OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/webui/url_data_manager_backend.h" | 5 #include "content/browser/webui/url_data_manager_backend.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 | 8 |
9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
11 #include "base/command_line.h" | 11 #include "base/command_line.h" |
12 #include "base/compiler_specific.h" | 12 #include "base/compiler_specific.h" |
13 #include "base/debug/trace_event.h" | 13 #include "base/debug/trace_event.h" |
14 #include "base/lazy_instance.h" | 14 #include "base/lazy_instance.h" |
15 #include "base/memory/ref_counted.h" | 15 #include "base/memory/ref_counted.h" |
16 #include "base/memory/ref_counted_memory.h" | 16 #include "base/memory/ref_counted_memory.h" |
17 #include "base/memory/weak_ptr.h" | 17 #include "base/memory/weak_ptr.h" |
18 #include "base/message_loop/message_loop.h" | 18 #include "base/message_loop/message_loop.h" |
19 #include "base/strings/string_util.h" | 19 #include "base/strings/string_util.h" |
20 #include "base/strings/stringprintf.h" | 20 #include "base/strings/stringprintf.h" |
21 #include "content/browser/fileapi/chrome_blob_storage_context.h" | 21 #include "content/browser/fileapi/chrome_blob_storage_context.h" |
22 #include "content/browser/histogram_internals_request_job.h" | 22 #include "content/browser/histogram_internals_request_job.h" |
23 #include "content/browser/net/view_blob_internals_job_factory.h" | 23 #include "content/browser/net/view_blob_internals_job_factory.h" |
24 #include "content/browser/net/view_http_cache_job_factory.h" | 24 #include "content/browser/net/view_http_cache_job_factory.h" |
25 #include "content/browser/resource_context_impl.h" | 25 #include "content/browser/resource_context_impl.h" |
26 #include "content/browser/tcmalloc_internals_request_job.h" | 26 #include "content/browser/tcmalloc_internals_request_job.h" |
27 #include "content/browser/webui/shared_resources_data_source.h" | 27 #include "content/browser/webui/shared_resources_data_source.h" |
28 #include "content/browser/webui/url_data_source_impl.h" | 28 #include "content/browser/webui/url_data_source_impl.h" |
| 29 #include "content/public/browser/browser_context.h" |
29 #include "content/public/browser/browser_thread.h" | 30 #include "content/public/browser/browser_thread.h" |
30 #include "content/public/browser/content_browser_client.h" | 31 #include "content/public/browser/content_browser_client.h" |
31 #include "content/public/browser/render_process_host.h" | 32 #include "content/public/browser/render_process_host.h" |
32 #include "content/public/browser/resource_request_info.h" | 33 #include "content/public/browser/resource_request_info.h" |
33 #include "content/public/common/url_constants.h" | 34 #include "content/public/common/url_constants.h" |
34 #include "net/base/io_buffer.h" | 35 #include "net/base/io_buffer.h" |
35 #include "net/base/net_errors.h" | 36 #include "net/base/net_errors.h" |
36 #include "net/http/http_response_headers.h" | 37 #include "net/http/http_response_headers.h" |
37 #include "net/http/http_status_code.h" | 38 #include "net/http/http_status_code.h" |
38 #include "net/url_request/url_request.h" | 39 #include "net/url_request/url_request.h" |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
153 // Returns true when job was generated from an incognito profile. | 154 // Returns true when job was generated from an incognito profile. |
154 bool is_incognito() const { | 155 bool is_incognito() const { |
155 return is_incognito_; | 156 return is_incognito_; |
156 } | 157 } |
157 | 158 |
158 private: | 159 private: |
159 virtual ~URLRequestChromeJob(); | 160 virtual ~URLRequestChromeJob(); |
160 | 161 |
161 // Helper for Start(), to let us start asynchronously. | 162 // Helper for Start(), to let us start asynchronously. |
162 // (This pattern is shared by most net::URLRequestJob implementations.) | 163 // (This pattern is shared by most net::URLRequestJob implementations.) |
163 void StartAsync(); | 164 void StartAsync(bool allowed); |
| 165 |
| 166 // Called on the UI thread to check if this request is allowed. |
| 167 static void CheckStoragePartitionMatches( |
| 168 int render_process_id, |
| 169 const GURL& url, |
| 170 const base::WeakPtr<URLRequestChromeJob>& job); |
164 | 171 |
165 // Do the actual copy from data_ (the data we're serving) into |buf|. | 172 // Do the actual copy from data_ (the data we're serving) into |buf|. |
166 // Separate from ReadRawData so we can handle async I/O. | 173 // Separate from ReadRawData so we can handle async I/O. |
167 void CompleteRead(net::IOBuffer* buf, int buf_size, int* bytes_read); | 174 void CompleteRead(net::IOBuffer* buf, int buf_size, int* bytes_read); |
168 | 175 |
169 // The actual data we're serving. NULL until it's been fetched. | 176 // The actual data we're serving. NULL until it's been fetched. |
170 scoped_refptr<base::RefCountedMemory> data_; | 177 scoped_refptr<base::RefCountedMemory> data_; |
171 // The current offset into the data that we're handing off to our | 178 // The current offset into the data that we're handing off to our |
172 // callers via the Read interfaces. | 179 // callers via the Read interfaces. |
173 int data_offset_; | 180 int data_offset_; |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
222 backend_(backend), | 229 backend_(backend), |
223 weak_factory_(this) { | 230 weak_factory_(this) { |
224 DCHECK(backend); | 231 DCHECK(backend); |
225 } | 232 } |
226 | 233 |
227 URLRequestChromeJob::~URLRequestChromeJob() { | 234 URLRequestChromeJob::~URLRequestChromeJob() { |
228 CHECK(!backend_->HasPendingJob(this)); | 235 CHECK(!backend_->HasPendingJob(this)); |
229 } | 236 } |
230 | 237 |
231 void URLRequestChromeJob::Start() { | 238 void URLRequestChromeJob::Start() { |
232 // Start reading asynchronously so that all error reporting and data | 239 int render_process_id, unused; |
233 // callbacks happen as they would for network requests. | 240 ResourceRequestInfo::GetRenderFrameForRequest( |
234 base::MessageLoop::current()->PostTask( | 241 request_, &render_process_id, &unused); |
| 242 BrowserThread::PostTask( |
| 243 BrowserThread::UI, |
235 FROM_HERE, | 244 FROM_HERE, |
236 base::Bind(&URLRequestChromeJob::StartAsync, weak_factory_.GetWeakPtr())); | 245 base::Bind(&URLRequestChromeJob::CheckStoragePartitionMatches, |
237 | 246 render_process_id, request_->url(), AsWeakPtr())); |
238 TRACE_EVENT_ASYNC_BEGIN1("browser", "DataManager:Request", this, "URL", | 247 TRACE_EVENT_ASYNC_BEGIN1("browser", "DataManager:Request", this, "URL", |
239 request_->url().possibly_invalid_spec()); | 248 request_->url().possibly_invalid_spec()); |
240 } | 249 } |
241 | 250 |
242 void URLRequestChromeJob::Kill() { | 251 void URLRequestChromeJob::Kill() { |
243 backend_->RemoveRequest(this); | 252 backend_->RemoveRequest(this); |
244 } | 253 } |
245 | 254 |
246 bool URLRequestChromeJob::GetMimeType(std::string* mime_type) const { | 255 bool URLRequestChromeJob::GetMimeType(std::string* mime_type) const { |
247 *mime_type = mime_type_; | 256 *mime_type = mime_type_; |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
331 int remaining = static_cast<int>(data_->size()) - data_offset_; | 340 int remaining = static_cast<int>(data_->size()) - data_offset_; |
332 if (buf_size > remaining) | 341 if (buf_size > remaining) |
333 buf_size = remaining; | 342 buf_size = remaining; |
334 if (buf_size > 0) { | 343 if (buf_size > 0) { |
335 memcpy(buf->data(), data_->front() + data_offset_, buf_size); | 344 memcpy(buf->data(), data_->front() + data_offset_, buf_size); |
336 data_offset_ += buf_size; | 345 data_offset_ += buf_size; |
337 } | 346 } |
338 *bytes_read = buf_size; | 347 *bytes_read = buf_size; |
339 } | 348 } |
340 | 349 |
341 void URLRequestChromeJob::StartAsync() { | 350 void URLRequestChromeJob::CheckStoragePartitionMatches( |
| 351 int render_process_id, |
| 352 const GURL& url, |
| 353 const base::WeakPtr<URLRequestChromeJob>& job) { |
| 354 // The embedder could put some webui pages in separate storage partition. |
| 355 // RenderProcessHostImpl::IsSuitableHost would guard against top level pages |
| 356 // being in the same process. We do an extra check to guard against an |
| 357 // exploited renderer pretending to add them as a subframe. We skip this check |
| 358 // for resources. |
| 359 // TODO(guohui): move URL constants for favicon, theme, thumb, thumb and |
| 360 // thumbnails from chrome/common/url_constants.h to |
| 361 // content/public/common/url_constants.h, so that they could be reused here. |
| 362 bool allowed = false; |
| 363 if (url.SchemeIs(kChromeUIScheme) && |
| 364 (url.host() == kChromeUIResourcesHost || |
| 365 url.host() == "favicon" || |
| 366 url.host() == "theme" || |
| 367 url.host() == "thumb" || |
| 368 url.host() == "thumb2" || |
| 369 url.host() == "thumbnails")) { |
| 370 allowed = true; |
| 371 } else { |
| 372 RenderProcessHost* process = RenderProcessHost::FromID(render_process_id); |
| 373 if (process) { |
| 374 StoragePartition* partition = BrowserContext::GetStoragePartitionForSite( |
| 375 process->GetBrowserContext(), url); |
| 376 allowed = partition == process->GetStoragePartition(); |
| 377 } |
| 378 } |
| 379 |
| 380 BrowserThread::PostTask( |
| 381 BrowserThread::IO, |
| 382 FROM_HERE, |
| 383 base::Bind(&URLRequestChromeJob::StartAsync, job, allowed)); |
| 384 } |
| 385 |
| 386 void URLRequestChromeJob::StartAsync(bool allowed) { |
342 if (!request_) | 387 if (!request_) |
343 return; | 388 return; |
344 | 389 |
345 if (!backend_->StartRequest(request_, this)) { | 390 if (!allowed || !backend_->StartRequest(request_, this)) { |
346 NotifyStartError(net::URLRequestStatus(net::URLRequestStatus::FAILED, | 391 NotifyStartError(net::URLRequestStatus(net::URLRequestStatus::FAILED, |
347 net::ERR_INVALID_URL)); | 392 net::ERR_INVALID_URL)); |
348 } | 393 } |
349 } | 394 } |
350 | 395 |
351 namespace { | 396 namespace { |
352 | 397 |
353 // Gets mime type for data that is available from |source| by |path|. | 398 // Gets mime type for data that is available from |source| by |path|. |
354 // After that, notifies |job| that mime type is available. This method | 399 // After that, notifies |job| that mime type is available. This method |
355 // should be called on the UI thread, but notification is performed on | 400 // should be called on the UI thread, but notification is performed on |
(...skipping 322 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
678 | 723 |
679 } // namespace | 724 } // namespace |
680 | 725 |
681 net::URLRequestJobFactory::ProtocolHandler* | 726 net::URLRequestJobFactory::ProtocolHandler* |
682 CreateDevToolsProtocolHandler(content::ResourceContext* resource_context, | 727 CreateDevToolsProtocolHandler(content::ResourceContext* resource_context, |
683 bool is_incognito) { | 728 bool is_incognito) { |
684 return new DevToolsJobFactory(resource_context, is_incognito); | 729 return new DevToolsJobFactory(resource_context, is_incognito); |
685 } | 730 } |
686 | 731 |
687 } // namespace content | 732 } // namespace content |
OLD | NEW |