New issue
Advanced search Search tips

Issue 829225 link

Starred by 0 users
Status: Fixed
Owner:
karandeepb@chromium.org
Closed: Apr 2018
Cc:
rdevlin....@chromium.org
lazyboy@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug

Blocking:
issue 696822



Sign in to add a comment

Declarative Net Request: An extension can block its own background page.

Project Member Reported by karandeepb@chromium.org, Apr 5 2018 
A chrome extension has implicit host permissions to its own origin (chrome-extension://extension_id/). This allows the extension to monitor and modify any of its own requested resources using the WebRequest API. See  crbug.com/92395  which enabled this for the WebRequest API.

However this is not ideal for DNR since, for example, writing a simple extension to block all html pages would also end up blocking the generated background page of the extension itself. This is not a problem for the WebRequest API since it is the background page which does the blocking in case of WebRequest API.

Comment 1 by karandeepb@chromium.org, Apr 5 2018

Cc: rdevlin....@chromium.org lazyboy@chromium.org
I think we can simply disallow an extension to modify any resources on its own origin with DNR. I don't see any important use cases for an extension to modify its own resources and since DNR is a strictly non-monitoring API (unlike WebRequest), the potential for developer error is also a bit more.

Better we can simply whitelist the chrome-extension scheme for DNR. (An extension won't have access to other origins (other extensions' resources) anyway.

Comment 2 by karandeepb@chromium.org, Apr 5 2018

Blocking: 696822
Project Member

Comment 3 by bugdroid1@chromium.org, Apr 10 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a22fd79d470336e8d3012e09647d28a08426c2c9

commit a22fd79d470336e8d3012e09647d28a08426c2c9
Author: Karan Bhatia <karandeepb@chromium.org>
Date: Tue Apr 10 05:55:43 2018

DNR: Prevent extensions from intercepting requests on chrome-extension scheme.

A chrome extension has implicit host permissions to its own origin (chrome-
extension://extension_id/). This allows the extension to monitor and modify
requests to any of its own resources using the WebRequest API.

However, this allows an extension with DNR to also possibly/mistakenly block or
redirect its own background page. This is not a problem for the WebRequest API
since it is (generally) the background page which does the blocking in case of
the WebRequest API.

To fix, simply whitelist all resources on the chrome-extension scheme as far as
DNR is concerned.

BUG= 829225 

Change-Id: I022f137f1fde20276de22f0f8529aa4f1c9a53db
Reviewed-on: https://chromium-review.googlesource.com/1000770
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#549432}
[modify] https://crrev.com/a22fd79d470336e8d3012e09647d28a08426c2c9/chrome/browser/extensions/api/declarative_net_request/declarative_net_request_browsertest.cc
[modify] https://crrev.com/a22fd79d470336e8d3012e09647d28a08426c2c9/chrome/browser/extensions/api/declarative_net_request/ruleset_manager_unittest.cc
[modify] https://crrev.com/a22fd79d470336e8d3012e09647d28a08426c2c9/extensions/browser/api/declarative_net_request/ruleset_manager.cc
[modify] https://crrev.com/a22fd79d470336e8d3012e09647d28a08426c2c9/extensions/browser/api/declarative_net_request/ruleset_manager.h

Comment 4 by karandeepb@chromium.org, Apr 18 2018

Status: Fixed (was: Assigned)

Sign in to add a comment