blob: e66ce85f694521abb06ff776f1e044b2530d0846 [file] [log] [blame]
// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chromeos/components/media_app_ui/media_app_guest_ui.h"
#include "chromeos/components/media_app_ui/media_app_ui_delegate.h"
#include "chromeos/components/media_app_ui/url_constants.h"
#include "chromeos/grit/chromeos_media_app_bundle_resources.h"
#include "chromeos/grit/chromeos_media_app_bundle_resources_map.h"
#include "chromeos/grit/chromeos_media_app_resources.h"
#include "content/public/browser/web_contents.h"
#include "content/public/browser/web_ui.h"
#include "content/public/browser/web_ui_data_source.h"
#include "services/network/public/mojom/content_security_policy.mojom.h"
namespace chromeos {
content::WebUIDataSource* CreateMediaAppUntrustedDataSource(
MediaAppUIDelegate* delegate) {
content::WebUIDataSource* source =
content::WebUIDataSource::Create(kChromeUIMediaAppGuestURL);
// Add resources from chromeos_media_app_resources.pak.
source->AddResourcePath("app.html", IDR_MEDIA_APP_APP_HTML);
source->AddResourcePath("media_app_app_scripts.js",
IDR_MEDIA_APP_APP_SCRIPTS_JS);
// Add resources from chromeos_media_app_bundle_resources.pak that are also
// needed for mocks. If enable_cros_media_app = true, then these calls will
// happen a second time with the same parameters. When false, we need these to
// specify what routes are mocked by files in ./resources/mock/js. The loop is
// irrelevant in that case.
source->AddResourcePath("js/app_main.js", IDR_MEDIA_APP_APP_MAIN_JS);
source->AddResourcePath("js/app_image_handler_module.js",
IDR_MEDIA_APP_APP_IMAGE_HANDLER_MODULE_JS);
source->AddResourcePath("js/app_drop_target_module.js",
IDR_MEDIA_APP_APP_DROP_TARGET_MODULE_JS);
// Add all resources from chromeos_media_app_bundle_resources.pak.
for (size_t i = 0; i < kChromeosMediaAppBundleResourcesSize; i++) {
source->AddResourcePath(kChromeosMediaAppBundleResources[i].name,
kChromeosMediaAppBundleResources[i].value);
}
delegate->PopulateLoadTimeData(source);
source->UseStringsJs();
source->AddFrameAncestor(GURL(kChromeUIMediaAppURL));
// By default, prevent all network access.
source->OverrideContentSecurityPolicy(
network::mojom::CSPDirectiveName::DefaultSrc,
"default-src blob: 'self';");
// Need to explicitly set |worker-src| because CSP falls back to |child-src|
// which is none.
source->OverrideContentSecurityPolicy(
network::mojom::CSPDirectiveName::WorkerSrc, "worker-src 'self';");
// Allow images to also handle data urls.
source->OverrideContentSecurityPolicy(
network::mojom::CSPDirectiveName::ImgSrc, "img-src blob: data: 'self';");
// Allow styles to include inline styling needed for Polymer elements.
source->OverrideContentSecurityPolicy(
network::mojom::CSPDirectiveName::StyleSrc, "style-src 'unsafe-inline';");
return source;
}
} // namespace chromeos