OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. Use | |
2 // of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_ | |
6 #define WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_ | |
7 | |
8 #include <map> | |
9 #include <utility> | |
10 | |
11 #include "third_party/WebKit/public/web/WebFrame.h" | |
12 #include "third_party/WebKit/public/platform/WebURLRequest.h" | |
13 #include "third_party/WebKit/public/platform/WebURLResponse.h" | |
14 #include "webkit/child/webkit_child_export.h" | |
15 | |
16 using WebKit::WebFrame; | |
17 using WebKit::WebURLResponse; | |
18 using WebKit::WebURLRequest; | |
19 | |
20 namespace webkit_glue { | |
21 | |
22 struct ResponseMetaData { | |
23 enum CanonicalMimeType { | |
24 IsHTML = 0, | |
25 IsXML = 1, | |
26 IsJSON = 2, | |
27 IsPlain = 3, | |
28 IsOthers = 4, | |
29 }; | |
30 | |
31 static const char* CanonicalMimeTypeToString(CanonicalMimeType mime_type) { | |
32 const char* mime_type_names[] = {"HTML", "XML", "JSON", "Plain", "Others"}; | |
33 return mime_type_names[mime_type]; | |
34 } | |
35 | |
36 static const char* TargetTypeToString(WebURLRequest::TargetType target_type) { | |
37 const char* target_type_names[] = { | |
38 "MainFrame", "Subframe", "Subresource", "StyleSheet", "Script", | |
39 "FontResource", "Image", "Object", "Media", "Worker", "SharedWorker", | |
40 "Prefetch", "Favicon", "XHR", "TextTrack", "Unspecified"}; | |
41 return target_type_names[target_type]; | |
42 } | |
43 | |
44 std::string frame_origin; | |
45 std::string response_url; | |
46 unsigned identifier; | |
47 WebURLRequest::TargetType target_type; | |
48 CanonicalMimeType canonical_mime_type; | |
49 int http_status_code; | |
50 }; | |
51 | |
52 // The correct calling sequence of the following three functions are | |
53 // as they appear in this file. | |
54 class WEBKIT_CHILD_EXPORT SiteIsolationPolicy { | |
55 public: | |
56 | |
57 // Register target_type information for identifier. identifier keeps | |
58 // track of the sequence of network requests made for the original | |
59 // url. target_type gets sometimes misleading especially when it | |
60 // has TargetIsSubresource. We should not depend on target_type to | |
61 // decide if this request is for navigation or not. | |
62 static void WillSendRequest(unsigned identifier, | |
63 WebURLRequest::TargetType target_type); | |
64 | |
65 // Register the header information of the response data. This | |
66 // function obtains the target_type set by WillSendRequest(), and | |
67 // erase the slot. | |
68 // TODO(dsjang): does this get called multiple times? | |
69 static void DidReceiveResponse(WebFrame* frame, | |
70 unsigned identifier, | |
71 const WebURLResponse& response); | |
72 | |
73 static void DidReceiveData(const char* payload, | |
nasko
2013/08/06 17:29:27
Why is this method without a comment? It seems out
dsjang
2013/08/07 00:19:07
Done.
| |
74 int length, | |
75 WebKit::WebURL& response_url); | |
76 | |
77 // TODO(dsjang): This seems eventually called by RenderFrameImpl | |
78 // after WillSendRequest(). Consult experts to confirm this. This | |
79 // frees the registered target_type information by | |
80 // WillSendRequest(). | |
81 static void DidFinishResourceLoad(unsigned identifier); | |
82 | |
83 // TODO(dsjang): This is called by WebURLLoaderImpl to free response | |
84 // data registred by DidReceiveResponse. This might not be called | |
85 // when a network request fails since this is only called after | |
86 // finishing downloading the response to the request. So we might | |
87 // have to depend on DidFinishResourceLoad(identifier) above. | |
88 static void DidFinishResourceLoad(WebKit::WebURL& response_url); | |
89 | |
90 // Returns if this response's scheme is not security relevant. For | |
nasko
2013/08/06 17:29:27
nit: s/if/whether/ here and all the following comm
dsjang
2013/08/07 00:19:07
Done.
| |
91 // example, this returns true for data: | |
nasko
2013/08/06 17:29:27
Really? It returns a type according to the declara
dsjang
2013/08/07 00:19:07
Done.
| |
92 static ResponseMetaData::CanonicalMimeType GetCanonicalMimeType( | |
93 const WebURLResponse& response); | |
94 | |
95 // Returns if this response's scheme is not security relevant. For | |
96 // example, this returns true for data: | |
97 static bool IsSafeScheme(GURL& frame_origin); | |
98 | |
99 // Returns if this response's source site is the same as the site of the frame | |
100 static bool IsSameSite(GURL& frame_origin, GURL& response_url); | |
101 | |
102 // TODO(dsjang): Scheme should be considered for checking the | |
103 // validity of a cors header. Returns if a valid CORS header is set | |
104 // for the frame's URL. | |
105 static bool IsValidCorsHeaderSet(GURL& frame_origin, | |
106 GURL& website_origin, | |
107 std::string access_control_origin); | |
108 | |
109 // Returns if this is for the response for a sub resource, not a | |
110 // response for frame navigation. | |
111 static bool IsFrameNotCommitted(WebFrame* frame); | |
112 | |
113 static bool SniffForHTML(const char* data, size_t length); | |
114 static bool SniffForXML(const char* data, size_t length); | |
115 static bool SniffForJSON(const char* data, size_t length); | |
116 | |
117 static bool UnaffectedStatusCode(int status_code); | |
118 static bool SniffForJS(const char* data, size_t length); | |
119 | |
120 static bool DoSignatureMatching(const char* data, | |
121 size_t length, | |
122 const char* signatures[], | |
123 size_t arr_size); | |
124 | |
125 private: | |
126 // Maintain data between willSendRequest() -> didReceiveResponse() | |
127 static std::map<unsigned, WebURLRequest::TargetType> id_target_map_; | |
nasko
2013/08/06 17:29:27
Be explicit in type declaration. unsigned what?
dsjang
2013/08/07 00:19:07
Decided to leave "unsigned" unchanged to be consis
| |
128 | |
129 // Maintain data between didReceiveResponse() -> didReceiveData() | |
130 // We need to record (mimetype, statuscode) here. | |
131 static std::map<std::string, ResponseMetaData> url_responsedata_map_; | |
132 | |
133 // This is a map that maps identifier to the corresponding | |
134 // ResponseMetaData. | |
135 static std::map<unsigned, std::string> id_url_map_; | |
nasko
2013/08/06 17:29:27
Same here, be explicit.
dsjang
2013/08/07 00:19:07
Decided to leave "unsigned" unchanged to be consis
| |
136 | |
137 // Never needs to be constructed/destructed. | |
138 SiteIsolationPolicy() {} | |
139 ~SiteIsolationPolicy() {} | |
140 | |
141 DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicy); | |
142 }; | |
143 | |
144 } // namespace content | |
145 | |
146 #endif // WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_ | |
OLD | NEW |