Chromium Code Reviews Chromium Code Reviews
Issue 2025683003:
First experimental implementation of the Clear-Site-Data header (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "content/browser/browsing_data/clear_site_data_header_observer.h" | |
| 6 | |
| 7 #include "base/command_line.h" | |
| 8 #include "base/json/json_reader.h" | |
| 9 #include "base/json/json_string_value_serializer.h" | |
| 10 #include "base/memory/ptr_util.h" | |
| 11 #include "base/strings/string_util.h" | |
| 12 #include "base/strings/stringprintf.h" | |
| 13 #include "base/values.h" | |
| 14 #include "content/browser/frame_host/navigation_handle_impl.h" | |
| 15 #include "content/public/browser/browser_context.h" | |
| 16 #include "content/public/browser/content_browser_client.h" | |
| 17 #include "content/public/browser/navigation_handle.h" | |
| 18 #include "content/public/browser/web_contents.h" | |
| 19 #include "content/public/common/content_client.h" | |
| 20 #include "content/public/common/content_switches.h" | |
| 21 #include "content/public/common/origin_util.h" | |
| 22 #include "net/http/http_response_headers.h" | |
| 23 #include "url/gurl.h" | |
| 24 #include "url/origin.h" | |
| 25 | |
| 26 namespace content { | |
| 27 | |
| 28 namespace { | |
| 29 | |
| 30 static const char* kClearSiteDataHeader = "Clear-Site-Data"; | |
| 31 | |
| 32 static const char* kTypesKey = "types"; | |
| 33 | |
| 34 // Pretty-printed log output. | |
| 35 static const char* kConsoleMessagePrefix = "Clear-Site-Data header on '%s': %s"; | |
| 36 static const char* kClearingOneType = "Clearing %s."; | |
| 37 static const char* kClearingTwoTypes = "Clearing %s and %s."; | |
| 38 static const char* kClearingThreeTypes = "Clearing %s, %s, and %s."; | |
| 39 | |
| 40 // Console logging. Adds a |text| message with |level| to |messages|. | |
| 41 void ConsoleLog( | |
| 42 std::vector<ClearSiteDataHeaderObserver::ConsoleMessage>* messages, | |
| 43 const GURL& url, | |
| 44 const std::string& text, | |
| 45 ConsoleMessageLevel level) { | |
| 46 messages->push_back({url, text, level}); | |
| 47 } | |
| 48 | |
| 49 bool AreExperimentalFeaturesEnabled() { | |
| 50 return base::CommandLine::ForCurrentProcess()->HasSwitch( | |
| 51 switches::kEnableExperimentalWebPlatformFeatures); | |
| 52 } | |
| 53 | |
| 54 } // namespace | |
| 55 | |
| 56 // static | |
| 57 std::unique_ptr<ClearSiteDataHeaderObserver> | |
| 58 ClearSiteDataHeaderObserver::CreateFor(NavigationHandle* handle) { | |
| 59 ClearSiteDataHeaderObserver* observer = | |
| 60 AreExperimentalFeaturesEnabled() | |
| 61 ? new ClearSiteDataHeaderObserver(handle->GetWebContents()) | |
| 62 : nullptr; | |
| 63 | |
| 64 return base::WrapUnique(observer); | |
| 65 } | |
| 66 | |
| 67 ClearSiteDataHeaderObserver::~ClearSiteDataHeaderObserver() {} | |
| 68 | |
| 69 void ClearSiteDataHeaderObserver::DidStartNavigation( | |
| 70 NavigationHandle* navigation_handle) { | |
| 71 current_url_ = navigation_handle->GetURL(); | |
| 72 } | |
| 73 | |
| 74 void ClearSiteDataHeaderObserver::DidRedirectNavigation( | |
| 75 NavigationHandle* navigation_handle) { | |
| 76 // We are processing a redirect from url1 to url2. GetResponseHeaders() | |
| 77 // contains headers from url1, but GetURL() is already equal to url2. Handle | |
| 78 // the headers before updating the URL, so that |current_url_| corresponds | |
| 79 // to the URL that sent the headers. | |
| 80 HandleHeader(navigation_handle); | |
| 81 current_url_ = navigation_handle->GetURL(); | |
| 82 } | |
| 83 | |
| 84 void ClearSiteDataHeaderObserver::DidFinishNavigation( | |
| 85 NavigationHandle* navigation_handle) { | |
| 86 HandleHeader(navigation_handle); | |
| 87 | |
| 88 // Now that we have access to the correct RenderFrameHost, | |
| 89 // output the cached console messages. Prefix each sequence of messages | |
| 90 // belonging to the same URL with |kConsoleMessagePrefix|. | |
| 91 GURL last_seen_url; | |
| 92 for (const ConsoleMessage& message : messages_) { | |
| 93 if (message.url == last_seen_url) { | |
| 94 navigation_handle->GetRenderFrameHost()->AddMessageToConsole( | |
| 95 message.level, message.text); | |
| 96 } else { | |
| 97 navigation_handle->GetRenderFrameHost()->AddMessageToConsole( | |
| 98 message.level, | |
| 99 base::StringPrintf(kConsoleMessagePrefix, message.url.spec().c_str(), | |
| 100 message.text.c_str())); | |
| 101 } | |
| 102 | |
| 103 last_seen_url = message.url; | |
| 104 } | |
| 105 } | |
| 106 | |
| 107 ClearSiteDataHeaderObserver::ClearSiteDataHeaderObserver( | |
| 108 WebContents* web_contents) | |
| 109 : WebContentsObserver(web_contents) {} | |
| 110 | |
| 111 void ClearSiteDataHeaderObserver::HandleHeader( | |
| 112 NavigationHandle* navigation_handle) { | |
| 113 NavigationHandleImpl* handle = | |
| 114 static_cast<NavigationHandleImpl*>(navigation_handle); | |
| 115 | |
| 116 // Some navigations don't have response headers. | |
| 117 if (!handle->GetResponseHeaders()) | |
| 118 return; | |
| 119 | |
| 120 // Extract the instances of the header and parse them. | |
| 121 size_t iter = 0; | |
| 122 std::string header_name; | |
| 123 std::string header_value; | |
| 124 while (handle->GetResponseHeaders()->EnumerateHeaderLines(&iter, &header_name, | |
| 125 &header_value)) { | |
| 126 if (header_name != kClearSiteDataHeader) | |
| 127 continue; | |
| 128 | |
| 129 // Only accept the header on secure origins. | |
| 130 if (!IsOriginSecure(current_url_)) { | |
| 131 ConsoleLog(&messages_, current_url_, | |
| 132 "Not supported for insecure origins.", | |
| 133 CONSOLE_MESSAGE_LEVEL_ERROR); | |
| 134 return; | |
| 135 } | |
| 136 | |
| 137 bool clear_cookies; | |
| 138 bool clear_storage; | |
| 139 bool clear_cache; | |
| 140 | |
| 141 if (!ParseHeader(header_value, &clear_cookies, &clear_storage, &clear_cache, | |
| 142 &messages_)) { | |
| 143 continue; | |
| 144 } | |
| 145 | |
| 146 // If the header is valid, clear the data for this browser context | |
| 147 // and origin. | |
| 148 BrowserContext* browser_context = | |
| 149 handle->GetWebContents()->GetBrowserContext(); | |
| 150 url::Origin origin(current_url_); | |
| 151 | |
| 152 GetContentClient()->browser()->ClearSiteData( | |
| 153 browser_context, origin, clear_cookies, clear_storage, clear_cache); | |
| 154 } | |
| 155 } | |
| 156 | |
| 157 bool ClearSiteDataHeaderObserver::ParseHeader( | |
| 158 const std::string& header, | |
| 159 bool* clear_cookies, | |
| 160 bool* clear_storage, | |
| 161 bool* clear_cache, | |
| 162 std::vector<ConsoleMessage>* messages) { | |
| 163 std::unique_ptr<base::Value> parsed_header; | |
| 164 if (base::IsStringASCII(header)) | |
|
nasko
2016/08/03 20:53:13
It is better to invert the check and return early.
| |
| 165 parsed_header = base::JSONReader::Read(header); | |
| 166 | |
| 167 if (!parsed_header) { | |
| 168 ConsoleLog(messages, current_url_, | |
| 169 base::StringPrintf("%s is not a valid JSON.", header.c_str()), | |
| 170 CONSOLE_MESSAGE_LEVEL_ERROR); | |
| 171 return false; | |
| 172 } | |
| 173 | |
| 174 const base::ListValue* types = nullptr; | |
| 175 if (!parsed_header->GetAsDictionary(nullptr) || | |
| 176 !static_cast<base::DictionaryValue*>(parsed_header.get()) | |
| 177 ->GetListWithoutPathExpansion(kTypesKey, &types)) { | |
| 178 ConsoleLog( | |
| 179 messages, current_url_, | |
| 180 base::StringPrintf("%s is not a JSON dictionary with a 'types' field.", | |
| 181 header.c_str()), | |
| 182 CONSOLE_MESSAGE_LEVEL_ERROR); | |
| 183 return false; | |
| 184 } | |
| 185 | |
| 186 DCHECK(types); | |
| 187 | |
| 188 *clear_cookies = false; | |
| 189 *clear_storage = false; | |
| 190 *clear_cache = false; | |
| 191 | |
| 192 std::vector<std::string> type_names; | |
| 193 for (const std::unique_ptr<base::Value>& value : *types) { | |
| 194 std::string type; | |
| 195 value->GetAsString(&type); | |
| 196 | |
| 197 bool* datatype = nullptr; | |
| 198 | |
| 199 if (type == "cookies") { | |
| 200 datatype = clear_cookies; | |
| 201 } else if (type == "storage") { | |
| 202 datatype = clear_storage; | |
| 203 } else if (type == "cache") { | |
| 204 datatype = clear_cache; | |
| 205 } else { | |
| 206 std::string serialized_type; | |
| 207 JSONStringValueSerializer serializer(&serialized_type); | |
| 208 serializer.Serialize(*value); | |
| 209 ConsoleLog( | |
| 210 messages, current_url_, | |
| 211 base::StringPrintf("Invalid type: %s.", serialized_type.c_str()), | |
| 212 CONSOLE_MESSAGE_LEVEL_ERROR); | |
| 213 continue; | |
| 214 } | |
| 215 | |
| 216 // Each data type should only be processed once. | |
| 217 DCHECK(datatype); | |
| 218 if (*datatype) | |
| 219 continue; | |
| 220 | |
| 221 *datatype = true; | |
| 222 type_names.push_back(type); | |
| 223 } | |
| 224 | |
| 225 if (!*clear_cookies && !*clear_storage && !*clear_cache) { | |
| 226 ConsoleLog( | |
| 227 messages, current_url_, | |
| 228 base::StringPrintf("No valid types specified in %s.", header.c_str()), | |
| 229 CONSOLE_MESSAGE_LEVEL_ERROR); | |
| 230 return false; | |
| 231 } | |
| 232 | |
| 233 // Pretty-print which types are to be cleared. | |
| 234 std::string output; | |
| 235 switch (type_names.size()) { | |
| 236 case 1: | |
| 237 output = base::StringPrintf(kClearingOneType, type_names[0].c_str()); | |
| 238 break; | |
| 239 case 2: | |
| 240 output = base::StringPrintf(kClearingTwoTypes, type_names[0].c_str(), | |
| 241 type_names[1].c_str()); | |
| 242 break; | |
| 243 case 3: | |
| 244 output = base::StringPrintf(kClearingThreeTypes, type_names[0].c_str(), | |
| 245 type_names[1].c_str(), type_names[2].c_str()); | |
| 246 break; | |
| 247 default: | |
| 248 NOTREACHED(); | |
| 249 } | |
| 250 ConsoleLog(messages, current_url_, output, CONSOLE_MESSAGE_LEVEL_LOG); | |
| 251 | |
| 252 return true; | |
| 253 } | |
| 254 | |
| 255 } // namespace content | |
| OLD | NEW |
