| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/webui/chrome_url_data_manager_backend.h" | 5 #include "chrome/browser/ui/webui/chrome_url_data_manager_backend.h" |
| 6 | 6 |
| 7 #include <set> |
| 8 |
| 7 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 8 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| 9 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
| 10 #include "base/file_util.h" | 12 #include "base/file_util.h" |
| 13 #include "base/lazy_instance.h" |
| 11 #include "base/memory/ref_counted_memory.h" | 14 #include "base/memory/ref_counted_memory.h" |
| 12 #include "base/message_loop.h" | 15 #include "base/message_loop.h" |
| 13 #include "base/path_service.h" | 16 #include "base/path_service.h" |
| 14 #include "base/string_util.h" | 17 #include "base/string_util.h" |
| 15 #include "chrome/browser/net/chrome_url_request_context.h" | 18 #include "chrome/browser/net/chrome_url_request_context.h" |
| 16 #include "chrome/browser/net/view_blob_internals_job_factory.h" | 19 #include "chrome/browser/net/view_blob_internals_job_factory.h" |
| 17 #include "chrome/browser/net/view_http_cache_job_factory.h" | 20 #include "chrome/browser/net/view_http_cache_job_factory.h" |
| 18 #include "chrome/browser/ui/webui/shared_resources_data_source.h" | 21 #include "chrome/browser/ui/webui/shared_resources_data_source.h" |
| 19 #include "chrome/common/chrome_paths.h" | 22 #include "chrome/common/chrome_paths.h" |
| 20 #include "chrome/common/chrome_switches.h" | 23 #include "chrome/common/chrome_switches.h" |
| 21 #include "chrome/common/url_constants.h" | 24 #include "chrome/common/url_constants.h" |
| 22 #include "content/browser/appcache/chrome_appcache_service.h" | 25 #include "content/browser/appcache/chrome_appcache_service.h" |
| 23 #include "content/browser/browser_thread.h" | 26 #include "content/browser/browser_thread.h" |
| 24 #include "googleurl/src/url_util.h" | 27 #include "googleurl/src/url_util.h" |
| 25 #include "grit/platform_locale_settings.h" | 28 #include "grit/platform_locale_settings.h" |
| 26 #include "net/base/io_buffer.h" | 29 #include "net/base/io_buffer.h" |
| 27 #include "net/base/net_errors.h" | 30 #include "net/base/net_errors.h" |
| 28 #include "net/http/http_response_headers.h" | 31 #include "net/http/http_response_headers.h" |
| 29 #include "net/url_request/url_request.h" | 32 #include "net/url_request/url_request.h" |
| 30 #include "net/url_request/url_request_file_job.h" | 33 #include "net/url_request/url_request_file_job.h" |
| 31 #include "net/url_request/url_request_job.h" | 34 #include "net/url_request/url_request_job.h" |
| 32 #include "net/url_request/url_request_job_factory.h" | 35 #include "net/url_request/url_request_job_factory.h" |
| 33 #include "webkit/appcache/view_appcache_internals_job.h" | 36 #include "webkit/appcache/view_appcache_internals_job.h" |
| 34 | 37 |
| 35 namespace { | 38 namespace { |
| 36 | 39 |
| 40 // X-WebKit-CSP is our development name for Content-Security-Policy. |
| 41 // TODO(tsepez) rename when Content-security-policy is done. |
| 42 // TODO(tsepez) remove unsafe-eval when bidichecker_packaged.js fixed. |
| 43 // TODO(tsepez) chrome-extension: permits the ChromeVox screen reader |
| 44 // extension to function on these pages. Remove it when the extension |
| 45 // is updated to stop injecting script into the pages. |
| 46 const char kChromeURLContentSecurityPolicyHeader[] = |
| 47 "X-WebKit-CSP: object-src 'self'; script-src chrome://resources " |
| 48 "chrome-extension://mndnfokpggljbaajbnioimlmbfngpief " |
| 49 "'self' 'unsafe-eval'"; |
| 50 |
| 51 class ChromeURLContentSecurityPolicyExceptionSet |
| 52 : public std::set<std::string> { |
| 53 public: |
| 54 ChromeURLContentSecurityPolicyExceptionSet() : std::set<std::string>() { |
| 55 insert(chrome::kChromeUICloudPrintResourcesHost); |
| 56 insert(chrome::kChromeUICloudPrintSetupHost); |
| 57 insert(chrome::kChromeUICreditsHost); |
| 58 insert(chrome::kChromeUIDevToolsHost); |
| 59 insert(chrome::kChromeUIDialogHost); |
| 60 insert(chrome::kChromeUINewTabHost); |
| 61 insert(chrome::kChromeUITextfieldsHost); |
| 62 #if defined(OS_CHROMEOS) |
| 63 insert(chrome::kChromeUIActiveDownloadsHost); |
| 64 insert(chrome::kChromeUIChooseMobileNetworkHost); |
| 65 insert(chrome::kChromeUIEnterpriseEnrollmentHost); |
| 66 insert(chrome::kChromeUIImageBurnerHost); |
| 67 insert(chrome::kChromeUIKeyboardOverlayHost); |
| 68 insert(chrome::kChromeUIOobeHost); |
| 69 insert(chrome::kChromeUIMobileSetupHost); |
| 70 insert(chrome::kChromeUIProxySettingsHost); |
| 71 insert(chrome::kChromeUIRegisterPageHost); |
| 72 insert(chrome::kChromeUISimUnlockHost); |
| 73 insert(chrome::kChromeUISystemInfoHost); |
| 74 #else |
| 75 insert(chrome::kChromeUISyncPromoHost); |
| 76 #endif |
| 77 #if defined(TOUCH_UI) |
| 78 insert(chrome::kChromeUIKeyboardHost); |
| 79 #endif |
| 80 #if defined(OS_CHROMEOS) || defined(TOUCH_UI) |
| 81 insert(chrome::kChromeUICollectedCookiesHost); |
| 82 insert(chrome::kChromeUIHttpAuthHost); |
| 83 insert(chrome::kChromeUIRepostFormWarningHost); |
| 84 #endif |
| 85 } |
| 86 }; |
| 87 |
| 88 base::LazyInstance<ChromeURLContentSecurityPolicyExceptionSet> |
| 89 g_chrome_url_content_security_policy_exceptions(base::LINKER_INITIALIZED); |
| 90 |
| 37 // Parse a URL into the components used to resolve its request. |source_name| | 91 // Parse a URL into the components used to resolve its request. |source_name| |
| 38 // is the hostname and |path| is the remaining portion of the URL. | 92 // is the hostname and |path| is the remaining portion of the URL. |
| 39 void URLToRequest(const GURL& url, std::string* source_name, | 93 void URLToRequest(const GURL& url, std::string* source_name, |
| 40 std::string* path) { | 94 std::string* path) { |
| 41 DCHECK(url.SchemeIs(chrome::kChromeDevToolsScheme) || | 95 DCHECK(url.SchemeIs(chrome::kChromeDevToolsScheme) || |
| 42 url.SchemeIs(chrome::kChromeUIScheme)); | 96 url.SchemeIs(chrome::kChromeUIScheme)); |
| 43 | 97 |
| 44 if (!url.is_valid()) { | 98 if (!url.is_valid()) { |
| 45 NOTREACHED(); | 99 NOTREACHED(); |
| 46 return; | 100 return; |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 148 *mime_type = mime_type_; | 202 *mime_type = mime_type_; |
| 149 return !mime_type_.empty(); | 203 return !mime_type_.empty(); |
| 150 } | 204 } |
| 151 | 205 |
| 152 void URLRequestChromeJob::GetResponseInfo(net::HttpResponseInfo* info) { | 206 void URLRequestChromeJob::GetResponseInfo(net::HttpResponseInfo* info) { |
| 153 DCHECK(!info->headers); | 207 DCHECK(!info->headers); |
| 154 // Set the headers so that requests serviced by ChromeURLDataManager return a | 208 // Set the headers so that requests serviced by ChromeURLDataManager return a |
| 155 // status code of 200. Without this they return a 0, which makes the status | 209 // status code of 200. Without this they return a 0, which makes the status |
| 156 // indistiguishable from other error types. Instant relies on getting a 200. | 210 // indistiguishable from other error types. Instant relies on getting a 200. |
| 157 info->headers = new net::HttpResponseHeaders("HTTP/1.1 200 OK"); | 211 info->headers = new net::HttpResponseHeaders("HTTP/1.1 200 OK"); |
| 212 ChromeURLContentSecurityPolicyExceptionSet* exceptions = |
| 213 g_chrome_url_content_security_policy_exceptions.Pointer(); |
| 214 if (exceptions->find(request_->url().host()) == exceptions->end()) |
| 215 info->headers->AddHeader(kChromeURLContentSecurityPolicyHeader); |
| 158 } | 216 } |
| 159 | 217 |
| 160 void URLRequestChromeJob::DataAvailable(RefCountedMemory* bytes) { | 218 void URLRequestChromeJob::DataAvailable(RefCountedMemory* bytes) { |
| 161 if (bytes) { | 219 if (bytes) { |
| 162 // The request completed, and we have all the data. | 220 // The request completed, and we have all the data. |
| 163 // Clear any IO pending status. | 221 // Clear any IO pending status. |
| 164 SetStatus(net::URLRequestStatus()); | 222 SetStatus(net::URLRequestStatus()); |
| 165 | 223 |
| 166 data_ = bytes; | 224 data_ = bytes; |
| 167 int bytes_read; | 225 int bytes_read; |
| (...skipping 321 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 489 | 547 |
| 490 return new URLRequestChromeJob(request, backend_); | 548 return new URLRequestChromeJob(request, backend_); |
| 491 } | 549 } |
| 492 | 550 |
| 493 } // namespace | 551 } // namespace |
| 494 | 552 |
| 495 net::URLRequestJobFactory::ProtocolHandler* | 553 net::URLRequestJobFactory::ProtocolHandler* |
| 496 CreateDevToolsProtocolHandler(ChromeURLDataManagerBackend* backend) { | 554 CreateDevToolsProtocolHandler(ChromeURLDataManagerBackend* backend) { |
| 497 return new DevToolsJobFactory(backend); | 555 return new DevToolsJobFactory(backend); |
| 498 } | 556 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8124010:
Replace <meta> tag with header for content-security-policy on chrome:// pages. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/