Chromium Code Reviews Chromium Code Reviews
Issue 2727633005:
PlzNavigate: Enforce frame-src CSP on the browser. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_BROWSER_FRAME_HOST_RENDER_FRAME_HOST_IMPL_H_ | 5 #ifndef CONTENT_BROWSER_FRAME_HOST_RENDER_FRAME_HOST_IMPL_H_ |
| 6 #define CONTENT_BROWSER_FRAME_HOST_RENDER_FRAME_HOST_IMPL_H_ | 6 #define CONTENT_BROWSER_FRAME_HOST_RENDER_FRAME_HOST_IMPL_H_ |
| 7 | 7 |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 23 #include "base/time/time.h" | 23 #include "base/time/time.h" |
| 24 #include "build/build_config.h" | 24 #include "build/build_config.h" |
| 25 #include "content/browser/accessibility/browser_accessibility_manager.h" | 25 #include "content/browser/accessibility/browser_accessibility_manager.h" |
| 26 #include "content/browser/bad_message.h" | 26 #include "content/browser/bad_message.h" |
| 27 #include "content/browser/loader/global_routing_id.h" | 27 #include "content/browser/loader/global_routing_id.h" |
| 28 #include "content/browser/site_instance_impl.h" | 28 #include "content/browser/site_instance_impl.h" |
| 29 #include "content/browser/webui/web_ui_impl.h" | 29 #include "content/browser/webui/web_ui_impl.h" |
| 30 #include "content/common/accessibility_mode_enums.h" | 30 #include "content/common/accessibility_mode_enums.h" |
| 31 #include "content/common/ax_content_node_data.h" | 31 #include "content/common/ax_content_node_data.h" |
| 32 #include "content/common/content_export.h" | 32 #include "content/common/content_export.h" |
| 33 #include "content/common/content_security_policy/content_security_policy.h" | 33 #include "content/common/content_security_policy/csp_context.h" |
| 34 #include "content/common/download/mhtml_save_status.h" | 34 #include "content/common/download/mhtml_save_status.h" |
| 35 #include "content/common/frame.mojom.h" | 35 #include "content/common/frame.mojom.h" |
| 36 #include "content/common/frame_message_enums.h" | 36 #include "content/common/frame_message_enums.h" |
| 37 #include "content/common/frame_replication_state.h" | 37 #include "content/common/frame_replication_state.h" |
| 38 #include "content/common/image_downloader/image_downloader.mojom.h" | 38 #include "content/common/image_downloader/image_downloader.mojom.h" |
| 39 #include "content/common/navigation_params.h" | 39 #include "content/common/navigation_params.h" |
| 40 #include "content/public/browser/render_frame_host.h" | 40 #include "content/public/browser/render_frame_host.h" |
| 41 #include "content/public/common/javascript_dialog_type.h" | 41 #include "content/public/common/javascript_dialog_type.h" |
| 42 #include "content/public/common/previews_state.h" | 42 #include "content/public/common/previews_state.h" |
| 43 #include "media/mojo/interfaces/interface_factory.mojom.h" | 43 #include "media/mojo/interfaces/interface_factory.mojom.h" |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 108 namespace mojom { | 108 namespace mojom { |
| 109 class CreateNewWindowParams; | 109 class CreateNewWindowParams; |
| 110 } | 110 } |
| 111 | 111 |
| 112 class CONTENT_EXPORT RenderFrameHostImpl | 112 class CONTENT_EXPORT RenderFrameHostImpl |
| 113 : public RenderFrameHost, | 113 : public RenderFrameHost, |
| 114 NON_EXPORTED_BASE(public mojom::FrameHost), | 114 NON_EXPORTED_BASE(public mojom::FrameHost), |
| 115 public BrowserAccessibilityDelegate, | 115 public BrowserAccessibilityDelegate, |
| 116 public SiteInstanceImpl::Observer, | 116 public SiteInstanceImpl::Observer, |
| 117 public NON_EXPORTED_BASE( | 117 public NON_EXPORTED_BASE( |
| 118 service_manager::InterfaceFactory<media::mojom::InterfaceFactory>) { | 118 service_manager::InterfaceFactory<media::mojom::InterfaceFactory>), |
| 119 public CSPContext { | |
| 119 public: | 120 public: |
| 120 using AXTreeSnapshotCallback = | 121 using AXTreeSnapshotCallback = |
| 121 base::Callback<void( | 122 base::Callback<void( |
| 122 const ui::AXTreeUpdate&)>; | 123 const ui::AXTreeUpdate&)>; |
| 123 using SmartClipCallback = base::Callback<void(const base::string16& text, | 124 using SmartClipCallback = base::Callback<void(const base::string16& text, |
| 124 const base::string16& html)>; | 125 const base::string16& html)>; |
| 125 | 126 |
| 126 // An accessibility reset is only allowed to prevent very rare corner cases | 127 // An accessibility reset is only allowed to prevent very rare corner cases |
| 127 // or race conditions where the browser and renderer get out of sync. If | 128 // or race conditions where the browser and renderer get out of sync. If |
| 128 // this happens more than this many times, kill the renderer. | 129 // this happens more than this many times, kill the renderer. |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 201 gfx::Rect AccessibilityGetViewBounds() const override; | 202 gfx::Rect AccessibilityGetViewBounds() const override; |
| 202 gfx::Point AccessibilityOriginInScreen( | 203 gfx::Point AccessibilityOriginInScreen( |
| 203 const gfx::Rect& bounds) const override; | 204 const gfx::Rect& bounds) const override; |
| 204 void AccessibilityFatalError() override; | 205 void AccessibilityFatalError() override; |
| 205 gfx::AcceleratedWidget AccessibilityGetAcceleratedWidget() override; | 206 gfx::AcceleratedWidget AccessibilityGetAcceleratedWidget() override; |
| 206 gfx::NativeViewAccessible AccessibilityGetNativeViewAccessible() override; | 207 gfx::NativeViewAccessible AccessibilityGetNativeViewAccessible() override; |
| 207 | 208 |
| 208 // SiteInstanceImpl::Observer | 209 // SiteInstanceImpl::Observer |
| 209 void RenderProcessGone(SiteInstanceImpl* site_instance) override; | 210 void RenderProcessGone(SiteInstanceImpl* site_instance) override; |
| 210 | 211 |
| 212 // CSPContext | |
| 213 void LogToConsole(const std::string& message) override; | |
| 214 void ReportContentSecurityPolicyViolation( | |
| 215 const CSPViolationParams& violation_params) override; | |
| 216 bool SchemeShouldBypassCSP(const base::StringPiece& scheme) override; | |
| 217 | |
| 211 // Creates a RenderFrame in the renderer process. | 218 // Creates a RenderFrame in the renderer process. |
| 212 bool CreateRenderFrame(int proxy_routing_id, | 219 bool CreateRenderFrame(int proxy_routing_id, |
| 213 int opener_routing_id, | 220 int opener_routing_id, |
| 214 int parent_routing_id, | 221 int parent_routing_id, |
| 215 int previous_sibling_routing_id); | 222 int previous_sibling_routing_id); |
| 216 | 223 |
| 217 // Tracks whether the RenderFrame for this RenderFrameHost has been created in | 224 // Tracks whether the RenderFrame for this RenderFrameHost has been created in |
| 218 // the renderer process. This is currently only used for subframes. | 225 // the renderer process. This is currently only used for subframes. |
| 219 // TODO(creis): Use this for main frames as well when RVH goes away. | 226 // TODO(creis): Use this for main frames as well when RVH goes away. |
| 220 void SetRenderFrameCreated(bool created); | 227 void SetRenderFrameCreated(bool created); |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 262 // The most recent non-net-error URL to commit in this frame. In almost all | 269 // The most recent non-net-error URL to commit in this frame. In almost all |
| 263 // cases, use GetLastCommittedURL instead. | 270 // cases, use GetLastCommittedURL instead. |
| 264 const GURL& last_successful_url() { return last_successful_url_; } | 271 const GURL& last_successful_url() { return last_successful_url_; } |
| 265 void set_last_successful_url(const GURL& url) { | 272 void set_last_successful_url(const GURL& url) { |
| 266 last_successful_url_ = url; | 273 last_successful_url_ = url; |
| 267 } | 274 } |
| 268 | 275 |
| 269 // Update this frame's last committed origin. | 276 // Update this frame's last committed origin. |
| 270 void set_last_committed_origin(const url::Origin& origin) { | 277 void set_last_committed_origin(const url::Origin& origin) { |
| 271 last_committed_origin_ = origin; | 278 last_committed_origin_ = origin; |
| 279 CSPContext::SetSelf(origin); | |
|
nasko
2017/03/03 23:04:23
Calling this here means that this method is no lon
arthursonzogni
2017/03/06 15:10:12
Done.
| |
| 272 } | 280 } |
| 273 | 281 |
| 274 // Returns the associated WebUI or null if none applies. | 282 // Returns the associated WebUI or null if none applies. |
| 275 WebUIImpl* web_ui() const { return web_ui_.get(); } | 283 WebUIImpl* web_ui() const { return web_ui_.get(); } |
| 276 | 284 |
| 277 // Returns the pending WebUI, or null if none applies. | 285 // Returns the pending WebUI, or null if none applies. |
| 278 WebUIImpl* pending_web_ui() const { | 286 WebUIImpl* pending_web_ui() const { |
| 279 return should_reuse_web_ui_ ? web_ui_.get() : pending_web_ui_.get(); | 287 return should_reuse_web_ui_ ? web_ui_.get() : pending_web_ui_.get(); |
| 280 } | 288 } |
| 281 | 289 |
| (...skipping 847 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1129 | 1137 |
| 1130 // NOTE: This must be the last member. | 1138 // NOTE: This must be the last member. |
| 1131 base::WeakPtrFactory<RenderFrameHostImpl> weak_ptr_factory_; | 1139 base::WeakPtrFactory<RenderFrameHostImpl> weak_ptr_factory_; |
| 1132 | 1140 |
| 1133 DISALLOW_COPY_AND_ASSIGN(RenderFrameHostImpl); | 1141 DISALLOW_COPY_AND_ASSIGN(RenderFrameHostImpl); |
| 1134 }; | 1142 }; |
| 1135 | 1143 |
| 1136 } // namespace content | 1144 } // namespace content |
| 1137 | 1145 |
| 1138 #endif // CONTENT_BROWSER_FRAME_HOST_RENDER_FRAME_HOST_IMPL_H_ | 1146 #endif // CONTENT_BROWSER_FRAME_HOST_RENDER_FRAME_HOST_IMPL_H_ |
| OLD | NEW |
