OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. Use | |
2 // of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_ | |
6 #define WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_ | |
7 | |
8 #include <map> | |
9 #include <utility> | |
10 | |
11 #include "third_party/WebKit/public/web/WebFrame.h" | |
12 #include "third_party/WebKit/public/platform/WebURLRequest.h" | |
13 #include "third_party/WebKit/public/platform/WebURLResponse.h" | |
14 #include "webkit/child/webkit_child_export.h" | |
15 | |
16 using WebKit::WebFrame; | |
17 using WebKit::WebURLResponse; | |
18 using WebKit::WebURLRequest; | |
19 | |
20 namespace webkit_glue { | |
21 | |
22 struct ResponseMetaData { | |
23 enum CanonicalMimeType { | |
24 IsHTML = 0, | |
Charlie Reis
2013/08/09 00:39:03
nit: Drop the "Is" from these names.
dsjang
2013/08/09 01:31:23
Done.
| |
25 IsXML = 1, | |
26 IsJSON = 2, | |
27 IsPlain = 3, | |
28 IsOthers = 4, | |
29 MaxCanonicalMimeType, | |
30 }; | |
31 | |
32 static const char* CanonicalMimeTypeToString(CanonicalMimeType mime_type) { | |
33 const char* mime_type_names[] = {"HTML", "XML", "JSON", "Plain", "Others"}; | |
34 return mime_type_names[mime_type]; | |
35 } | |
36 | |
37 static const char* TargetTypeToString(WebURLRequest::TargetType target_type) { | |
38 const char* target_type_names[] = { | |
39 "MainFrame", "Subframe", "Subresource", "StyleSheet", "Script", | |
40 "FontResource", "Image", "Object", "Media", "Worker", "SharedWorker", | |
41 "Prefetch", "Favicon", "XHR", "TextTrack", "Unspecified"}; | |
42 return target_type_names[target_type]; | |
43 } | |
44 | |
45 std::string frame_origin; | |
46 std::string response_url; | |
47 unsigned identifier; | |
Charlie Reis
2013/08/09 00:39:03
request_identifier
dsjang
2013/08/09 01:31:23
Done.
| |
48 WebURLRequest::TargetType target_type; | |
49 CanonicalMimeType canonical_mime_type; | |
50 int http_status_code; | |
51 }; | |
52 | |
53 class WEBKIT_CHILD_EXPORT SiteIsolationPolicy { | |
54 public: | |
55 | |
56 // Register target_type information for identifier. identifier keeps | |
57 // track of the sequence of network requests made for the original | |
Charlie Reis
2013/08/09 00:39:03
This wording is a bit awkward. The identifier rep
dsjang
2013/08/09 01:31:23
Done.
| |
58 // url. target_type gets sometimes misleading especially when it | |
Charlie Reis
2013/08/09 00:39:03
Can you elaborate a bit? Hard for others to know
dsjang
2013/08/09 01:31:23
Done.
| |
59 // has TargetIsSubresource. We should not depend on target_type to | |
Charlie Reis
2013/08/09 00:39:03
has -> is
dsjang
2013/08/09 01:31:23
Done.
| |
60 // decide if this request is for navigation or not. | |
61 static void WillSendRequest(unsigned identifier, | |
62 WebURLRequest::TargetType target_type); | |
63 | |
64 // Register the header information of the response data. This | |
65 // function obtains the target_type set by WillSendRequest(), and | |
66 // erase the slot. | |
Charlie Reis
2013/08/09 00:39:03
What slot?
dsjang
2013/08/09 01:31:23
Done.
| |
67 // TODO(dsjang): does this get called multiple times? | |
68 static void DidReceiveResponse(WebFrame* frame, | |
69 unsigned identifier, | |
70 const WebURLResponse& response); | |
71 | |
72 // Examine the first network packet in case response_url is | |
73 // registered as a cross-site document by DidReceiveResponse(). If | |
74 // if is the case, this is going to record various kinds of UMA data | |
Charlie Reis
2013/08/09 00:39:03
if -> this
going to record -> records
dsjang
2013/08/09 01:31:23
Done.
| |
75 // items. | |
76 static void DidReceiveData(const char* payload, | |
77 int length, | |
78 WebKit::WebURL& response_url); | |
79 | |
80 // TODO(dsjang): Either of the following two functions must be | |
81 // called at the end of the | |
82 // transaction. WebURLLoaderImpl::didReceivedData() is not a place | |
83 // where this can be called since it is not guaranteed that the | |
84 // function is called in case of network error. Instead, | |
85 // RenderFrameImpl::didFinishResourceLoad(identifier) and | |
86 // didFailLoad() are used for successful loading, failed one, | |
Charlie Reis
2013/08/09 00:39:03
successful loading and failed loading, respectivel
dsjang
2013/08/09 01:31:23
Done.
| |
87 // respectively. | |
88 static void DidFinishResourceLoad(unsigned identifier); | |
89 | |
90 static void DidFinishResourceLoadForUrl(const WebKit::WebURL& response_url); | |
91 | |
92 // Returns the canonical mime type code of the mime type of | |
Charlie Reis
2013/08/09 00:39:03
Everything from here down should be a private help
dsjang
2013/08/09 01:31:23
Done.
| |
93 // response. | |
94 static ResponseMetaData::CanonicalMimeType GetCanonicalMimeType( | |
95 const WebURLResponse& response); | |
96 | |
97 // Returns whether response's scheme is network relevant. This | |
Charlie Reis
2013/08/09 00:39:03
Is "network relevant" the right name for this? FT
dsjang
2013/08/09 01:31:23
Done.
| |
98 // returns true only for http://* and https:// urls. | |
99 static bool IsNetworkScheme(GURL& frame_origin); | |
Charlie Reis
2013/08/09 00:39:03
Most of these should probably be const GURL&.
dsjang
2013/08/09 01:31:23
Done.
| |
100 | |
101 // Returns if this response's source site is the same as the site of the frame | |
102 static bool IsSameSite(GURL& frame_origin, GURL& response_url); | |
103 | |
104 // Returns if a valid CORS's set for frame_origin. This is very | |
Charlie Reis
2013/08/09 00:39:03
"Returns if there is a valid CORS header for frame
dsjang
2013/08/09 01:31:23
Done.
| |
105 // simliar to CrossOriginAccessControl::passesAccessControlCheck(), | |
106 // but we use sites as our security domain, not | |
107 // origins. TODO(dsjang): this must be improved to be more accurate | |
108 // to the actual CORS specification. For now, this works | |
109 // conservatively, allowing XSDs that are not allowed by actual CORS | |
110 // rules by ignoring 1) credentials and 2) methods. Preflight | |
111 // requests don't matter here since they are not used to decide | |
112 // whether to block a document or not on the client side. | |
113 static bool IsValidCorsHeaderSet(GURL& frame_origin, | |
114 GURL& website_origin, | |
115 std::string access_control_origin); | |
116 | |
117 // Returns if this is for the response for a sub resource, not a | |
118 // response for frame navigation. | |
119 static bool IsFrameInNavigation(WebFrame* frame); | |
Charlie Reis
2013/08/09 00:39:03
Perhaps IsFrameNavigating?
dsjang
2013/08/09 01:31:23
Done.
| |
120 | |
121 static bool SniffForHTML(const char* data, size_t length); | |
122 static bool SniffForXML(const char* data, size_t length); | |
123 static bool SniffForJSON(const char* data, size_t length); | |
124 | |
125 static bool IsErrorStatusCode(int status_code); | |
126 static bool SniffForJS(const char* data, size_t length); | |
Charlie Reis
2013/08/09 00:39:03
Why isn't this Sniff function with the others?
Al
dsjang
2013/08/09 01:31:23
Done.
| |
127 | |
128 static bool DoSignatureMatching(const char* data, | |
129 size_t length, | |
130 const char* signatures[], | |
131 size_t arr_size); | |
132 | |
133 private: | |
134 // Maintain bookkeeping data between WillSendRequest() and | |
135 // DidReceiveResponse(). The key is the identifier of response. | |
136 static std::map<unsigned, WebURLRequest::TargetType> id_target_map_; | |
137 | |
138 // Maintain data between DidReceiveResponse() and DidReceiveData(). | |
139 // The key is the url of response. We can't use identifier anymore | |
140 // from here since that information is no longer available for | |
141 // DidReceiveData(). | |
142 static std::map<std::string, ResponseMetaData> url_responsedata_map_; | |
143 | |
144 // This is a map that maps the identifier of a response to the | |
Charlie Reis
2013/08/09 00:39:03
This maps the identifier...
dsjang
2013/08/09 01:31:23
Done.
| |
145 // response's url. This is used to free REsponseMetaData in | |
Charlie Reis
2013/08/09 00:39:03
typo: REsponse
dsjang
2013/08/09 01:31:23
Done.
| |
146 // url_responsedata_map_, when DidReceiveData() is never called. | |
147 static std::map<unsigned, std::string> id_url_map_; | |
148 | |
149 // Never needs to be constructed/destructed. | |
150 SiteIsolationPolicy() {} | |
151 ~SiteIsolationPolicy() {} | |
152 | |
153 DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicy); | |
154 }; | |
155 | |
156 } // namespace content | |
157 | |
158 #endif // WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_ | |
OLD | NEW |