Chromium Code Reviews Chromium Code Reviews
Issue 613733002:
Enabled CORS for chrome://resources. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/webui/url_data_manager_backend.h" | 5 #include "content/browser/webui/url_data_manager_backend.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 | 8 |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 83 void URLToRequestPath(const GURL& url, std::string* path) { | 83 void URLToRequestPath(const GURL& url, std::string* path) { |
| 84 const std::string& spec = url.possibly_invalid_spec(); | 84 const std::string& spec = url.possibly_invalid_spec(); |
| 85 const url::Parsed& parsed = url.parsed_for_possibly_invalid_spec(); | 85 const url::Parsed& parsed = url.parsed_for_possibly_invalid_spec(); |
| 86 // + 1 to skip the slash at the beginning of the path. | 86 // + 1 to skip the slash at the beginning of the path. |
| 87 int offset = parsed.CountCharactersBefore(url::Parsed::PATH, false) + 1; | 87 int offset = parsed.CountCharactersBefore(url::Parsed::PATH, false) + 1; |
| 88 | 88 |
| 89 if (offset < static_cast<int>(spec.size())) | 89 if (offset < static_cast<int>(spec.size())) |
| 90 path->assign(spec.substr(offset)); | 90 path->assign(spec.substr(offset)); |
| 91 } | 91 } |
| 92 | 92 |
| 93 // Returns a value of 'Origin:' header for the |request| if the header is set. | |
| 94 // Otherwise returns an empty string. | |
| 95 std::string GetOriginHeaderValue(const net::URLRequest* request) { | |
| 96 std::string result; | |
| 97 if (request->extra_request_headers().GetHeader( | |
| 98 net::HttpRequestHeaders::kOrigin, &result)) | |
| 99 return result; | |
| 100 net::HttpRequestHeaders headers; | |
| 101 if (request->GetFullRequestHeaders(&headers) && | |
| 102 headers.GetHeader(net::HttpRequestHeaders::kOrigin, &result)) | |
| 103 return result; | |
| 104 return result; | |
| 105 } | |
| 106 | |
| 93 } // namespace | 107 } // namespace |
| 94 | 108 |
| 95 // URLRequestChromeJob is a net::URLRequestJob that manages running | 109 // URLRequestChromeJob is a net::URLRequestJob that manages running |
| 96 // chrome-internal resource requests asynchronously. | 110 // chrome-internal resource requests asynchronously. |
| 97 // It hands off URL requests to ChromeURLDataManager, which asynchronously | 111 // It hands off URL requests to ChromeURLDataManager, which asynchronously |
| 98 // calls back once the data is available. | 112 // calls back once the data is available. |
| 99 class URLRequestChromeJob : public net::URLRequestJob, | 113 class URLRequestChromeJob : public net::URLRequestJob, |
| 100 public base::SupportsWeakPtr<URLRequestChromeJob> { | 114 public base::SupportsWeakPtr<URLRequestChromeJob> { |
| 101 public: | 115 public: |
| 102 // |is_incognito| set when job is generated from an incognito profile. | 116 // |is_incognito| set when job is generated from an incognito profile. |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 145 } | 159 } |
| 146 | 160 |
| 147 void set_deny_xframe_options(bool deny_xframe_options) { | 161 void set_deny_xframe_options(bool deny_xframe_options) { |
| 148 deny_xframe_options_ = deny_xframe_options; | 162 deny_xframe_options_ = deny_xframe_options; |
| 149 } | 163 } |
| 150 | 164 |
| 151 void set_send_content_type_header(bool send_content_type_header) { | 165 void set_send_content_type_header(bool send_content_type_header) { |
| 152 send_content_type_header_ = send_content_type_header; | 166 send_content_type_header_ = send_content_type_header; |
| 153 } | 167 } |
| 154 | 168 |
| 169 void set_access_control_allow_origin_header(const std::string& value) { | |
|
Tom Sepez
2014/10/03 17:02:45
Nit: we're actually setting the value for the head
dzhioev (left Google)
2014/10/03 19:55:07
I ended up with "set_access_control_allow_origin"
| |
| 170 access_control_allow_origin_ = value; | |
| 171 } | |
| 172 | |
| 155 // Returns true when job was generated from an incognito profile. | 173 // Returns true when job was generated from an incognito profile. |
| 156 bool is_incognito() const { | 174 bool is_incognito() const { |
| 157 return is_incognito_; | 175 return is_incognito_; |
| 158 } | 176 } |
| 159 | 177 |
| 160 private: | 178 private: |
| 161 virtual ~URLRequestChromeJob(); | 179 virtual ~URLRequestChromeJob(); |
| 162 | 180 |
| 163 // Helper for Start(), to let us start asynchronously. | 181 // Helper for Start(), to let us start asynchronously. |
| 164 // (This pattern is shared by most net::URLRequestJob implementations.) | 182 // (This pattern is shared by most net::URLRequestJob implementations.) |
| (...skipping 30 matching lines...) Expand all Loading... | |
| 195 // These are used with the CSP. | 213 // These are used with the CSP. |
| 196 std::string content_security_policy_object_source_; | 214 std::string content_security_policy_object_source_; |
| 197 std::string content_security_policy_frame_source_; | 215 std::string content_security_policy_frame_source_; |
| 198 | 216 |
| 199 // If true, sets the "X-Frame-Options: DENY" header. | 217 // If true, sets the "X-Frame-Options: DENY" header. |
| 200 bool deny_xframe_options_; | 218 bool deny_xframe_options_; |
| 201 | 219 |
| 202 // If true, sets the "Content-Type: <mime-type>" header. | 220 // If true, sets the "Content-Type: <mime-type>" header. |
| 203 bool send_content_type_header_; | 221 bool send_content_type_header_; |
| 204 | 222 |
| 223 // If not empty, "Access-Control-Allow-Origin:" is set to the value of this | |
| 224 // string. | |
| 225 std::string access_control_allow_origin_; | |
| 226 | |
| 205 // True when job is generated from an incognito profile. | 227 // True when job is generated from an incognito profile. |
| 206 const bool is_incognito_; | 228 const bool is_incognito_; |
| 207 | 229 |
| 208 // The backend is owned by net::URLRequestContext and always outlives us. | 230 // The backend is owned by net::URLRequestContext and always outlives us. |
| 209 URLDataManagerBackend* backend_; | 231 URLDataManagerBackend* backend_; |
| 210 | 232 |
| 211 base::WeakPtrFactory<URLRequestChromeJob> weak_factory_; | 233 base::WeakPtrFactory<URLRequestChromeJob> weak_factory_; |
| 212 | 234 |
| 213 DISALLOW_COPY_AND_ASSIGN(URLRequestChromeJob); | 235 DISALLOW_COPY_AND_ASSIGN(URLRequestChromeJob); |
| 214 }; | 236 }; |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 286 | 308 |
| 287 if (!allow_caching_) | 309 if (!allow_caching_) |
| 288 info->headers->AddHeader("Cache-Control: no-cache"); | 310 info->headers->AddHeader("Cache-Control: no-cache"); |
| 289 | 311 |
| 290 if (send_content_type_header_ && !mime_type_.empty()) { | 312 if (send_content_type_header_ && !mime_type_.empty()) { |
| 291 std::string content_type = | 313 std::string content_type = |
| 292 base::StringPrintf("%s:%s", net::HttpRequestHeaders::kContentType, | 314 base::StringPrintf("%s:%s", net::HttpRequestHeaders::kContentType, |
| 293 mime_type_.c_str()); | 315 mime_type_.c_str()); |
| 294 info->headers->AddHeader(content_type); | 316 info->headers->AddHeader(content_type); |
| 295 } | 317 } |
| 318 | |
| 319 if (!access_control_allow_origin_.empty()) { | |
| 320 info->headers->AddHeader("Access-Control-Allow-Origin: " + | |
| 321 access_control_allow_origin_); | |
| 322 info->headers->AddHeader("Vary: Origin"); | |
| 323 } | |
| 296 } | 324 } |
| 297 | 325 |
| 298 void URLRequestChromeJob::MimeTypeAvailable(const std::string& mime_type) { | 326 void URLRequestChromeJob::MimeTypeAvailable(const std::string& mime_type) { |
| 299 set_mime_type(mime_type); | 327 set_mime_type(mime_type); |
| 300 NotifyHeadersComplete(); | 328 NotifyHeadersComplete(); |
| 301 } | 329 } |
| 302 | 330 |
| 303 void URLRequestChromeJob::DataAvailable(base::RefCountedMemory* bytes) { | 331 void URLRequestChromeJob::DataAvailable(base::RefCountedMemory* bytes) { |
| 304 TRACE_EVENT_ASYNC_END0("browser", "DataManager:Request", this); | 332 TRACE_EVENT_ASYNC_END0("browser", "DataManager:Request", this); |
| 305 if (bytes) { | 333 if (bytes) { |
| (...skipping 265 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 571 source->source()->ShouldAddContentSecurityPolicy()); | 599 source->source()->ShouldAddContentSecurityPolicy()); |
| 572 job->set_content_security_policy_object_source( | 600 job->set_content_security_policy_object_source( |
| 573 source->source()->GetContentSecurityPolicyObjectSrc()); | 601 source->source()->GetContentSecurityPolicyObjectSrc()); |
| 574 job->set_content_security_policy_frame_source( | 602 job->set_content_security_policy_frame_source( |
| 575 source->source()->GetContentSecurityPolicyFrameSrc()); | 603 source->source()->GetContentSecurityPolicyFrameSrc()); |
| 576 job->set_deny_xframe_options( | 604 job->set_deny_xframe_options( |
| 577 source->source()->ShouldDenyXFrameOptions()); | 605 source->source()->ShouldDenyXFrameOptions()); |
| 578 job->set_send_content_type_header( | 606 job->set_send_content_type_header( |
| 579 source->source()->ShouldServeMimeTypeAsContentTypeHeader()); | 607 source->source()->ShouldServeMimeTypeAsContentTypeHeader()); |
| 580 | 608 |
| 609 std::string origin = GetOriginHeaderValue(request); | |
| 610 if (!origin.empty()) { | |
| 611 std::string header = | |
| 612 source->source()->GetAccessControlAllowOriginHeaderForOrigin(origin); | |
| 613 DCHECK(header.empty() || header == origin || header == "*" || | |
| 614 header == "null"); | |
| 615 job->set_access_control_allow_origin_header(header); | |
| 616 } | |
| 617 | |
| 581 // Look up additional request info to pass down. | 618 // Look up additional request info to pass down. |
| 582 int render_process_id = -1; | 619 int render_process_id = -1; |
| 583 int render_frame_id = -1; | 620 int render_frame_id = -1; |
| 584 ResourceRequestInfo::GetRenderFrameForRequest(request, | 621 ResourceRequestInfo::GetRenderFrameForRequest(request, |
| 585 &render_process_id, | 622 &render_process_id, |
| 586 &render_frame_id); | 623 &render_frame_id); |
| 587 | 624 |
| 588 // Forward along the request to the data source. | 625 // Forward along the request to the data source. |
| 589 base::MessageLoop* target_message_loop = | 626 base::MessageLoop* target_message_loop = |
| 590 source->source()->MessageLoopForRequestPath(path); | 627 source->source()->MessageLoopForRequestPath(path); |
| (...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 730 | 767 |
| 731 } // namespace | 768 } // namespace |
| 732 | 769 |
| 733 net::URLRequestJobFactory::ProtocolHandler* | 770 net::URLRequestJobFactory::ProtocolHandler* |
| 734 CreateDevToolsProtocolHandler(content::ResourceContext* resource_context, | 771 CreateDevToolsProtocolHandler(content::ResourceContext* resource_context, |
| 735 bool is_incognito) { | 772 bool is_incognito) { |
| 736 return new DevToolsJobFactory(resource_context, is_incognito); | 773 return new DevToolsJobFactory(resource_context, is_incognito); |
| 737 } | 774 } |
| 738 | 775 |
| 739 } // namespace content | 776 } // namespace content |
| OLD | NEW |
