content_browser_client.h revision c2e0dbddbe15c98d52c4786dac06cb8952a8ae6d 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_
6#define CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_
7
8#include <map>
9#include <string>
10#include <utility>
11#include <vector>
12
13#include "base/callback_forward.h"
14#include "base/memory/linked_ptr.h"
15#include "base/memory/scoped_ptr.h"
16#include "base/memory/scoped_vector.h"
17#include "content/public/browser/file_descriptor_info.h"
18#include "content/public/common/content_client.h"
19#include "content/public/common/socket_permission_request.h"
20#include "content/public/common/window_container_type.h"
21#include "net/base/mime_util.h"
22#include "net/cookies/canonical_cookie.h"
23#include "net/url_request/url_request_job_factory.h"
24#include "third_party/WebKit/Source/WebKit/chromium/public/WebNotificationPresenter.h"
25#include "webkit/glue/resource_type.h"
26
27#if defined(OS_POSIX) && !defined(OS_MACOSX)
28#include "base/posix/global_descriptors.h"
29#endif
30
31class CommandLine;
32class GURL;
33struct WebPreferences;
34
35namespace base {
36class FilePath;
37}
38namespace crypto {
39class CryptoModuleBlockingPasswordDelegate;
40}
41
42namespace gfx {
43class ImageSkia;
44}
45
46namespace net {
47class CookieOptions;
48class HttpNetworkSession;
49class NetLog;
50class SSLCertRequestInfo;
51class SSLInfo;
52class URLRequest;
53class URLRequestContext;
54class URLRequestContextGetter;
55class X509Certificate;
56}
57
58namespace sandbox {
59class TargetPolicy;
60}
61
62namespace ui {
63class SelectFilePolicy;
64}
65
66namespace fileapi {
67class FileSystemMountPointProvider;
68}
69
70namespace content {
71
72class AccessTokenStore;
73class BrowserChildProcessHost;
74class BrowserContext;
75class BrowserMainParts;
76class BrowserPpapiHost;
77class BrowserURLHandler;
78class MediaObserver;
79class QuotaPermissionContext;
80class RenderProcessHost;
81class RenderViewHost;
82class RenderViewHostDelegateView;
83class ResourceContext;
84class SiteInstance;
85class SpeechRecognitionManagerDelegate;
86class WebContents;
87class WebContentsViewDelegate;
88class WebContentsViewPort;
89struct MainFunctionParams;
90struct ShowDesktopNotificationHostMsgParams;
91
92// A mapping from the scheme name to the protocol handler that services its
93// content.
94typedef std::map<
95  std::string, linked_ptr<net::URLRequestJobFactory::ProtocolHandler> >
96    ProtocolHandlerMap;
97
98// Embedder API (or SPI) for participating in browser logic, to be implemented
99// by the client of the content browser. See ChromeContentBrowserClient for the
100// principal implementation. The methods are assumed to be called on the UI
101// thread unless otherwise specified. Use this "escape hatch" sparingly, to
102// avoid the embedder interface ballooning and becoming very specific to Chrome.
103// (Often, the call out to the client can happen in a different part of the code
104// that either already has a hook out to the embedder, or calls out to one of
105// the observer interfaces.)
106class CONTENT_EXPORT ContentBrowserClient {
107 public:
108  virtual ~ContentBrowserClient() {}
109
110  // Allows the embedder to set any number of custom BrowserMainParts
111  // implementations for the browser startup code. See comments in
112  // browser_main_parts.h.
113  virtual BrowserMainParts* CreateBrowserMainParts(
114      const MainFunctionParams& parameters);
115
116  // Allows an embedder to return their own WebContentsViewPort implementation.
117  // Return NULL to let the default one for the platform be created. Otherwise
118  // |render_view_host_delegate_view| also needs to be provided, and it is
119  // owned by the embedder.
120  virtual WebContentsViewPort* OverrideCreateWebContentsView(
121      WebContents* web_contents,
122      RenderViewHostDelegateView** render_view_host_delegate_view);
123
124  // If content creates the WebContentsView implementation, it will ask the
125  // embedder to return an (optional) delegate to customize it. The view will
126  // own the delegate.
127  virtual WebContentsViewDelegate* GetWebContentsViewDelegate(
128      WebContents* web_contents);
129
130  // Notifies that a <webview> guest WebContents has been created.
131  virtual void GuestWebContentsCreated(WebContents* guest_web_contents,
132                                       WebContents* embedder_web_contents) {}
133
134  // Notifies that a RenderProcessHost has been created. This is called before
135  // the content layer adds its own BrowserMessageFilters, so that the
136  // embedder's IPC filters have priority.
137  virtual void RenderProcessHostCreated(RenderProcessHost* host) {}
138
139  // Notifies that a BrowserChildProcessHost has been created.
140  virtual void BrowserChildProcessHostCreated(BrowserChildProcessHost* host) {}
141
142  // Determines whether a navigation from |current_instance| to |url| would be a
143  // valid entry point to a "privileged site," based on whether it
144  // |is_renderer_initiated|. A privileged site requires careful process
145  // isolation to ensure its privileges do not leak, and it can only be entered
146  // via known navigation paths.
147  //
148  // If this is a valid entry to a privileged site, this function should rewrite
149  // the origin of |url| with a non-http(s) origin that represents the
150  // privileged site. This will distinguish the resulting SiteInstance from
151  // other SiteInstances in the process model.
152  virtual GURL GetPossiblyPrivilegedURL(
153      content::BrowserContext* browser_context,
154      const GURL& url,
155      bool is_renderer_initiated,
156      SiteInstance* current_instance);
157
158  // Get the effective URL for the given actual URL, to allow an embedder to
159  // group different url schemes in the same SiteInstance.
160  virtual GURL GetEffectiveURL(BrowserContext* browser_context,
161                               const GURL& url);
162
163  // Returns whether all instances of the specified effective URL should be
164  // rendered by the same process, rather than using process-per-site-instance.
165  virtual bool ShouldUseProcessPerSite(BrowserContext* browser_context,
166                                       const GURL& effective_url);
167
168  // Returns a list additional WebUI schemes, if any.  These additional schemes
169  // act as aliases to the chrome: scheme.  The additional schemes may or may
170  // not serve specific WebUI pages depending on the particular URLDataSource
171  // and its override of URLDataSource::ShouldServiceRequest.
172  virtual void GetAdditionalWebUISchemes(
173      std::vector<std::string>* additional_schemes) {}
174
175  // Creates the main net::URLRequestContextGetter. Should only be called once
176  // per ContentBrowserClient object.
177  // TODO(ajwong): Remove once http://crbug.com/159193 is resolved.
178  virtual net::URLRequestContextGetter* CreateRequestContext(
179      BrowserContext* browser_context,
180      ProtocolHandlerMap* protocol_handlers);
181
182  // Creates the net::URLRequestContextGetter for a StoragePartition. Should
183  // only be called once per partition_path per ContentBrowserClient object.
184  // TODO(ajwong): Remove once http://crbug.com/159193 is resolved.
185  virtual net::URLRequestContextGetter* CreateRequestContextForStoragePartition(
186      BrowserContext* browser_context,
187      const base::FilePath& partition_path,
188      bool in_memory,
189      ProtocolHandlerMap* protocol_handlers);
190
191  // Returns whether a specified URL is handled by the embedder's internal
192  // protocol handlers.
193  virtual bool IsHandledURL(const GURL& url);
194
195  // Returns whether a new view for a given |site_url| can be launched in a
196  // given |process_host|.
197  virtual bool IsSuitableHost(RenderProcessHost* process_host,
198                              const GURL& site_url);
199
200  // Returns whether a new process should be created or an existing one should
201  // be reused based on the URL we want to load. This should return false,
202  // unless there is a good reason otherwise.
203  virtual bool ShouldTryToUseExistingProcessHost(
204      BrowserContext* browser_context, const GURL& url);
205
206  // Called when a site instance is first associated with a process.
207  virtual void SiteInstanceGotProcess(SiteInstance* site_instance) {}
208
209  // Called from a site instance's destructor.
210  virtual void SiteInstanceDeleting(SiteInstance* site_instance) {}
211
212  // Returns true if for the navigation from |current_url| to |new_url|
213  // in |site_instance|, the process should be swapped (even if we are in a
214  // process model that doesn't usually swap).
215  virtual bool ShouldSwapProcessesForNavigation(SiteInstance* site_instance,
216                                                const GURL& current_url,
217                                                const GURL& new_url);
218
219  // Returns true if the given navigation redirect should cause a renderer
220  // process swap.
221  // This is called on the IO thread.
222  virtual bool ShouldSwapProcessesForRedirect(ResourceContext* resource_context,
223                                              const GURL& current_url,
224                                              const GURL& new_url);
225
226  // See CharacterEncoding's comment.
227  virtual std::string GetCanonicalEncodingNameByAliasName(
228      const std::string& alias_name);
229
230  // Allows the embedder to pass extra command line flags.
231  // switches::kProcessType will already be set at this point.
232  virtual void AppendExtraCommandLineSwitches(CommandLine* command_line,
233                                              int child_process_id) {}
234
235  // Returns the locale used by the application.
236  // This is called on the UI and IO threads.
237  virtual std::string GetApplicationLocale();
238
239  // Returns the languages used in the Accept-Languages HTTP header.
240  // (Not called GetAcceptLanguages so it doesn't clash with win32).
241  virtual std::string GetAcceptLangs(BrowserContext* context);
242
243  // Returns the default favicon.  The callee doesn't own the given bitmap.
244  virtual gfx::ImageSkia* GetDefaultFavicon();
245
246  // Allow the embedder to control if an AppCache can be used for the given url.
247  // This is called on the IO thread.
248  virtual bool AllowAppCache(const GURL& manifest_url,
249                             const GURL& first_party,
250                             ResourceContext* context);
251
252  // Allow the embedder to control if the given cookie can be read.
253  // This is called on the IO thread.
254  virtual bool AllowGetCookie(const GURL& url,
255                              const GURL& first_party,
256                              const net::CookieList& cookie_list,
257                              ResourceContext* context,
258                              int render_process_id,
259                              int render_view_id);
260
261  // Allow the embedder to control if the given cookie can be set.
262  // This is called on the IO thread.
263  virtual bool AllowSetCookie(const GURL& url,
264                              const GURL& first_party,
265                              const std::string& cookie_line,
266                              ResourceContext* context,
267                              int render_process_id,
268                              int render_view_id,
269                              net::CookieOptions* options);
270
271  // This is called on the IO thread.
272  virtual bool AllowSaveLocalState(ResourceContext* context);
273
274  // Allow the embedder to control if access to web database by a shared worker
275  // is allowed. |render_views| is a vector of pairs of
276  // RenderProcessID/RenderViewID of RenderViews that are using this worker.
277  // This is called on the IO thread.
278  virtual bool AllowWorkerDatabase(
279      const GURL& url,
280      const string16& name,
281      const string16& display_name,
282      unsigned long estimated_size,
283      ResourceContext* context,
284      const std::vector<std::pair<int, int> >& render_views);
285
286  // Allow the embedder to control if access to file system by a shared worker
287  // is allowed.
288  // This is called on the IO thread.
289  virtual bool AllowWorkerFileSystem(
290      const GURL& url,
291      ResourceContext* context,
292      const std::vector<std::pair<int, int> >& render_views);
293
294  // Allow the embedder to control if access to IndexedDB by a shared worker
295  // is allowed.
296  // This is called on the IO thread.
297  virtual bool AllowWorkerIndexedDB(
298      const GURL& url,
299      const string16& name,
300      ResourceContext* context,
301      const std::vector<std::pair<int, int> >& render_views);
302
303  // Allow the embedder to override the request context based on the URL for
304  // certain operations, like cookie access. Returns NULL to indicate the
305  // regular request context should be used.
306  // This is called on the IO thread.
307  virtual net::URLRequestContext* OverrideRequestContextForURL(
308      const GURL& url, ResourceContext* context);
309
310  // Allow the embedder to specify a string version of the storage partition
311  // config with a site.
312  virtual std::string GetStoragePartitionIdForSite(
313      content::BrowserContext* browser_context,
314      const GURL& site);
315
316  // Allows the embedder to provide a validation check for |partition_id|s.
317  // This domain of valid entries should match the range of outputs for
318  // GetStoragePartitionIdForChildProcess().
319  virtual bool IsValidStoragePartitionId(BrowserContext* browser_context,
320                                         const std::string& partition_id);
321
322  // Allows the embedder to provide a storage parititon configuration for a
323  // site. A storage partition configuration includes a domain of the embedder's
324  // choice, an optional name within that domain, and whether the partition is
325  // in-memory only.
326  //
327  // If |can_be_default| is false, the caller is telling the embedder that the
328  // |site| is known to not be in the default partition. This is useful in
329  // some shutdown situations where the bookkeeping logic that maps sites to
330  // their partition configuration are no longer valid.
331  //
332  // The |partition_domain| is [a-z]* UTF-8 string, specifying the domain in
333  // which partitions live (similar to namespace). Within a domain, partitions
334  // can be uniquely identified by the combination of |partition_name| and
335  // |in_memory| values. When a partition is not to be persisted, the
336  // |in_memory| value must be set to true.
337  virtual void GetStoragePartitionConfigForSite(
338      content::BrowserContext* browser_context,
339      const GURL& site,
340      bool can_be_default,
341      std::string* partition_domain,
342      std::string* partition_name,
343      bool* in_memory);
344
345  // Create and return a new quota permission context.
346  virtual QuotaPermissionContext* CreateQuotaPermissionContext();
347
348  // Informs the embedder that a certificate error has occured.  If
349  // |overridable| is true and if |strict_enforcement| is false, the user
350  // can ignore the error and continue. The embedder can call the callback
351  // asynchronously. If |cancel_request| is set to true, the request will be
352  // cancelled immediately and the callback won't be run.
353  virtual void AllowCertificateError(
354      int render_process_id,
355      int render_view_id,
356      int cert_error,
357      const net::SSLInfo& ssl_info,
358      const GURL& request_url,
359      ResourceType::Type resource_type,
360      bool overridable,
361      bool strict_enforcement,
362      const base::Callback<void(bool)>& callback,
363      bool* cancel_request) {}
364
365  // Selects a SSL client certificate and returns it to the |callback|. If no
366  // certificate was selected NULL is returned to the |callback|.
367  virtual void SelectClientCertificate(
368      int render_process_id,
369      int render_view_id,
370      const net::HttpNetworkSession* network_session,
371      net::SSLCertRequestInfo* cert_request_info,
372      const base::Callback<void(net::X509Certificate*)>& callback) {}
373
374  // Adds a new installable certificate or private key.
375  // Typically used to install an X.509 user certificate.
376  // Note that it's up to the embedder to verify that the data is
377  // well-formed. |cert_data| will be NULL if file_size is 0.
378  virtual void AddCertificate(
379      net::URLRequest* request,
380      net::CertificateMimeType cert_type,
381      const void* cert_data,
382      size_t cert_size,
383      int render_process_id,
384      int render_view_id) {}
385
386  // Returns a class to get notifications about media event. The embedder can
387  // return NULL if they're not interested.
388  virtual MediaObserver* GetMediaObserver();
389
390  // Asks permission to show desktop notifications.
391  virtual void RequestDesktopNotificationPermission(
392      const GURL& source_origin,
393      int callback_context,
394      int render_process_id,
395      int render_view_id) {}
396
397  // Checks if the given page has permission to show desktop notifications.
398  // This is called on the IO thread.
399  virtual WebKit::WebNotificationPresenter::Permission
400      CheckDesktopNotificationPermission(
401          const GURL& source_url,
402          ResourceContext* context,
403          int render_process_id);
404
405  // Show a desktop notification.  If |worker| is true, the request came from an
406  // HTML5 web worker, otherwise, it came from a renderer.
407  virtual void ShowDesktopNotification(
408      const ShowDesktopNotificationHostMsgParams& params,
409      int render_process_id,
410      int render_view_id,
411      bool worker) {}
412
413  // Cancels a displayed desktop notification.
414  virtual void CancelDesktopNotification(
415      int render_process_id,
416      int render_view_id,
417      int notification_id) {}
418
419  // Returns true if the given page is allowed to open a window of the given
420  // type. If true is returned, |no_javascript_access| will indicate whether
421  // the window that is created should be scriptable/in the same process.
422  // This is called on the IO thread.
423  virtual bool CanCreateWindow(
424      const GURL& opener_url,
425      const GURL& source_origin,
426      WindowContainerType container_type,
427      ResourceContext* context,
428      int render_process_id,
429      bool* no_javascript_access);
430
431  // Returns a title string to use in the task manager for a process host with
432  // the given URL, or the empty string to fall back to the default logic.
433  // This is called on the IO thread.
434  virtual std::string GetWorkerProcessTitle(const GURL& url,
435                                            ResourceContext* context);
436
437  // Notifies the embedder that the ResourceDispatcherHost has been created.
438  // This is when it can optionally add a delegate.
439  virtual void ResourceDispatcherHostCreated() {}
440
441  // Allows the embedder to return a delegate for the SpeechRecognitionManager.
442  // The delegate will be owned by the manager. It's valid to return NULL.
443  virtual SpeechRecognitionManagerDelegate*
444      GetSpeechRecognitionManagerDelegate();
445
446  // Getters for common objects.
447  virtual net::NetLog* GetNetLog();
448
449  // Creates a new AccessTokenStore for gelocation.
450  virtual AccessTokenStore* CreateAccessTokenStore();
451
452  // Returns true if fast shutdown is possible.
453  virtual bool IsFastShutdownPossible();
454
455  // Called by WebContents to override the WebKit preferences that are used by
456  // the renderer. The content layer will add its own settings, and then it's up
457  // to the embedder to update it if it wants.
458  virtual void OverrideWebkitPrefs(RenderViewHost* render_view_host,
459                                   const GURL& url,
460                                   WebPreferences* prefs) {}
461
462  // Inspector setting was changed and should be persisted.
463  virtual void UpdateInspectorSetting(RenderViewHost* rvh,
464                                      const std::string& key,
465                                      const std::string& value) {}
466
467  // Notifies that BrowserURLHandler has been created, so that the embedder can
468  // optionally add their own handlers.
469  virtual void BrowserURLHandlerCreated(BrowserURLHandler* handler) {}
470
471  // Clears browser cache.
472  virtual void ClearCache(RenderViewHost* rvh) {}
473
474  // Clears browser cookies.
475  virtual void ClearCookies(RenderViewHost* rvh) {}
476
477  // Returns the default download directory.
478  // This can be called on any thread.
479  virtual base::FilePath GetDefaultDownloadDirectory();
480
481  // Returns the default filename used in downloads when we have no idea what
482  // else we should do with the file.
483  virtual std::string GetDefaultDownloadName();
484
485  // Notification that a pepper plugin has just been spawned. This allows the
486  // embedder to add filters onto the host to implement interfaces.
487  // This is called on the IO thread.
488  virtual void DidCreatePpapiPlugin(BrowserPpapiHost* browser_host) {}
489
490  // Gets the host for an external out-of-process plugin.
491  virtual content::BrowserPpapiHost* GetExternalBrowserPpapiHost(
492      int plugin_child_id);
493
494  // Returns true if the given browser_context and site_url support hosting
495  // BrowserPlugins.
496  virtual bool SupportsBrowserPlugin(BrowserContext* browser_context,
497                                     const GURL& site_url);
498
499  // Returns true if renderer processes can use Pepper TCP/UDP sockets from
500  // the given origin and connection type.
501  virtual bool AllowPepperSocketAPI(BrowserContext* browser_context,
502                                    const GURL& url,
503                                    const SocketPermissionRequest& params);
504
505  // Returns the directory containing hyphenation dictionaries.
506  virtual base::FilePath GetHyphenDictionaryDirectory();
507
508  // Returns an implementation of a file selecition policy. Can return NULL.
509  virtual ui::SelectFilePolicy* CreateSelectFilePolicy(
510      WebContents* web_contents);
511
512  // Returns additional allowed scheme set which can access files in
513  // FileSystem API.
514  virtual void GetAdditionalAllowedSchemesForFileSystem(
515      std::vector<std::string>* additional_schemes) {}
516
517  // Returns additional MountPointProviders for FileSystem API.
518  virtual void GetAdditionalFileSystemMountPointProviders(
519      const base::FilePath& storage_partition_path,
520      ScopedVector<fileapi::FileSystemMountPointProvider>*
521          additional_providers) {}
522
523#if defined(OS_POSIX) && !defined(OS_MACOSX)
524  // Populates |mappings| with all files that need to be mapped before launching
525  // a child process.
526  virtual void GetAdditionalMappedFilesForChildProcess(
527      const CommandLine& command_line,
528      int child_process_id,
529      std::vector<FileDescriptorInfo>* mappings) {}
530#endif
531
532#if defined(OS_WIN)
533  // Returns the name of the dll that contains cursors and other resources.
534  virtual const wchar_t* GetResourceDllName();
535
536  // This is called on the PROCESS_LAUNCHER thread before the renderer process
537  // is launched. It gives the embedder a chance to add loosen the sandbox
538  // policy.
539  virtual void PreSpawnRenderer(sandbox::TargetPolicy* policy,
540                                bool* success) {}
541#endif
542
543#if defined(USE_NSS)
544  // Return a delegate to authenticate and unlock |module|.
545  // This is called on a worker thread.
546  virtual
547      crypto::CryptoModuleBlockingPasswordDelegate* GetCryptoPasswordDelegate(
548          const GURL& url);
549#endif
550};
551
552}  // namespace content
553
554#endif  // CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_
555