url_data_source.h revision c2e0dbddbe15c98d52c4786dac06cb8952a8ae6d 
1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_
6#define CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_
7
8#include <string>
9
10#include "base/callback.h"
11#include "content/common/content_export.h"
12
13namespace base {
14class MessageLoop;
15class RefCountedMemory;
16}
17
18namespace net {
19class URLRequest;
20}
21
22namespace content {
23class BrowserContext;
24
25// A URLDataSource is an object that can answer requests for WebUI data
26// asynchronously. An implementation of URLDataSource should handle calls to
27// StartDataRequest() by starting its (implementation-specific) asynchronous
28// request for the data, then running the callback given in that method to
29// notify.
30class CONTENT_EXPORT URLDataSource {
31 public:
32  // Adds a URL data source to |browser_context|.
33  static void Add(BrowserContext* browser_context, URLDataSource* source);
34
35  virtual ~URLDataSource() {}
36
37  // The name of this source.
38  // E.g., for favicons, this could be "favicon", which results in paths for
39  // specific resources like "favicon/34" getting sent to this source.
40  virtual std::string GetSource() const = 0;
41
42  // Used by StartDataRequest so that the child class can return the data when
43  // it's available.
44  typedef base::Callback<void(base::RefCountedMemory*)> GotDataCallback;
45
46  // Called by URLDataSource to request data at |path|. The string parameter is
47  // the path of the request. The child class should run |callback| when the
48  // data is available or if the request could not be satisfied. This can be
49  // called either in this callback or asynchronously with the response.
50  virtual void StartDataRequest(const std::string& path,
51                                int render_process_id,
52                                int render_view_id,
53                                const GotDataCallback& callback) = 0;
54
55  // Return the mimetype that should be sent with this response, or empty
56  // string to specify no mime type.
57  virtual std::string GetMimeType(const std::string& path) const = 0;
58
59  // The following methods are all called on the IO thread.
60
61  // Returns the MessageLoop on which the delegate wishes to have
62  // StartDataRequest called to handle the request for |path|. The default
63  // implementation returns BrowserThread::UI. If the delegate does not care
64  // which thread StartDataRequest is called on, this should return NULL. It may
65  // be beneficial to return NULL for requests that are safe to handle directly
66  // on the IO thread.  This can improve performance by satisfying such requests
67  // more rapidly when there is a large amount of UI thread contention. Or the
68  // delegate can return a specific thread's Messageloop if they wish.
69  virtual base::MessageLoop* MessageLoopForRequestPath(
70      const std::string& path) const;
71
72  // Returns true if the URLDataSource should replace an existing URLDataSource
73  // with the same name that has already been registered. The default is true.
74  //
75  // WARNING: this is invoked on the IO thread.
76  //
77  // TODO: nuke this and convert all callers to not replace.
78  virtual bool ShouldReplaceExistingSource() const;
79
80  // Returns true if responses from this URLDataSource can be cached.
81  virtual bool AllowCaching() const;
82
83  // If you are overriding this, then you have a bug.
84  // It is not acceptable to disable content-security-policy on chrome:// pages
85  // to permit functionality excluded by CSP, such as inline script.
86  // Instead, you must go back and change your WebUI page so that it is
87  // compliant with the policy. This typically involves ensuring that all script
88  // is delivered through the data manager backend. Talk to tsepez for more
89  // info.
90  virtual bool ShouldAddContentSecurityPolicy() const;
91
92  // It is OK to override the following two methods to a custom CSP directive
93  // thereby slightly reducing the protection applied to the page.
94
95  // By default, "object-src 'none';" is added to CSP. Override to change this.
96  virtual std::string GetContentSecurityPolicyObjectSrc() const;
97  // By default, "frame-src 'none';" is added to CSP. Override to change this.
98  virtual std::string GetContentSecurityPolicyFrameSrc() const;
99
100  // By default, the "X-Frame-Options: DENY" header is sent. To stop this from
101  // happening, return false. It is OK to return false as needed.
102  virtual bool ShouldDenyXFrameOptions() const;
103
104  // By default, only chrome: and chrome-devtools: requests are allowed.
105  // Override in specific WebUI data sources to enable for additional schemes or
106  // to implement fancier access control.  Typically used in concert with
107  // ContentBrowserClient::GetAdditionalWebUISchemes() to permit additional
108  // WebUI scheme support for an embedder.
109  virtual bool ShouldServiceRequest(const net::URLRequest* request) const;
110
111  // Called to inform the source that StartDataRequest() will be called soon.
112  // Gives the source an opportunity to rewrite |path| to incorporate extra
113  // information from the URLRequest prior to serving.
114  virtual void WillServiceRequest(
115      const net::URLRequest* request,
116      std::string* path) const {}
117};
118
119}  // namespace content
120
121#endif  // CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_
122