content_browser_client.h revision a93a17c8d99d686bd4a1511e5504e5e6cc9fcadf 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_
6#define CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_
7
8#include <map>
9#include <string>
10#include <utility>
11#include <vector>
12
13#include "base/callback_forward.h"
14#include "base/memory/linked_ptr.h"
15#include "base/memory/scoped_ptr.h"
16#include "base/memory/scoped_vector.h"
17#include "content/public/browser/file_descriptor_info.h"
18#include "content/public/common/content_client.h"
19#include "content/public/common/socket_permission_request.h"
20#include "content/public/common/window_container_type.h"
21#include "net/base/mime_util.h"
22#include "net/cookies/canonical_cookie.h"
23#include "net/url_request/url_request_job_factory.h"
24#include "third_party/WebKit/Source/WebKit/chromium/public/WebNotificationPresenter.h"
25#include "webkit/glue/resource_type.h"
26
27#if defined(OS_POSIX) && !defined(OS_MACOSX)
28#include "base/posix/global_descriptors.h"
29#endif
30
31class CommandLine;
32class GURL;
33struct WebPreferences;
34
35namespace base {
36class FilePath;
37}
38namespace crypto {
39class CryptoModuleBlockingPasswordDelegate;
40}
41
42namespace gfx {
43class ImageSkia;
44}
45
46namespace net {
47class CookieOptions;
48class HttpNetworkSession;
49class NetLog;
50class SSLCertRequestInfo;
51class SSLInfo;
52class URLRequest;
53class URLRequestContext;
54class URLRequestContextGetter;
55class X509Certificate;
56}
57
58namespace sandbox {
59class TargetPolicy;
60}
61
62namespace ui {
63class SelectFilePolicy;
64}
65
66namespace fileapi {
67class FileSystemMountPointProvider;
68}
69
70namespace content {
71
72class AccessTokenStore;
73class BrowserChildProcessHost;
74class BrowserContext;
75class BrowserMainParts;
76class BrowserPpapiHost;
77class BrowserURLHandler;
78class MediaObserver;
79class QuotaPermissionContext;
80class RenderProcessHost;
81class RenderViewHost;
82class RenderViewHostDelegateView;
83class ResourceContext;
84class SiteInstance;
85class SpeechRecognitionManagerDelegate;
86class WebContents;
87class WebContentsViewDelegate;
88class WebContentsViewPort;
89struct MainFunctionParams;
90struct ShowDesktopNotificationHostMsgParams;
91
92// A mapping from the scheme name to the protocol handler that services its
93// content.
94typedef std::map<
95  std::string, linked_ptr<net::URLRequestJobFactory::ProtocolHandler> >
96    ProtocolHandlerMap;
97
98// Embedder API (or SPI) for participating in browser logic, to be implemented
99// by the client of the content browser. See ChromeContentBrowserClient for the
100// principal implementation. The methods are assumed to be called on the UI
101// thread unless otherwise specified. Use this "escape hatch" sparingly, to
102// avoid the embedder interface ballooning and becoming very specific to Chrome.
103// (Often, the call out to the client can happen in a different part of the code
104// that either already has a hook out to the embedder, or calls out to one of
105// the observer interfaces.)
106class CONTENT_EXPORT ContentBrowserClient {
107 public:
108  virtual ~ContentBrowserClient() {}
109
110  // Allows the embedder to set any number of custom BrowserMainParts
111  // implementations for the browser startup code. See comments in
112  // browser_main_parts.h.
113  virtual BrowserMainParts* CreateBrowserMainParts(
114      const MainFunctionParams& parameters);
115
116  // Allows an embedder to return their own WebContentsViewPort implementation.
117  // Return NULL to let the default one for the platform be created. Otherwise
118  // |render_view_host_delegate_view| also needs to be provided, and it is
119  // owned by the embedder.
120  virtual WebContentsViewPort* OverrideCreateWebContentsView(
121      WebContents* web_contents,
122      RenderViewHostDelegateView** render_view_host_delegate_view);
123
124  // If content creates the WebContentsView implementation, it will ask the
125  // embedder to return an (optional) delegate to customize it. The view will
126  // own the delegate.
127  virtual WebContentsViewDelegate* GetWebContentsViewDelegate(
128      WebContents* web_contents);
129
130  // Notifies that a <webview> guest WebContents has been created.
131  virtual void GuestWebContentsCreated(WebContents* guest_web_contents,
132                                       WebContents* embedder_web_contents) {}
133
134  // Notifies that a RenderProcessHost has been created. This is called before
135  // the content layer adds its own BrowserMessageFilters, so that the
136  // embedder's IPC filters have priority.
137  virtual void RenderProcessHostCreated(RenderProcessHost* host) {}
138
139  // Notifies that a BrowserChildProcessHost has been created.
140  virtual void BrowserChildProcessHostCreated(BrowserChildProcessHost* host) {}
141
142  // Determines whether a navigation from |current_instance| to |url| would be a
143  // valid entry point to a "privileged site," based on whether it
144  // |is_renderer_initiated|. A privileged site requires careful process
145  // isolation to ensure its privileges do not leak, and it can only be entered
146  // via known navigation paths.
147  //
148  // If this is a valid entry to a privileged site, this function should rewrite
149  // the origin of |url| with a non-http(s) origin that represents the
150  // privileged site. This will distinguish the resulting SiteInstance from
151  // other SiteInstances in the process model.
152  virtual GURL GetPossiblyPrivilegedURL(
153      content::BrowserContext* browser_context,
154      const GURL& url,
155      bool is_renderer_initiated,
156      SiteInstance* current_instance);
157
158  // Get the effective URL for the given actual URL, to allow an embedder to
159  // group different url schemes in the same SiteInstance.
160  virtual GURL GetEffectiveURL(BrowserContext* browser_context,
161                               const GURL& url);
162
163  // Returns whether all instances of the specified effective URL should be
164  // rendered by the same process, rather than using process-per-site-instance.
165  virtual bool ShouldUseProcessPerSite(BrowserContext* browser_context,
166                                       const GURL& effective_url);
167
168  // Returns a list additional WebUI schemes, if any.  These additional schemes
169  // act as aliases to the chrome: scheme.  The additional schemes may or may
170  // not serve specific WebUI pages depending on the particular URLDataSource
171  // and its override of URLDataSource::ShouldServiceRequest.
172  virtual void GetAdditionalWebUISchemes(
173      std::vector<std::string>* additional_schemes) {}
174
175  // Creates the main net::URLRequestContextGetter. Should only be called once
176  // per ContentBrowserClient object.
177  // TODO(ajwong): Remove once http://crbug.com/159193 is resolved.
178  virtual net::URLRequestContextGetter* CreateRequestContext(
179      BrowserContext* browser_context,
180      ProtocolHandlerMap* protocol_handlers);
181
182  // Creates the net::URLRequestContextGetter for a StoragePartition. Should
183  // only be called once per partition_path per ContentBrowserClient object.
184  // TODO(ajwong): Remove once http://crbug.com/159193 is resolved.
185  virtual net::URLRequestContextGetter* CreateRequestContextForStoragePartition(
186      BrowserContext* browser_context,
187      const base::FilePath& partition_path,
188      bool in_memory,
189      ProtocolHandlerMap* protocol_handlers);
190
191  // Returns whether a specified URL is handled by the embedder's internal
192  // protocol handlers.
193  virtual bool IsHandledURL(const GURL& url);
194
195  // Returns whether the given process is allowed to commit |url|.  This is a
196  // more conservative check than IsSuitableHost, since it is used after a
197  // navigation has committed to ensure that the process did not exceed its
198  // authority.
199  virtual bool CanCommitURL(RenderProcessHost* process_host, const GURL& url);
200
201  // Returns whether a new view for a given |site_url| can be launched in a
202  // given |process_host|.
203  virtual bool IsSuitableHost(RenderProcessHost* process_host,
204                              const GURL& site_url);
205
206  // Returns whether a new process should be created or an existing one should
207  // be reused based on the URL we want to load. This should return false,
208  // unless there is a good reason otherwise.
209  virtual bool ShouldTryToUseExistingProcessHost(
210      BrowserContext* browser_context, const GURL& url);
211
212  // Called when a site instance is first associated with a process.
213  virtual void SiteInstanceGotProcess(SiteInstance* site_instance) {}
214
215  // Called from a site instance's destructor.
216  virtual void SiteInstanceDeleting(SiteInstance* site_instance) {}
217
218  // Returns true if for the navigation from |current_url| to |new_url|
219  // in |site_instance|, the process should be swapped (even if we are in a
220  // process model that doesn't usually swap).
221  virtual bool ShouldSwapProcessesForNavigation(SiteInstance* site_instance,
222                                                const GURL& current_url,
223                                                const GURL& new_url);
224
225  // Returns true if the given navigation redirect should cause a renderer
226  // process swap.
227  // This is called on the IO thread.
228  virtual bool ShouldSwapProcessesForRedirect(ResourceContext* resource_context,
229                                              const GURL& current_url,
230                                              const GURL& new_url);
231
232  // See CharacterEncoding's comment.
233  virtual std::string GetCanonicalEncodingNameByAliasName(
234      const std::string& alias_name);
235
236  // Allows the embedder to pass extra command line flags.
237  // switches::kProcessType will already be set at this point.
238  virtual void AppendExtraCommandLineSwitches(CommandLine* command_line,
239                                              int child_process_id) {}
240
241  // Returns the locale used by the application.
242  // This is called on the UI and IO threads.
243  virtual std::string GetApplicationLocale();
244
245  // Returns the languages used in the Accept-Languages HTTP header.
246  // (Not called GetAcceptLanguages so it doesn't clash with win32).
247  virtual std::string GetAcceptLangs(BrowserContext* context);
248
249  // Returns the default favicon.  The callee doesn't own the given bitmap.
250  virtual gfx::ImageSkia* GetDefaultFavicon();
251
252  // Allow the embedder to control if an AppCache can be used for the given url.
253  // This is called on the IO thread.
254  virtual bool AllowAppCache(const GURL& manifest_url,
255                             const GURL& first_party,
256                             ResourceContext* context);
257
258  // Allow the embedder to control if the given cookie can be read.
259  // This is called on the IO thread.
260  virtual bool AllowGetCookie(const GURL& url,
261                              const GURL& first_party,
262                              const net::CookieList& cookie_list,
263                              ResourceContext* context,
264                              int render_process_id,
265                              int render_view_id);
266
267  // Allow the embedder to control if the given cookie can be set.
268  // This is called on the IO thread.
269  virtual bool AllowSetCookie(const GURL& url,
270                              const GURL& first_party,
271                              const std::string& cookie_line,
272                              ResourceContext* context,
273                              int render_process_id,
274                              int render_view_id,
275                              net::CookieOptions* options);
276
277  // This is called on the IO thread.
278  virtual bool AllowSaveLocalState(ResourceContext* context);
279
280  // Allow the embedder to control if access to web database by a shared worker
281  // is allowed. |render_views| is a vector of pairs of
282  // RenderProcessID/RenderViewID of RenderViews that are using this worker.
283  // This is called on the IO thread.
284  virtual bool AllowWorkerDatabase(
285      const GURL& url,
286      const string16& name,
287      const string16& display_name,
288      unsigned long estimated_size,
289      ResourceContext* context,
290      const std::vector<std::pair<int, int> >& render_views);
291
292  // Allow the embedder to control if access to file system by a shared worker
293  // is allowed.
294  // This is called on the IO thread.
295  virtual bool AllowWorkerFileSystem(
296      const GURL& url,
297      ResourceContext* context,
298      const std::vector<std::pair<int, int> >& render_views);
299
300  // Allow the embedder to control if access to IndexedDB by a shared worker
301  // is allowed.
302  // This is called on the IO thread.
303  virtual bool AllowWorkerIndexedDB(
304      const GURL& url,
305      const string16& name,
306      ResourceContext* context,
307      const std::vector<std::pair<int, int> >& render_views);
308
309  // Allow the embedder to override the request context based on the URL for
310  // certain operations, like cookie access. Returns NULL to indicate the
311  // regular request context should be used.
312  // This is called on the IO thread.
313  virtual net::URLRequestContext* OverrideRequestContextForURL(
314      const GURL& url, ResourceContext* context);
315
316  // Allow the embedder to specify a string version of the storage partition
317  // config with a site.
318  virtual std::string GetStoragePartitionIdForSite(
319      content::BrowserContext* browser_context,
320      const GURL& site);
321
322  // Allows the embedder to provide a validation check for |partition_id|s.
323  // This domain of valid entries should match the range of outputs for
324  // GetStoragePartitionIdForChildProcess().
325  virtual bool IsValidStoragePartitionId(BrowserContext* browser_context,
326                                         const std::string& partition_id);
327
328  // Allows the embedder to provide a storage parititon configuration for a
329  // site. A storage partition configuration includes a domain of the embedder's
330  // choice, an optional name within that domain, and whether the partition is
331  // in-memory only.
332  //
333  // If |can_be_default| is false, the caller is telling the embedder that the
334  // |site| is known to not be in the default partition. This is useful in
335  // some shutdown situations where the bookkeeping logic that maps sites to
336  // their partition configuration are no longer valid.
337  //
338  // The |partition_domain| is [a-z]* UTF-8 string, specifying the domain in
339  // which partitions live (similar to namespace). Within a domain, partitions
340  // can be uniquely identified by the combination of |partition_name| and
341  // |in_memory| values. When a partition is not to be persisted, the
342  // |in_memory| value must be set to true.
343  virtual void GetStoragePartitionConfigForSite(
344      content::BrowserContext* browser_context,
345      const GURL& site,
346      bool can_be_default,
347      std::string* partition_domain,
348      std::string* partition_name,
349      bool* in_memory);
350
351  // Create and return a new quota permission context.
352  virtual QuotaPermissionContext* CreateQuotaPermissionContext();
353
354  // Informs the embedder that a certificate error has occured.  If
355  // |overridable| is true and if |strict_enforcement| is false, the user
356  // can ignore the error and continue. The embedder can call the callback
357  // asynchronously. If |cancel_request| is set to true, the request will be
358  // cancelled immediately and the callback won't be run.
359  virtual void AllowCertificateError(
360      int render_process_id,
361      int render_view_id,
362      int cert_error,
363      const net::SSLInfo& ssl_info,
364      const GURL& request_url,
365      ResourceType::Type resource_type,
366      bool overridable,
367      bool strict_enforcement,
368      const base::Callback<void(bool)>& callback,
369      bool* cancel_request) {}
370
371  // Selects a SSL client certificate and returns it to the |callback|. If no
372  // certificate was selected NULL is returned to the |callback|.
373  virtual void SelectClientCertificate(
374      int render_process_id,
375      int render_view_id,
376      const net::HttpNetworkSession* network_session,
377      net::SSLCertRequestInfo* cert_request_info,
378      const base::Callback<void(net::X509Certificate*)>& callback) {}
379
380  // Adds a new installable certificate or private key.
381  // Typically used to install an X.509 user certificate.
382  // Note that it's up to the embedder to verify that the data is
383  // well-formed. |cert_data| will be NULL if file_size is 0.
384  virtual void AddCertificate(
385      net::URLRequest* request,
386      net::CertificateMimeType cert_type,
387      const void* cert_data,
388      size_t cert_size,
389      int render_process_id,
390      int render_view_id) {}
391
392  // Returns a class to get notifications about media event. The embedder can
393  // return NULL if they're not interested.
394  virtual MediaObserver* GetMediaObserver();
395
396  // Asks permission to show desktop notifications.
397  virtual void RequestDesktopNotificationPermission(
398      const GURL& source_origin,
399      int callback_context,
400      int render_process_id,
401      int render_view_id) {}
402
403  // Checks if the given page has permission to show desktop notifications.
404  // This is called on the IO thread.
405  virtual WebKit::WebNotificationPresenter::Permission
406      CheckDesktopNotificationPermission(
407          const GURL& source_url,
408          ResourceContext* context,
409          int render_process_id);
410
411  // Show a desktop notification.  If |worker| is true, the request came from an
412  // HTML5 web worker, otherwise, it came from a renderer.
413  virtual void ShowDesktopNotification(
414      const ShowDesktopNotificationHostMsgParams& params,
415      int render_process_id,
416      int render_view_id,
417      bool worker) {}
418
419  // Cancels a displayed desktop notification.
420  virtual void CancelDesktopNotification(
421      int render_process_id,
422      int render_view_id,
423      int notification_id) {}
424
425  // Returns true if the given page is allowed to open a window of the given
426  // type. If true is returned, |no_javascript_access| will indicate whether
427  // the window that is created should be scriptable/in the same process.
428  // This is called on the IO thread.
429  virtual bool CanCreateWindow(
430      const GURL& opener_url,
431      const GURL& source_origin,
432      WindowContainerType container_type,
433      ResourceContext* context,
434      int render_process_id,
435      bool* no_javascript_access);
436
437  // Returns a title string to use in the task manager for a process host with
438  // the given URL, or the empty string to fall back to the default logic.
439  // This is called on the IO thread.
440  virtual std::string GetWorkerProcessTitle(const GURL& url,
441                                            ResourceContext* context);
442
443  // Notifies the embedder that the ResourceDispatcherHost has been created.
444  // This is when it can optionally add a delegate.
445  virtual void ResourceDispatcherHostCreated() {}
446
447  // Allows the embedder to return a delegate for the SpeechRecognitionManager.
448  // The delegate will be owned by the manager. It's valid to return NULL.
449  virtual SpeechRecognitionManagerDelegate*
450      GetSpeechRecognitionManagerDelegate();
451
452  // Getters for common objects.
453  virtual net::NetLog* GetNetLog();
454
455  // Creates a new AccessTokenStore for gelocation.
456  virtual AccessTokenStore* CreateAccessTokenStore();
457
458  // Returns true if fast shutdown is possible.
459  virtual bool IsFastShutdownPossible();
460
461  // Called by WebContents to override the WebKit preferences that are used by
462  // the renderer. The content layer will add its own settings, and then it's up
463  // to the embedder to update it if it wants.
464  virtual void OverrideWebkitPrefs(RenderViewHost* render_view_host,
465                                   const GURL& url,
466                                   WebPreferences* prefs) {}
467
468  // Inspector setting was changed and should be persisted.
469  virtual void UpdateInspectorSetting(RenderViewHost* rvh,
470                                      const std::string& key,
471                                      const std::string& value) {}
472
473  // Notifies that BrowserURLHandler has been created, so that the embedder can
474  // optionally add their own handlers.
475  virtual void BrowserURLHandlerCreated(BrowserURLHandler* handler) {}
476
477  // Clears browser cache.
478  virtual void ClearCache(RenderViewHost* rvh) {}
479
480  // Clears browser cookies.
481  virtual void ClearCookies(RenderViewHost* rvh) {}
482
483  // Returns the default download directory.
484  // This can be called on any thread.
485  virtual base::FilePath GetDefaultDownloadDirectory();
486
487  // Returns the default filename used in downloads when we have no idea what
488  // else we should do with the file.
489  virtual std::string GetDefaultDownloadName();
490
491  // Notification that a pepper plugin has just been spawned. This allows the
492  // embedder to add filters onto the host to implement interfaces.
493  // This is called on the IO thread.
494  virtual void DidCreatePpapiPlugin(BrowserPpapiHost* browser_host) {}
495
496  // Gets the host for an external out-of-process plugin.
497  virtual content::BrowserPpapiHost* GetExternalBrowserPpapiHost(
498      int plugin_child_id);
499
500  // Returns true if the given browser_context and site_url support hosting
501  // BrowserPlugins.
502  virtual bool SupportsBrowserPlugin(BrowserContext* browser_context,
503                                     const GURL& site_url);
504
505  // Returns true if renderer processes can use Pepper TCP/UDP sockets from
506  // the given origin and connection type.
507  virtual bool AllowPepperSocketAPI(BrowserContext* browser_context,
508                                    const GURL& url,
509                                    const SocketPermissionRequest& params);
510
511  // Returns the directory containing hyphenation dictionaries.
512  virtual base::FilePath GetHyphenDictionaryDirectory();
513
514  // Returns an implementation of a file selecition policy. Can return NULL.
515  virtual ui::SelectFilePolicy* CreateSelectFilePolicy(
516      WebContents* web_contents);
517
518  // Returns additional allowed scheme set which can access files in
519  // FileSystem API.
520  virtual void GetAdditionalAllowedSchemesForFileSystem(
521      std::vector<std::string>* additional_schemes) {}
522
523  // Returns additional MountPointProviders for FileSystem API.
524  virtual void GetAdditionalFileSystemMountPointProviders(
525      const base::FilePath& storage_partition_path,
526      ScopedVector<fileapi::FileSystemMountPointProvider>*
527          additional_providers) {}
528
529#if defined(OS_POSIX) && !defined(OS_MACOSX)
530  // Populates |mappings| with all files that need to be mapped before launching
531  // a child process.
532  virtual void GetAdditionalMappedFilesForChildProcess(
533      const CommandLine& command_line,
534      int child_process_id,
535      std::vector<FileDescriptorInfo>* mappings) {}
536#endif
537
538#if defined(OS_WIN)
539  // Returns the name of the dll that contains cursors and other resources.
540  virtual const wchar_t* GetResourceDllName();
541
542  // This is called on the PROCESS_LAUNCHER thread before the renderer process
543  // is launched. It gives the embedder a chance to add loosen the sandbox
544  // policy.
545  virtual void PreSpawnRenderer(sandbox::TargetPolicy* policy,
546                                bool* success) {}
547#endif
548
549#if defined(USE_NSS)
550  // Return a delegate to authenticate and unlock |module|.
551  // This is called on a worker thread.
552  virtual
553      crypto::CryptoModuleBlockingPasswordDelegate* GetCryptoPasswordDelegate(
554          const GURL& url);
555#endif
556};
557
558}  // namespace content
559
560#endif  // CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_
561