1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
// Copyright (c) 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_
#define CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_
#include <string>
#include "base/callback.h"
#include "content/common/content_export.h"
namespace base {
class MessageLoop;
class RefCountedMemory;
}
namespace net {
class URLRequest;
}
namespace content {
class BrowserContext;
// A URLDataSource is an object that can answer requests for WebUI data
// asynchronously. An implementation of URLDataSource should handle calls to
// StartDataRequest() by starting its (implementation-specific) asynchronous
// request for the data, then running the callback given in that method to
// notify.
class CONTENT_EXPORT URLDataSource {
public:
// Adds a URL data source to |browser_context|.
static void Add(BrowserContext* browser_context, URLDataSource* source);
virtual ~URLDataSource() {}
// The name of this source.
// E.g., for favicons, this could be "favicon", which results in paths for
// specific resources like "favicon/34" getting sent to this source.
virtual std::string GetSource() = 0;
// Used by StartDataRequest so that the child class can return the data when
// it's available.
typedef base::Callback<void(base::RefCountedMemory*)> GotDataCallback;
// Called by URLDataSource to request data at |path|. The string parameter is
// the path of the request. The child class should run |callback| when the
// data is available or if the request could not be satisfied. This can be
// called either in this callback or asynchronously with the response.
virtual void StartDataRequest(const std::string& path,
bool is_incognito,
const GotDataCallback& callback) = 0;
// Return the mimetype that should be sent with this response, or empty
// string to specify no mime type.
virtual std::string GetMimeType(const std::string& path) const = 0;
// The following methods are all called on the IO thread.
// Returns the MessageLoop on which the delegate wishes to have
// StartDataRequest called to handle the request for |path|. The default
// implementation returns BrowserThread::UI. If the delegate does not care
// which thread StartDataRequest is called on, this should return NULL. It may
// be beneficial to return NULL for requests that are safe to handle directly
// on the IO thread. This can improve performance by satisfying such requests
// more rapidly when there is a large amount of UI thread contention. Or the
// delegate can return a specific thread's Messageloop if they wish.
virtual base::MessageLoop* MessageLoopForRequestPath(
const std::string& path) const;
// Returns true if the URLDataSource should replace an existing URLDataSource
// with the same name that has already been registered. The default is true.
//
// WARNING: this is invoked on the IO thread.
//
// TODO: nuke this and convert all callers to not replace.
virtual bool ShouldReplaceExistingSource() const;
// Returns true if responses from this URLDataSource can be cached.
virtual bool AllowCaching() const;
// If you are overriding this, then you have a bug.
// It is not acceptable to disable content-security-policy on chrome:// pages
// to permit functionality excluded by CSP, such as inline script.
// Instead, you must go back and change your WebUI page so that it is
// compliant with the policy. This typically involves ensuring that all script
// is delivered through the data manager backend. Talk to tsepez for more
// info.
virtual bool ShouldAddContentSecurityPolicy() const;
// It is OK to override the following two methods to a custom CSP directive
// thereby slightly reducing the protection applied to the page.
// By default, "object-src 'none';" is added to CSP. Override to change this.
virtual std::string GetContentSecurityPolicyObjectSrc() const;
// By default, "frame-src 'none';" is added to CSP. Override to change this.
virtual std::string GetContentSecurityPolicyFrameSrc() const;
// By default, the "X-Frame-Options: DENY" header is sent. To stop this from
// happening, return false. It is OK to return false as needed.
virtual bool ShouldDenyXFrameOptions() const;
// By default, only chrome: and chrome-devtools: requests are allowed.
// Override in specific WebUI data sources to enable for additional schemes or
// to implement fancier access control. Typically used in concert with
// ContentBrowserClient::GetAdditionalWebUISchemes() to permit additional
// WebUI scheme support for an embedder.
virtual bool ShouldServiceRequest(const net::URLRequest* request) const;
};
} // namespace content
#endif // CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_
|
