chrome_resource_dispatcher_host_delegate.cc revision d8f2b4b00825da44f52b775a415bc945dcd54811
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.h" 6 7#include <string> 8 9#include "base/base64.h" 10#include "base/logging.h" 11#include "chrome/browser/browser_process.h" 12#include "chrome/browser/chrome_notification_types.h" 13#include "chrome/browser/component_updater/component_updater_service.h" 14#include "chrome/browser/component_updater/pnacl/pnacl_component_installer.h" 15#include "chrome/browser/content_settings/host_content_settings_map.h" 16#include "chrome/browser/download/download_request_limiter.h" 17#include "chrome/browser/download/download_resource_throttle.h" 18#include "chrome/browser/extensions/api/streams_private/streams_private_api.h" 19#include "chrome/browser/extensions/extension_renderer_state.h" 20#include "chrome/browser/extensions/user_script_listener.h" 21#include "chrome/browser/external_protocol/external_protocol_handler.h" 22#include "chrome/browser/google/google_util.h" 23#include "chrome/browser/metrics/variations/variations_http_header_provider.h" 24#include "chrome/browser/net/resource_prefetch_predictor_observer.h" 25#include "chrome/browser/prefetch/prefetch_field_trial.h" 26#include "chrome/browser/prerender/prerender_manager.h" 27#include "chrome/browser/prerender/prerender_pending_swap_throttle.h" 28#include "chrome/browser/prerender/prerender_resource_throttle.h" 29#include "chrome/browser/prerender/prerender_tracker.h" 30#include "chrome/browser/prerender/prerender_util.h" 31#include "chrome/browser/profiles/profile.h" 32#include "chrome/browser/profiles/profile_io_data.h" 33#include "chrome/browser/renderer_host/chrome_url_request_user_data.h" 34#include "chrome/browser/renderer_host/safe_browsing_resource_throttle_factory.h" 35#include "chrome/browser/safe_browsing/safe_browsing_service.h" 36#include "chrome/browser/signin/signin_header_helper.h" 37#include "chrome/browser/ui/auto_login_prompter.h" 38#include "chrome/browser/ui/login/login_prompt.h" 39#include "chrome/browser/ui/sync/one_click_signin_helper.h" 40#include "chrome/common/extensions/extension_constants.h" 41#include "chrome/common/extensions/mime_types_handler.h" 42#include "chrome/common/render_messages.h" 43#include "content/public/browser/browser_thread.h" 44#include "content/public/browser/notification_service.h" 45#include "content/public/browser/render_process_host.h" 46#include "content/public/browser/render_view_host.h" 47#include "content/public/browser/resource_context.h" 48#include "content/public/browser/resource_dispatcher_host.h" 49#include "content/public/browser/resource_request_info.h" 50#include "content/public/browser/stream_handle.h" 51#include "content/public/common/resource_response.h" 52#include "extensions/browser/info_map.h" 53#include "extensions/common/constants.h" 54#include "extensions/common/user_script.h" 55#include "net/base/load_flags.h" 56#include "net/base/load_timing_info.h" 57#include "net/base/request_priority.h" 58#include "net/http/http_response_headers.h" 59#include "net/url_request/url_request.h" 60 61#if defined(ENABLE_CONFIGURATION_POLICY) 62#include "components/policy/core/common/cloud/policy_header_io_helper.h" 63#endif 64 65#if defined(ENABLE_MANAGED_USERS) 66#include "chrome/browser/managed_mode/managed_mode_resource_throttle.h" 67#endif 68 69#if defined(USE_SYSTEM_PROTOBUF) 70#include <google/protobuf/repeated_field.h> 71#else 72#include "third_party/protobuf/src/google/protobuf/repeated_field.h" 73#endif 74 75#if defined(OS_ANDROID) 76#include "chrome/browser/android/intercept_download_resource_throttle.h" 77#include "components/navigation_interception/intercept_navigation_delegate.h" 78#else 79#include "chrome/browser/apps/app_url_redirector.h" 80#endif 81 82#if defined(OS_CHROMEOS) 83#include "chrome/browser/chromeos/login/merge_session_throttle.h" 84// TODO(oshima): Enable this for other platforms. 85#include "chrome/browser/renderer_host/offline_resource_throttle.h" 86#endif 87 88using content::BrowserThread; 89using content::RenderViewHost; 90using content::ResourceDispatcherHostLoginDelegate; 91using content::ResourceRequestInfo; 92using extensions::Extension; 93using extensions::StreamsPrivateAPI; 94 95#if defined(OS_ANDROID) 96using navigation_interception::InterceptNavigationDelegate; 97#endif 98 99namespace { 100 101void NotifyDownloadInitiatedOnUI(int render_process_id, int render_view_id) { 102 RenderViewHost* rvh = RenderViewHost::FromID(render_process_id, 103 render_view_id); 104 if (!rvh) 105 return; 106 107 content::NotificationService::current()->Notify( 108 chrome::NOTIFICATION_DOWNLOAD_INITIATED, 109 content::Source<RenderViewHost>(rvh), 110 content::NotificationService::NoDetails()); 111} 112 113#if !defined(OS_ANDROID) 114// Goes through the extension's file browser handlers and checks if there is one 115// that can handle the |mime_type|. 116// |extension| must not be NULL. 117bool ExtensionCanHandleMimeType(const Extension* extension, 118 const std::string& mime_type) { 119 MimeTypesHandler* handler = MimeTypesHandler::GetHandler(extension); 120 if (!handler) 121 return false; 122 123 return handler->CanHandleMIMEType(mime_type); 124} 125 126void SendExecuteMimeTypeHandlerEvent(scoped_ptr<content::StreamHandle> stream, 127 int64 expected_content_size, 128 int render_process_id, 129 int render_view_id, 130 const std::string& extension_id) { 131 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); 132 133 content::RenderViewHost* render_view_host = 134 content::RenderViewHost::FromID(render_process_id, render_view_id); 135 if (!render_view_host) 136 return; 137 138 content::WebContents* web_contents = 139 content::WebContents::FromRenderViewHost(render_view_host); 140 if (!web_contents) 141 return; 142 143 content::BrowserContext* browser_context = web_contents->GetBrowserContext(); 144 if (!browser_context) 145 return; 146 147 Profile* profile = Profile::FromBrowserContext(browser_context); 148 if (!profile) 149 return; 150 151 StreamsPrivateAPI* streams_private = StreamsPrivateAPI::Get(profile); 152 if (!streams_private) 153 return; 154 streams_private->ExecuteMimeTypeHandler( 155 extension_id, web_contents, stream.Pass(), expected_content_size); 156} 157#endif // !defined(OS_ANDROID) 158 159void AppendComponentUpdaterThrottles( 160 net::URLRequest* request, 161 content::ResourceContext* resource_context, 162 ResourceType::Type resource_type, 163 ScopedVector<content::ResourceThrottle>* throttles) { 164 const char* crx_id = NULL; 165 ComponentUpdateService* cus = g_browser_process->component_updater(); 166 if (!cus) 167 return; 168 // Check for PNaCl pexe request. 169 if (resource_type == ResourceType::OBJECT) { 170 const net::HttpRequestHeaders& headers = request->extra_request_headers(); 171 std::string accept_headers; 172 if (headers.GetHeader("Accept", &accept_headers)) { 173 if (accept_headers.find("application/x-pnacl") != std::string::npos && 174 pnacl::NeedsOnDemandUpdate()) 175 crx_id = "hnimpnehoodheedghdeeijklkeaacbdc"; 176 } 177 } 178 179 if (crx_id) { 180 // We got a component we need to install, so throttle the resource 181 // until the component is installed. 182 throttles->push_back(cus->GetOnDemandResourceThrottle(request, crx_id)); 183 } 184} 185 186} // end namespace 187 188ChromeResourceDispatcherHostDelegate::ChromeResourceDispatcherHostDelegate( 189 prerender::PrerenderTracker* prerender_tracker) 190 : download_request_limiter_(g_browser_process->download_request_limiter()), 191 safe_browsing_(g_browser_process->safe_browsing_service()), 192 user_script_listener_(new extensions::UserScriptListener()), 193 prerender_tracker_(prerender_tracker) { 194} 195 196ChromeResourceDispatcherHostDelegate::~ChromeResourceDispatcherHostDelegate() { 197} 198 199bool ChromeResourceDispatcherHostDelegate::ShouldBeginRequest( 200 int child_id, 201 int route_id, 202 const std::string& method, 203 const GURL& url, 204 ResourceType::Type resource_type, 205 content::ResourceContext* resource_context) { 206 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); 207 208 // Handle a PREFETCH resource type. If prefetch is disabled, squelch the 209 // request. Otherwise, do a normal request to warm the cache. 210 if (resource_type == ResourceType::PREFETCH) { 211 // All PREFETCH requests should be GETs, but be defensive about it. 212 if (method != "GET") 213 return false; 214 215 // If prefetch is disabled, kill the request. 216 if (!prefetch::IsPrefetchEnabled()) 217 return false; 218 } 219 220 return true; 221} 222 223void ChromeResourceDispatcherHostDelegate::RequestBeginning( 224 net::URLRequest* request, 225 content::ResourceContext* resource_context, 226 appcache::AppCacheService* appcache_service, 227 ResourceType::Type resource_type, 228 int child_id, 229 int route_id, 230 ScopedVector<content::ResourceThrottle>* throttles) { 231 ChromeURLRequestUserData* user_data = 232 ChromeURLRequestUserData::Create(request); 233 bool is_prerendering = prerender_tracker_->IsPrerenderingOnIOThread( 234 child_id, route_id); 235 if (is_prerendering) { 236 user_data->set_is_prerender(true); 237 // Requests with the IGNORE_LIMITS flag set (i.e., sync XHRs) 238 // should remain at MAXIMUM_PRIORITY. 239 if (request->load_flags() & net::LOAD_IGNORE_LIMITS) { 240 DCHECK_EQ(request->priority(), net::MAXIMUM_PRIORITY); 241 } else { 242 request->SetPriority(net::IDLE); 243 } 244 } 245 246 ProfileIOData* io_data = ProfileIOData::FromResourceContext( 247 resource_context); 248 249 if (!is_prerendering && resource_type == ResourceType::MAIN_FRAME) { 250#if defined(OS_ANDROID) 251 throttles->push_back( 252 InterceptNavigationDelegate::CreateThrottleFor(request)); 253#else 254 // Redirect some navigations to apps that have registered matching URL 255 // handlers ('url_handlers' in the manifest). 256 content::ResourceThrottle* url_to_app_throttle = 257 AppUrlRedirector::MaybeCreateThrottleFor(request, io_data); 258 if (url_to_app_throttle) 259 throttles->push_back(url_to_app_throttle); 260#endif 261 } 262 263#if defined(OS_CHROMEOS) 264 if (resource_type == ResourceType::MAIN_FRAME || 265 resource_type == ResourceType::XHR) { 266 // We check offline first, then check safe browsing so that we still can 267 // block unsafe site after we remove offline page. 268 throttles->push_back(new OfflineResourceThrottle(request, 269 appcache_service)); 270 // Add interstitial page while merge session process (cookie 271 // reconstruction from OAuth2 refresh token in ChromeOS login) is still in 272 // progress while we are attempting to load a google property. 273 if (!MergeSessionThrottle::AreAllSessionMergedAlready() && 274 request->url().SchemeIsHTTPOrHTTPS()) { 275 throttles->push_back(new MergeSessionThrottle(request, resource_type)); 276 } 277 } 278#endif 279 280 // Don't attempt to append headers to requests that have already started. 281 // TODO(stevet): Remove this once the request ordering issues are resolved 282 // in crbug.com/128048. 283 if (!request->is_pending()) { 284 net::HttpRequestHeaders headers; 285 headers.CopyFrom(request->extra_request_headers()); 286 bool incognito = io_data->is_incognito(); 287 chrome_variations::VariationsHttpHeaderProvider::GetInstance()-> 288 AppendHeaders(request->url(), 289 incognito, 290 !incognito && io_data->GetMetricsEnabledStateOnIOThread(), 291 &headers); 292 request->SetExtraRequestHeaders(headers); 293 } 294 295#if defined(ENABLE_ONE_CLICK_SIGNIN) 296 AppendChromeSyncGaiaHeader(request, resource_context); 297#endif 298 299#if defined(ENABLE_CONFIGURATION_POLICY) 300 if (io_data->policy_header_helper()) 301 io_data->policy_header_helper()->AddPolicyHeaders(request); 302#endif 303 304 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); 305 signin::AppendMirrorRequestHeaderIfPossible( 306 request, GURL() /* redirect_url */, 307 io_data, info->GetChildID(), info->GetRouteID()); 308 309 AppendStandardResourceThrottles(request, 310 resource_context, 311 resource_type, 312 throttles); 313 if (!is_prerendering) { 314 AppendComponentUpdaterThrottles(request, 315 resource_context, 316 resource_type, 317 throttles); 318 } 319 320 if (io_data->resource_prefetch_predictor_observer()) { 321 io_data->resource_prefetch_predictor_observer()->OnRequestStarted( 322 request, resource_type, child_id, route_id); 323 } 324} 325 326void ChromeResourceDispatcherHostDelegate::WillTransferRequestToNewProcess( 327 int old_child_id, 328 int old_route_id, 329 int old_request_id, 330 int new_child_id, 331 int new_route_id, 332 int new_request_id) { 333 // If a prerender, it have should been aborted on cross-process 334 // navigation in PrerenderContents::WebContentsImpl::OpenURLFromTab. 335 DCHECK(!prerender_tracker_->IsPrerenderingOnIOThread(old_child_id, 336 old_route_id)); 337} 338 339void ChromeResourceDispatcherHostDelegate::DownloadStarting( 340 net::URLRequest* request, 341 content::ResourceContext* resource_context, 342 int child_id, 343 int route_id, 344 int request_id, 345 bool is_content_initiated, 346 bool must_download, 347 ScopedVector<content::ResourceThrottle>* throttles) { 348 BrowserThread::PostTask( 349 BrowserThread::UI, FROM_HERE, 350 base::Bind(&NotifyDownloadInitiatedOnUI, child_id, route_id)); 351 352 // If it's from the web, we don't trust it, so we push the throttle on. 353 if (is_content_initiated) { 354 throttles->push_back( 355 new DownloadResourceThrottle(download_request_limiter_.get(), 356 child_id, 357 route_id, 358 request_id, 359 request->method())); 360#if defined(OS_ANDROID) 361 throttles->push_back( 362 new chrome::InterceptDownloadResourceThrottle( 363 request, child_id, route_id, request_id)); 364#endif 365 } 366 367 // If this isn't a new request, we've seen this before and added the standard 368 // resource throttles already so no need to add it again. 369 if (!request->is_pending()) { 370 AppendStandardResourceThrottles(request, 371 resource_context, 372 ResourceType::MAIN_FRAME, 373 throttles); 374 } 375} 376 377bool ChromeResourceDispatcherHostDelegate::AcceptSSLClientCertificateRequest( 378 net::URLRequest* request, net::SSLCertRequestInfo* cert_request_info) { 379 if (request->load_flags() & net::LOAD_PREFETCH) 380 return false; 381 382 ChromeURLRequestUserData* user_data = ChromeURLRequestUserData::Get(request); 383 if (user_data && user_data->is_prerender()) { 384 int child_id, route_id; 385 if (ResourceRequestInfo::ForRequest(request)->GetAssociatedRenderView( 386 &child_id, &route_id)) { 387 if (prerender_tracker_->TryCancel( 388 child_id, route_id, 389 prerender::FINAL_STATUS_SSL_CLIENT_CERTIFICATE_REQUESTED)) { 390 return false; 391 } 392 } 393 } 394 395 return true; 396} 397 398bool ChromeResourceDispatcherHostDelegate::AcceptAuthRequest( 399 net::URLRequest* request, 400 net::AuthChallengeInfo* auth_info) { 401 ChromeURLRequestUserData* user_data = ChromeURLRequestUserData::Get(request); 402 if (!user_data || !user_data->is_prerender()) 403 return true; 404 405 int child_id, route_id; 406 if (!ResourceRequestInfo::ForRequest(request)->GetAssociatedRenderView( 407 &child_id, &route_id)) { 408 NOTREACHED(); 409 return true; 410 } 411 412 if (!prerender_tracker_->TryCancelOnIOThread( 413 child_id, route_id, prerender::FINAL_STATUS_AUTH_NEEDED)) { 414 return true; 415 } 416 417 return false; 418} 419 420ResourceDispatcherHostLoginDelegate* 421 ChromeResourceDispatcherHostDelegate::CreateLoginDelegate( 422 net::AuthChallengeInfo* auth_info, net::URLRequest* request) { 423 return CreateLoginPrompt(auth_info, request); 424} 425 426bool ChromeResourceDispatcherHostDelegate::HandleExternalProtocol( 427 const GURL& url, int child_id, int route_id) { 428#if defined(OS_ANDROID) 429 // Android use a resource throttle to handle external as well as internal 430 // protocols. 431 return false; 432#else 433 434 if (prerender_tracker_->IsPrerenderingOnIOThread(child_id, route_id) && 435 prerender_tracker_->TryCancel( 436 child_id, route_id, prerender::FINAL_STATUS_UNSUPPORTED_SCHEME)) { 437 prerender::ReportPrerenderExternalURL(); 438 return false; 439 } 440 441 ExtensionRendererState::WebViewInfo info; 442 if (ExtensionRendererState::GetInstance()->GetWebViewInfo(child_id, 443 route_id, 444 &info)) { 445 return false; 446 } 447 448 BrowserThread::PostTask( 449 BrowserThread::UI, FROM_HERE, 450 base::Bind(&ExternalProtocolHandler::LaunchUrl, url, child_id, route_id)); 451 return true; 452#endif 453} 454 455void ChromeResourceDispatcherHostDelegate::AppendStandardResourceThrottles( 456 net::URLRequest* request, 457 content::ResourceContext* resource_context, 458 ResourceType::Type resource_type, 459 ScopedVector<content::ResourceThrottle>* throttles) { 460 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); 461#if defined(FULL_SAFE_BROWSING) || defined(MOBILE_SAFE_BROWSING) 462 // Insert safe browsing at the front of the list, so it gets to decide on 463 // policies first. 464 if (io_data->safe_browsing_enabled()->GetValue()) { 465 bool is_subresource_request = resource_type != ResourceType::MAIN_FRAME; 466 content::ResourceThrottle* throttle = 467 SafeBrowsingResourceThrottleFactory::Create(request, 468 is_subresource_request, 469 safe_browsing_.get()); 470 if (throttle) 471 throttles->push_back(throttle); 472 } 473#endif 474 475#if defined(ENABLE_MANAGED_USERS) 476 bool is_subresource_request = resource_type != ResourceType::MAIN_FRAME; 477 throttles->push_back(new ManagedModeResourceThrottle( 478 request, !is_subresource_request, 479 io_data->managed_mode_url_filter())); 480#endif 481 482 content::ResourceThrottle* throttle = 483 user_script_listener_->CreateResourceThrottle(request->url(), 484 resource_type); 485 if (throttle) 486 throttles->push_back(throttle); 487 488 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); 489 if (prerender_tracker_->IsPrerenderingOnIOThread(info->GetChildID(), 490 info->GetRouteID())) { 491 throttles->push_back(new prerender::PrerenderResourceThrottle( 492 request, prerender_tracker_)); 493 } 494 if (prerender_tracker_->IsPendingSwapRequestOnIOThread( 495 info->GetChildID(), info->GetRouteID(), request->url())) { 496 throttles->push_back(new prerender::PrerenderPendingSwapThrottle( 497 request, prerender_tracker_)); 498 } 499} 500 501#if defined(ENABLE_ONE_CLICK_SIGNIN) 502void ChromeResourceDispatcherHostDelegate::AppendChromeSyncGaiaHeader( 503 net::URLRequest* request, 504 content::ResourceContext* resource_context) { 505 static const char kAllowChromeSignIn[] = "Allow-Chrome-SignIn"; 506 507 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); 508 OneClickSigninHelper::Offer offer = 509 OneClickSigninHelper::CanOfferOnIOThread(request, io_data); 510 switch (offer) { 511 case OneClickSigninHelper::CAN_OFFER: 512 request->SetExtraRequestHeaderByName(kAllowChromeSignIn, "1", false); 513 break; 514 case OneClickSigninHelper::DONT_OFFER: 515 request->RemoveRequestHeaderByName(kAllowChromeSignIn); 516 break; 517 case OneClickSigninHelper::IGNORE_REQUEST: 518 break; 519 } 520} 521#endif 522 523bool ChromeResourceDispatcherHostDelegate::ShouldForceDownloadResource( 524 const GURL& url, const std::string& mime_type) { 525 // Special-case user scripts to get downloaded instead of viewed. 526 return extensions::UserScript::IsURLUserScript(url, mime_type); 527} 528 529bool ChromeResourceDispatcherHostDelegate::ShouldInterceptResourceAsStream( 530 content::ResourceContext* resource_context, 531 const GURL& url, 532 const std::string& mime_type, 533 GURL* origin, 534 std::string* target_id) { 535#if !defined(OS_ANDROID) 536 ProfileIOData* io_data = 537 ProfileIOData::FromResourceContext(resource_context); 538 bool profile_is_incognito = io_data->is_incognito(); 539 const scoped_refptr<const extensions::InfoMap> extension_info_map( 540 io_data->GetExtensionInfoMap()); 541 std::vector<std::string> whitelist = MimeTypesHandler::GetMIMETypeWhitelist(); 542 // Go through the white-listed extensions and try to use them to intercept 543 // the URL request. 544 for (size_t i = 0; i < whitelist.size(); ++i) { 545 const char* extension_id = whitelist[i].c_str(); 546 const Extension* extension = 547 extension_info_map->extensions().GetByID(extension_id); 548 // The white-listed extension may not be installed, so we have to NULL check 549 // |extension|. 550 if (!extension || 551 (profile_is_incognito && 552 !extension_info_map->IsIncognitoEnabled(extension_id))) { 553 continue; 554 } 555 556 if (ExtensionCanHandleMimeType(extension, mime_type)) { 557 *origin = Extension::GetBaseURLFromExtensionId(extension_id); 558 *target_id = extension_id; 559 return true; 560 } 561 } 562#endif 563 return false; 564} 565 566void ChromeResourceDispatcherHostDelegate::OnStreamCreated( 567 content::ResourceContext* resource_context, 568 int render_process_id, 569 int render_view_id, 570 const std::string& target_id, 571 scoped_ptr<content::StreamHandle> stream, 572 int64 expected_content_size) { 573#if !defined(OS_ANDROID) 574 content::BrowserThread::PostTask( 575 content::BrowserThread::UI, FROM_HERE, 576 base::Bind(&SendExecuteMimeTypeHandlerEvent, base::Passed(&stream), 577 expected_content_size, render_process_id, render_view_id, 578 target_id)); 579#endif 580} 581 582void ChromeResourceDispatcherHostDelegate::OnResponseStarted( 583 net::URLRequest* request, 584 content::ResourceContext* resource_context, 585 content::ResourceResponse* response, 586 IPC::Sender* sender) { 587 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); 588 589 // See if the response contains the X-Auto-Login header. If so, this was 590 // a request for a login page, and the server is allowing the browser to 591 // suggest auto-login, if available. 592 AutoLoginPrompter::ShowInfoBarIfPossible(request, info->GetChildID(), 593 info->GetRouteID()); 594 595 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); 596 597#if defined(ENABLE_ONE_CLICK_SIGNIN) 598 // See if the response contains the Google-Accounts-SignIn header. If so, 599 // then the user has just finished signing in, and the server is allowing the 600 // browser to suggest connecting the user's profile to the account. 601 OneClickSigninHelper::ShowInfoBarIfPossible(request, io_data, 602 info->GetChildID(), 603 info->GetRouteID()); 604#endif 605 606 // See if the response contains the X-Chrome-Manage-Accounts header. If so 607 // show the profile avatar bubble so that user can complete signin/out action 608 // the native UI. 609 signin::ProcessMirrorResponseHeaderIfExists(request, io_data, 610 info->GetChildID(), 611 info->GetRouteID()); 612 613 // Build in additional protection for the chrome web store origin. 614 GURL webstore_url(extension_urls::GetWebstoreLaunchURL()); 615 if (request->url().DomainIs(webstore_url.host().c_str())) { 616 net::HttpResponseHeaders* response_headers = request->response_headers(); 617 if (!response_headers->HasHeaderValue("x-frame-options", "deny") && 618 !response_headers->HasHeaderValue("x-frame-options", "sameorigin")) { 619 response_headers->RemoveHeader("x-frame-options"); 620 response_headers->AddHeader("x-frame-options: sameorigin"); 621 } 622 } 623 624 if (io_data->resource_prefetch_predictor_observer()) 625 io_data->resource_prefetch_predictor_observer()->OnResponseStarted(request); 626 627 prerender::URLRequestResponseStarted(request); 628} 629 630void ChromeResourceDispatcherHostDelegate::OnRequestRedirected( 631 const GURL& redirect_url, 632 net::URLRequest* request, 633 content::ResourceContext* resource_context, 634 content::ResourceResponse* response) { 635 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); 636 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); 637 638#if defined(ENABLE_ONE_CLICK_SIGNIN) 639 // See if the response contains the Google-Accounts-SignIn header. If so, 640 // then the user has just finished signing in, and the server is allowing the 641 // browser to suggest connecting the user's profile to the account. 642 OneClickSigninHelper::ShowInfoBarIfPossible(request, io_data, 643 info->GetChildID(), 644 info->GetRouteID()); 645 AppendChromeSyncGaiaHeader(request, resource_context); 646#endif 647 648 // In the Mirror world, Chrome should append a X-Chrome-Connected header to 649 // all Gaia requests from a connected profile so Gaia could return a 204 650 // response and let Chrome handle the action with native UI. The only 651 // exception is requests from gaia webview, since the native profile 652 // management UI is built on top of it. 653 signin::AppendMirrorRequestHeaderIfPossible(request, redirect_url, io_data, 654 info->GetChildID(), info->GetRouteID()); 655 656 if (io_data->resource_prefetch_predictor_observer()) { 657 io_data->resource_prefetch_predictor_observer()->OnRequestRedirected( 658 redirect_url, request); 659 } 660} 661