1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_ 6 #define CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_ 7 8 #include <string> 9 10 #include "base/callback.h" 11 #include "content/common/content_export.h" 12 13 namespace base { 14 class MessageLoop; 15 class RefCountedMemory; 16 } 17 18 namespace net { 19 class URLRequest; 20 } 21 22 namespace content { 23 class BrowserContext; 24 25 // A URLDataSource is an object that can answer requests for WebUI data 26 // asynchronously. An implementation of URLDataSource should handle calls to 27 // StartDataRequest() by starting its (implementation-specific) asynchronous 28 // request for the data, then running the callback given in that method to 29 // notify. 30 class CONTENT_EXPORT URLDataSource { 31 public: 32 // Adds a URL data source to |browser_context|. 33 static void Add(BrowserContext* browser_context, URLDataSource* source); 34 35 virtual ~URLDataSource() {} 36 37 // The name of this source. 38 // E.g., for favicons, this could be "favicon", which results in paths for 39 // specific resources like "favicon/34" getting sent to this source. For 40 // sources where a scheme is used instead of the hostname as the unique 41 // identifier, the suffix "://" must be added to the return value, eg. for a 42 // URLDataSource which would display resources with URLs on the form 43 // your-scheme://anything , GetSource() must return "your-scheme://". 44 virtual std::string GetSource() const = 0; 45 46 // Used by StartDataRequest so that the child class can return the data when 47 // it's available. 48 typedef base::Callback<void(base::RefCountedMemory*)> GotDataCallback; 49 50 // Called by URLDataSource to request data at |path|. The string parameter is 51 // the path of the request. The child class should run |callback| when the 52 // data is available or if the request could not be satisfied. This can be 53 // called either in this callback or asynchronously with the response. 54 virtual void StartDataRequest(const std::string& path, 55 int render_process_id, 56 int render_frame_id, 57 const GotDataCallback& callback) = 0; 58 59 // Return the mimetype that should be sent with this response, or empty 60 // string to specify no mime type. 61 virtual std::string GetMimeType(const std::string& path) const = 0; 62 63 // The following methods are all called on the IO thread. 64 65 // Returns the MessageLoop on which the delegate wishes to have 66 // StartDataRequest called to handle the request for |path|. The default 67 // implementation returns BrowserThread::UI. If the delegate does not care 68 // which thread StartDataRequest is called on, this should return NULL. It may 69 // be beneficial to return NULL for requests that are safe to handle directly 70 // on the IO thread. This can improve performance by satisfying such requests 71 // more rapidly when there is a large amount of UI thread contention. Or the 72 // delegate can return a specific thread's Messageloop if they wish. 73 virtual base::MessageLoop* MessageLoopForRequestPath( 74 const std::string& path) const; 75 76 // Returns true if the URLDataSource should replace an existing URLDataSource 77 // with the same name that has already been registered. The default is true. 78 // 79 // WARNING: this is invoked on the IO thread. 80 // 81 // TODO: nuke this and convert all callers to not replace. 82 virtual bool ShouldReplaceExistingSource() const; 83 84 // Returns true if responses from this URLDataSource can be cached. 85 virtual bool AllowCaching() const; 86 87 // If you are overriding this, then you have a bug. 88 // It is not acceptable to disable content-security-policy on chrome:// pages 89 // to permit functionality excluded by CSP, such as inline script. 90 // Instead, you must go back and change your WebUI page so that it is 91 // compliant with the policy. This typically involves ensuring that all script 92 // is delivered through the data manager backend. Talk to tsepez for more 93 // info. 94 virtual bool ShouldAddContentSecurityPolicy() const; 95 96 // It is OK to override the following two methods to a custom CSP directive 97 // thereby slightly reducing the protection applied to the page. 98 99 // By default, "object-src 'none';" is added to CSP. Override to change this. 100 virtual std::string GetContentSecurityPolicyObjectSrc() const; 101 // By default, "frame-src 'none';" is added to CSP. Override to change this. 102 virtual std::string GetContentSecurityPolicyFrameSrc() const; 103 104 // By default, the "X-Frame-Options: DENY" header is sent. To stop this from 105 // happening, return false. It is OK to return false as needed. 106 virtual bool ShouldDenyXFrameOptions() const; 107 108 // By default, only chrome: and chrome-devtools: requests are allowed. 109 // Override in specific WebUI data sources to enable for additional schemes or 110 // to implement fancier access control. Typically used in concert with 111 // ContentBrowserClient::GetAdditionalWebUISchemes() to permit additional 112 // WebUI scheme support for an embedder. 113 virtual bool ShouldServiceRequest(const net::URLRequest* request) const; 114 115 // By default, Content-Type: header is not sent along with the response. 116 // To start sending mime type returned by GetMimeType in HTTP headers, 117 // return true. It is useful when tunneling response served from this data 118 // source programmatically. Or when AppCache is enabled for this source as it 119 // is for chrome-devtools. 120 virtual bool ShouldServeMimeTypeAsContentTypeHeader() const; 121 122 // Called to inform the source that StartDataRequest() will be called soon. 123 // Gives the source an opportunity to rewrite |path| to incorporate extra 124 // information from the URLRequest prior to serving. 125 virtual void WillServiceRequest( 126 const net::URLRequest* request, 127 std::string* path) const {} 128 }; 129 130 } // namespace content 131 132 #endif // CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_ 133
