1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_ 6 #define CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_ 7 8 #include <map> 9 #include <string> 10 #include <utility> 11 #include <vector> 12 13 #include "base/callback_forward.h" 14 #include "base/memory/linked_ptr.h" 15 #include "base/memory/scoped_ptr.h" 16 #include "base/memory/scoped_vector.h" 17 #include "base/values.h" 18 #include "content/public/browser/certificate_request_result_type.h" 19 #include "content/public/browser/file_descriptor_info.h" 20 #include "content/public/common/content_client.h" 21 #include "content/public/common/socket_permission_request.h" 22 #include "content/public/common/window_container_type.h" 23 #include "net/base/mime_util.h" 24 #include "net/cookies/canonical_cookie.h" 25 #include "net/url_request/url_request_job_factory.h" 26 #include "third_party/WebKit/public/web/WebNotificationPresenter.h" 27 #include "ui/base/window_open_disposition.h" 28 #include "webkit/common/resource_type.h" 29 30 #if defined(OS_POSIX) && !defined(OS_MACOSX) 31 #include "base/posix/global_descriptors.h" 32 #endif 33 34 class CommandLine; 35 class GURL; 36 struct WebPreferences; 37 38 namespace WebKit { 39 struct WebWindowFeatures; 40 } 41 42 namespace base { 43 class DictionaryValue; 44 class FilePath; 45 } 46 namespace crypto { 47 class CryptoModuleBlockingPasswordDelegate; 48 } 49 50 namespace gfx { 51 class ImageSkia; 52 } 53 54 namespace net { 55 class CookieOptions; 56 class HttpNetworkSession; 57 class NetLog; 58 class SSLCertRequestInfo; 59 class SSLInfo; 60 class URLRequest; 61 class URLRequestContext; 62 class URLRequestContextGetter; 63 class X509Certificate; 64 } 65 66 namespace sandbox { 67 class TargetPolicy; 68 } 69 70 namespace ui { 71 class SelectFilePolicy; 72 } 73 74 namespace fileapi { 75 class ExternalMountPoints; 76 class FileSystemBackend; 77 } 78 79 namespace content { 80 81 class AccessTokenStore; 82 class BrowserChildProcessHost; 83 class BrowserContext; 84 class BrowserMainParts; 85 class BrowserPluginGuestDelegate; 86 class BrowserPpapiHost; 87 class BrowserURLHandler; 88 class LocationProvider; 89 class MediaObserver; 90 class QuotaPermissionContext; 91 class RenderProcessHost; 92 class RenderViewHost; 93 class RenderViewHostDelegateView; 94 class ResourceContext; 95 class SiteInstance; 96 class SpeechRecognitionManagerDelegate; 97 class WebContents; 98 class WebContentsViewDelegate; 99 class WebContentsViewPort; 100 struct MainFunctionParams; 101 struct Referrer; 102 struct ShowDesktopNotificationHostMsgParams; 103 104 // A mapping from the scheme name to the protocol handler that services its 105 // content. 106 typedef std::map< 107 std::string, linked_ptr<net::URLRequestJobFactory::ProtocolHandler> > 108 ProtocolHandlerMap; 109 110 // Embedder API (or SPI) for participating in browser logic, to be implemented 111 // by the client of the content browser. See ChromeContentBrowserClient for the 112 // principal implementation. The methods are assumed to be called on the UI 113 // thread unless otherwise specified. Use this "escape hatch" sparingly, to 114 // avoid the embedder interface ballooning and becoming very specific to Chrome. 115 // (Often, the call out to the client can happen in a different part of the code 116 // that either already has a hook out to the embedder, or calls out to one of 117 // the observer interfaces.) 118 class CONTENT_EXPORT ContentBrowserClient { 119 public: 120 virtual ~ContentBrowserClient() {} 121 122 // Allows the embedder to set any number of custom BrowserMainParts 123 // implementations for the browser startup code. See comments in 124 // browser_main_parts.h. 125 virtual BrowserMainParts* CreateBrowserMainParts( 126 const MainFunctionParams& parameters); 127 128 // Allows an embedder to return their own WebContentsViewPort implementation. 129 // Return NULL to let the default one for the platform be created. Otherwise 130 // |render_view_host_delegate_view| also needs to be provided, and it is 131 // owned by the embedder. 132 virtual WebContentsViewPort* OverrideCreateWebContentsView( 133 WebContents* web_contents, 134 RenderViewHostDelegateView** render_view_host_delegate_view); 135 136 // If content creates the WebContentsView implementation, it will ask the 137 // embedder to return an (optional) delegate to customize it. The view will 138 // own the delegate. 139 virtual WebContentsViewDelegate* GetWebContentsViewDelegate( 140 WebContents* web_contents); 141 142 // Notifies that a guest WebContents has been created. A guest WebContents 143 // represents a renderer that's hosted within a BrowserPlugin. Creation can 144 // occur an arbitrary length of time before attachment. If the new guest has 145 // an |opener_web_contents|, then it's a new window created by that opener. 146 // If the guest was created via navigation, then |extra_params| will be 147 // non-NULL. |extra_params| are parameters passed to the BrowserPlugin object 148 // element by the content embedder. These parameters may include the API to 149 // enable for the given guest. |guest_delegate| is a return parameter of 150 // the delegate in the content embedder that will service the guest in the 151 // content layer. The content layer takes ownership of the |guest_delegate|. 152 virtual void GuestWebContentsCreated( 153 WebContents* guest_web_contents, 154 WebContents* opener_web_contents, 155 BrowserPluginGuestDelegate** guest_delegate, 156 scoped_ptr<base::DictionaryValue> extra_params) {} 157 158 // Notifies that a guest WebContents has been attached to a BrowserPlugin. 159 // A guest is attached to a BrowserPlugin when the guest has acquired an 160 // embedder WebContents. This happens on initial navigation or when a new 161 // window is attached to a BrowserPlugin. |extra_params| are params sent 162 // from javascript. 163 virtual void GuestWebContentsAttached( 164 WebContents* guest_web_contents, 165 WebContents* embedder_web_contents, 166 const base::DictionaryValue& extra_params) {} 167 168 // Notifies that a RenderProcessHost has been created. This is called before 169 // the content layer adds its own BrowserMessageFilters, so that the 170 // embedder's IPC filters have priority. 171 virtual void RenderProcessHostCreated(RenderProcessHost* host) {} 172 173 // Notifies that a BrowserChildProcessHost has been created. 174 virtual void BrowserChildProcessHostCreated(BrowserChildProcessHost* host) {} 175 176 // Get the effective URL for the given actual URL, to allow an embedder to 177 // group different url schemes in the same SiteInstance. 178 virtual GURL GetEffectiveURL(BrowserContext* browser_context, 179 const GURL& url); 180 181 // Returns whether all instances of the specified effective URL should be 182 // rendered by the same process, rather than using process-per-site-instance. 183 virtual bool ShouldUseProcessPerSite(BrowserContext* browser_context, 184 const GURL& effective_url); 185 186 // Returns a list additional WebUI schemes, if any. These additional schemes 187 // act as aliases to the chrome: scheme. The additional schemes may or may 188 // not serve specific WebUI pages depending on the particular URLDataSource 189 // and its override of URLDataSource::ShouldServiceRequest. 190 virtual void GetAdditionalWebUISchemes( 191 std::vector<std::string>* additional_schemes) {} 192 193 // Creates the main net::URLRequestContextGetter. Should only be called once 194 // per ContentBrowserClient object. 195 // TODO(ajwong): Remove once http://crbug.com/159193 is resolved. 196 virtual net::URLRequestContextGetter* CreateRequestContext( 197 BrowserContext* browser_context, 198 ProtocolHandlerMap* protocol_handlers); 199 200 // Creates the net::URLRequestContextGetter for a StoragePartition. Should 201 // only be called once per partition_path per ContentBrowserClient object. 202 // TODO(ajwong): Remove once http://crbug.com/159193 is resolved. 203 virtual net::URLRequestContextGetter* CreateRequestContextForStoragePartition( 204 BrowserContext* browser_context, 205 const base::FilePath& partition_path, 206 bool in_memory, 207 ProtocolHandlerMap* protocol_handlers); 208 209 // Returns whether a specified URL is handled by the embedder's internal 210 // protocol handlers. 211 virtual bool IsHandledURL(const GURL& url); 212 213 // Returns whether the given process is allowed to commit |url|. This is a 214 // more conservative check than IsSuitableHost, since it is used after a 215 // navigation has committed to ensure that the process did not exceed its 216 // authority. 217 virtual bool CanCommitURL(RenderProcessHost* process_host, const GURL& url); 218 219 // Returns whether a new view for a given |site_url| can be launched in a 220 // given |process_host|. 221 virtual bool IsSuitableHost(RenderProcessHost* process_host, 222 const GURL& site_url); 223 224 // Returns whether a new process should be created or an existing one should 225 // be reused based on the URL we want to load. This should return false, 226 // unless there is a good reason otherwise. 227 virtual bool ShouldTryToUseExistingProcessHost( 228 BrowserContext* browser_context, const GURL& url); 229 230 // Called when a site instance is first associated with a process. 231 virtual void SiteInstanceGotProcess(SiteInstance* site_instance) {} 232 233 // Called from a site instance's destructor. 234 virtual void SiteInstanceDeleting(SiteInstance* site_instance) {} 235 236 // Returns true if for the navigation from |current_url| to |new_url| 237 // in |site_instance|, the process should be swapped (even if we are in a 238 // process model that doesn't usually swap). 239 virtual bool ShouldSwapProcessesForNavigation(SiteInstance* site_instance, 240 const GURL& current_url, 241 const GURL& new_url); 242 243 // Returns true if the given navigation redirect should cause a renderer 244 // process swap. 245 // This is called on the IO thread. 246 virtual bool ShouldSwapProcessesForRedirect(ResourceContext* resource_context, 247 const GURL& current_url, 248 const GURL& new_url); 249 250 // Returns true if the passed in URL should be assigned as the site of the 251 // current SiteInstance, if it does not yet have a site. 252 virtual bool ShouldAssignSiteForURL(const GURL& url); 253 254 // See CharacterEncoding's comment. 255 virtual std::string GetCanonicalEncodingNameByAliasName( 256 const std::string& alias_name); 257 258 // Allows the embedder to pass extra command line flags. 259 // switches::kProcessType will already be set at this point. 260 virtual void AppendExtraCommandLineSwitches(CommandLine* command_line, 261 int child_process_id) {} 262 263 // Returns the locale used by the application. 264 // This is called on the UI and IO threads. 265 virtual std::string GetApplicationLocale(); 266 267 // Returns the languages used in the Accept-Languages HTTP header. 268 // (Not called GetAcceptLanguages so it doesn't clash with win32). 269 virtual std::string GetAcceptLangs(BrowserContext* context); 270 271 // Returns the default favicon. The callee doesn't own the given bitmap. 272 virtual gfx::ImageSkia* GetDefaultFavicon(); 273 274 // Allow the embedder to control if an AppCache can be used for the given url. 275 // This is called on the IO thread. 276 virtual bool AllowAppCache(const GURL& manifest_url, 277 const GURL& first_party, 278 ResourceContext* context); 279 280 // Allow the embedder to control if the given cookie can be read. 281 // This is called on the IO thread. 282 virtual bool AllowGetCookie(const GURL& url, 283 const GURL& first_party, 284 const net::CookieList& cookie_list, 285 ResourceContext* context, 286 int render_process_id, 287 int render_view_id); 288 289 // Allow the embedder to control if the given cookie can be set. 290 // This is called on the IO thread. 291 virtual bool AllowSetCookie(const GURL& url, 292 const GURL& first_party, 293 const std::string& cookie_line, 294 ResourceContext* context, 295 int render_process_id, 296 int render_view_id, 297 net::CookieOptions* options); 298 299 // This is called on the IO thread. 300 virtual bool AllowSaveLocalState(ResourceContext* context); 301 302 // Allow the embedder to control if access to web database by a shared worker 303 // is allowed. |render_views| is a vector of pairs of 304 // RenderProcessID/RenderViewID of RenderViews that are using this worker. 305 // This is called on the IO thread. 306 virtual bool AllowWorkerDatabase( 307 const GURL& url, 308 const string16& name, 309 const string16& display_name, 310 unsigned long estimated_size, 311 ResourceContext* context, 312 const std::vector<std::pair<int, int> >& render_views); 313 314 // Allow the embedder to control if access to file system by a shared worker 315 // is allowed. 316 // This is called on the IO thread. 317 virtual bool AllowWorkerFileSystem( 318 const GURL& url, 319 ResourceContext* context, 320 const std::vector<std::pair<int, int> >& render_views); 321 322 // Allow the embedder to control if access to IndexedDB by a shared worker 323 // is allowed. 324 // This is called on the IO thread. 325 virtual bool AllowWorkerIndexedDB( 326 const GURL& url, 327 const string16& name, 328 ResourceContext* context, 329 const std::vector<std::pair<int, int> >& render_views); 330 331 // Allow the embedder to override the request context based on the URL for 332 // certain operations, like cookie access. Returns NULL to indicate the 333 // regular request context should be used. 334 // This is called on the IO thread. 335 virtual net::URLRequestContext* OverrideRequestContextForURL( 336 const GURL& url, ResourceContext* context); 337 338 // Allow the embedder to specify a string version of the storage partition 339 // config with a site. 340 virtual std::string GetStoragePartitionIdForSite( 341 content::BrowserContext* browser_context, 342 const GURL& site); 343 344 // Allows the embedder to provide a validation check for |partition_id|s. 345 // This domain of valid entries should match the range of outputs for 346 // GetStoragePartitionIdForChildProcess(). 347 virtual bool IsValidStoragePartitionId(BrowserContext* browser_context, 348 const std::string& partition_id); 349 350 // Allows the embedder to provide a storage parititon configuration for a 351 // site. A storage partition configuration includes a domain of the embedder's 352 // choice, an optional name within that domain, and whether the partition is 353 // in-memory only. 354 // 355 // If |can_be_default| is false, the caller is telling the embedder that the 356 // |site| is known to not be in the default partition. This is useful in 357 // some shutdown situations where the bookkeeping logic that maps sites to 358 // their partition configuration are no longer valid. 359 // 360 // The |partition_domain| is [a-z]* UTF-8 string, specifying the domain in 361 // which partitions live (similar to namespace). Within a domain, partitions 362 // can be uniquely identified by the combination of |partition_name| and 363 // |in_memory| values. When a partition is not to be persisted, the 364 // |in_memory| value must be set to true. 365 virtual void GetStoragePartitionConfigForSite( 366 content::BrowserContext* browser_context, 367 const GURL& site, 368 bool can_be_default, 369 std::string* partition_domain, 370 std::string* partition_name, 371 bool* in_memory); 372 373 // Create and return a new quota permission context. 374 virtual QuotaPermissionContext* CreateQuotaPermissionContext(); 375 376 // Informs the embedder that a certificate error has occured. If 377 // |overridable| is true and if |strict_enforcement| is false, the user 378 // can ignore the error and continue. The embedder can call the callback 379 // asynchronously. If |result| is not set to 380 // CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE, the request will be cancelled 381 // or denied immediately, and the callback won't be run. 382 virtual void AllowCertificateError( 383 int render_process_id, 384 int render_view_id, 385 int cert_error, 386 const net::SSLInfo& ssl_info, 387 const GURL& request_url, 388 ResourceType::Type resource_type, 389 bool overridable, 390 bool strict_enforcement, 391 const base::Callback<void(bool)>& callback, 392 CertificateRequestResultType* result) {} 393 394 // Selects a SSL client certificate and returns it to the |callback|. If no 395 // certificate was selected NULL is returned to the |callback|. 396 virtual void SelectClientCertificate( 397 int render_process_id, 398 int render_view_id, 399 const net::HttpNetworkSession* network_session, 400 net::SSLCertRequestInfo* cert_request_info, 401 const base::Callback<void(net::X509Certificate*)>& callback) {} 402 403 // Adds a new installable certificate or private key. 404 // Typically used to install an X.509 user certificate. 405 // Note that it's up to the embedder to verify that the data is 406 // well-formed. |cert_data| will be NULL if file_size is 0. 407 virtual void AddCertificate( 408 net::URLRequest* request, 409 net::CertificateMimeType cert_type, 410 const void* cert_data, 411 size_t cert_size, 412 int render_process_id, 413 int render_view_id) {} 414 415 // Returns a class to get notifications about media event. The embedder can 416 // return NULL if they're not interested. 417 virtual MediaObserver* GetMediaObserver(); 418 419 // Asks permission to show desktop notifications. 420 virtual void RequestDesktopNotificationPermission( 421 const GURL& source_origin, 422 int callback_context, 423 int render_process_id, 424 int render_view_id) {} 425 426 // Checks if the given page has permission to show desktop notifications. 427 // This is called on the IO thread. 428 virtual WebKit::WebNotificationPresenter::Permission 429 CheckDesktopNotificationPermission( 430 const GURL& source_url, 431 ResourceContext* context, 432 int render_process_id); 433 434 // Show a desktop notification. If |worker| is true, the request came from an 435 // HTML5 web worker, otherwise, it came from a renderer. 436 virtual void ShowDesktopNotification( 437 const ShowDesktopNotificationHostMsgParams& params, 438 int render_process_id, 439 int render_view_id, 440 bool worker) {} 441 442 // Cancels a displayed desktop notification. 443 virtual void CancelDesktopNotification( 444 int render_process_id, 445 int render_view_id, 446 int notification_id) {} 447 448 // Returns true if the given page is allowed to open a window of the given 449 // type. If true is returned, |no_javascript_access| will indicate whether 450 // the window that is created should be scriptable/in the same process. 451 // This is called on the IO thread. 452 virtual bool CanCreateWindow(const GURL& opener_url, 453 const GURL& opener_top_level_frame_url, 454 const GURL& source_origin, 455 WindowContainerType container_type, 456 const GURL& target_url, 457 const content::Referrer& referrer, 458 WindowOpenDisposition disposition, 459 const WebKit::WebWindowFeatures& features, 460 bool user_gesture, 461 bool opener_suppressed, 462 content::ResourceContext* context, 463 int render_process_id, 464 bool is_guest, 465 int opener_id, 466 bool* no_javascript_access); 467 468 // Returns a title string to use in the task manager for a process host with 469 // the given URL, or the empty string to fall back to the default logic. 470 // This is called on the IO thread. 471 virtual std::string GetWorkerProcessTitle(const GURL& url, 472 ResourceContext* context); 473 474 // Notifies the embedder that the ResourceDispatcherHost has been created. 475 // This is when it can optionally add a delegate. 476 virtual void ResourceDispatcherHostCreated() {} 477 478 // Allows the embedder to return a delegate for the SpeechRecognitionManager. 479 // The delegate will be owned by the manager. It's valid to return NULL. 480 virtual SpeechRecognitionManagerDelegate* 481 GetSpeechRecognitionManagerDelegate(); 482 483 // Getters for common objects. 484 virtual net::NetLog* GetNetLog(); 485 486 // Creates a new AccessTokenStore for gelocation. 487 virtual AccessTokenStore* CreateAccessTokenStore(); 488 489 // Returns true if fast shutdown is possible. 490 virtual bool IsFastShutdownPossible(); 491 492 // Called by WebContents to override the WebKit preferences that are used by 493 // the renderer. The content layer will add its own settings, and then it's up 494 // to the embedder to update it if it wants. 495 virtual void OverrideWebkitPrefs(RenderViewHost* render_view_host, 496 const GURL& url, 497 WebPreferences* prefs) {} 498 499 // Inspector setting was changed and should be persisted. 500 virtual void UpdateInspectorSetting(RenderViewHost* rvh, 501 const std::string& key, 502 const std::string& value) {} 503 504 // Notifies that BrowserURLHandler has been created, so that the embedder can 505 // optionally add their own handlers. 506 virtual void BrowserURLHandlerCreated(BrowserURLHandler* handler) {} 507 508 // Clears browser cache. 509 virtual void ClearCache(RenderViewHost* rvh) {} 510 511 // Clears browser cookies. 512 virtual void ClearCookies(RenderViewHost* rvh) {} 513 514 // Returns the default download directory. 515 // This can be called on any thread. 516 virtual base::FilePath GetDefaultDownloadDirectory(); 517 518 // Returns the default filename used in downloads when we have no idea what 519 // else we should do with the file. 520 virtual std::string GetDefaultDownloadName(); 521 522 // Notification that a pepper plugin has just been spawned. This allows the 523 // embedder to add filters onto the host to implement interfaces. 524 // This is called on the IO thread. 525 virtual void DidCreatePpapiPlugin(BrowserPpapiHost* browser_host) {} 526 527 // Gets the host for an external out-of-process plugin. 528 virtual content::BrowserPpapiHost* GetExternalBrowserPpapiHost( 529 int plugin_child_id); 530 531 // Returns true if the given browser_context and site_url support hosting 532 // BrowserPlugins. 533 virtual bool SupportsBrowserPlugin(BrowserContext* browser_context, 534 const GURL& site_url); 535 536 // Returns true if the socket operation specified by |params| is allowed 537 // from the given |browser_context| and |url|. |private_api| indicates whether 538 // this permission check is for the private Pepper socket API or the public 539 // one. 540 virtual bool AllowPepperSocketAPI(BrowserContext* browser_context, 541 const GURL& url, 542 bool private_api, 543 const SocketPermissionRequest& params); 544 545 // Returns an implementation of a file selecition policy. Can return NULL. 546 virtual ui::SelectFilePolicy* CreateSelectFilePolicy( 547 WebContents* web_contents); 548 549 // Returns additional allowed scheme set which can access files in 550 // FileSystem API. 551 virtual void GetAdditionalAllowedSchemesForFileSystem( 552 std::vector<std::string>* additional_schemes) {} 553 554 // Returns additional file system backends for FileSystem API. 555 // |browser_context| is needed in the additional FileSystemBackends. 556 // It has mount points to create objects returned by additional 557 // FileSystemBackends, and SpecialStoragePolicy for permission granting. 558 virtual void GetAdditionalFileSystemBackends( 559 BrowserContext* browser_context, 560 const base::FilePath& storage_partition_path, 561 ScopedVector<fileapi::FileSystemBackend>* additional_backends) {} 562 563 // Allows an embedder to return its own LocationProvider implementation. 564 // Return NULL to use the default one for the platform to be created. 565 virtual LocationProvider* OverrideSystemLocationProvider(); 566 567 #if defined(OS_POSIX) && !defined(OS_MACOSX) 568 // Populates |mappings| with all files that need to be mapped before launching 569 // a child process. 570 virtual void GetAdditionalMappedFilesForChildProcess( 571 const CommandLine& command_line, 572 int child_process_id, 573 std::vector<FileDescriptorInfo>* mappings) {} 574 #endif 575 576 #if defined(OS_WIN) 577 // Returns the name of the dll that contains cursors and other resources. 578 virtual const wchar_t* GetResourceDllName(); 579 580 // This is called on the PROCESS_LAUNCHER thread before the renderer process 581 // is launched. It gives the embedder a chance to add loosen the sandbox 582 // policy. 583 virtual void PreSpawnRenderer(sandbox::TargetPolicy* policy, 584 bool* success) {} 585 #endif 586 587 #if defined(USE_NSS) 588 // Return a delegate to authenticate and unlock |module|. 589 // This is called on a worker thread. 590 virtual 591 crypto::CryptoModuleBlockingPasswordDelegate* GetCryptoPasswordDelegate( 592 const GURL& url); 593 #endif 594 }; 595 596 } // namespace content 597 598 #endif // CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_ 599