content/common/frame_replication_state.h - Issue 692973005: Pass origin information for remote frame creation.

Side by Side Diff: content/common/frame_replication_state.h

Issue 692973005: Pass origin information for remote frame creation. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 6 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2014 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef CONTENT_FRAME_REPLICATION_STATE_H_

	6 #define CONTENT_FRAME_REPLICATION_STATE_H_

	7

	8 #include "content/common/content_export.h"

	9 #include "url/origin.h"

	10

	11 namespace content {

	12

	13 // This structure holds information that needs to be replicated from a local
	Charlie Reis 2014/11/13 18:00:58 Let's use the content names for LocalFrame and Rem Let's use the content names for LocalFrame and RemoteFrame here: RenderFrame / RenderFrameProxies. alexmos 2014/11/18 18:25:32 Done. Show quoted text On 2014/11/13 18:00:58, Charlie Reis wrote: > Let's use the content names for LocalFrame and RemoteFrame here: RenderFrame / > RenderFrameProxies. Done.
	14 // frame to any of its associated remote frames.

	15 struct CONTENT_EXPORT FrameReplicationState {

	16 FrameReplicationState();

	17 ~FrameReplicationState();

	18

	19 // Current security origin of the frame (can be empty for unique origins).

	20 url::Origin origin;
	alexmos 2014/11/12 00:05:47 Is using url::Origin the right thing here? Althou Is using url::Origin the right thing here? Although it emphasizes that this is an origin rather than any URL, it's also inflexible (can't extract parts of origin, can't properly support unique origins which is why I have the flag for that below, doesn't have canAccess which we will need in the future). A GURL could be slightly better, though it still won't handle unique origins. blink::WebSecurityOrigin may be even better, but I don't know if it's allowed to use that here. Thoughts? Charlie Reis 2014/11/13 18:00:58 Hmm, I agree that url::Origin seems a bit limited Show quoted text On 2014/11/12 00:05:47, alexmos wrote: > Is using url::Origin the right thing here? Although it emphasizes that this is > an origin rather than any URL, it's also inflexible (can't extract parts of > origin, can't properly support unique origins which is why I have the flag for > that below, doesn't have canAccess which we will need in the future). A GURL > could be slightly better, though it still won't handle unique origins. > blink::WebSecurityOrigin may be even better, but I don't know if it's allowed to > use that here. Thoughts? Hmm, I agree that url::Origin seems a bit limited for our needs, but we generally can't use arbitrary Blink classes outside the renderer process. I've seen WebSecurityOrigin discussed in the past (e.g., on https://codereview.chromium.org/452013002/), so I'm pretty sure we won't be able to use that. Let's discuss options a bit more in person. alexmos 2014/11/18 18:25:32 After our discussion, and reading the discussion o Show quoted text On 2014/11/13 18:00:58, Charlie Reis wrote: > On 2014/11/12 00:05:47, alexmos wrote: > > Is using url::Origin the right thing here? Although it emphasizes that this > is > > an origin rather than any URL, it's also inflexible (can't extract parts of > > origin, can't properly support unique origins which is why I have the flag for > > that below, doesn't have canAccess which we will need in the future). A GURL > > could be slightly better, though it still won't handle unique origins. > > blink::WebSecurityOrigin may be even better, but I don't know if it's allowed > to > > use that here. Thoughts? > > Hmm, I agree that url::Origin seems a bit limited for our needs, but we > generally can't use arbitrary Blink classes outside the renderer process. I've > seen WebSecurityOrigin discussed in the past (e.g., on > https://codereview.chromium.org/452013002/), so I'm pretty sure we won't be able > to use that. > > Let's discuss options a bit more in person. After our discussion, and reading the discussion on the CL for adding url::Origin (https://codereview.chromium.org/170843007/), I'm keeping it as an url::Origin for now. Short-term, I think the browser process can just see this as an opaque serialized origin, and let Blink handle serialization and deserialization. This works fine for unique origins as well (which use the string "null" per RFC 6454), so we don't need the is_unique_origin flag. We will need to start beefing up url::Origin (or switch to a richer class) once the browser process is ready to start interpreting/verifying this origin, which as I understand is not very soon. Still worth checking on plans for url::Origin with tsepez@ and abarth@, but I don't think it's blocking this.
	21

	22 // Whether the origin is unique.

	23 bool is_unique_origin;

	24

	25 // TODO(alexmos): Add other properties of SecurityOrigins, such as

	26 // SandboxFlags. Eventually, this structure can also hold other state that

	27 // needs to be replicated, such as frame sizing info.

	28 };

	29

	30 } // namespace content

	31

	32 #endif // CONTENT_FRAME_REPLICATION_STATE_H_

OLD	NEW

« content/common/frame_messages.h ('K') | « content/common/frame_messages.h ('k') | content/common/frame_replication_state.cc » ('j') | content/common/view_messages.h » ('J')