content_browser_client.h revision 868fa2fe829687343ffae624259930155e16dbd8
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_ 6#define CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_ 7 8#include <map> 9#include <string> 10#include <utility> 11#include <vector> 12 13#include "base/callback_forward.h" 14#include "base/memory/linked_ptr.h" 15#include "base/memory/scoped_ptr.h" 16#include "base/memory/scoped_vector.h" 17#include "content/public/browser/certificate_request_result_type.h" 18#include "content/public/browser/file_descriptor_info.h" 19#include "content/public/common/content_client.h" 20#include "content/public/common/socket_permission_request.h" 21#include "content/public/common/window_container_type.h" 22#include "net/base/mime_util.h" 23#include "net/cookies/canonical_cookie.h" 24#include "net/url_request/url_request_job_factory.h" 25#include "third_party/WebKit/Source/WebKit/chromium/public/WebNotificationPresenter.h" 26#include "webkit/glue/resource_type.h" 27 28#if defined(OS_POSIX) && !defined(OS_MACOSX) 29#include "base/posix/global_descriptors.h" 30#endif 31 32class CommandLine; 33class GURL; 34struct WebPreferences; 35 36namespace base { 37class FilePath; 38} 39namespace crypto { 40class CryptoModuleBlockingPasswordDelegate; 41} 42 43namespace gfx { 44class ImageSkia; 45} 46 47namespace net { 48class CookieOptions; 49class HttpNetworkSession; 50class NetLog; 51class SSLCertRequestInfo; 52class SSLInfo; 53class URLRequest; 54class URLRequestContext; 55class URLRequestContextGetter; 56class X509Certificate; 57} 58 59namespace sandbox { 60class TargetPolicy; 61} 62 63namespace ui { 64class SelectFilePolicy; 65} 66 67namespace fileapi { 68class FileSystemMountPointProvider; 69} 70 71namespace content { 72 73class AccessTokenStore; 74class BrowserChildProcessHost; 75class BrowserContext; 76class BrowserMainParts; 77class BrowserPpapiHost; 78class BrowserURLHandler; 79class MediaObserver; 80class QuotaPermissionContext; 81class RenderProcessHost; 82class RenderViewHost; 83class RenderViewHostDelegateView; 84class ResourceContext; 85class SiteInstance; 86class SpeechRecognitionManagerDelegate; 87class WebContents; 88class WebContentsViewDelegate; 89class WebContentsViewPort; 90struct MainFunctionParams; 91struct ShowDesktopNotificationHostMsgParams; 92 93// A mapping from the scheme name to the protocol handler that services its 94// content. 95typedef std::map< 96 std::string, linked_ptr<net::URLRequestJobFactory::ProtocolHandler> > 97 ProtocolHandlerMap; 98 99// Embedder API (or SPI) for participating in browser logic, to be implemented 100// by the client of the content browser. See ChromeContentBrowserClient for the 101// principal implementation. The methods are assumed to be called on the UI 102// thread unless otherwise specified. Use this "escape hatch" sparingly, to 103// avoid the embedder interface ballooning and becoming very specific to Chrome. 104// (Often, the call out to the client can happen in a different part of the code 105// that either already has a hook out to the embedder, or calls out to one of 106// the observer interfaces.) 107class CONTENT_EXPORT ContentBrowserClient { 108 public: 109 virtual ~ContentBrowserClient() {} 110 111 // Allows the embedder to set any number of custom BrowserMainParts 112 // implementations for the browser startup code. See comments in 113 // browser_main_parts.h. 114 virtual BrowserMainParts* CreateBrowserMainParts( 115 const MainFunctionParams& parameters); 116 117 // Allows an embedder to return their own WebContentsViewPort implementation. 118 // Return NULL to let the default one for the platform be created. Otherwise 119 // |render_view_host_delegate_view| also needs to be provided, and it is 120 // owned by the embedder. 121 virtual WebContentsViewPort* OverrideCreateWebContentsView( 122 WebContents* web_contents, 123 RenderViewHostDelegateView** render_view_host_delegate_view); 124 125 // If content creates the WebContentsView implementation, it will ask the 126 // embedder to return an (optional) delegate to customize it. The view will 127 // own the delegate. 128 virtual WebContentsViewDelegate* GetWebContentsViewDelegate( 129 WebContents* web_contents); 130 131 // Notifies that a guest WebContents has been attached to a BrowserPlugin. 132 // A guest is attached to a BrowserPlugin when the guest has acquired an 133 // embedder WebContents. This happens on initial navigation or when a new 134 // window is attached to a BrowserPlugin. 135 virtual void GuestWebContentsAttached(WebContents* guest_web_contents, 136 WebContents* embedder_web_contents, 137 int browser_plugin_instance_id) {} 138 139 // Notifies that a RenderProcessHost has been created. This is called before 140 // the content layer adds its own BrowserMessageFilters, so that the 141 // embedder's IPC filters have priority. 142 virtual void RenderProcessHostCreated(RenderProcessHost* host) {} 143 144 // Notifies that a BrowserChildProcessHost has been created. 145 virtual void BrowserChildProcessHostCreated(BrowserChildProcessHost* host) {} 146 147 // Determines whether a navigation from |current_instance| to |url| would be a 148 // valid entry point to a "privileged site," based on whether it 149 // |is_renderer_initiated|. A privileged site requires careful process 150 // isolation to ensure its privileges do not leak, and it can only be entered 151 // via known navigation paths. 152 // 153 // If this is a valid entry to a privileged site, this function should rewrite 154 // the origin of |url| with a non-http(s) origin that represents the 155 // privileged site. This will distinguish the resulting SiteInstance from 156 // other SiteInstances in the process model. 157 virtual GURL GetPossiblyPrivilegedURL( 158 content::BrowserContext* browser_context, 159 const GURL& url, 160 bool is_renderer_initiated, 161 SiteInstance* current_instance); 162 163 // Get the effective URL for the given actual URL, to allow an embedder to 164 // group different url schemes in the same SiteInstance. 165 virtual GURL GetEffectiveURL(BrowserContext* browser_context, 166 const GURL& url); 167 168 // Returns whether all instances of the specified effective URL should be 169 // rendered by the same process, rather than using process-per-site-instance. 170 virtual bool ShouldUseProcessPerSite(BrowserContext* browser_context, 171 const GURL& effective_url); 172 173 // Returns a list additional WebUI schemes, if any. These additional schemes 174 // act as aliases to the chrome: scheme. The additional schemes may or may 175 // not serve specific WebUI pages depending on the particular URLDataSource 176 // and its override of URLDataSource::ShouldServiceRequest. 177 virtual void GetAdditionalWebUISchemes( 178 std::vector<std::string>* additional_schemes) {} 179 180 // Creates the main net::URLRequestContextGetter. Should only be called once 181 // per ContentBrowserClient object. 182 // TODO(ajwong): Remove once http://crbug.com/159193 is resolved. 183 virtual net::URLRequestContextGetter* CreateRequestContext( 184 BrowserContext* browser_context, 185 ProtocolHandlerMap* protocol_handlers); 186 187 // Creates the net::URLRequestContextGetter for a StoragePartition. Should 188 // only be called once per partition_path per ContentBrowserClient object. 189 // TODO(ajwong): Remove once http://crbug.com/159193 is resolved. 190 virtual net::URLRequestContextGetter* CreateRequestContextForStoragePartition( 191 BrowserContext* browser_context, 192 const base::FilePath& partition_path, 193 bool in_memory, 194 ProtocolHandlerMap* protocol_handlers); 195 196 // Returns whether a specified URL is handled by the embedder's internal 197 // protocol handlers. 198 virtual bool IsHandledURL(const GURL& url); 199 200 // Returns whether the given process is allowed to commit |url|. This is a 201 // more conservative check than IsSuitableHost, since it is used after a 202 // navigation has committed to ensure that the process did not exceed its 203 // authority. 204 virtual bool CanCommitURL(RenderProcessHost* process_host, const GURL& url); 205 206 // Returns whether a new view for a given |site_url| can be launched in a 207 // given |process_host|. 208 virtual bool IsSuitableHost(RenderProcessHost* process_host, 209 const GURL& site_url); 210 211 // Returns whether a new process should be created or an existing one should 212 // be reused based on the URL we want to load. This should return false, 213 // unless there is a good reason otherwise. 214 virtual bool ShouldTryToUseExistingProcessHost( 215 BrowserContext* browser_context, const GURL& url); 216 217 // Called when a site instance is first associated with a process. 218 virtual void SiteInstanceGotProcess(SiteInstance* site_instance) {} 219 220 // Called from a site instance's destructor. 221 virtual void SiteInstanceDeleting(SiteInstance* site_instance) {} 222 223 // Returns true if for the navigation from |current_url| to |new_url| 224 // in |site_instance|, the process should be swapped (even if we are in a 225 // process model that doesn't usually swap). 226 virtual bool ShouldSwapProcessesForNavigation(SiteInstance* site_instance, 227 const GURL& current_url, 228 const GURL& new_url); 229 230 // Returns true if the given navigation redirect should cause a renderer 231 // process swap. 232 // This is called on the IO thread. 233 virtual bool ShouldSwapProcessesForRedirect(ResourceContext* resource_context, 234 const GURL& current_url, 235 const GURL& new_url); 236 237 // See CharacterEncoding's comment. 238 virtual std::string GetCanonicalEncodingNameByAliasName( 239 const std::string& alias_name); 240 241 // Allows the embedder to pass extra command line flags. 242 // switches::kProcessType will already be set at this point. 243 virtual void AppendExtraCommandLineSwitches(CommandLine* command_line, 244 int child_process_id) {} 245 246 // Returns the locale used by the application. 247 // This is called on the UI and IO threads. 248 virtual std::string GetApplicationLocale(); 249 250 // Returns the languages used in the Accept-Languages HTTP header. 251 // (Not called GetAcceptLanguages so it doesn't clash with win32). 252 virtual std::string GetAcceptLangs(BrowserContext* context); 253 254 // Returns the default favicon. The callee doesn't own the given bitmap. 255 virtual gfx::ImageSkia* GetDefaultFavicon(); 256 257 // Allow the embedder to control if an AppCache can be used for the given url. 258 // This is called on the IO thread. 259 virtual bool AllowAppCache(const GURL& manifest_url, 260 const GURL& first_party, 261 ResourceContext* context); 262 263 // Allow the embedder to control if the given cookie can be read. 264 // This is called on the IO thread. 265 virtual bool AllowGetCookie(const GURL& url, 266 const GURL& first_party, 267 const net::CookieList& cookie_list, 268 ResourceContext* context, 269 int render_process_id, 270 int render_view_id); 271 272 // Allow the embedder to control if the given cookie can be set. 273 // This is called on the IO thread. 274 virtual bool AllowSetCookie(const GURL& url, 275 const GURL& first_party, 276 const std::string& cookie_line, 277 ResourceContext* context, 278 int render_process_id, 279 int render_view_id, 280 net::CookieOptions* options); 281 282 // This is called on the IO thread. 283 virtual bool AllowSaveLocalState(ResourceContext* context); 284 285 // Allow the embedder to control if access to web database by a shared worker 286 // is allowed. |render_views| is a vector of pairs of 287 // RenderProcessID/RenderViewID of RenderViews that are using this worker. 288 // This is called on the IO thread. 289 virtual bool AllowWorkerDatabase( 290 const GURL& url, 291 const string16& name, 292 const string16& display_name, 293 unsigned long estimated_size, 294 ResourceContext* context, 295 const std::vector<std::pair<int, int> >& render_views); 296 297 // Allow the embedder to control if access to file system by a shared worker 298 // is allowed. 299 // This is called on the IO thread. 300 virtual bool AllowWorkerFileSystem( 301 const GURL& url, 302 ResourceContext* context, 303 const std::vector<std::pair<int, int> >& render_views); 304 305 // Allow the embedder to control if access to IndexedDB by a shared worker 306 // is allowed. 307 // This is called on the IO thread. 308 virtual bool AllowWorkerIndexedDB( 309 const GURL& url, 310 const string16& name, 311 ResourceContext* context, 312 const std::vector<std::pair<int, int> >& render_views); 313 314 // Allow the embedder to override the request context based on the URL for 315 // certain operations, like cookie access. Returns NULL to indicate the 316 // regular request context should be used. 317 // This is called on the IO thread. 318 virtual net::URLRequestContext* OverrideRequestContextForURL( 319 const GURL& url, ResourceContext* context); 320 321 // Allow the embedder to specify a string version of the storage partition 322 // config with a site. 323 virtual std::string GetStoragePartitionIdForSite( 324 content::BrowserContext* browser_context, 325 const GURL& site); 326 327 // Allows the embedder to provide a validation check for |partition_id|s. 328 // This domain of valid entries should match the range of outputs for 329 // GetStoragePartitionIdForChildProcess(). 330 virtual bool IsValidStoragePartitionId(BrowserContext* browser_context, 331 const std::string& partition_id); 332 333 // Allows the embedder to provide a storage parititon configuration for a 334 // site. A storage partition configuration includes a domain of the embedder's 335 // choice, an optional name within that domain, and whether the partition is 336 // in-memory only. 337 // 338 // If |can_be_default| is false, the caller is telling the embedder that the 339 // |site| is known to not be in the default partition. This is useful in 340 // some shutdown situations where the bookkeeping logic that maps sites to 341 // their partition configuration are no longer valid. 342 // 343 // The |partition_domain| is [a-z]* UTF-8 string, specifying the domain in 344 // which partitions live (similar to namespace). Within a domain, partitions 345 // can be uniquely identified by the combination of |partition_name| and 346 // |in_memory| values. When a partition is not to be persisted, the 347 // |in_memory| value must be set to true. 348 virtual void GetStoragePartitionConfigForSite( 349 content::BrowserContext* browser_context, 350 const GURL& site, 351 bool can_be_default, 352 std::string* partition_domain, 353 std::string* partition_name, 354 bool* in_memory); 355 356 // Create and return a new quota permission context. 357 virtual QuotaPermissionContext* CreateQuotaPermissionContext(); 358 359 // Informs the embedder that a certificate error has occured. If 360 // |overridable| is true and if |strict_enforcement| is false, the user 361 // can ignore the error and continue. The embedder can call the callback 362 // asynchronously. If |result| is not set to 363 // CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE, the request will be cancelled 364 // or denied immediately, and the callback won't be run. 365 virtual void AllowCertificateError( 366 int render_process_id, 367 int render_view_id, 368 int cert_error, 369 const net::SSLInfo& ssl_info, 370 const GURL& request_url, 371 ResourceType::Type resource_type, 372 bool overridable, 373 bool strict_enforcement, 374 const base::Callback<void(bool)>& callback, 375 CertificateRequestResultType* result) {} 376 377 // Selects a SSL client certificate and returns it to the |callback|. If no 378 // certificate was selected NULL is returned to the |callback|. 379 virtual void SelectClientCertificate( 380 int render_process_id, 381 int render_view_id, 382 const net::HttpNetworkSession* network_session, 383 net::SSLCertRequestInfo* cert_request_info, 384 const base::Callback<void(net::X509Certificate*)>& callback) {} 385 386 // Adds a new installable certificate or private key. 387 // Typically used to install an X.509 user certificate. 388 // Note that it's up to the embedder to verify that the data is 389 // well-formed. |cert_data| will be NULL if file_size is 0. 390 virtual void AddCertificate( 391 net::URLRequest* request, 392 net::CertificateMimeType cert_type, 393 const void* cert_data, 394 size_t cert_size, 395 int render_process_id, 396 int render_view_id) {} 397 398 // Returns a class to get notifications about media event. The embedder can 399 // return NULL if they're not interested. 400 virtual MediaObserver* GetMediaObserver(); 401 402 // Asks permission to show desktop notifications. 403 virtual void RequestDesktopNotificationPermission( 404 const GURL& source_origin, 405 int callback_context, 406 int render_process_id, 407 int render_view_id) {} 408 409 // Checks if the given page has permission to show desktop notifications. 410 // This is called on the IO thread. 411 virtual WebKit::WebNotificationPresenter::Permission 412 CheckDesktopNotificationPermission( 413 const GURL& source_url, 414 ResourceContext* context, 415 int render_process_id); 416 417 // Show a desktop notification. If |worker| is true, the request came from an 418 // HTML5 web worker, otherwise, it came from a renderer. 419 virtual void ShowDesktopNotification( 420 const ShowDesktopNotificationHostMsgParams& params, 421 int render_process_id, 422 int render_view_id, 423 bool worker) {} 424 425 // Cancels a displayed desktop notification. 426 virtual void CancelDesktopNotification( 427 int render_process_id, 428 int render_view_id, 429 int notification_id) {} 430 431 // Returns true if the given page is allowed to open a window of the given 432 // type. If true is returned, |no_javascript_access| will indicate whether 433 // the window that is created should be scriptable/in the same process. 434 // This is called on the IO thread. 435 virtual bool CanCreateWindow( 436 const GURL& opener_url, 437 const GURL& source_origin, 438 WindowContainerType container_type, 439 ResourceContext* context, 440 int render_process_id, 441 bool* no_javascript_access); 442 443 // Returns a title string to use in the task manager for a process host with 444 // the given URL, or the empty string to fall back to the default logic. 445 // This is called on the IO thread. 446 virtual std::string GetWorkerProcessTitle(const GURL& url, 447 ResourceContext* context); 448 449 // Notifies the embedder that the ResourceDispatcherHost has been created. 450 // This is when it can optionally add a delegate. 451 virtual void ResourceDispatcherHostCreated() {} 452 453 // Allows the embedder to return a delegate for the SpeechRecognitionManager. 454 // The delegate will be owned by the manager. It's valid to return NULL. 455 virtual SpeechRecognitionManagerDelegate* 456 GetSpeechRecognitionManagerDelegate(); 457 458 // Getters for common objects. 459 virtual net::NetLog* GetNetLog(); 460 461 // Creates a new AccessTokenStore for gelocation. 462 virtual AccessTokenStore* CreateAccessTokenStore(); 463 464 // Returns true if fast shutdown is possible. 465 virtual bool IsFastShutdownPossible(); 466 467 // Called by WebContents to override the WebKit preferences that are used by 468 // the renderer. The content layer will add its own settings, and then it's up 469 // to the embedder to update it if it wants. 470 virtual void OverrideWebkitPrefs(RenderViewHost* render_view_host, 471 const GURL& url, 472 WebPreferences* prefs) {} 473 474 // Inspector setting was changed and should be persisted. 475 virtual void UpdateInspectorSetting(RenderViewHost* rvh, 476 const std::string& key, 477 const std::string& value) {} 478 479 // Notifies that BrowserURLHandler has been created, so that the embedder can 480 // optionally add their own handlers. 481 virtual void BrowserURLHandlerCreated(BrowserURLHandler* handler) {} 482 483 // Clears browser cache. 484 virtual void ClearCache(RenderViewHost* rvh) {} 485 486 // Clears browser cookies. 487 virtual void ClearCookies(RenderViewHost* rvh) {} 488 489 // Returns the default download directory. 490 // This can be called on any thread. 491 virtual base::FilePath GetDefaultDownloadDirectory(); 492 493 // Returns the default filename used in downloads when we have no idea what 494 // else we should do with the file. 495 virtual std::string GetDefaultDownloadName(); 496 497 // Notification that a pepper plugin has just been spawned. This allows the 498 // embedder to add filters onto the host to implement interfaces. 499 // This is called on the IO thread. 500 virtual void DidCreatePpapiPlugin(BrowserPpapiHost* browser_host) {} 501 502 // Gets the host for an external out-of-process plugin. 503 virtual content::BrowserPpapiHost* GetExternalBrowserPpapiHost( 504 int plugin_child_id); 505 506 // Returns true if the given browser_context and site_url support hosting 507 // BrowserPlugins. 508 virtual bool SupportsBrowserPlugin(BrowserContext* browser_context, 509 const GURL& site_url); 510 511 // Returns true if renderer processes can use Pepper TCP/UDP sockets from 512 // the given origin and connection type. 513 virtual bool AllowPepperSocketAPI(BrowserContext* browser_context, 514 const GURL& url, 515 const SocketPermissionRequest& params); 516 517 // Returns the directory containing hyphenation dictionaries. 518 virtual base::FilePath GetHyphenDictionaryDirectory(); 519 520 // Returns an implementation of a file selecition policy. Can return NULL. 521 virtual ui::SelectFilePolicy* CreateSelectFilePolicy( 522 WebContents* web_contents); 523 524 // Returns additional allowed scheme set which can access files in 525 // FileSystem API. 526 virtual void GetAdditionalAllowedSchemesForFileSystem( 527 std::vector<std::string>* additional_schemes) {} 528 529 // Returns additional MountPointProviders for FileSystem API. 530 virtual void GetAdditionalFileSystemMountPointProviders( 531 const base::FilePath& storage_partition_path, 532 ScopedVector<fileapi::FileSystemMountPointProvider>* 533 additional_providers) {} 534 535#if defined(OS_POSIX) && !defined(OS_MACOSX) 536 // Populates |mappings| with all files that need to be mapped before launching 537 // a child process. 538 virtual void GetAdditionalMappedFilesForChildProcess( 539 const CommandLine& command_line, 540 int child_process_id, 541 std::vector<FileDescriptorInfo>* mappings) {} 542#endif 543 544#if defined(OS_WIN) 545 // Returns the name of the dll that contains cursors and other resources. 546 virtual const wchar_t* GetResourceDllName(); 547 548 // This is called on the PROCESS_LAUNCHER thread before the renderer process 549 // is launched. It gives the embedder a chance to add loosen the sandbox 550 // policy. 551 virtual void PreSpawnRenderer(sandbox::TargetPolicy* policy, 552 bool* success) {} 553#endif 554 555#if defined(USE_NSS) 556 // Return a delegate to authenticate and unlock |module|. 557 // This is called on a worker thread. 558 virtual 559 crypto::CryptoModuleBlockingPasswordDelegate* GetCryptoPasswordDelegate( 560 const GURL& url); 561#endif 562}; 563 564} // namespace content 565 566#endif // CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_ 567