bool LoadOfflineEnabled(string16* error);
@@ -950,6 +956,15 @@
   // Optional list of web accessible extension resources.
   base::hash_set<std::string> web_accessible_resources_;
 
+  // Optional list of extension pages that are sandboxed (served from a unique
+  // origin with a different Content Security Policy).
+  base::hash_set<std::string> sandboxed_pages_;
+
+  // Content Security Policy that should be used to enforce the sandbox used
+  // by sandboxed pages (guaranteed to have the "sandbox" directive without the
+  // "allow-same-origin" token).
+  std::string sandboxed_pages_content_security_policy_;
+
   // Optional URL to a master page of which a single instance should be always
   // loaded in the background.
   GURL background_url_;