content_browser_client.h revision 7d4cd473f85ac64c3747c96c277f9e506a0d2246 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_
6#define CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_
7
8#include <map>
9#include <string>
10#include <utility>
11#include <vector>
12
13#include "base/callback_forward.h"
14#include "base/memory/linked_ptr.h"
15#include "base/memory/scoped_ptr.h"
16#include "base/memory/scoped_vector.h"
17#include "content/public/browser/certificate_request_result_type.h"
18#include "content/public/browser/file_descriptor_info.h"
19#include "content/public/common/content_client.h"
20#include "content/public/common/socket_permission_request.h"
21#include "content/public/common/window_container_type.h"
22#include "net/base/mime_util.h"
23#include "net/cookies/canonical_cookie.h"
24#include "net/url_request/url_request_job_factory.h"
25#include "third_party/WebKit/public/web/WebNotificationPresenter.h"
26#include "webkit/glue/resource_type.h"
27
28#if defined(OS_POSIX) && !defined(OS_MACOSX)
29#include "base/posix/global_descriptors.h"
30#endif
31
32class CommandLine;
33class GURL;
34struct WebPreferences;
35
36namespace base {
37class FilePath;
38}
39namespace crypto {
40class CryptoModuleBlockingPasswordDelegate;
41}
42
43namespace gfx {
44class ImageSkia;
45}
46
47namespace net {
48class CookieOptions;
49class HttpNetworkSession;
50class NetLog;
51class SSLCertRequestInfo;
52class SSLInfo;
53class URLRequest;
54class URLRequestContext;
55class URLRequestContextGetter;
56class X509Certificate;
57}
58
59namespace sandbox {
60class TargetPolicy;
61}
62
63namespace ui {
64class SelectFilePolicy;
65}
66
67namespace fileapi {
68class FileSystemMountPointProvider;
69}
70
71namespace content {
72
73class AccessTokenStore;
74class BrowserChildProcessHost;
75class BrowserContext;
76class BrowserMainParts;
77class BrowserPpapiHost;
78class BrowserURLHandler;
79class LocationProvider;
80class MediaObserver;
81class QuotaPermissionContext;
82class RenderProcessHost;
83class RenderViewHost;
84class RenderViewHostDelegateView;
85class ResourceContext;
86class SiteInstance;
87class SpeechRecognitionManagerDelegate;
88class WebContents;
89class WebContentsViewDelegate;
90class WebContentsViewPort;
91struct MainFunctionParams;
92struct ShowDesktopNotificationHostMsgParams;
93
94// A mapping from the scheme name to the protocol handler that services its
95// content.
96typedef std::map<
97  std::string, linked_ptr<net::URLRequestJobFactory::ProtocolHandler> >
98    ProtocolHandlerMap;
99
100// Embedder API (or SPI) for participating in browser logic, to be implemented
101// by the client of the content browser. See ChromeContentBrowserClient for the
102// principal implementation. The methods are assumed to be called on the UI
103// thread unless otherwise specified. Use this "escape hatch" sparingly, to
104// avoid the embedder interface ballooning and becoming very specific to Chrome.
105// (Often, the call out to the client can happen in a different part of the code
106// that either already has a hook out to the embedder, or calls out to one of
107// the observer interfaces.)
108class CONTENT_EXPORT ContentBrowserClient {
109 public:
110  virtual ~ContentBrowserClient() {}
111
112  // Allows the embedder to set any number of custom BrowserMainParts
113  // implementations for the browser startup code. See comments in
114  // browser_main_parts.h.
115  virtual BrowserMainParts* CreateBrowserMainParts(
116      const MainFunctionParams& parameters);
117
118  // Allows an embedder to return their own WebContentsViewPort implementation.
119  // Return NULL to let the default one for the platform be created. Otherwise
120  // |render_view_host_delegate_view| also needs to be provided, and it is
121  // owned by the embedder.
122  virtual WebContentsViewPort* OverrideCreateWebContentsView(
123      WebContents* web_contents,
124      RenderViewHostDelegateView** render_view_host_delegate_view);
125
126  // If content creates the WebContentsView implementation, it will ask the
127  // embedder to return an (optional) delegate to customize it. The view will
128  // own the delegate.
129  virtual WebContentsViewDelegate* GetWebContentsViewDelegate(
130      WebContents* web_contents);
131
132  // Notifies that a guest WebContents has been attached to a BrowserPlugin.
133  // A guest is attached to a BrowserPlugin when the guest has acquired an
134  // embedder WebContents. This happens on initial navigation or when a new
135  // window is attached to a BrowserPlugin.
136  virtual void GuestWebContentsAttached(WebContents* guest_web_contents,
137                                        WebContents* embedder_web_contents,
138                                        int browser_plugin_instance_id) {}
139
140  // Notifies that a RenderProcessHost has been created. This is called before
141  // the content layer adds its own BrowserMessageFilters, so that the
142  // embedder's IPC filters have priority.
143  virtual void RenderProcessHostCreated(RenderProcessHost* host) {}
144
145  // Notifies that a BrowserChildProcessHost has been created.
146  virtual void BrowserChildProcessHostCreated(BrowserChildProcessHost* host) {}
147
148  // Determines whether a navigation from |current_instance| to |url| would be a
149  // valid entry point to a "privileged site," based on whether it
150  // |is_renderer_initiated|. A privileged site requires careful process
151  // isolation to ensure its privileges do not leak, and it can only be entered
152  // via known navigation paths.
153  //
154  // If this is a valid entry to a privileged site, this function should rewrite
155  // the origin of |url| with a non-http(s) origin that represents the
156  // privileged site. This will distinguish the resulting SiteInstance from
157  // other SiteInstances in the process model.
158  virtual GURL GetPossiblyPrivilegedURL(
159      content::BrowserContext* browser_context,
160      const GURL& url,
161      bool is_renderer_initiated,
162      SiteInstance* current_instance);
163
164  // Get the effective URL for the given actual URL, to allow an embedder to
165  // group different url schemes in the same SiteInstance.
166  virtual GURL GetEffectiveURL(BrowserContext* browser_context,
167                               const GURL& url);
168
169  // Returns whether all instances of the specified effective URL should be
170  // rendered by the same process, rather than using process-per-site-instance.
171  virtual bool ShouldUseProcessPerSite(BrowserContext* browser_context,
172                                       const GURL& effective_url);
173
174  // Returns a list additional WebUI schemes, if any.  These additional schemes
175  // act as aliases to the chrome: scheme.  The additional schemes may or may
176  // not serve specific WebUI pages depending on the particular URLDataSource
177  // and its override of URLDataSource::ShouldServiceRequest.
178  virtual void GetAdditionalWebUISchemes(
179      std::vector<std::string>* additional_schemes) {}
180
181  // Creates the main net::URLRequestContextGetter. Should only be called once
182  // per ContentBrowserClient object.
183  // TODO(ajwong): Remove once http://crbug.com/159193 is resolved.
184  virtual net::URLRequestContextGetter* CreateRequestContext(
185      BrowserContext* browser_context,
186      ProtocolHandlerMap* protocol_handlers);
187
188  // Creates the net::URLRequestContextGetter for a StoragePartition. Should
189  // only be called once per partition_path per ContentBrowserClient object.
190  // TODO(ajwong): Remove once http://crbug.com/159193 is resolved.
191  virtual net::URLRequestContextGetter* CreateRequestContextForStoragePartition(
192      BrowserContext* browser_context,
193      const base::FilePath& partition_path,
194      bool in_memory,
195      ProtocolHandlerMap* protocol_handlers);
196
197  // Returns whether a specified URL is handled by the embedder's internal
198  // protocol handlers.
199  virtual bool IsHandledURL(const GURL& url);
200
201  // Returns whether the given process is allowed to commit |url|.  This is a
202  // more conservative check than IsSuitableHost, since it is used after a
203  // navigation has committed to ensure that the process did not exceed its
204  // authority.
205  virtual bool CanCommitURL(RenderProcessHost* process_host, const GURL& url);
206
207  // Returns whether a new view for a given |site_url| can be launched in a
208  // given |process_host|.
209  virtual bool IsSuitableHost(RenderProcessHost* process_host,
210                              const GURL& site_url);
211
212  // Returns whether a new process should be created or an existing one should
213  // be reused based on the URL we want to load. This should return false,
214  // unless there is a good reason otherwise.
215  virtual bool ShouldTryToUseExistingProcessHost(
216      BrowserContext* browser_context, const GURL& url);
217
218  // Called when a site instance is first associated with a process.
219  virtual void SiteInstanceGotProcess(SiteInstance* site_instance) {}
220
221  // Called from a site instance's destructor.
222  virtual void SiteInstanceDeleting(SiteInstance* site_instance) {}
223
224  // Returns true if for the navigation from |current_url| to |new_url|
225  // in |site_instance|, the process should be swapped (even if we are in a
226  // process model that doesn't usually swap).
227  virtual bool ShouldSwapProcessesForNavigation(SiteInstance* site_instance,
228                                                const GURL& current_url,
229                                                const GURL& new_url);
230
231  // Returns true if the given navigation redirect should cause a renderer
232  // process swap.
233  // This is called on the IO thread.
234  virtual bool ShouldSwapProcessesForRedirect(ResourceContext* resource_context,
235                                              const GURL& current_url,
236                                              const GURL& new_url);
237
238  // See CharacterEncoding's comment.
239  virtual std::string GetCanonicalEncodingNameByAliasName(
240      const std::string& alias_name);
241
242  // Allows the embedder to pass extra command line flags.
243  // switches::kProcessType will already be set at this point.
244  virtual void AppendExtraCommandLineSwitches(CommandLine* command_line,
245                                              int child_process_id) {}
246
247  // Returns the locale used by the application.
248  // This is called on the UI and IO threads.
249  virtual std::string GetApplicationLocale();
250
251  // Returns the languages used in the Accept-Languages HTTP header.
252  // (Not called GetAcceptLanguages so it doesn't clash with win32).
253  virtual std::string GetAcceptLangs(BrowserContext* context);
254
255  // Returns the default favicon.  The callee doesn't own the given bitmap.
256  virtual gfx::ImageSkia* GetDefaultFavicon();
257
258  // Allow the embedder to control if an AppCache can be used for the given url.
259  // This is called on the IO thread.
260  virtual bool AllowAppCache(const GURL& manifest_url,
261                             const GURL& first_party,
262                             ResourceContext* context);
263
264  // Allow the embedder to control if the given cookie can be read.
265  // This is called on the IO thread.
266  virtual bool AllowGetCookie(const GURL& url,
267                              const GURL& first_party,
268                              const net::CookieList& cookie_list,
269                              ResourceContext* context,
270                              int render_process_id,
271                              int render_view_id);
272
273  // Allow the embedder to control if the given cookie can be set.
274  // This is called on the IO thread.
275  virtual bool AllowSetCookie(const GURL& url,
276                              const GURL& first_party,
277                              const std::string& cookie_line,
278                              ResourceContext* context,
279                              int render_process_id,
280                              int render_view_id,
281                              net::CookieOptions* options);
282
283  // This is called on the IO thread.
284  virtual bool AllowSaveLocalState(ResourceContext* context);
285
286  // Allow the embedder to control if access to web database by a shared worker
287  // is allowed. |render_views| is a vector of pairs of
288  // RenderProcessID/RenderViewID of RenderViews that are using this worker.
289  // This is called on the IO thread.
290  virtual bool AllowWorkerDatabase(
291      const GURL& url,
292      const string16& name,
293      const string16& display_name,
294      unsigned long estimated_size,
295      ResourceContext* context,
296      const std::vector<std::pair<int, int> >& render_views);
297
298  // Allow the embedder to control if access to file system by a shared worker
299  // is allowed.
300  // This is called on the IO thread.
301  virtual bool AllowWorkerFileSystem(
302      const GURL& url,
303      ResourceContext* context,
304      const std::vector<std::pair<int, int> >& render_views);
305
306  // Allow the embedder to control if access to IndexedDB by a shared worker
307  // is allowed.
308  // This is called on the IO thread.
309  virtual bool AllowWorkerIndexedDB(
310      const GURL& url,
311      const string16& name,
312      ResourceContext* context,
313      const std::vector<std::pair<int, int> >& render_views);
314
315  // Allow the embedder to override the request context based on the URL for
316  // certain operations, like cookie access. Returns NULL to indicate the
317  // regular request context should be used.
318  // This is called on the IO thread.
319  virtual net::URLRequestContext* OverrideRequestContextForURL(
320      const GURL& url, ResourceContext* context);
321
322  // Allow the embedder to specify a string version of the storage partition
323  // config with a site.
324  virtual std::string GetStoragePartitionIdForSite(
325      content::BrowserContext* browser_context,
326      const GURL& site);
327
328  // Allows the embedder to provide a validation check for |partition_id|s.
329  // This domain of valid entries should match the range of outputs for
330  // GetStoragePartitionIdForChildProcess().
331  virtual bool IsValidStoragePartitionId(BrowserContext* browser_context,
332                                         const std::string& partition_id);
333
334  // Allows the embedder to provide a storage parititon configuration for a
335  // site. A storage partition configuration includes a domain of the embedder's
336  // choice, an optional name within that domain, and whether the partition is
337  // in-memory only.
338  //
339  // If |can_be_default| is false, the caller is telling the embedder that the
340  // |site| is known to not be in the default partition. This is useful in
341  // some shutdown situations where the bookkeeping logic that maps sites to
342  // their partition configuration are no longer valid.
343  //
344  // The |partition_domain| is [a-z]* UTF-8 string, specifying the domain in
345  // which partitions live (similar to namespace). Within a domain, partitions
346  // can be uniquely identified by the combination of |partition_name| and
347  // |in_memory| values. When a partition is not to be persisted, the
348  // |in_memory| value must be set to true.
349  virtual void GetStoragePartitionConfigForSite(
350      content::BrowserContext* browser_context,
351      const GURL& site,
352      bool can_be_default,
353      std::string* partition_domain,
354      std::string* partition_name,
355      bool* in_memory);
356
357  // Create and return a new quota permission context.
358  virtual QuotaPermissionContext* CreateQuotaPermissionContext();
359
360  // Informs the embedder that a certificate error has occured.  If
361  // |overridable| is true and if |strict_enforcement| is false, the user
362  // can ignore the error and continue. The embedder can call the callback
363  // asynchronously. If |result| is not set to
364  // CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE, the request will be cancelled
365  // or denied immediately, and the callback won't be run.
366  virtual void AllowCertificateError(
367      int render_process_id,
368      int render_view_id,
369      int cert_error,
370      const net::SSLInfo& ssl_info,
371      const GURL& request_url,
372      ResourceType::Type resource_type,
373      bool overridable,
374      bool strict_enforcement,
375      const base::Callback<void(bool)>& callback,
376      CertificateRequestResultType* result) {}
377
378  // Selects a SSL client certificate and returns it to the |callback|. If no
379  // certificate was selected NULL is returned to the |callback|.
380  virtual void SelectClientCertificate(
381      int render_process_id,
382      int render_view_id,
383      const net::HttpNetworkSession* network_session,
384      net::SSLCertRequestInfo* cert_request_info,
385      const base::Callback<void(net::X509Certificate*)>& callback) {}
386
387  // Adds a new installable certificate or private key.
388  // Typically used to install an X.509 user certificate.
389  // Note that it's up to the embedder to verify that the data is
390  // well-formed. |cert_data| will be NULL if file_size is 0.
391  virtual void AddCertificate(
392      net::URLRequest* request,
393      net::CertificateMimeType cert_type,
394      const void* cert_data,
395      size_t cert_size,
396      int render_process_id,
397      int render_view_id) {}
398
399  // Returns a class to get notifications about media event. The embedder can
400  // return NULL if they're not interested.
401  virtual MediaObserver* GetMediaObserver();
402
403  // Asks permission to show desktop notifications.
404  virtual void RequestDesktopNotificationPermission(
405      const GURL& source_origin,
406      int callback_context,
407      int render_process_id,
408      int render_view_id) {}
409
410  // Checks if the given page has permission to show desktop notifications.
411  // This is called on the IO thread.
412  virtual WebKit::WebNotificationPresenter::Permission
413      CheckDesktopNotificationPermission(
414          const GURL& source_url,
415          ResourceContext* context,
416          int render_process_id);
417
418  // Show a desktop notification.  If |worker| is true, the request came from an
419  // HTML5 web worker, otherwise, it came from a renderer.
420  virtual void ShowDesktopNotification(
421      const ShowDesktopNotificationHostMsgParams& params,
422      int render_process_id,
423      int render_view_id,
424      bool worker) {}
425
426  // Cancels a displayed desktop notification.
427  virtual void CancelDesktopNotification(
428      int render_process_id,
429      int render_view_id,
430      int notification_id) {}
431
432  // Returns true if the given page is allowed to open a window of the given
433  // type. If true is returned, |no_javascript_access| will indicate whether
434  // the window that is created should be scriptable/in the same process.
435  // This is called on the IO thread.
436  virtual bool CanCreateWindow(
437      const GURL& opener_url,
438      const GURL& source_origin,
439      WindowContainerType container_type,
440      ResourceContext* context,
441      int render_process_id,
442      bool* no_javascript_access);
443
444  // Returns a title string to use in the task manager for a process host with
445  // the given URL, or the empty string to fall back to the default logic.
446  // This is called on the IO thread.
447  virtual std::string GetWorkerProcessTitle(const GURL& url,
448                                            ResourceContext* context);
449
450  // Notifies the embedder that the ResourceDispatcherHost has been created.
451  // This is when it can optionally add a delegate.
452  virtual void ResourceDispatcherHostCreated() {}
453
454  // Allows the embedder to return a delegate for the SpeechRecognitionManager.
455  // The delegate will be owned by the manager. It's valid to return NULL.
456  virtual SpeechRecognitionManagerDelegate*
457      GetSpeechRecognitionManagerDelegate();
458
459  // Getters for common objects.
460  virtual net::NetLog* GetNetLog();
461
462  // Creates a new AccessTokenStore for gelocation.
463  virtual AccessTokenStore* CreateAccessTokenStore();
464
465  // Returns true if fast shutdown is possible.
466  virtual bool IsFastShutdownPossible();
467
468  // Called by WebContents to override the WebKit preferences that are used by
469  // the renderer. The content layer will add its own settings, and then it's up
470  // to the embedder to update it if it wants.
471  virtual void OverrideWebkitPrefs(RenderViewHost* render_view_host,
472                                   const GURL& url,
473                                   WebPreferences* prefs) {}
474
475  // Inspector setting was changed and should be persisted.
476  virtual void UpdateInspectorSetting(RenderViewHost* rvh,
477                                      const std::string& key,
478                                      const std::string& value) {}
479
480  // Notifies that BrowserURLHandler has been created, so that the embedder can
481  // optionally add their own handlers.
482  virtual void BrowserURLHandlerCreated(BrowserURLHandler* handler) {}
483
484  // Clears browser cache.
485  virtual void ClearCache(RenderViewHost* rvh) {}
486
487  // Clears browser cookies.
488  virtual void ClearCookies(RenderViewHost* rvh) {}
489
490  // Returns the default download directory.
491  // This can be called on any thread.
492  virtual base::FilePath GetDefaultDownloadDirectory();
493
494  // Returns the default filename used in downloads when we have no idea what
495  // else we should do with the file.
496  virtual std::string GetDefaultDownloadName();
497
498  // Notification that a pepper plugin has just been spawned. This allows the
499  // embedder to add filters onto the host to implement interfaces.
500  // This is called on the IO thread.
501  virtual void DidCreatePpapiPlugin(BrowserPpapiHost* browser_host) {}
502
503  // Gets the host for an external out-of-process plugin.
504  virtual content::BrowserPpapiHost* GetExternalBrowserPpapiHost(
505      int plugin_child_id);
506
507  // Returns true if the given browser_context and site_url support hosting
508  // BrowserPlugins.
509  virtual bool SupportsBrowserPlugin(BrowserContext* browser_context,
510                                     const GURL& site_url);
511
512  // Returns true if the socket operation specified by |params| is allowed
513  // from the given |browser_context| and |url|. |private_api| indicates whether
514  // this permission check is for the private Pepper socket API or the public
515  // one.
516  virtual bool AllowPepperSocketAPI(BrowserContext* browser_context,
517                                    const GURL& url,
518                                    bool private_api,
519                                    const SocketPermissionRequest& params);
520
521  // Returns the directory containing hyphenation dictionaries.
522  virtual base::FilePath GetHyphenDictionaryDirectory();
523
524  // Returns an implementation of a file selecition policy. Can return NULL.
525  virtual ui::SelectFilePolicy* CreateSelectFilePolicy(
526      WebContents* web_contents);
527
528  // Returns additional allowed scheme set which can access files in
529  // FileSystem API.
530  virtual void GetAdditionalAllowedSchemesForFileSystem(
531      std::vector<std::string>* additional_schemes) {}
532
533  // Returns additional MountPointProviders for FileSystem API.
534  virtual void GetAdditionalFileSystemMountPointProviders(
535      const base::FilePath& storage_partition_path,
536      ScopedVector<fileapi::FileSystemMountPointProvider>*
537          additional_providers) {}
538
539  // Allows an embedder to return its own LocationProvider implementation.
540  // Return NULL to use the default one for the platform to be created.
541  virtual LocationProvider* OverrideSystemLocationProvider();
542
543#if defined(OS_POSIX) && !defined(OS_MACOSX)
544  // Populates |mappings| with all files that need to be mapped before launching
545  // a child process.
546  virtual void GetAdditionalMappedFilesForChildProcess(
547      const CommandLine& command_line,
548      int child_process_id,
549      std::vector<FileDescriptorInfo>* mappings) {}
550#endif
551
552#if defined(OS_WIN)
553  // Returns the name of the dll that contains cursors and other resources.
554  virtual const wchar_t* GetResourceDllName();
555
556  // This is called on the PROCESS_LAUNCHER thread before the renderer process
557  // is launched. It gives the embedder a chance to add loosen the sandbox
558  // policy.
559  virtual void PreSpawnRenderer(sandbox::TargetPolicy* policy,
560                                bool* success) {}
561#endif
562
563#if defined(USE_NSS)
564  // Return a delegate to authenticate and unlock |module|.
565  // This is called on a worker thread.
566  virtual
567      crypto::CryptoModuleBlockingPasswordDelegate* GetCryptoPasswordDelegate(
568          const GURL& url);
569#endif
570};
571
572}  // namespace content
573
574#endif  // CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_
575