1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/policy/policy_helpers.h" 6 7 #include "net/base/net_errors.h" 8 #include "url/gurl.h" 9 10 #if defined(OS_CHROMEOS) 11 #include "base/command_line.h" 12 #include "chromeos/chromeos_switches.h" 13 #endif 14 15 #if !defined(OS_CHROMEOS) && !defined(OS_IOS) 16 #include "components/signin/core/browser/signin_manager.h" 17 #include "google_apis/gaia/gaia_urls.h" 18 #endif 19 20 namespace policy { 21 22 bool OverrideBlacklistForURL(const GURL& url, bool* block, int* reason) { 23 #if defined(OS_CHROMEOS) 24 // On ChromeOS browsing is only allowed once OOBE has completed. Therefore all 25 // requests are blocked until this condition is met. 26 if (CommandLine::ForCurrentProcess()->HasSwitch( 27 chromeos::switches::kOobeGuestSession)) { 28 if (!url.SchemeIs("chrome") && !url.SchemeIs("chrome-extension")) { 29 *reason = net::ERR_BLOCKED_ENROLLMENT_CHECK_PENDING; 30 *block = true; 31 return true; 32 } 33 } 34 return false; 35 #elif defined(OS_IOS) 36 return false; 37 #else 38 static const char kServiceLoginAuth[] = "/ServiceLoginAuth"; 39 40 *block = false; 41 // Whitelist all the signin flow URLs flagged by the SigninManager. 42 if (SigninManager::IsWebBasedSigninFlowURL(url)) 43 return true; 44 45 // Additionally whitelist /ServiceLoginAuth. 46 if (url.GetOrigin() != GaiaUrls::GetInstance()->gaia_url().GetOrigin()) 47 return false; 48 49 return url.path() == kServiceLoginAuth; 50 #endif 51 } 52 53 } // namespace policy 54
