| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "components/safe_browsing/resource_throttle.h" |
| 6 |
| 7 #include <utility> |
| 8 |
| 9 #include "components/safe_browsing/base_ui_manager.h" |
| 10 #include "components/security_interstitials/content/unsafe_resource.h" |
| 11 #include "content/public/browser/browser_thread.h" |
| 12 #include "content/public/browser/resource_request_info.h" |
| 13 #include "content/public/browser/web_contents.h" |
| 14 #include "net/base/load_flags.h" |
| 15 #include "net/log/net_log_capture_mode.h" |
| 16 #include "net/log/net_log_source.h" |
| 17 #include "net/log/net_log_source_type.h" |
| 18 #include "net/url_request/redirect_info.h" |
| 19 #include "net/url_request/url_request.h" |
| 20 |
| 21 namespace safe_browsing { |
| 22 |
| 23 ResourceThrottle::ResourceThrottle( |
| 24 const net::URLRequest* request, |
| 25 content::ResourceType resource_type, |
| 26 scoped_refptr<SafeBrowsingDatabaseManager> database_manager, |
| 27 scoped_refptr<BaseUIManager> ui_manager, |
| 28 std::unique_ptr<ResourceThrottle::Delegate> delegate) |
| 29 : request_checker_(request, |
| 30 resource_type, |
| 31 std::move(database_manager), |
| 32 std::move(ui_manager), |
| 33 this), |
| 34 delegate_(std::move(delegate)), |
| 35 weak_factory_(this) {} |
| 36 |
| 37 ResourceThrottle::~ResourceThrottle() {} |
| 38 |
| 39 void ResourceThrottle::WillStartRequest(bool* defer) { |
| 40 if (request_checker_.CheckNewRequest() == RequestChecker::DEFER) |
| 41 *defer = true; |
| 42 } |
| 43 |
| 44 void ResourceThrottle::WillProcessResponse(bool* defer) { |
| 45 if (request_checker_.ShouldDeferResponse() == RequestChecker::DEFER) |
| 46 *defer = true; |
| 47 } |
| 48 |
| 49 bool ResourceThrottle::MustProcessResponseBeforeReadingBody() { |
| 50 // On Android, SafeBrowsing may only decide to cancel the request when the |
| 51 // response has been received. Therefore, no part of it should be cached |
| 52 // until this ResourceThrottle has been able to check the response. This |
| 53 // prevents the following scenario: |
| 54 // 1) A request is made for foo.com which has been hacked. |
| 55 // 2) The request is only canceled at WillProcessResponse stage, but part of |
| 56 // it has been cached. |
| 57 // 3) foo.com is no longer hacked and removed from the SafeBrowsing list. |
| 58 // 4) The user requests foo.com, which is not on the SafeBrowsing list. This |
| 59 // is deemed safe. However, the resource is actually served from cache, |
| 60 // using the version that was previously stored. |
| 61 // 5) This results in the user accessing an unsafe resource without being |
| 62 // notified that it's dangerous. |
| 63 // TODO(clamy): Add a browser test that checks this specific scenario. |
| 64 return true; // Harmless when OS != Android |
| 65 } |
| 66 |
| 67 void ResourceThrottle::WillRedirectRequest( |
| 68 const net::RedirectInfo& redirect_info, |
| 69 bool* defer) { |
| 70 if (request_checker_.CheckRedirect(redirect_info.new_url) == |
| 71 RequestChecker::DEFER) { |
| 72 *defer = true; |
| 73 } |
| 74 } |
| 75 |
| 76 const char* ResourceThrottle::GetNameForLogging() const { |
| 77 return "safe_browsing::ResourceThrottle"; |
| 78 } |
| 79 |
| 80 void ResourceThrottle::MaybeDestroyPrerenderContents( |
| 81 const net::URLRequest* request) { |
| 82 delegate_->MaybeDestroyPrerenderContents(request); |
| 83 } |
| 84 |
| 85 RequestChecker::Delegate::WebContentsGetter |
| 86 ResourceThrottle::GetWebContentsGetterForRequest( |
| 87 const net::URLRequest* request) const { |
| 88 const auto* info = content::ResourceRequestInfo::ForRequest(request); |
| 89 DCHECK(info); |
| 90 return info->GetWebContentsGetterForRequest(); |
| 91 } |
| 92 |
| 93 void ResourceThrottle::StartDisplayingBlockingPage( |
| 94 const security_interstitials::UnsafeResource& resource, |
| 95 scoped_refptr<BaseUIManager> ui_manager) { |
| 96 delegate_->StartDisplayingBlockingPage( |
| 97 resource, std::move(ui_manager), |
| 98 base::BindOnce(&ResourceThrottle::Cancel, weak_factory_.GetWeakPtr())); |
| 99 } |
| 100 |
| 101 void ResourceThrottle::CancelResourceLoad() { |
| 102 Cancel(); |
| 103 } |
| 104 |
| 105 void ResourceThrottle::ResumeResourceRequest() { |
| 106 Resume(); |
| 107 } |
| 108 |
| 109 } // namespace safe_browsing |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2876473003:
[ABANDONED] [WIP] Refactor SafeBrowsingResourceThrottle in preparation for WebSocket (Closed)
