// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/policy/policy_helpers.h"
#include "net/base/net_errors.h"
#include "url/gurl.h"
#if defined(OS_CHROMEOS)
#include "base/command_line.h"
#include "chromeos/chromeos_switches.h"
#endif
#if !defined(OS_CHROMEOS) && !defined(OS_IOS)
#include "components/signin/core/browser/signin_manager.h"
#include "google_apis/gaia/gaia_urls.h"
#endif
namespace policy {
bool OverrideBlacklistForURL(const GURL& url, bool* block, int* reason) {
#if defined(OS_CHROMEOS)
// On ChromeOS browsing is only allowed once OOBE has completed. Therefore all
// requests are blocked until this condition is met.
if (CommandLine::ForCurrentProcess()->HasSwitch(
chromeos::switches::kOobeGuestSession)) {
if (!url.SchemeIs("chrome") && !url.SchemeIs("chrome-extension")) {
*reason = net::ERR_BLOCKED_ENROLLMENT_CHECK_PENDING;
*block = true;
return true;
}
}
return false;
#elif defined(OS_IOS)
return false;
#else
static const char kServiceLoginAuth[] = "/ServiceLoginAuth";
*block = false;
// Whitelist all the signin flow URLs flagged by the SigninManager.
if (SigninManager::IsWebBasedSigninFlowURL(url))
return true;
// Additionally whitelist /ServiceLoginAuth.
if (url.GetOrigin() != GaiaUrls::GetInstance()->gaia_url().GetOrigin())
return false;
return url.path() == kServiceLoginAuth;
#endif
}
} // namespace policy