chrome_resource_dispatcher_host_delegate.cc revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.h" 6 7#include <string> 8 9#include "base/base64.h" 10#include "base/logging.h" 11#include "chrome/browser/browser_process.h" 12#include "chrome/browser/chrome_notification_types.h" 13#include "chrome/browser/component_updater/component_updater_service.h" 14#include "chrome/browser/component_updater/pnacl/pnacl_component_installer.h" 15#include "chrome/browser/content_settings/host_content_settings_map.h" 16#include "chrome/browser/download/download_request_limiter.h" 17#include "chrome/browser/download/download_resource_throttle.h" 18#include "chrome/browser/extensions/api/streams_private/streams_private_api.h" 19#include "chrome/browser/extensions/extension_renderer_state.h" 20#include "chrome/browser/extensions/user_script_listener.h" 21#include "chrome/browser/external_protocol/external_protocol_handler.h" 22#include "chrome/browser/google/google_util.h" 23#include "chrome/browser/metrics/variations/variations_http_header_provider.h" 24#include "chrome/browser/net/resource_prefetch_predictor_observer.h" 25#include "chrome/browser/prerender/prerender_manager.h" 26#include "chrome/browser/prerender/prerender_pending_swap_throttle.h" 27#include "chrome/browser/prerender/prerender_resource_throttle.h" 28#include "chrome/browser/prerender/prerender_tracker.h" 29#include "chrome/browser/prerender/prerender_util.h" 30#include "chrome/browser/profiles/profile.h" 31#include "chrome/browser/profiles/profile_io_data.h" 32#include "chrome/browser/renderer_host/chrome_url_request_user_data.h" 33#include "chrome/browser/renderer_host/safe_browsing_resource_throttle_factory.h" 34#include "chrome/browser/safe_browsing/safe_browsing_service.h" 35#include "chrome/browser/signin/signin_header_helper.h" 36#include "chrome/browser/ui/auto_login_prompter.h" 37#include "chrome/browser/ui/login/login_prompt.h" 38#include "chrome/browser/ui/sync/one_click_signin_helper.h" 39#include "chrome/common/extensions/extension_constants.h" 40#include "chrome/common/extensions/mime_types_handler.h" 41#include "chrome/common/render_messages.h" 42#include "content/public/browser/browser_thread.h" 43#include "content/public/browser/notification_service.h" 44#include "content/public/browser/render_process_host.h" 45#include "content/public/browser/render_view_host.h" 46#include "content/public/browser/resource_context.h" 47#include "content/public/browser/resource_dispatcher_host.h" 48#include "content/public/browser/resource_request_info.h" 49#include "content/public/browser/stream_handle.h" 50#include "content/public/common/resource_response.h" 51#include "extensions/browser/info_map.h" 52#include "extensions/common/constants.h" 53#include "extensions/common/user_script.h" 54#include "net/base/load_flags.h" 55#include "net/base/load_timing_info.h" 56#include "net/base/request_priority.h" 57#include "net/http/http_response_headers.h" 58#include "net/url_request/url_request.h" 59 60#if defined(ENABLE_CONFIGURATION_POLICY) 61#include "components/policy/core/browser/policy_header_io_helper.h" 62#endif 63 64#if defined(ENABLE_MANAGED_USERS) 65#include "chrome/browser/managed_mode/managed_mode_resource_throttle.h" 66#endif 67 68#if defined(USE_SYSTEM_PROTOBUF) 69#include <google/protobuf/repeated_field.h> 70#else 71#include "third_party/protobuf/src/google/protobuf/repeated_field.h" 72#endif 73 74#if defined(OS_ANDROID) 75#include "chrome/browser/android/intercept_download_resource_throttle.h" 76#include "components/navigation_interception/intercept_navigation_delegate.h" 77#else 78#include "chrome/browser/apps/app_url_redirector.h" 79#endif 80 81#if defined(OS_CHROMEOS) 82#include "chrome/browser/chromeos/login/merge_session_throttle.h" 83// TODO(oshima): Enable this for other platforms. 84#include "chrome/browser/renderer_host/offline_resource_throttle.h" 85#endif 86 87using content::BrowserThread; 88using content::RenderViewHost; 89using content::ResourceDispatcherHostLoginDelegate; 90using content::ResourceRequestInfo; 91using extensions::Extension; 92using extensions::StreamsPrivateAPI; 93 94#if defined(OS_ANDROID) 95using navigation_interception::InterceptNavigationDelegate; 96#endif 97 98namespace { 99 100void NotifyDownloadInitiatedOnUI(int render_process_id, int render_view_id) { 101 RenderViewHost* rvh = RenderViewHost::FromID(render_process_id, 102 render_view_id); 103 if (!rvh) 104 return; 105 106 content::NotificationService::current()->Notify( 107 chrome::NOTIFICATION_DOWNLOAD_INITIATED, 108 content::Source<RenderViewHost>(rvh), 109 content::NotificationService::NoDetails()); 110} 111 112#if !defined(OS_ANDROID) 113// Goes through the extension's file browser handlers and checks if there is one 114// that can handle the |mime_type|. 115// |extension| must not be NULL. 116bool ExtensionCanHandleMimeType(const Extension* extension, 117 const std::string& mime_type) { 118 MimeTypesHandler* handler = MimeTypesHandler::GetHandler(extension); 119 if (!handler) 120 return false; 121 122 return handler->CanHandleMIMEType(mime_type); 123} 124 125void SendExecuteMimeTypeHandlerEvent(scoped_ptr<content::StreamHandle> stream, 126 int64 expected_content_size, 127 int render_process_id, 128 int render_view_id, 129 const std::string& extension_id) { 130 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); 131 132 content::RenderViewHost* render_view_host = 133 content::RenderViewHost::FromID(render_process_id, render_view_id); 134 if (!render_view_host) 135 return; 136 137 content::WebContents* web_contents = 138 content::WebContents::FromRenderViewHost(render_view_host); 139 if (!web_contents) 140 return; 141 142 content::BrowserContext* browser_context = web_contents->GetBrowserContext(); 143 if (!browser_context) 144 return; 145 146 Profile* profile = Profile::FromBrowserContext(browser_context); 147 if (!profile) 148 return; 149 150 StreamsPrivateAPI* streams_private = StreamsPrivateAPI::Get(profile); 151 if (!streams_private) 152 return; 153 streams_private->ExecuteMimeTypeHandler( 154 extension_id, web_contents, stream.Pass(), expected_content_size); 155} 156#endif // !defined(OS_ANDROID) 157 158void AppendComponentUpdaterThrottles( 159 net::URLRequest* request, 160 content::ResourceContext* resource_context, 161 ResourceType::Type resource_type, 162 ScopedVector<content::ResourceThrottle>* throttles) { 163 const char* crx_id = NULL; 164 ComponentUpdateService* cus = g_browser_process->component_updater(); 165 if (!cus) 166 return; 167 // Check for PNaCl pexe request. 168 if (resource_type == ResourceType::OBJECT) { 169 const net::HttpRequestHeaders& headers = request->extra_request_headers(); 170 std::string accept_headers; 171 if (headers.GetHeader("Accept", &accept_headers)) { 172 if (accept_headers.find("application/x-pnacl") != std::string::npos && 173 pnacl::NeedsOnDemandUpdate()) 174 crx_id = "hnimpnehoodheedghdeeijklkeaacbdc"; 175 } 176 } 177 178 if (crx_id) { 179 // We got a component we need to install, so throttle the resource 180 // until the component is installed. 181 throttles->push_back(cus->GetOnDemandResourceThrottle(request, crx_id)); 182 } 183} 184 185} // end namespace 186 187ChromeResourceDispatcherHostDelegate::ChromeResourceDispatcherHostDelegate( 188 prerender::PrerenderTracker* prerender_tracker) 189 : download_request_limiter_(g_browser_process->download_request_limiter()), 190 safe_browsing_(g_browser_process->safe_browsing_service()), 191 user_script_listener_(new extensions::UserScriptListener()), 192 prerender_tracker_(prerender_tracker) { 193} 194 195ChromeResourceDispatcherHostDelegate::~ChromeResourceDispatcherHostDelegate() { 196} 197 198bool ChromeResourceDispatcherHostDelegate::ShouldBeginRequest( 199 int child_id, 200 int route_id, 201 const std::string& method, 202 const GURL& url, 203 ResourceType::Type resource_type, 204 content::ResourceContext* resource_context) { 205 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); 206 207 // Handle a PREFETCH resource type. If prefetch is disabled, squelch the 208 // request. Otherwise, do a normal request to warm the cache. 209 if (resource_type == ResourceType::PREFETCH) { 210 // All PREFETCH requests should be GETs, but be defensive about it. 211 if (method != "GET") 212 return false; 213 214 // If prefetch is disabled, kill the request. 215 if (!prerender::PrerenderManager::IsPrefetchEnabled()) 216 return false; 217 } 218 219 return true; 220} 221 222void ChromeResourceDispatcherHostDelegate::RequestBeginning( 223 net::URLRequest* request, 224 content::ResourceContext* resource_context, 225 appcache::AppCacheService* appcache_service, 226 ResourceType::Type resource_type, 227 int child_id, 228 int route_id, 229 ScopedVector<content::ResourceThrottle>* throttles) { 230 ChromeURLRequestUserData* user_data = 231 ChromeURLRequestUserData::Create(request); 232 bool is_prerendering = prerender_tracker_->IsPrerenderingOnIOThread( 233 child_id, route_id); 234 if (is_prerendering) { 235 user_data->set_is_prerender(true); 236 // Requests with the IGNORE_LIMITS flag set (i.e., sync XHRs) 237 // should remain at MAXIMUM_PRIORITY. 238 if (request->load_flags() & net::LOAD_IGNORE_LIMITS) { 239 DCHECK_EQ(request->priority(), net::MAXIMUM_PRIORITY); 240 } else { 241 request->SetPriority(net::IDLE); 242 } 243 } 244 245 ProfileIOData* io_data = ProfileIOData::FromResourceContext( 246 resource_context); 247 248 if (!is_prerendering && resource_type == ResourceType::MAIN_FRAME) { 249#if defined(OS_ANDROID) 250 throttles->push_back( 251 InterceptNavigationDelegate::CreateThrottleFor(request)); 252#else 253 // Redirect some navigations to apps that have registered matching URL 254 // handlers ('url_handlers' in the manifest). 255 content::ResourceThrottle* url_to_app_throttle = 256 AppUrlRedirector::MaybeCreateThrottleFor(request, io_data); 257 if (url_to_app_throttle) 258 throttles->push_back(url_to_app_throttle); 259#endif 260 } 261 262#if defined(OS_CHROMEOS) 263 if (resource_type == ResourceType::MAIN_FRAME) { 264 // We check offline first, then check safe browsing so that we still can 265 // block unsafe site after we remove offline page. 266 throttles->push_back(new OfflineResourceThrottle(request, 267 appcache_service)); 268 // Add interstitial page while merge session process (cookie 269 // reconstruction from OAuth2 refresh token in ChromeOS login) is still in 270 // progress while we are attempting to load a google property. 271 if (!MergeSessionThrottle::AreAllSessionMergedAlready() && 272 request->url().SchemeIsHTTPOrHTTPS()) { 273 throttles->push_back(new MergeSessionThrottle(request)); 274 } 275 } 276#endif 277 278 // Don't attempt to append headers to requests that have already started. 279 // TODO(stevet): Remove this once the request ordering issues are resolved 280 // in crbug.com/128048. 281 if (!request->is_pending()) { 282 net::HttpRequestHeaders headers; 283 headers.CopyFrom(request->extra_request_headers()); 284 bool incognito = io_data->is_incognito(); 285 chrome_variations::VariationsHttpHeaderProvider::GetInstance()-> 286 AppendHeaders(request->url(), 287 incognito, 288 !incognito && io_data->GetMetricsEnabledStateOnIOThread(), 289 &headers); 290 request->SetExtraRequestHeaders(headers); 291 } 292 293#if defined(ENABLE_ONE_CLICK_SIGNIN) 294 AppendChromeSyncGaiaHeader(request, resource_context); 295#endif 296 297#if defined(ENABLE_CONFIGURATION_POLICY) 298 if (io_data->policy_header_helper()) 299 io_data->policy_header_helper()->AddPolicyHeaders(request); 300#endif 301 302 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); 303 signin::AppendMirrorRequestHeaderIfPossible( 304 request, GURL() /* redirect_url */, 305 io_data, info->GetChildID(), info->GetRouteID()); 306 307 AppendStandardResourceThrottles(request, 308 resource_context, 309 resource_type, 310 throttles); 311 if (!is_prerendering) { 312 AppendComponentUpdaterThrottles(request, 313 resource_context, 314 resource_type, 315 throttles); 316 } 317 318 if (io_data->resource_prefetch_predictor_observer()) { 319 io_data->resource_prefetch_predictor_observer()->OnRequestStarted( 320 request, resource_type, child_id, route_id); 321 } 322} 323 324void ChromeResourceDispatcherHostDelegate::WillTransferRequestToNewProcess( 325 int old_child_id, 326 int old_route_id, 327 int old_request_id, 328 int new_child_id, 329 int new_route_id, 330 int new_request_id) { 331 // If a prerender, it have should been aborted on cross-process 332 // navigation in PrerenderContents::WebContentsImpl::OpenURLFromTab. 333 DCHECK(!prerender_tracker_->IsPrerenderingOnIOThread(old_child_id, 334 old_route_id)); 335} 336 337void ChromeResourceDispatcherHostDelegate::DownloadStarting( 338 net::URLRequest* request, 339 content::ResourceContext* resource_context, 340 int child_id, 341 int route_id, 342 int request_id, 343 bool is_content_initiated, 344 bool must_download, 345 ScopedVector<content::ResourceThrottle>* throttles) { 346 BrowserThread::PostTask( 347 BrowserThread::UI, FROM_HERE, 348 base::Bind(&NotifyDownloadInitiatedOnUI, child_id, route_id)); 349 350 // If it's from the web, we don't trust it, so we push the throttle on. 351 if (is_content_initiated) { 352 throttles->push_back( 353 new DownloadResourceThrottle(download_request_limiter_.get(), 354 child_id, 355 route_id, 356 request_id, 357 request->method())); 358#if defined(OS_ANDROID) 359 throttles->push_back( 360 new chrome::InterceptDownloadResourceThrottle( 361 request, child_id, route_id, request_id)); 362#endif 363 } 364 365 // If this isn't a new request, we've seen this before and added the standard 366 // resource throttles already so no need to add it again. 367 if (!request->is_pending()) { 368 AppendStandardResourceThrottles(request, 369 resource_context, 370 ResourceType::MAIN_FRAME, 371 throttles); 372 } 373} 374 375bool ChromeResourceDispatcherHostDelegate::AcceptSSLClientCertificateRequest( 376 net::URLRequest* request, net::SSLCertRequestInfo* cert_request_info) { 377 if (request->load_flags() & net::LOAD_PREFETCH) 378 return false; 379 380 ChromeURLRequestUserData* user_data = ChromeURLRequestUserData::Get(request); 381 if (user_data && user_data->is_prerender()) { 382 int child_id, route_id; 383 if (ResourceRequestInfo::ForRequest(request)->GetAssociatedRenderView( 384 &child_id, &route_id)) { 385 if (prerender_tracker_->TryCancel( 386 child_id, route_id, 387 prerender::FINAL_STATUS_SSL_CLIENT_CERTIFICATE_REQUESTED)) { 388 return false; 389 } 390 } 391 } 392 393 return true; 394} 395 396bool ChromeResourceDispatcherHostDelegate::AcceptAuthRequest( 397 net::URLRequest* request, 398 net::AuthChallengeInfo* auth_info) { 399 ChromeURLRequestUserData* user_data = ChromeURLRequestUserData::Get(request); 400 if (!user_data || !user_data->is_prerender()) 401 return true; 402 403 int child_id, route_id; 404 if (!ResourceRequestInfo::ForRequest(request)->GetAssociatedRenderView( 405 &child_id, &route_id)) { 406 NOTREACHED(); 407 return true; 408 } 409 410 if (!prerender_tracker_->TryCancelOnIOThread( 411 child_id, route_id, prerender::FINAL_STATUS_AUTH_NEEDED)) { 412 return true; 413 } 414 415 return false; 416} 417 418ResourceDispatcherHostLoginDelegate* 419 ChromeResourceDispatcherHostDelegate::CreateLoginDelegate( 420 net::AuthChallengeInfo* auth_info, net::URLRequest* request) { 421 return CreateLoginPrompt(auth_info, request); 422} 423 424bool ChromeResourceDispatcherHostDelegate::HandleExternalProtocol( 425 const GURL& url, int child_id, int route_id) { 426#if defined(OS_ANDROID) 427 // Android use a resource throttle to handle external as well as internal 428 // protocols. 429 return false; 430#else 431 432 if (prerender_tracker_->IsPrerenderingOnIOThread(child_id, route_id) && 433 prerender_tracker_->TryCancel( 434 child_id, route_id, prerender::FINAL_STATUS_UNSUPPORTED_SCHEME)) { 435 prerender::ReportPrerenderExternalURL(); 436 return false; 437 } 438 439 ExtensionRendererState::WebViewInfo info; 440 if (ExtensionRendererState::GetInstance()->GetWebViewInfo(child_id, 441 route_id, 442 &info)) { 443 return false; 444 } 445 446 BrowserThread::PostTask( 447 BrowserThread::UI, FROM_HERE, 448 base::Bind(&ExternalProtocolHandler::LaunchUrl, url, child_id, route_id)); 449 return true; 450#endif 451} 452 453void ChromeResourceDispatcherHostDelegate::AppendStandardResourceThrottles( 454 net::URLRequest* request, 455 content::ResourceContext* resource_context, 456 ResourceType::Type resource_type, 457 ScopedVector<content::ResourceThrottle>* throttles) { 458 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); 459#if defined(FULL_SAFE_BROWSING) || defined(MOBILE_SAFE_BROWSING) 460 // Insert safe browsing at the front of the list, so it gets to decide on 461 // policies first. 462 if (io_data->safe_browsing_enabled()->GetValue()) { 463 bool is_subresource_request = resource_type != ResourceType::MAIN_FRAME; 464 content::ResourceThrottle* throttle = 465 SafeBrowsingResourceThrottleFactory::Create(request, 466 is_subresource_request, 467 safe_browsing_.get()); 468 if (throttle) 469 throttles->push_back(throttle); 470 } 471#endif 472 473#if defined(ENABLE_MANAGED_USERS) 474 bool is_subresource_request = resource_type != ResourceType::MAIN_FRAME; 475 throttles->push_back(new ManagedModeResourceThrottle( 476 request, !is_subresource_request, 477 io_data->managed_mode_url_filter())); 478#endif 479 480 content::ResourceThrottle* throttle = 481 user_script_listener_->CreateResourceThrottle(request->url(), 482 resource_type); 483 if (throttle) 484 throttles->push_back(throttle); 485 486 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); 487 if (prerender_tracker_->IsPrerenderingOnIOThread(info->GetChildID(), 488 info->GetRouteID())) { 489 throttles->push_back(new prerender::PrerenderResourceThrottle( 490 request, prerender_tracker_)); 491 } 492 if (prerender_tracker_->IsPendingSwapRequestOnIOThread( 493 info->GetChildID(), info->GetRouteID(), request->url())) { 494 throttles->push_back(new prerender::PrerenderPendingSwapThrottle( 495 request, prerender_tracker_)); 496 } 497} 498 499#if defined(ENABLE_ONE_CLICK_SIGNIN) 500void ChromeResourceDispatcherHostDelegate::AppendChromeSyncGaiaHeader( 501 net::URLRequest* request, 502 content::ResourceContext* resource_context) { 503 static const char kAllowChromeSignIn[] = "Allow-Chrome-SignIn"; 504 505 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); 506 OneClickSigninHelper::Offer offer = 507 OneClickSigninHelper::CanOfferOnIOThread(request, io_data); 508 switch (offer) { 509 case OneClickSigninHelper::CAN_OFFER: 510 request->SetExtraRequestHeaderByName(kAllowChromeSignIn, "1", false); 511 break; 512 case OneClickSigninHelper::DONT_OFFER: 513 request->RemoveRequestHeaderByName(kAllowChromeSignIn); 514 break; 515 case OneClickSigninHelper::IGNORE_REQUEST: 516 break; 517 } 518} 519#endif 520 521bool ChromeResourceDispatcherHostDelegate::ShouldForceDownloadResource( 522 const GURL& url, const std::string& mime_type) { 523 // Special-case user scripts to get downloaded instead of viewed. 524 return extensions::UserScript::IsURLUserScript(url, mime_type); 525} 526 527bool ChromeResourceDispatcherHostDelegate::ShouldInterceptResourceAsStream( 528 content::ResourceContext* resource_context, 529 const GURL& url, 530 const std::string& mime_type, 531 GURL* origin, 532 std::string* target_id) { 533#if !defined(OS_ANDROID) 534 ProfileIOData* io_data = 535 ProfileIOData::FromResourceContext(resource_context); 536 bool profile_is_incognito = io_data->is_incognito(); 537 const scoped_refptr<const extensions::InfoMap> extension_info_map( 538 io_data->GetExtensionInfoMap()); 539 std::vector<std::string> whitelist = MimeTypesHandler::GetMIMETypeWhitelist(); 540 // Go through the white-listed extensions and try to use them to intercept 541 // the URL request. 542 for (size_t i = 0; i < whitelist.size(); ++i) { 543 const char* extension_id = whitelist[i].c_str(); 544 const Extension* extension = 545 extension_info_map->extensions().GetByID(extension_id); 546 // The white-listed extension may not be installed, so we have to NULL check 547 // |extension|. 548 if (!extension || 549 (profile_is_incognito && 550 !extension_info_map->IsIncognitoEnabled(extension_id))) { 551 continue; 552 } 553 554 if (ExtensionCanHandleMimeType(extension, mime_type)) { 555 *origin = Extension::GetBaseURLFromExtensionId(extension_id); 556 *target_id = extension_id; 557 return true; 558 } 559 } 560#endif 561 return false; 562} 563 564void ChromeResourceDispatcherHostDelegate::OnStreamCreated( 565 content::ResourceContext* resource_context, 566 int render_process_id, 567 int render_view_id, 568 const std::string& target_id, 569 scoped_ptr<content::StreamHandle> stream, 570 int64 expected_content_size) { 571#if !defined(OS_ANDROID) 572 content::BrowserThread::PostTask( 573 content::BrowserThread::UI, FROM_HERE, 574 base::Bind(&SendExecuteMimeTypeHandlerEvent, base::Passed(&stream), 575 expected_content_size, render_process_id, render_view_id, 576 target_id)); 577#endif 578} 579 580void ChromeResourceDispatcherHostDelegate::OnResponseStarted( 581 net::URLRequest* request, 582 content::ResourceContext* resource_context, 583 content::ResourceResponse* response, 584 IPC::Sender* sender) { 585 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); 586 587 // See if the response contains the X-Auto-Login header. If so, this was 588 // a request for a login page, and the server is allowing the browser to 589 // suggest auto-login, if available. 590 AutoLoginPrompter::ShowInfoBarIfPossible(request, info->GetChildID(), 591 info->GetRouteID()); 592 593 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); 594 595#if defined(ENABLE_ONE_CLICK_SIGNIN) 596 // See if the response contains the Google-Accounts-SignIn header. If so, 597 // then the user has just finished signing in, and the server is allowing the 598 // browser to suggest connecting the user's profile to the account. 599 OneClickSigninHelper::ShowInfoBarIfPossible(request, io_data, 600 info->GetChildID(), 601 info->GetRouteID()); 602#endif 603 604 // See if the response contains the X-Chrome-Manage-Accounts header. If so 605 // show the profile avatar bubble so that user can complete signin/out action 606 // the native UI. 607 signin::ProcessMirrorResponseHeaderIfExists(request, io_data, 608 info->GetChildID(), 609 info->GetRouteID()); 610 611 // Build in additional protection for the chrome web store origin. 612 GURL webstore_url(extension_urls::GetWebstoreLaunchURL()); 613 if (request->url().DomainIs(webstore_url.host().c_str())) { 614 net::HttpResponseHeaders* response_headers = request->response_headers(); 615 if (!response_headers->HasHeaderValue("x-frame-options", "deny") && 616 !response_headers->HasHeaderValue("x-frame-options", "sameorigin")) { 617 response_headers->RemoveHeader("x-frame-options"); 618 response_headers->AddHeader("x-frame-options: sameorigin"); 619 } 620 } 621 622 if (io_data->resource_prefetch_predictor_observer()) 623 io_data->resource_prefetch_predictor_observer()->OnResponseStarted(request); 624 625 prerender::URLRequestResponseStarted(request); 626} 627 628void ChromeResourceDispatcherHostDelegate::OnRequestRedirected( 629 const GURL& redirect_url, 630 net::URLRequest* request, 631 content::ResourceContext* resource_context, 632 content::ResourceResponse* response) { 633 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); 634 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); 635 636#if defined(ENABLE_ONE_CLICK_SIGNIN) 637 // See if the response contains the Google-Accounts-SignIn header. If so, 638 // then the user has just finished signing in, and the server is allowing the 639 // browser to suggest connecting the user's profile to the account. 640 OneClickSigninHelper::ShowInfoBarIfPossible(request, io_data, 641 info->GetChildID(), 642 info->GetRouteID()); 643 AppendChromeSyncGaiaHeader(request, resource_context); 644#endif 645 646 // In the Mirror world, Chrome should append a X-Chrome-Connected header to 647 // all Gaia requests from a connected profile so Gaia could return a 204 648 // response and let Chrome handle the action with native UI. The only 649 // exception is requests from gaia webview, since the native profile 650 // management UI is built on top of it. 651 signin::AppendMirrorRequestHeaderIfPossible(request, redirect_url, io_data, 652 info->GetChildID(), info->GetRouteID()); 653 654 if (io_data->resource_prefetch_predictor_observer()) { 655 io_data->resource_prefetch_predictor_observer()->OnRequestRedirected( 656 redirect_url, request); 657 } 658} 659