| Index: content/browser/child_process_security_policy.h
|
| ===================================================================
|
| --- content/browser/child_process_security_policy.h (revision 113019)
|
| +++ content/browser/child_process_security_policy.h (working copy)
|
| @@ -20,6 +20,12 @@
|
| class FilePath;
|
| class GURL;
|
|
|
| +namespace net {
|
| +
|
| +class URLRequestJobFactory;
|
| +
|
| +} // namespace net
|
| +
|
| // The ChildProcessSecurityPolicy class is used to grant and revoke security
|
| // capabilities for child processes. For example, it restricts whether a child
|
| // process is permitted to load file:// URLs based on whether the process
|
| @@ -44,7 +50,7 @@
|
| void RegisterWebSafeScheme(const std::string& scheme);
|
|
|
| // Returns true iff |scheme| has been registered as a web-safe scheme.
|
| - bool IsWebSafeScheme(const std::string& scheme);
|
| + bool IsWebSafeScheme(const std::string& scheme) const;
|
|
|
| // Pseudo schemes are treated differently than other schemes because they
|
| // cannot be requested like normal URLs. There is no mechanism for revoking
|
| @@ -52,7 +58,7 @@
|
| void RegisterPseudoScheme(const std::string& scheme);
|
|
|
| // Returns true iff |scheme| has been registered as pseudo scheme.
|
| - bool IsPseudoScheme(const std::string& scheme);
|
| + bool IsPseudoScheme(const std::string& scheme) const;
|
|
|
| // Sets the list of disabled schemes.
|
| // URLs using these schemes won't be loaded at all. The previous list of
|
| @@ -61,7 +67,7 @@
|
| void RegisterDisabledSchemes(const std::set<std::string>& schemes);
|
|
|
| // Returns true iff |scheme| is listed as a disabled scheme.
|
| - bool IsDisabledScheme(const std::string& scheme);
|
| + bool IsDisabledScheme(const std::string& scheme) const;
|
|
|
| // Upon creation, child processes should register themselves by calling this
|
| // this method exactly once.
|
| @@ -115,8 +121,13 @@
|
|
|
| // Before servicing a child process's request for a URL, the browser should
|
| // call this method to determine whether the process has the capability to
|
| - // request the URL.
|
| - bool CanRequestURL(int child_id, const GURL& url);
|
| + // request the URL. Returns the true answer relative to the job_factory,
|
| + // and requires that we are running on the IO thread, which is the only
|
| + // place a true answer may be obtained. When not running on the IO thread,
|
| + // we can get an approximate answer by omitting the JobFactory. This result
|
| + // is relative to whatever tables are checked via ContentBrowserClient.
|
| + bool CanRequestURL(int child_id, const GURL& url,
|
| + const net::URLRequestJobFactory* job_factory) const;
|
|
|
| // Before servicing a child process's request to upload a file to the web, the
|
| // browser should call this method to determine whether the process has the
|
| @@ -178,7 +189,7 @@
|
|
|
| // You must acquire this lock before reading or writing any members of this
|
| // class. You must not block while holding this lock.
|
| - base::Lock lock_;
|
| + mutable base::Lock lock_;
|
|
|
| // These schemes are white-listed for all child processes. This set is
|
| // protected by |lock_|.
|
|
|
Chromium Code Reviews
Issue 8588039:
Remove "open in new tab" items from context menu if the process doesn't (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/