content_browser_client.h revision ca12bfac764ba476d6cd062bf1dde12cc64c3f40
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_ 6#define CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_ 7 8#include <map> 9#include <string> 10#include <utility> 11#include <vector> 12 13#include "base/callback_forward.h" 14#include "base/memory/linked_ptr.h" 15#include "base/memory/scoped_ptr.h" 16#include "base/memory/scoped_vector.h" 17#include "base/values.h" 18#include "content/public/browser/certificate_request_result_type.h" 19#include "content/public/browser/file_descriptor_info.h" 20#include "content/public/common/content_client.h" 21#include "content/public/common/socket_permission_request.h" 22#include "content/public/common/window_container_type.h" 23#include "net/base/mime_util.h" 24#include "net/cookies/canonical_cookie.h" 25#include "net/url_request/url_request_job_factory.h" 26#include "third_party/WebKit/public/web/WebNotificationPresenter.h" 27#include "webkit/common/resource_type.h" 28 29#if defined(OS_POSIX) && !defined(OS_MACOSX) 30#include "base/posix/global_descriptors.h" 31#endif 32 33class CommandLine; 34class GURL; 35struct WebPreferences; 36 37namespace base { 38class DictionaryValue; 39class FilePath; 40} 41namespace crypto { 42class CryptoModuleBlockingPasswordDelegate; 43} 44 45namespace gfx { 46class ImageSkia; 47} 48 49namespace net { 50class CookieOptions; 51class HttpNetworkSession; 52class NetLog; 53class SSLCertRequestInfo; 54class SSLInfo; 55class URLRequest; 56class URLRequestContext; 57class URLRequestContextGetter; 58class X509Certificate; 59} 60 61namespace sandbox { 62class TargetPolicy; 63} 64 65namespace ui { 66class SelectFilePolicy; 67} 68 69namespace fileapi { 70class ExternalMountPoints; 71class FileSystemBackend; 72} 73 74namespace content { 75 76class AccessTokenStore; 77class BrowserChildProcessHost; 78class BrowserContext; 79class BrowserMainParts; 80class BrowserPluginGuestDelegate; 81class BrowserPpapiHost; 82class BrowserURLHandler; 83class LocationProvider; 84class MediaObserver; 85class QuotaPermissionContext; 86class RenderProcessHost; 87class RenderViewHost; 88class RenderViewHostDelegateView; 89class ResourceContext; 90class SiteInstance; 91class SpeechRecognitionManagerDelegate; 92class WebContents; 93class WebContentsViewDelegate; 94class WebContentsViewPort; 95struct MainFunctionParams; 96struct ShowDesktopNotificationHostMsgParams; 97 98// A mapping from the scheme name to the protocol handler that services its 99// content. 100typedef std::map< 101 std::string, linked_ptr<net::URLRequestJobFactory::ProtocolHandler> > 102 ProtocolHandlerMap; 103 104// Embedder API (or SPI) for participating in browser logic, to be implemented 105// by the client of the content browser. See ChromeContentBrowserClient for the 106// principal implementation. The methods are assumed to be called on the UI 107// thread unless otherwise specified. Use this "escape hatch" sparingly, to 108// avoid the embedder interface ballooning and becoming very specific to Chrome. 109// (Often, the call out to the client can happen in a different part of the code 110// that either already has a hook out to the embedder, or calls out to one of 111// the observer interfaces.) 112class CONTENT_EXPORT ContentBrowserClient { 113 public: 114 virtual ~ContentBrowserClient() {} 115 116 // Allows the embedder to set any number of custom BrowserMainParts 117 // implementations for the browser startup code. See comments in 118 // browser_main_parts.h. 119 virtual BrowserMainParts* CreateBrowserMainParts( 120 const MainFunctionParams& parameters); 121 122 // Allows an embedder to return their own WebContentsViewPort implementation. 123 // Return NULL to let the default one for the platform be created. Otherwise 124 // |render_view_host_delegate_view| also needs to be provided, and it is 125 // owned by the embedder. 126 virtual WebContentsViewPort* OverrideCreateWebContentsView( 127 WebContents* web_contents, 128 RenderViewHostDelegateView** render_view_host_delegate_view); 129 130 // If content creates the WebContentsView implementation, it will ask the 131 // embedder to return an (optional) delegate to customize it. The view will 132 // own the delegate. 133 virtual WebContentsViewDelegate* GetWebContentsViewDelegate( 134 WebContents* web_contents); 135 136 // Notifies that a guest WebContents has been created. A guest WebContents 137 // represents a renderer that's hosted within a BrowserPlugin. Creation can 138 // occur an arbitrary length of time before attachment. If the new guest has 139 // an |opener_web_contents|, then it's a new window created by that opener. 140 // If the guest was created via navigation, then |extra_params| will be 141 // non-NULL. |extra_params| are parameters passed to the BrowserPlugin object 142 // element by the content embedder. These parameters may include the API to 143 // enable for the given guest. |guest_delegate| is a return parameter of 144 // the delegate in the content embedder that will service the guest in the 145 // content layer. The content layer takes ownership of the |guest_delegate|. 146 virtual void GuestWebContentsCreated( 147 WebContents* guest_web_contents, 148 WebContents* opener_web_contents, 149 BrowserPluginGuestDelegate** guest_delegate, 150 scoped_ptr<base::DictionaryValue> extra_params) {} 151 152 // Notifies that a guest WebContents has been attached to a BrowserPlugin. 153 // A guest is attached to a BrowserPlugin when the guest has acquired an 154 // embedder WebContents. This happens on initial navigation or when a new 155 // window is attached to a BrowserPlugin. |extra_params| are params sent 156 // from javascript. 157 virtual void GuestWebContentsAttached( 158 WebContents* guest_web_contents, 159 WebContents* embedder_web_contents, 160 int browser_plugin_instance_id, 161 const base::DictionaryValue& extra_params) {} 162 163 // Notifies that a RenderProcessHost has been created. This is called before 164 // the content layer adds its own BrowserMessageFilters, so that the 165 // embedder's IPC filters have priority. 166 virtual void RenderProcessHostCreated(RenderProcessHost* host) {} 167 168 // Notifies that a BrowserChildProcessHost has been created. 169 virtual void BrowserChildProcessHostCreated(BrowserChildProcessHost* host) {} 170 171 // Determines whether a navigation from |current_instance| to |url| would be a 172 // valid entry point to a "privileged site," based on whether it 173 // |is_renderer_initiated|. A privileged site requires careful process 174 // isolation to ensure its privileges do not leak, and it can only be entered 175 // via known navigation paths. 176 // 177 // If this is a valid entry to a privileged site, this function should rewrite 178 // the origin of |url| with a non-http(s) origin that represents the 179 // privileged site. This will distinguish the resulting SiteInstance from 180 // other SiteInstances in the process model. 181 virtual GURL GetPossiblyPrivilegedURL( 182 content::BrowserContext* browser_context, 183 const GURL& url, 184 bool is_renderer_initiated, 185 SiteInstance* current_instance); 186 187 // Get the effective URL for the given actual URL, to allow an embedder to 188 // group different url schemes in the same SiteInstance. 189 virtual GURL GetEffectiveURL(BrowserContext* browser_context, 190 const GURL& url); 191 192 // Returns whether all instances of the specified effective URL should be 193 // rendered by the same process, rather than using process-per-site-instance. 194 virtual bool ShouldUseProcessPerSite(BrowserContext* browser_context, 195 const GURL& effective_url); 196 197 // Returns a list additional WebUI schemes, if any. These additional schemes 198 // act as aliases to the chrome: scheme. The additional schemes may or may 199 // not serve specific WebUI pages depending on the particular URLDataSource 200 // and its override of URLDataSource::ShouldServiceRequest. 201 virtual void GetAdditionalWebUISchemes( 202 std::vector<std::string>* additional_schemes) {} 203 204 // Creates the main net::URLRequestContextGetter. Should only be called once 205 // per ContentBrowserClient object. 206 // TODO(ajwong): Remove once http://crbug.com/159193 is resolved. 207 virtual net::URLRequestContextGetter* CreateRequestContext( 208 BrowserContext* browser_context, 209 ProtocolHandlerMap* protocol_handlers); 210 211 // Creates the net::URLRequestContextGetter for a StoragePartition. Should 212 // only be called once per partition_path per ContentBrowserClient object. 213 // TODO(ajwong): Remove once http://crbug.com/159193 is resolved. 214 virtual net::URLRequestContextGetter* CreateRequestContextForStoragePartition( 215 BrowserContext* browser_context, 216 const base::FilePath& partition_path, 217 bool in_memory, 218 ProtocolHandlerMap* protocol_handlers); 219 220 // Returns whether a specified URL is handled by the embedder's internal 221 // protocol handlers. 222 virtual bool IsHandledURL(const GURL& url); 223 224 // Returns whether the given process is allowed to commit |url|. This is a 225 // more conservative check than IsSuitableHost, since it is used after a 226 // navigation has committed to ensure that the process did not exceed its 227 // authority. 228 virtual bool CanCommitURL(RenderProcessHost* process_host, const GURL& url); 229 230 // Returns whether a new view for a given |site_url| can be launched in a 231 // given |process_host|. 232 virtual bool IsSuitableHost(RenderProcessHost* process_host, 233 const GURL& site_url); 234 235 // Returns whether a new process should be created or an existing one should 236 // be reused based on the URL we want to load. This should return false, 237 // unless there is a good reason otherwise. 238 virtual bool ShouldTryToUseExistingProcessHost( 239 BrowserContext* browser_context, const GURL& url); 240 241 // Called when a site instance is first associated with a process. 242 virtual void SiteInstanceGotProcess(SiteInstance* site_instance) {} 243 244 // Called from a site instance's destructor. 245 virtual void SiteInstanceDeleting(SiteInstance* site_instance) {} 246 247 // Returns true if for the navigation from |current_url| to |new_url| 248 // in |site_instance|, the process should be swapped (even if we are in a 249 // process model that doesn't usually swap). 250 virtual bool ShouldSwapProcessesForNavigation(SiteInstance* site_instance, 251 const GURL& current_url, 252 const GURL& new_url); 253 254 // Returns true if the given navigation redirect should cause a renderer 255 // process swap. 256 // This is called on the IO thread. 257 virtual bool ShouldSwapProcessesForRedirect(ResourceContext* resource_context, 258 const GURL& current_url, 259 const GURL& new_url); 260 261 // Returns true if the passed in URL should be assigned as the site of the 262 // current SiteInstance, if it does not yet have a site. 263 virtual bool ShouldAssignSiteForURL(const GURL& url); 264 265 // See CharacterEncoding's comment. 266 virtual std::string GetCanonicalEncodingNameByAliasName( 267 const std::string& alias_name); 268 269 // Allows the embedder to pass extra command line flags. 270 // switches::kProcessType will already be set at this point. 271 virtual void AppendExtraCommandLineSwitches(CommandLine* command_line, 272 int child_process_id) {} 273 274 // Returns the locale used by the application. 275 // This is called on the UI and IO threads. 276 virtual std::string GetApplicationLocale(); 277 278 // Returns the languages used in the Accept-Languages HTTP header. 279 // (Not called GetAcceptLanguages so it doesn't clash with win32). 280 virtual std::string GetAcceptLangs(BrowserContext* context); 281 282 // Returns the default favicon. The callee doesn't own the given bitmap. 283 virtual gfx::ImageSkia* GetDefaultFavicon(); 284 285 // Allow the embedder to control if an AppCache can be used for the given url. 286 // This is called on the IO thread. 287 virtual bool AllowAppCache(const GURL& manifest_url, 288 const GURL& first_party, 289 ResourceContext* context); 290 291 // Allow the embedder to control if the given cookie can be read. 292 // This is called on the IO thread. 293 virtual bool AllowGetCookie(const GURL& url, 294 const GURL& first_party, 295 const net::CookieList& cookie_list, 296 ResourceContext* context, 297 int render_process_id, 298 int render_view_id); 299 300 // Allow the embedder to control if the given cookie can be set. 301 // This is called on the IO thread. 302 virtual bool AllowSetCookie(const GURL& url, 303 const GURL& first_party, 304 const std::string& cookie_line, 305 ResourceContext* context, 306 int render_process_id, 307 int render_view_id, 308 net::CookieOptions* options); 309 310 // This is called on the IO thread. 311 virtual bool AllowSaveLocalState(ResourceContext* context); 312 313 // Allow the embedder to control if access to web database by a shared worker 314 // is allowed. |render_views| is a vector of pairs of 315 // RenderProcessID/RenderViewID of RenderViews that are using this worker. 316 // This is called on the IO thread. 317 virtual bool AllowWorkerDatabase( 318 const GURL& url, 319 const string16& name, 320 const string16& display_name, 321 unsigned long estimated_size, 322 ResourceContext* context, 323 const std::vector<std::pair<int, int> >& render_views); 324 325 // Allow the embedder to control if access to file system by a shared worker 326 // is allowed. 327 // This is called on the IO thread. 328 virtual bool AllowWorkerFileSystem( 329 const GURL& url, 330 ResourceContext* context, 331 const std::vector<std::pair<int, int> >& render_views); 332 333 // Allow the embedder to control if access to IndexedDB by a shared worker 334 // is allowed. 335 // This is called on the IO thread. 336 virtual bool AllowWorkerIndexedDB( 337 const GURL& url, 338 const string16& name, 339 ResourceContext* context, 340 const std::vector<std::pair<int, int> >& render_views); 341 342 // Allow the embedder to override the request context based on the URL for 343 // certain operations, like cookie access. Returns NULL to indicate the 344 // regular request context should be used. 345 // This is called on the IO thread. 346 virtual net::URLRequestContext* OverrideRequestContextForURL( 347 const GURL& url, ResourceContext* context); 348 349 // Allow the embedder to specify a string version of the storage partition 350 // config with a site. 351 virtual std::string GetStoragePartitionIdForSite( 352 content::BrowserContext* browser_context, 353 const GURL& site); 354 355 // Allows the embedder to provide a validation check for |partition_id|s. 356 // This domain of valid entries should match the range of outputs for 357 // GetStoragePartitionIdForChildProcess(). 358 virtual bool IsValidStoragePartitionId(BrowserContext* browser_context, 359 const std::string& partition_id); 360 361 // Allows the embedder to provide a storage parititon configuration for a 362 // site. A storage partition configuration includes a domain of the embedder's 363 // choice, an optional name within that domain, and whether the partition is 364 // in-memory only. 365 // 366 // If |can_be_default| is false, the caller is telling the embedder that the 367 // |site| is known to not be in the default partition. This is useful in 368 // some shutdown situations where the bookkeeping logic that maps sites to 369 // their partition configuration are no longer valid. 370 // 371 // The |partition_domain| is [a-z]* UTF-8 string, specifying the domain in 372 // which partitions live (similar to namespace). Within a domain, partitions 373 // can be uniquely identified by the combination of |partition_name| and 374 // |in_memory| values. When a partition is not to be persisted, the 375 // |in_memory| value must be set to true. 376 virtual void GetStoragePartitionConfigForSite( 377 content::BrowserContext* browser_context, 378 const GURL& site, 379 bool can_be_default, 380 std::string* partition_domain, 381 std::string* partition_name, 382 bool* in_memory); 383 384 // Create and return a new quota permission context. 385 virtual QuotaPermissionContext* CreateQuotaPermissionContext(); 386 387 // Informs the embedder that a certificate error has occured. If 388 // |overridable| is true and if |strict_enforcement| is false, the user 389 // can ignore the error and continue. The embedder can call the callback 390 // asynchronously. If |result| is not set to 391 // CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE, the request will be cancelled 392 // or denied immediately, and the callback won't be run. 393 virtual void AllowCertificateError( 394 int render_process_id, 395 int render_view_id, 396 int cert_error, 397 const net::SSLInfo& ssl_info, 398 const GURL& request_url, 399 ResourceType::Type resource_type, 400 bool overridable, 401 bool strict_enforcement, 402 const base::Callback<void(bool)>& callback, 403 CertificateRequestResultType* result) {} 404 405 // Selects a SSL client certificate and returns it to the |callback|. If no 406 // certificate was selected NULL is returned to the |callback|. 407 virtual void SelectClientCertificate( 408 int render_process_id, 409 int render_view_id, 410 const net::HttpNetworkSession* network_session, 411 net::SSLCertRequestInfo* cert_request_info, 412 const base::Callback<void(net::X509Certificate*)>& callback) {} 413 414 // Adds a new installable certificate or private key. 415 // Typically used to install an X.509 user certificate. 416 // Note that it's up to the embedder to verify that the data is 417 // well-formed. |cert_data| will be NULL if file_size is 0. 418 virtual void AddCertificate( 419 net::URLRequest* request, 420 net::CertificateMimeType cert_type, 421 const void* cert_data, 422 size_t cert_size, 423 int render_process_id, 424 int render_view_id) {} 425 426 // Returns a class to get notifications about media event. The embedder can 427 // return NULL if they're not interested. 428 virtual MediaObserver* GetMediaObserver(); 429 430 // Asks permission to show desktop notifications. 431 virtual void RequestDesktopNotificationPermission( 432 const GURL& source_origin, 433 int callback_context, 434 int render_process_id, 435 int render_view_id) {} 436 437 // Checks if the given page has permission to show desktop notifications. 438 // This is called on the IO thread. 439 virtual WebKit::WebNotificationPresenter::Permission 440 CheckDesktopNotificationPermission( 441 const GURL& source_url, 442 ResourceContext* context, 443 int render_process_id); 444 445 // Show a desktop notification. If |worker| is true, the request came from an 446 // HTML5 web worker, otherwise, it came from a renderer. 447 virtual void ShowDesktopNotification( 448 const ShowDesktopNotificationHostMsgParams& params, 449 int render_process_id, 450 int render_view_id, 451 bool worker) {} 452 453 // Cancels a displayed desktop notification. 454 virtual void CancelDesktopNotification( 455 int render_process_id, 456 int render_view_id, 457 int notification_id) {} 458 459 // Returns true if the given page is allowed to open a window of the given 460 // type. If true is returned, |no_javascript_access| will indicate whether 461 // the window that is created should be scriptable/in the same process. 462 // This is called on the IO thread. 463 virtual bool CanCreateWindow( 464 const GURL& opener_url, 465 const GURL& source_origin, 466 WindowContainerType container_type, 467 ResourceContext* context, 468 int render_process_id, 469 bool* no_javascript_access); 470 471 // Returns a title string to use in the task manager for a process host with 472 // the given URL, or the empty string to fall back to the default logic. 473 // This is called on the IO thread. 474 virtual std::string GetWorkerProcessTitle(const GURL& url, 475 ResourceContext* context); 476 477 // Notifies the embedder that the ResourceDispatcherHost has been created. 478 // This is when it can optionally add a delegate. 479 virtual void ResourceDispatcherHostCreated() {} 480 481 // Allows the embedder to return a delegate for the SpeechRecognitionManager. 482 // The delegate will be owned by the manager. It's valid to return NULL. 483 virtual SpeechRecognitionManagerDelegate* 484 GetSpeechRecognitionManagerDelegate(); 485 486 // Getters for common objects. 487 virtual net::NetLog* GetNetLog(); 488 489 // Creates a new AccessTokenStore for gelocation. 490 virtual AccessTokenStore* CreateAccessTokenStore(); 491 492 // Returns true if fast shutdown is possible. 493 virtual bool IsFastShutdownPossible(); 494 495 // Called by WebContents to override the WebKit preferences that are used by 496 // the renderer. The content layer will add its own settings, and then it's up 497 // to the embedder to update it if it wants. 498 virtual void OverrideWebkitPrefs(RenderViewHost* render_view_host, 499 const GURL& url, 500 WebPreferences* prefs) {} 501 502 // Inspector setting was changed and should be persisted. 503 virtual void UpdateInspectorSetting(RenderViewHost* rvh, 504 const std::string& key, 505 const std::string& value) {} 506 507 // Notifies that BrowserURLHandler has been created, so that the embedder can 508 // optionally add their own handlers. 509 virtual void BrowserURLHandlerCreated(BrowserURLHandler* handler) {} 510 511 // Clears browser cache. 512 virtual void ClearCache(RenderViewHost* rvh) {} 513 514 // Clears browser cookies. 515 virtual void ClearCookies(RenderViewHost* rvh) {} 516 517 // Returns the default download directory. 518 // This can be called on any thread. 519 virtual base::FilePath GetDefaultDownloadDirectory(); 520 521 // Returns the default filename used in downloads when we have no idea what 522 // else we should do with the file. 523 virtual std::string GetDefaultDownloadName(); 524 525 // Notification that a pepper plugin has just been spawned. This allows the 526 // embedder to add filters onto the host to implement interfaces. 527 // This is called on the IO thread. 528 virtual void DidCreatePpapiPlugin(BrowserPpapiHost* browser_host) {} 529 530 // Gets the host for an external out-of-process plugin. 531 virtual content::BrowserPpapiHost* GetExternalBrowserPpapiHost( 532 int plugin_child_id); 533 534 // Returns true if the given browser_context and site_url support hosting 535 // BrowserPlugins. 536 virtual bool SupportsBrowserPlugin(BrowserContext* browser_context, 537 const GURL& site_url); 538 539 // Returns true if the socket operation specified by |params| is allowed 540 // from the given |browser_context| and |url|. |private_api| indicates whether 541 // this permission check is for the private Pepper socket API or the public 542 // one. 543 virtual bool AllowPepperSocketAPI(BrowserContext* browser_context, 544 const GURL& url, 545 bool private_api, 546 const SocketPermissionRequest& params); 547 548 // Returns the directory containing hyphenation dictionaries. 549 virtual base::FilePath GetHyphenDictionaryDirectory(); 550 551 // Returns an implementation of a file selecition policy. Can return NULL. 552 virtual ui::SelectFilePolicy* CreateSelectFilePolicy( 553 WebContents* web_contents); 554 555 // Returns additional allowed scheme set which can access files in 556 // FileSystem API. 557 virtual void GetAdditionalAllowedSchemesForFileSystem( 558 std::vector<std::string>* additional_schemes) {} 559 560 // Returns additional file system backends for FileSystem API. 561 // |browser_context| is needed in the additional FileSystemBackends. 562 // It has mount points to create objects returned by additional 563 // FileSystemBackends, and SpecialStoragePolicy for permission granting. 564 virtual void GetAdditionalFileSystemBackends( 565 BrowserContext* browser_context, 566 const base::FilePath& storage_partition_path, 567 ScopedVector<fileapi::FileSystemBackend>* additional_backends) {} 568 569 // Allows an embedder to return its own LocationProvider implementation. 570 // Return NULL to use the default one for the platform to be created. 571 virtual LocationProvider* OverrideSystemLocationProvider(); 572 573#if defined(OS_POSIX) && !defined(OS_MACOSX) 574 // Populates |mappings| with all files that need to be mapped before launching 575 // a child process. 576 virtual void GetAdditionalMappedFilesForChildProcess( 577 const CommandLine& command_line, 578 int child_process_id, 579 std::vector<FileDescriptorInfo>* mappings) {} 580#endif 581 582#if defined(OS_WIN) 583 // Returns the name of the dll that contains cursors and other resources. 584 virtual const wchar_t* GetResourceDllName(); 585 586 // This is called on the PROCESS_LAUNCHER thread before the renderer process 587 // is launched. It gives the embedder a chance to add loosen the sandbox 588 // policy. 589 virtual void PreSpawnRenderer(sandbox::TargetPolicy* policy, 590 bool* success) {} 591#endif 592 593#if defined(USE_NSS) 594 // Return a delegate to authenticate and unlock |module|. 595 // This is called on a worker thread. 596 virtual 597 crypto::CryptoModuleBlockingPasswordDelegate* GetCryptoPasswordDelegate( 598 const GURL& url); 599#endif 600}; 601 602} // namespace content 603 604#endif // CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_ 605