OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. Use | |
2 // of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_ | |
6 #define WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_ | |
7 | |
8 #include <map> | |
9 #include <utility> | |
10 | |
11 #include "base/gtest_prod_util.h" | |
12 #include "third_party/WebKit/public/web/WebFrame.h" | |
13 #include "third_party/WebKit/public/platform/WebURLRequest.h" | |
14 #include "third_party/WebKit/public/platform/WebURLResponse.h" | |
15 #include "webkit/child/webkit_child_export.h" | |
16 | |
17 using WebKit::WebFrame; | |
18 using WebKit::WebURLResponse; | |
19 using WebKit::WebURLRequest; | |
20 | |
21 namespace webkit_glue { | |
22 | |
23 struct ResponseMetaData { | |
Charlie Reis
2013/08/09 18:48:38
There are some compile errors for this on linux_cl
dsjang
2013/08/12 22:56:17
Done.
| |
24 enum CanonicalMimeType { | |
25 HTML = 0, | |
26 XML = 1, | |
27 JSON = 2, | |
28 Plain = 3, | |
29 Others = 4, | |
30 MaxCanonicalMimeType, | |
31 }; | |
32 | |
33 static const char* CanonicalMimeTypeToString(CanonicalMimeType mime_type) { | |
34 const char* mime_type_names[] = {"HTML", "XML", "JSON", "Plain", "Others"}; | |
35 return mime_type_names[mime_type]; | |
36 } | |
37 | |
38 static const char* TargetTypeToString(WebURLRequest::TargetType target_type) { | |
39 const char* target_type_names[] = { | |
40 "MainFrame", "Subframe", "Subresource", "StyleSheet", "Script", | |
41 "FontResource", "Image", "Object", "Media", "Worker", "SharedWorker", | |
42 "Prefetch", "Favicon", "XHR", "TextTrack", "Unspecified"}; | |
43 return target_type_names[target_type]; | |
44 } | |
45 | |
46 std::string frame_origin; | |
47 std::string response_url; | |
48 unsigned request_identifier; | |
49 WebURLRequest::TargetType target_type; | |
50 CanonicalMimeType canonical_mime_type; | |
51 int http_status_code; | |
52 }; | |
53 | |
54 class WEBKIT_CHILD_EXPORT SiteIsolationPolicy { | |
55 public: | |
56 // Register target_type information for identifier which identifies | |
nasko
2013/08/09 19:07:28
nit: |identifier|
dsjang
2013/08/12 22:56:17
Done.
| |
57 // a specific request. In case HTTP redirection happens, this | |
58 // function is called multiple times for the same identifier. We do | |
59 // not depend on target_type to decide if a request is for | |
nasko
2013/08/09 19:07:28
nit: |target_type|
dsjang
2013/08/12 22:56:17
Done.
| |
60 // navigation or not due to the redirection behavior. | |
61 static void WillSendRequest(unsigned identifier, | |
62 WebURLRequest::TargetType target_type); | |
63 | |
64 // Register the header information of the response data. This | |
nasko
2013/08/09 19:07:28
nit: Registers
dsjang
2013/08/12 22:56:17
Done.
| |
65 // function obtains the target_type set by WillSendRequest(). We | |
66 // have to make sure to call either | |
67 // SiteIsolationPolicy::DidFinishResourceLoad(identifier) or | |
68 // SiteIsolationPolicy::DidFinishResourceLoadForURL(response.url()) | |
69 // to free the bookkepping data. TODO(dsjang): There's a possibility | |
nasko
2013/08/09 19:07:28
nit: TODO on new line.
dsjang
2013/08/12 22:56:17
Done.
| |
70 // that two distinct responses (identified by different identifiers) | |
nasko
2013/08/09 19:07:28
What is an example of this? It seems strange enoug
dsjang
2013/08/12 22:56:17
Done.
| |
71 // are from the same url, and this results in overwriting one of the | |
72 // two responses' bookkeeping data. This can deteriorate our UMA | |
73 // data. Even though we expect that this rarely happens, find a way | |
74 // to use identifier throughout the entire HTTP transaction here. | |
75 static void DidReceiveResponse(WebFrame* frame, | |
76 unsigned identifier, | |
77 const WebURLResponse& response); | |
78 | |
79 // Examine the first network packet in case response_url is | |
80 // registered as a cross-site document by DidReceiveResponse(). | |
81 // This records various kinds of UMA data stats. | |
82 static void DidReceiveData(const char* payload, | |
83 int length, | |
84 WebKit::WebURL& response_url); | |
85 | |
86 // TODO(dsjang): Either of the following two functions must be | |
87 // called at the end of the | |
nasko
2013/08/09 19:07:28
nit: combine with next line, too much white space
dsjang
2013/08/12 22:56:17
Done.
| |
88 // transaction. WebURLLoaderImpl::didReceivedData() is not a place | |
89 // where this can be called since it is not guaranteed that the | |
90 // function is called in case of network error. Instead, | |
91 // RenderFrameImpl::didFinishResourceLoad(identifier) and | |
92 // didFailLoad() are used for successful loading and failed loading, | |
93 // respectively. | |
94 static void DidFinishResourceLoad(unsigned identifier); | |
95 | |
96 // This does the same thing as DidFinishResourceLoad(), but accepts | |
97 // response_url. | |
98 static void DidFinishResourceLoadForUrl(const WebKit::WebURL& response_url); | |
99 | |
100 private: | |
101 | |
102 FRIEND_TEST_ALL_PREFIXES(SiteIsolationPolicyTest, IsBlockableScheme); | |
103 FRIEND_TEST_ALL_PREFIXES(SiteIsolationPolicyTest, IsSameSite); | |
104 FRIEND_TEST_ALL_PREFIXES(SiteIsolationPolicyTest, IsValidCorsHeaderSet); | |
105 FRIEND_TEST_ALL_PREFIXES(SiteIsolationPolicyTest, SniffForHTML); | |
106 FRIEND_TEST_ALL_PREFIXES(SiteIsolationPolicyTest, SniffForXML); | |
107 FRIEND_TEST_ALL_PREFIXES(SiteIsolationPolicyTest, SniffForJSON); | |
108 FRIEND_TEST_ALL_PREFIXES(SiteIsolationPolicyTest, SniffForJS); | |
109 | |
110 // Returns the representative mime type enum value of the mime type | |
111 // of response. For example, this returns the same value for all | |
112 // text/xml mime type families such as application/xml, | |
113 // application/rss+xml. | |
114 static ResponseMetaData::CanonicalMimeType GetCanonicalMimeType( | |
115 const WebURLResponse& response); | |
116 | |
117 // Returns whether this scheme is a target of XSDP. This returns | |
Charlie Reis
2013/08/09 18:48:38
Note: we haven't defined XSDP anywhere in the code
nasko
2013/08/09 19:07:28
nit: This is the first time I see XSDP in this fil
dsjang
2013/08/12 22:56:17
Done.
dsjang
2013/08/12 22:56:17
Done.
| |
118 // true only for http://* and https:// urls. | |
119 static bool IsBlockableScheme(const GURL& frame_origin); | |
120 | |
121 // Returns whether the two urls belong to the same sites. | |
122 static bool IsSameSite(const GURL& frame_origin, const GURL& response_url); | |
123 | |
124 // Returns whether there's a valid CORS header for | |
nasko
2013/08/09 19:07:28
nit: Another instance of too much white space at t
dsjang
2013/08/12 22:56:17
Done.
| |
125 // frame_origin. This is simliar to | |
126 // CrossOriginAccessControl::passesAccessControlCheck(), but we use | |
127 // sites as our security domain, not origins. TODO(dsjang): this | |
nasko
2013/08/09 19:07:28
nit: TODO on new line
dsjang
2013/08/12 22:56:17
Done.
| |
128 // must be improved to be more accurate to the actual CORS | |
129 // specification. For now, this works conservatively, allowing XSDs | |
130 // that are not allowed by actual CORS rules by ignoring 1) | |
131 // credentials and 2) methods. Preflight requests don't matter here | |
132 // since they are not used to decide whether to block a document or | |
133 // not on the client side. | |
134 static bool IsValidCorsHeaderSet(GURL& frame_origin, | |
135 GURL& website_origin, | |
136 std::string access_control_origin); | |
137 | |
138 // Returns whether the given frame is nagivating. When this is true, | |
Charlie Reis
2013/08/09 18:48:38
typo: navigating
dsjang
2013/08/12 22:56:17
Done.
| |
139 // the frame is requesting is a web page to be loaded. | |
140 static bool IsFrameNavigating(WebFrame* frame); | |
141 | |
142 static bool SniffForHTML(const char* data, size_t length); | |
143 static bool SniffForXML(const char* data, size_t length); | |
144 static bool SniffForJSON(const char* data, size_t length); | |
145 | |
146 static bool DoSignatureMatching(const char* data, | |
147 size_t length, | |
148 const char* signatures[], | |
149 size_t arr_size); | |
150 | |
151 // TODO(dsjang): this is only needed for collecting UMA stat. | |
nasko
2013/08/09 19:07:28
Is there a reason for the TODO? Are you planning t
dsjang
2013/08/12 22:56:17
They are going to be deleted when deployed to do a
| |
152 static bool SniffForJS(const char* data, size_t length); | |
153 | |
154 // TODO(dsjang): this is only needed for collecting UMA stat. | |
155 static bool IsErrorStatusCode(int status_code); | |
156 | |
157 // Maintain bookkeeping data between WillSendRequest() and | |
158 // DidReceiveResponse(). The key is the identifier of response. | |
159 static std::map<unsigned, WebURLRequest::TargetType> id_target_map_; | |
160 | |
161 // Maintain data between DidReceiveResponse() and DidReceiveData(). | |
162 // The key is the url of response. We can't use identifier anymore | |
163 // from here since that information is no longer available for | |
164 // DidReceiveData(). | |
165 static std::map<std::string, ResponseMetaData> url_responsedata_map_; | |
166 | |
167 // This maps the identifier of a response to the response's | |
168 // url. This is used to free ResponseMetaData in | |
169 // url_responsedata_map_, when DidReceiveData() is never called. | |
170 static std::map<unsigned, std::string> id_url_map_; | |
nasko
2013/08/09 19:07:28
If the second member is URL, why are you storing i
dsjang
2013/08/12 22:56:17
I thought that a string representation is more com
| |
171 | |
172 // Never needs to be constructed/destructed. | |
173 SiteIsolationPolicy() {} | |
174 ~SiteIsolationPolicy() {} | |
175 | |
176 DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicy); | |
177 }; | |
178 | |
179 } // namespace content | |
180 | |
181 #endif // WEBKIT_CHILD_SITE_ISOLATION_POLICY_H_ | |
OLD | NEW |