content_browser_client.h revision 868fa2fe829687343ffae624259930155e16dbd8 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_
6#define CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_
7
8#include <map>
9#include <string>
10#include <utility>
11#include <vector>
12
13#include "base/callback_forward.h"
14#include "base/memory/linked_ptr.h"
15#include "base/memory/scoped_ptr.h"
16#include "base/memory/scoped_vector.h"
17#include "content/public/browser/certificate_request_result_type.h"
18#include "content/public/browser/file_descriptor_info.h"
19#include "content/public/common/content_client.h"
20#include "content/public/common/socket_permission_request.h"
21#include "content/public/common/window_container_type.h"
22#include "net/base/mime_util.h"
23#include "net/cookies/canonical_cookie.h"
24#include "net/url_request/url_request_job_factory.h"
25#include "third_party/WebKit/Source/WebKit/chromium/public/WebNotificationPresenter.h"
26#include "webkit/glue/resource_type.h"
27
28#if defined(OS_POSIX) && !defined(OS_MACOSX)
29#include "base/posix/global_descriptors.h"
30#endif
31
32class CommandLine;
33class GURL;
34struct WebPreferences;
35
36namespace base {
37class FilePath;
38}
39namespace crypto {
40class CryptoModuleBlockingPasswordDelegate;
41}
42
43namespace gfx {
44class ImageSkia;
45}
46
47namespace net {
48class CookieOptions;
49class HttpNetworkSession;
50class NetLog;
51class SSLCertRequestInfo;
52class SSLInfo;
53class URLRequest;
54class URLRequestContext;
55class URLRequestContextGetter;
56class X509Certificate;
57}
58
59namespace sandbox {
60class TargetPolicy;
61}
62
63namespace ui {
64class SelectFilePolicy;
65}
66
67namespace fileapi {
68class FileSystemMountPointProvider;
69}
70
71namespace content {
72
73class AccessTokenStore;
74class BrowserChildProcessHost;
75class BrowserContext;
76class BrowserMainParts;
77class BrowserPpapiHost;
78class BrowserURLHandler;
79class MediaObserver;
80class QuotaPermissionContext;
81class RenderProcessHost;
82class RenderViewHost;
83class RenderViewHostDelegateView;
84class ResourceContext;
85class SiteInstance;
86class SpeechRecognitionManagerDelegate;
87class WebContents;
88class WebContentsViewDelegate;
89class WebContentsViewPort;
90struct MainFunctionParams;
91struct ShowDesktopNotificationHostMsgParams;
92
93// A mapping from the scheme name to the protocol handler that services its
94// content.
95typedef std::map<
96  std::string, linked_ptr<net::URLRequestJobFactory::ProtocolHandler> >
97    ProtocolHandlerMap;
98
99// Embedder API (or SPI) for participating in browser logic, to be implemented
100// by the client of the content browser. See ChromeContentBrowserClient for the
101// principal implementation. The methods are assumed to be called on the UI
102// thread unless otherwise specified. Use this "escape hatch" sparingly, to
103// avoid the embedder interface ballooning and becoming very specific to Chrome.
104// (Often, the call out to the client can happen in a different part of the code
105// that either already has a hook out to the embedder, or calls out to one of
106// the observer interfaces.)
107class CONTENT_EXPORT ContentBrowserClient {
108 public:
109  virtual ~ContentBrowserClient() {}
110
111  // Allows the embedder to set any number of custom BrowserMainParts
112  // implementations for the browser startup code. See comments in
113  // browser_main_parts.h.
114  virtual BrowserMainParts* CreateBrowserMainParts(
115      const MainFunctionParams& parameters);
116
117  // Allows an embedder to return their own WebContentsViewPort implementation.
118  // Return NULL to let the default one for the platform be created. Otherwise
119  // |render_view_host_delegate_view| also needs to be provided, and it is
120  // owned by the embedder.
121  virtual WebContentsViewPort* OverrideCreateWebContentsView(
122      WebContents* web_contents,
123      RenderViewHostDelegateView** render_view_host_delegate_view);
124
125  // If content creates the WebContentsView implementation, it will ask the
126  // embedder to return an (optional) delegate to customize it. The view will
127  // own the delegate.
128  virtual WebContentsViewDelegate* GetWebContentsViewDelegate(
129      WebContents* web_contents);
130
131  // Notifies that a guest WebContents has been attached to a BrowserPlugin.
132  // A guest is attached to a BrowserPlugin when the guest has acquired an
133  // embedder WebContents. This happens on initial navigation or when a new
134  // window is attached to a BrowserPlugin.
135  virtual void GuestWebContentsAttached(WebContents* guest_web_contents,
136                                        WebContents* embedder_web_contents,
137                                        int browser_plugin_instance_id) {}
138
139  // Notifies that a RenderProcessHost has been created. This is called before
140  // the content layer adds its own BrowserMessageFilters, so that the
141  // embedder's IPC filters have priority.
142  virtual void RenderProcessHostCreated(RenderProcessHost* host) {}
143
144  // Notifies that a BrowserChildProcessHost has been created.
145  virtual void BrowserChildProcessHostCreated(BrowserChildProcessHost* host) {}
146
147  // Determines whether a navigation from |current_instance| to |url| would be a
148  // valid entry point to a "privileged site," based on whether it
149  // |is_renderer_initiated|. A privileged site requires careful process
150  // isolation to ensure its privileges do not leak, and it can only be entered
151  // via known navigation paths.
152  //
153  // If this is a valid entry to a privileged site, this function should rewrite
154  // the origin of |url| with a non-http(s) origin that represents the
155  // privileged site. This will distinguish the resulting SiteInstance from
156  // other SiteInstances in the process model.
157  virtual GURL GetPossiblyPrivilegedURL(
158      content::BrowserContext* browser_context,
159      const GURL& url,
160      bool is_renderer_initiated,
161      SiteInstance* current_instance);
162
163  // Get the effective URL for the given actual URL, to allow an embedder to
164  // group different url schemes in the same SiteInstance.
165  virtual GURL GetEffectiveURL(BrowserContext* browser_context,
166                               const GURL& url);
167
168  // Returns whether all instances of the specified effective URL should be
169  // rendered by the same process, rather than using process-per-site-instance.
170  virtual bool ShouldUseProcessPerSite(BrowserContext* browser_context,
171                                       const GURL& effective_url);
172
173  // Returns a list additional WebUI schemes, if any.  These additional schemes
174  // act as aliases to the chrome: scheme.  The additional schemes may or may
175  // not serve specific WebUI pages depending on the particular URLDataSource
176  // and its override of URLDataSource::ShouldServiceRequest.
177  virtual void GetAdditionalWebUISchemes(
178      std::vector<std::string>* additional_schemes) {}
179
180  // Creates the main net::URLRequestContextGetter. Should only be called once
181  // per ContentBrowserClient object.
182  // TODO(ajwong): Remove once http://crbug.com/159193 is resolved.
183  virtual net::URLRequestContextGetter* CreateRequestContext(
184      BrowserContext* browser_context,
185      ProtocolHandlerMap* protocol_handlers);
186
187  // Creates the net::URLRequestContextGetter for a StoragePartition. Should
188  // only be called once per partition_path per ContentBrowserClient object.
189  // TODO(ajwong): Remove once http://crbug.com/159193 is resolved.
190  virtual net::URLRequestContextGetter* CreateRequestContextForStoragePartition(
191      BrowserContext* browser_context,
192      const base::FilePath& partition_path,
193      bool in_memory,
194      ProtocolHandlerMap* protocol_handlers);
195
196  // Returns whether a specified URL is handled by the embedder's internal
197  // protocol handlers.
198  virtual bool IsHandledURL(const GURL& url);
199
200  // Returns whether the given process is allowed to commit |url|.  This is a
201  // more conservative check than IsSuitableHost, since it is used after a
202  // navigation has committed to ensure that the process did not exceed its
203  // authority.
204  virtual bool CanCommitURL(RenderProcessHost* process_host, const GURL& url);
205
206  // Returns whether a new view for a given |site_url| can be launched in a
207  // given |process_host|.
208  virtual bool IsSuitableHost(RenderProcessHost* process_host,
209                              const GURL& site_url);
210
211  // Returns whether a new process should be created or an existing one should
212  // be reused based on the URL we want to load. This should return false,
213  // unless there is a good reason otherwise.
214  virtual bool ShouldTryToUseExistingProcessHost(
215      BrowserContext* browser_context, const GURL& url);
216
217  // Called when a site instance is first associated with a process.
218  virtual void SiteInstanceGotProcess(SiteInstance* site_instance) {}
219
220  // Called from a site instance's destructor.
221  virtual void SiteInstanceDeleting(SiteInstance* site_instance) {}
222
223  // Returns true if for the navigation from |current_url| to |new_url|
224  // in |site_instance|, the process should be swapped (even if we are in a
225  // process model that doesn't usually swap).
226  virtual bool ShouldSwapProcessesForNavigation(SiteInstance* site_instance,
227                                                const GURL& current_url,
228                                                const GURL& new_url);
229
230  // Returns true if the given navigation redirect should cause a renderer
231  // process swap.
232  // This is called on the IO thread.
233  virtual bool ShouldSwapProcessesForRedirect(ResourceContext* resource_context,
234                                              const GURL& current_url,
235                                              const GURL& new_url);
236
237  // See CharacterEncoding's comment.
238  virtual std::string GetCanonicalEncodingNameByAliasName(
239      const std::string& alias_name);
240
241  // Allows the embedder to pass extra command line flags.
242  // switches::kProcessType will already be set at this point.
243  virtual void AppendExtraCommandLineSwitches(CommandLine* command_line,
244                                              int child_process_id) {}
245
246  // Returns the locale used by the application.
247  // This is called on the UI and IO threads.
248  virtual std::string GetApplicationLocale();
249
250  // Returns the languages used in the Accept-Languages HTTP header.
251  // (Not called GetAcceptLanguages so it doesn't clash with win32).
252  virtual std::string GetAcceptLangs(BrowserContext* context);
253
254  // Returns the default favicon.  The callee doesn't own the given bitmap.
255  virtual gfx::ImageSkia* GetDefaultFavicon();
256
257  // Allow the embedder to control if an AppCache can be used for the given url.
258  // This is called on the IO thread.
259  virtual bool AllowAppCache(const GURL& manifest_url,
260                             const GURL& first_party,
261                             ResourceContext* context);
262
263  // Allow the embedder to control if the given cookie can be read.
264  // This is called on the IO thread.
265  virtual bool AllowGetCookie(const GURL& url,
266                              const GURL& first_party,
267                              const net::CookieList& cookie_list,
268                              ResourceContext* context,
269                              int render_process_id,
270                              int render_view_id);
271
272  // Allow the embedder to control if the given cookie can be set.
273  // This is called on the IO thread.
274  virtual bool AllowSetCookie(const GURL& url,
275                              const GURL& first_party,
276                              const std::string& cookie_line,
277                              ResourceContext* context,
278                              int render_process_id,
279                              int render_view_id,
280                              net::CookieOptions* options);
281
282  // This is called on the IO thread.
283  virtual bool AllowSaveLocalState(ResourceContext* context);
284
285  // Allow the embedder to control if access to web database by a shared worker
286  // is allowed. |render_views| is a vector of pairs of
287  // RenderProcessID/RenderViewID of RenderViews that are using this worker.
288  // This is called on the IO thread.
289  virtual bool AllowWorkerDatabase(
290      const GURL& url,
291      const string16& name,
292      const string16& display_name,
293      unsigned long estimated_size,
294      ResourceContext* context,
295      const std::vector<std::pair<int, int> >& render_views);
296
297  // Allow the embedder to control if access to file system by a shared worker
298  // is allowed.
299  // This is called on the IO thread.
300  virtual bool AllowWorkerFileSystem(
301      const GURL& url,
302      ResourceContext* context,
303      const std::vector<std::pair<int, int> >& render_views);
304
305  // Allow the embedder to control if access to IndexedDB by a shared worker
306  // is allowed.
307  // This is called on the IO thread.
308  virtual bool AllowWorkerIndexedDB(
309      const GURL& url,
310      const string16& name,
311      ResourceContext* context,
312      const std::vector<std::pair<int, int> >& render_views);
313
314  // Allow the embedder to override the request context based on the URL for
315  // certain operations, like cookie access. Returns NULL to indicate the
316  // regular request context should be used.
317  // This is called on the IO thread.
318  virtual net::URLRequestContext* OverrideRequestContextForURL(
319      const GURL& url, ResourceContext* context);
320
321  // Allow the embedder to specify a string version of the storage partition
322  // config with a site.
323  virtual std::string GetStoragePartitionIdForSite(
324      content::BrowserContext* browser_context,
325      const GURL& site);
326
327  // Allows the embedder to provide a validation check for |partition_id|s.
328  // This domain of valid entries should match the range of outputs for
329  // GetStoragePartitionIdForChildProcess().
330  virtual bool IsValidStoragePartitionId(BrowserContext* browser_context,
331                                         const std::string& partition_id);
332
333  // Allows the embedder to provide a storage parititon configuration for a
334  // site. A storage partition configuration includes a domain of the embedder's
335  // choice, an optional name within that domain, and whether the partition is
336  // in-memory only.
337  //
338  // If |can_be_default| is false, the caller is telling the embedder that the
339  // |site| is known to not be in the default partition. This is useful in
340  // some shutdown situations where the bookkeeping logic that maps sites to
341  // their partition configuration are no longer valid.
342  //
343  // The |partition_domain| is [a-z]* UTF-8 string, specifying the domain in
344  // which partitions live (similar to namespace). Within a domain, partitions
345  // can be uniquely identified by the combination of |partition_name| and
346  // |in_memory| values. When a partition is not to be persisted, the
347  // |in_memory| value must be set to true.
348  virtual void GetStoragePartitionConfigForSite(
349      content::BrowserContext* browser_context,
350      const GURL& site,
351      bool can_be_default,
352      std::string* partition_domain,
353      std::string* partition_name,
354      bool* in_memory);
355
356  // Create and return a new quota permission context.
357  virtual QuotaPermissionContext* CreateQuotaPermissionContext();
358
359  // Informs the embedder that a certificate error has occured.  If
360  // |overridable| is true and if |strict_enforcement| is false, the user
361  // can ignore the error and continue. The embedder can call the callback
362  // asynchronously. If |result| is not set to
363  // CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE, the request will be cancelled
364  // or denied immediately, and the callback won't be run.
365  virtual void AllowCertificateError(
366      int render_process_id,
367      int render_view_id,
368      int cert_error,
369      const net::SSLInfo& ssl_info,
370      const GURL& request_url,
371      ResourceType::Type resource_type,
372      bool overridable,
373      bool strict_enforcement,
374      const base::Callback<void(bool)>& callback,
375      CertificateRequestResultType* result) {}
376
377  // Selects a SSL client certificate and returns it to the |callback|. If no
378  // certificate was selected NULL is returned to the |callback|.
379  virtual void SelectClientCertificate(
380      int render_process_id,
381      int render_view_id,
382      const net::HttpNetworkSession* network_session,
383      net::SSLCertRequestInfo* cert_request_info,
384      const base::Callback<void(net::X509Certificate*)>& callback) {}
385
386  // Adds a new installable certificate or private key.
387  // Typically used to install an X.509 user certificate.
388  // Note that it's up to the embedder to verify that the data is
389  // well-formed. |cert_data| will be NULL if file_size is 0.
390  virtual void AddCertificate(
391      net::URLRequest* request,
392      net::CertificateMimeType cert_type,
393      const void* cert_data,
394      size_t cert_size,
395      int render_process_id,
396      int render_view_id) {}
397
398  // Returns a class to get notifications about media event. The embedder can
399  // return NULL if they're not interested.
400  virtual MediaObserver* GetMediaObserver();
401
402  // Asks permission to show desktop notifications.
403  virtual void RequestDesktopNotificationPermission(
404      const GURL& source_origin,
405      int callback_context,
406      int render_process_id,
407      int render_view_id) {}
408
409  // Checks if the given page has permission to show desktop notifications.
410  // This is called on the IO thread.
411  virtual WebKit::WebNotificationPresenter::Permission
412      CheckDesktopNotificationPermission(
413          const GURL& source_url,
414          ResourceContext* context,
415          int render_process_id);
416
417  // Show a desktop notification.  If |worker| is true, the request came from an
418  // HTML5 web worker, otherwise, it came from a renderer.
419  virtual void ShowDesktopNotification(
420      const ShowDesktopNotificationHostMsgParams& params,
421      int render_process_id,
422      int render_view_id,
423      bool worker) {}
424
425  // Cancels a displayed desktop notification.
426  virtual void CancelDesktopNotification(
427      int render_process_id,
428      int render_view_id,
429      int notification_id) {}
430
431  // Returns true if the given page is allowed to open a window of the given
432  // type. If true is returned, |no_javascript_access| will indicate whether
433  // the window that is created should be scriptable/in the same process.
434  // This is called on the IO thread.
435  virtual bool CanCreateWindow(
436      const GURL& opener_url,
437      const GURL& source_origin,
438      WindowContainerType container_type,
439      ResourceContext* context,
440      int render_process_id,
441      bool* no_javascript_access);
442
443  // Returns a title string to use in the task manager for a process host with
444  // the given URL, or the empty string to fall back to the default logic.
445  // This is called on the IO thread.
446  virtual std::string GetWorkerProcessTitle(const GURL& url,
447                                            ResourceContext* context);
448
449  // Notifies the embedder that the ResourceDispatcherHost has been created.
450  // This is when it can optionally add a delegate.
451  virtual void ResourceDispatcherHostCreated() {}
452
453  // Allows the embedder to return a delegate for the SpeechRecognitionManager.
454  // The delegate will be owned by the manager. It's valid to return NULL.
455  virtual SpeechRecognitionManagerDelegate*
456      GetSpeechRecognitionManagerDelegate();
457
458  // Getters for common objects.
459  virtual net::NetLog* GetNetLog();
460
461  // Creates a new AccessTokenStore for gelocation.
462  virtual AccessTokenStore* CreateAccessTokenStore();
463
464  // Returns true if fast shutdown is possible.
465  virtual bool IsFastShutdownPossible();
466
467  // Called by WebContents to override the WebKit preferences that are used by
468  // the renderer. The content layer will add its own settings, and then it's up
469  // to the embedder to update it if it wants.
470  virtual void OverrideWebkitPrefs(RenderViewHost* render_view_host,
471                                   const GURL& url,
472                                   WebPreferences* prefs) {}
473
474  // Inspector setting was changed and should be persisted.
475  virtual void UpdateInspectorSetting(RenderViewHost* rvh,
476                                      const std::string& key,
477                                      const std::string& value) {}
478
479  // Notifies that BrowserURLHandler has been created, so that the embedder can
480  // optionally add their own handlers.
481  virtual void BrowserURLHandlerCreated(BrowserURLHandler* handler) {}
482
483  // Clears browser cache.
484  virtual void ClearCache(RenderViewHost* rvh) {}
485
486  // Clears browser cookies.
487  virtual void ClearCookies(RenderViewHost* rvh) {}
488
489  // Returns the default download directory.
490  // This can be called on any thread.
491  virtual base::FilePath GetDefaultDownloadDirectory();
492
493  // Returns the default filename used in downloads when we have no idea what
494  // else we should do with the file.
495  virtual std::string GetDefaultDownloadName();
496
497  // Notification that a pepper plugin has just been spawned. This allows the
498  // embedder to add filters onto the host to implement interfaces.
499  // This is called on the IO thread.
500  virtual void DidCreatePpapiPlugin(BrowserPpapiHost* browser_host) {}
501
502  // Gets the host for an external out-of-process plugin.
503  virtual content::BrowserPpapiHost* GetExternalBrowserPpapiHost(
504      int plugin_child_id);
505
506  // Returns true if the given browser_context and site_url support hosting
507  // BrowserPlugins.
508  virtual bool SupportsBrowserPlugin(BrowserContext* browser_context,
509                                     const GURL& site_url);
510
511  // Returns true if renderer processes can use Pepper TCP/UDP sockets from
512  // the given origin and connection type.
513  virtual bool AllowPepperSocketAPI(BrowserContext* browser_context,
514                                    const GURL& url,
515                                    const SocketPermissionRequest& params);
516
517  // Returns the directory containing hyphenation dictionaries.
518  virtual base::FilePath GetHyphenDictionaryDirectory();
519
520  // Returns an implementation of a file selecition policy. Can return NULL.
521  virtual ui::SelectFilePolicy* CreateSelectFilePolicy(
522      WebContents* web_contents);
523
524  // Returns additional allowed scheme set which can access files in
525  // FileSystem API.
526  virtual void GetAdditionalAllowedSchemesForFileSystem(
527      std::vector<std::string>* additional_schemes) {}
528
529  // Returns additional MountPointProviders for FileSystem API.
530  virtual void GetAdditionalFileSystemMountPointProviders(
531      const base::FilePath& storage_partition_path,
532      ScopedVector<fileapi::FileSystemMountPointProvider>*
533          additional_providers) {}
534
535#if defined(OS_POSIX) && !defined(OS_MACOSX)
536  // Populates |mappings| with all files that need to be mapped before launching
537  // a child process.
538  virtual void GetAdditionalMappedFilesForChildProcess(
539      const CommandLine& command_line,
540      int child_process_id,
541      std::vector<FileDescriptorInfo>* mappings) {}
542#endif
543
544#if defined(OS_WIN)
545  // Returns the name of the dll that contains cursors and other resources.
546  virtual const wchar_t* GetResourceDllName();
547
548  // This is called on the PROCESS_LAUNCHER thread before the renderer process
549  // is launched. It gives the embedder a chance to add loosen the sandbox
550  // policy.
551  virtual void PreSpawnRenderer(sandbox::TargetPolicy* policy,
552                                bool* success) {}
553#endif
554
555#if defined(USE_NSS)
556  // Return a delegate to authenticate and unlock |module|.
557  // This is called on a worker thread.
558  virtual
559      crypto::CryptoModuleBlockingPasswordDelegate* GetCryptoPasswordDelegate(
560          const GURL& url);
561#endif
562};
563
564}  // namespace content
565
566#endif  // CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_
567