| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.h" |
| |
| #include <string> |
| |
| #include "base/base64.h" |
| #include "base/logging.h" |
| #include "base/metrics/histogram.h" |
| #include "chrome/browser/browser_process.h" |
| #include "chrome/browser/chrome_notification_types.h" |
| #include "chrome/browser/content_settings/host_content_settings_map.h" |
| #include "chrome/browser/download/download_request_limiter.h" |
| #include "chrome/browser/download/download_resource_throttle.h" |
| #include "chrome/browser/extensions/api/streams_private/streams_private_api.h" |
| #include "chrome/browser/extensions/extension_info_map.h" |
| #include "chrome/browser/extensions/extension_renderer_state.h" |
| #include "chrome/browser/extensions/user_script_listener.h" |
| #include "chrome/browser/external_protocol/external_protocol_handler.h" |
| #include "chrome/browser/google/google_util.h" |
| #include "chrome/browser/metrics/variations/variations_http_header_provider.h" |
| #include "chrome/browser/net/resource_prefetch_predictor_observer.h" |
| #include "chrome/browser/prerender/prerender_manager.h" |
| #include "chrome/browser/prerender/prerender_resource_throttle.h" |
| #include "chrome/browser/prerender/prerender_tracker.h" |
| #include "chrome/browser/prerender/prerender_util.h" |
| #include "chrome/browser/profiles/profile.h" |
| #include "chrome/browser/profiles/profile_io_data.h" |
| #include "chrome/browser/renderer_host/chrome_url_request_user_data.h" |
| #include "chrome/browser/renderer_host/safe_browsing_resource_throttle_factory.h" |
| #include "chrome/browser/safe_browsing/safe_browsing_service.h" |
| #include "chrome/browser/ui/auto_login_prompter.h" |
| #include "chrome/browser/ui/login/login_prompt.h" |
| #include "chrome/browser/ui/sync/one_click_signin_helper.h" |
| #include "chrome/common/extensions/extension_constants.h" |
| #include "chrome/common/extensions/mime_types_handler.h" |
| #include "chrome/common/render_messages.h" |
| #include "content/public/browser/browser_thread.h" |
| #include "content/public/browser/notification_service.h" |
| #include "content/public/browser/render_process_host.h" |
| #include "content/public/browser/render_view_host.h" |
| #include "content/public/browser/resource_context.h" |
| #include "content/public/browser/resource_dispatcher_host.h" |
| #include "content/public/browser/resource_request_info.h" |
| #include "content/public/browser/stream_handle.h" |
| #include "content/public/common/resource_response.h" |
| #include "extensions/common/constants.h" |
| #include "extensions/common/user_script.h" |
| #include "net/base/load_flags.h" |
| #include "net/base/load_timing_info.h" |
| #include "net/http/http_response_headers.h" |
| #include "net/ssl/ssl_config_service.h" |
| #include "net/url_request/url_request.h" |
| |
| #if defined(ENABLE_MANAGED_USERS) |
| #include "chrome/browser/managed_mode/managed_mode_resource_throttle.h" |
| #endif |
| |
| #if defined(USE_SYSTEM_PROTOBUF) |
| #include <google/protobuf/repeated_field.h> |
| #else |
| #include "third_party/protobuf/src/google/protobuf/repeated_field.h" |
| #endif |
| |
| #if defined(OS_ANDROID) |
| #include "chrome/browser/android/intercept_download_resource_throttle.h" |
| #include "components/navigation_interception/intercept_navigation_delegate.h" |
| #else |
| #include "chrome/browser/apps/app_url_redirector.h" |
| #endif |
| |
| #if defined(OS_CHROMEOS) |
| #include "chrome/browser/chromeos/login/merge_session_throttle.h" |
| // TODO(oshima): Enable this for other platforms. |
| #include "chrome/browser/renderer_host/offline_resource_throttle.h" |
| #endif |
| |
| using content::BrowserThread; |
| using content::RenderViewHost; |
| using content::ResourceDispatcherHostLoginDelegate; |
| using content::ResourceRequestInfo; |
| using extensions::Extension; |
| using extensions::StreamsPrivateAPI; |
| |
| #if defined(OS_ANDROID) |
| using navigation_interception::InterceptNavigationDelegate; |
| #endif |
| |
| namespace { |
| |
| void NotifyDownloadInitiatedOnUI(int render_process_id, int render_view_id) { |
| RenderViewHost* rvh = RenderViewHost::FromID(render_process_id, |
| render_view_id); |
| if (!rvh) |
| return; |
| |
| content::NotificationService::current()->Notify( |
| chrome::NOTIFICATION_DOWNLOAD_INITIATED, |
| content::Source<RenderViewHost>(rvh), |
| content::NotificationService::NoDetails()); |
| } |
| |
| // Goes through the extension's file browser handlers and checks if there is one |
| // that can handle the |mime_type|. |
| // |extension| must not be NULL. |
| bool ExtensionCanHandleMimeType(const Extension* extension, |
| const std::string& mime_type) { |
| MimeTypesHandler* handler = MimeTypesHandler::GetHandler(extension); |
| if (!handler) |
| return false; |
| |
| return handler->CanHandleMIMEType(mime_type); |
| } |
| |
| void SendExecuteMimeTypeHandlerEvent(scoped_ptr<content::StreamHandle> stream, |
| int64 expected_content_size, |
| int render_process_id, |
| int render_view_id, |
| const std::string& extension_id) { |
| DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| |
| content::RenderViewHost* render_view_host = |
| content::RenderViewHost::FromID(render_process_id, render_view_id); |
| if (!render_view_host) |
| return; |
| |
| content::WebContents* web_contents = |
| content::WebContents::FromRenderViewHost(render_view_host); |
| if (!web_contents) |
| return; |
| |
| content::BrowserContext* browser_context = web_contents->GetBrowserContext(); |
| if (!browser_context) |
| return; |
| |
| Profile* profile = Profile::FromBrowserContext(browser_context); |
| if (!profile) |
| return; |
| |
| StreamsPrivateAPI* streams_private = StreamsPrivateAPI::Get(profile); |
| if (!streams_private) |
| return; |
| streams_private->ExecuteMimeTypeHandler( |
| extension_id, web_contents, stream.Pass(), expected_content_size); |
| } |
| |
| enum PrerenderSchemeCancelReason { |
| PRERENDER_SCHEME_CANCEL_REASON_EXTERNAL_PROTOCOL, |
| PRERENDER_SCHEME_CANCEL_REASON_DATA, |
| PRERENDER_SCHEME_CANCEL_REASON_BLOB, |
| PRERENDER_SCHEME_CANCEL_REASON_FILE, |
| PRERENDER_SCHEME_CANCEL_REASON_FILESYSTEM, |
| PRERENDER_SCHEME_CANCEL_REASON_WEBSOCKET, |
| PRERENDER_SCHEME_CANCEL_REASON_FTP, |
| PRERENDER_SCHEME_CANCEL_REASON_CHROME, |
| PRERENDER_SCHEME_CANCEL_REASON_CHROME_EXTENSION, |
| PRERENDER_SCHEME_CANCEL_REASON_ABOUT, |
| PRERENDER_SCHEME_CANCEL_REASON_UNKNOWN, |
| PRERENDER_SCHEME_CANCEL_REASON_MAX, |
| }; |
| |
| void ReportPrerenderSchemeCancelReason(PrerenderSchemeCancelReason reason) { |
| UMA_HISTOGRAM_ENUMERATION( |
| "Prerender.SchemeCancelReason", reason, |
| PRERENDER_SCHEME_CANCEL_REASON_MAX); |
| } |
| |
| void ReportUnsupportedPrerenderScheme(const GURL& url) { |
| if (url.SchemeIs("data")) { |
| ReportPrerenderSchemeCancelReason(PRERENDER_SCHEME_CANCEL_REASON_DATA); |
| } else if (url.SchemeIs("blob")) { |
| ReportPrerenderSchemeCancelReason(PRERENDER_SCHEME_CANCEL_REASON_BLOB); |
| } else if (url.SchemeIsFile()) { |
| ReportPrerenderSchemeCancelReason(PRERENDER_SCHEME_CANCEL_REASON_FILE); |
| } else if (url.SchemeIsFileSystem()) { |
| ReportPrerenderSchemeCancelReason( |
| PRERENDER_SCHEME_CANCEL_REASON_FILESYSTEM); |
| } else if (url.SchemeIs("ws") || url.SchemeIs("wss")) { |
| ReportPrerenderSchemeCancelReason(PRERENDER_SCHEME_CANCEL_REASON_WEBSOCKET); |
| } else if (url.SchemeIs("ftp")) { |
| ReportPrerenderSchemeCancelReason(PRERENDER_SCHEME_CANCEL_REASON_FTP); |
| } else if (url.SchemeIs("chrome")) { |
| ReportPrerenderSchemeCancelReason(PRERENDER_SCHEME_CANCEL_REASON_CHROME); |
| } else if (url.SchemeIs("chrome-extension")) { |
| ReportPrerenderSchemeCancelReason( |
| PRERENDER_SCHEME_CANCEL_REASON_CHROME_EXTENSION); |
| } else if (url.SchemeIs("about")) { |
| ReportPrerenderSchemeCancelReason(PRERENDER_SCHEME_CANCEL_REASON_ABOUT); |
| } else { |
| ReportPrerenderSchemeCancelReason(PRERENDER_SCHEME_CANCEL_REASON_UNKNOWN); |
| } |
| } |
| |
| } // end namespace |
| |
| ChromeResourceDispatcherHostDelegate::ChromeResourceDispatcherHostDelegate( |
| prerender::PrerenderTracker* prerender_tracker) |
| : download_request_limiter_(g_browser_process->download_request_limiter()), |
| safe_browsing_(g_browser_process->safe_browsing_service()), |
| user_script_listener_(new extensions::UserScriptListener()), |
| prerender_tracker_(prerender_tracker) { |
| } |
| |
| ChromeResourceDispatcherHostDelegate::~ChromeResourceDispatcherHostDelegate() { |
| } |
| |
| bool ChromeResourceDispatcherHostDelegate::ShouldBeginRequest( |
| int child_id, |
| int route_id, |
| const std::string& method, |
| const GURL& url, |
| ResourceType::Type resource_type, |
| content::ResourceContext* resource_context) { |
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| |
| // Handle a PREFETCH resource type. If prefetch is disabled, squelch the |
| // request. Otherwise, do a normal request to warm the cache. |
| if (resource_type == ResourceType::PREFETCH) { |
| // All PREFETCH requests should be GETs, but be defensive about it. |
| if (method != "GET") |
| return false; |
| |
| // If prefetch is disabled, kill the request. |
| if (!prerender::PrerenderManager::IsPrefetchEnabled()) |
| return false; |
| } |
| |
| // Abort any prerenders that spawn requests that use invalid HTTP methods |
| // or invalid schemes. |
| if (prerender_tracker_->IsPrerenderingOnIOThread(child_id, route_id)) { |
| if (!prerender::PrerenderManager::IsValidHttpMethod(method) && |
| prerender_tracker_->TryCancelOnIOThread( |
| child_id, route_id, prerender::FINAL_STATUS_INVALID_HTTP_METHOD)) { |
| return false; |
| } |
| if (!prerender::PrerenderManager::DoesSubresourceURLHaveValidScheme(url) && |
| prerender_tracker_->TryCancelOnIOThread( |
| child_id, route_id, prerender::FINAL_STATUS_UNSUPPORTED_SCHEME)) { |
| ReportUnsupportedPrerenderScheme(url); |
| return false; |
| } |
| } |
| |
| return true; |
| } |
| |
| void ChromeResourceDispatcherHostDelegate::RequestBeginning( |
| net::URLRequest* request, |
| content::ResourceContext* resource_context, |
| appcache::AppCacheService* appcache_service, |
| ResourceType::Type resource_type, |
| int child_id, |
| int route_id, |
| ScopedVector<content::ResourceThrottle>* throttles) { |
| ChromeURLRequestUserData* user_data = |
| ChromeURLRequestUserData::Create(request); |
| bool is_prerendering = prerender_tracker_->IsPrerenderingOnIOThread( |
| child_id, route_id); |
| if (is_prerendering) { |
| user_data->set_is_prerender(true); |
| request->SetPriority(net::IDLE); |
| } |
| |
| ProfileIOData* io_data = ProfileIOData::FromResourceContext( |
| resource_context); |
| |
| if (!is_prerendering && resource_type == ResourceType::MAIN_FRAME) { |
| #if defined(OS_ANDROID) |
| throttles->push_back( |
| InterceptNavigationDelegate::CreateThrottleFor(request)); |
| #else |
| // Redirect some navigations to apps that have registered matching URL |
| // handlers ('url_handlers' in the manifest). |
| content::ResourceThrottle* url_to_app_throttle = |
| AppUrlRedirector::MaybeCreateThrottleFor(request, io_data); |
| if (url_to_app_throttle) |
| throttles->push_back(url_to_app_throttle); |
| #endif |
| } |
| |
| #if defined(OS_CHROMEOS) |
| if (resource_type == ResourceType::MAIN_FRAME) { |
| // We check offline first, then check safe browsing so that we still can |
| // block unsafe site after we remove offline page. |
| throttles->push_back(new OfflineResourceThrottle(request, |
| appcache_service)); |
| // Add interstitial page while merge session process (cookie |
| // reconstruction from OAuth2 refresh token in ChromeOS login) is still in |
| // progress while we are attempting to load a google property. |
| if (!MergeSessionThrottle::AreAllSessionMergedAlready() && |
| request->url().SchemeIsHTTPOrHTTPS()) { |
| throttles->push_back(new MergeSessionThrottle(request)); |
| } |
| } |
| #endif |
| |
| // Don't attempt to append headers to requests that have already started. |
| // TODO(stevet): Remove this once the request ordering issues are resolved |
| // in crbug.com/128048. |
| if (!request->is_pending()) { |
| net::HttpRequestHeaders headers; |
| headers.CopyFrom(request->extra_request_headers()); |
| bool incognito = io_data->is_incognito(); |
| chrome_variations::VariationsHttpHeaderProvider::GetInstance()-> |
| AppendHeaders(request->url(), |
| incognito, |
| !incognito && io_data->GetMetricsEnabledStateOnIOThread(), |
| &headers); |
| request->SetExtraRequestHeaders(headers); |
| } |
| |
| #if defined(ENABLE_ONE_CLICK_SIGNIN) |
| AppendChromeSyncGaiaHeader(request, resource_context); |
| #endif |
| |
| AppendStandardResourceThrottles(request, |
| resource_context, |
| resource_type, |
| throttles); |
| |
| if (io_data->resource_prefetch_predictor_observer()) { |
| io_data->resource_prefetch_predictor_observer()->OnRequestStarted( |
| request, resource_type, child_id, route_id); |
| } |
| } |
| |
| void ChromeResourceDispatcherHostDelegate::WillTransferRequestToNewProcess( |
| int old_child_id, |
| int old_route_id, |
| int old_request_id, |
| int new_child_id, |
| int new_route_id, |
| int new_request_id) { |
| // If a prerender, it have should been aborted on cross-process |
| // navigation in PrerenderContents::WebContentsImpl::OpenURLFromTab. |
| DCHECK(!prerender_tracker_->IsPrerenderingOnIOThread(old_child_id, |
| old_route_id)); |
| } |
| |
| void ChromeResourceDispatcherHostDelegate::DownloadStarting( |
| net::URLRequest* request, |
| content::ResourceContext* resource_context, |
| int child_id, |
| int route_id, |
| int request_id, |
| bool is_content_initiated, |
| bool must_download, |
| ScopedVector<content::ResourceThrottle>* throttles) { |
| BrowserThread::PostTask( |
| BrowserThread::UI, FROM_HERE, |
| base::Bind(&NotifyDownloadInitiatedOnUI, child_id, route_id)); |
| |
| // If it's from the web, we don't trust it, so we push the throttle on. |
| if (is_content_initiated) { |
| throttles->push_back( |
| new DownloadResourceThrottle(download_request_limiter_.get(), |
| child_id, |
| route_id, |
| request_id, |
| request->method())); |
| #if defined(OS_ANDROID) |
| throttles->push_back( |
| new chrome::InterceptDownloadResourceThrottle( |
| request, child_id, route_id, request_id)); |
| #endif |
| } |
| |
| // If this isn't a new request, we've seen this before and added the standard |
| // resource throttles already so no need to add it again. |
| if (!request->is_pending()) { |
| AppendStandardResourceThrottles(request, |
| resource_context, |
| ResourceType::MAIN_FRAME, |
| throttles); |
| } |
| } |
| |
| bool ChromeResourceDispatcherHostDelegate::AcceptSSLClientCertificateRequest( |
| net::URLRequest* request, net::SSLCertRequestInfo* cert_request_info) { |
| if (request->load_flags() & net::LOAD_PREFETCH) |
| return false; |
| |
| ChromeURLRequestUserData* user_data = ChromeURLRequestUserData::Get(request); |
| if (user_data && user_data->is_prerender()) { |
| int child_id, route_id; |
| if (ResourceRequestInfo::ForRequest(request)->GetAssociatedRenderView( |
| &child_id, &route_id)) { |
| if (prerender_tracker_->TryCancel( |
| child_id, route_id, |
| prerender::FINAL_STATUS_SSL_CLIENT_CERTIFICATE_REQUESTED)) { |
| return false; |
| } |
| } |
| } |
| |
| return true; |
| } |
| |
| bool ChromeResourceDispatcherHostDelegate::AcceptAuthRequest( |
| net::URLRequest* request, |
| net::AuthChallengeInfo* auth_info) { |
| ChromeURLRequestUserData* user_data = ChromeURLRequestUserData::Get(request); |
| if (!user_data || !user_data->is_prerender()) |
| return true; |
| |
| int child_id, route_id; |
| if (!ResourceRequestInfo::ForRequest(request)->GetAssociatedRenderView( |
| &child_id, &route_id)) { |
| NOTREACHED(); |
| return true; |
| } |
| |
| if (!prerender_tracker_->TryCancelOnIOThread( |
| child_id, route_id, prerender::FINAL_STATUS_AUTH_NEEDED)) { |
| return true; |
| } |
| |
| return false; |
| } |
| |
| ResourceDispatcherHostLoginDelegate* |
| ChromeResourceDispatcherHostDelegate::CreateLoginDelegate( |
| net::AuthChallengeInfo* auth_info, net::URLRequest* request) { |
| return CreateLoginPrompt(auth_info, request); |
| } |
| |
| bool ChromeResourceDispatcherHostDelegate::HandleExternalProtocol( |
| const GURL& url, int child_id, int route_id) { |
| #if defined(OS_ANDROID) |
| // Android use a resource throttle to handle external as well as internal |
| // protocols. |
| return false; |
| #else |
| |
| if (prerender_tracker_->IsPrerenderingOnIOThread(child_id, route_id) && |
| prerender_tracker_->TryCancel( |
| child_id, route_id, prerender::FINAL_STATUS_UNSUPPORTED_SCHEME)) { |
| ReportPrerenderSchemeCancelReason( |
| PRERENDER_SCHEME_CANCEL_REASON_EXTERNAL_PROTOCOL); |
| return false; |
| } |
| |
| ExtensionRendererState::WebViewInfo info; |
| if (ExtensionRendererState::GetInstance()->GetWebViewInfo(child_id, |
| route_id, |
| &info)) { |
| return false; |
| } |
| |
| BrowserThread::PostTask( |
| BrowserThread::UI, FROM_HERE, |
| base::Bind(&ExternalProtocolHandler::LaunchUrl, url, child_id, route_id)); |
| return true; |
| #endif |
| } |
| |
| void ChromeResourceDispatcherHostDelegate::AppendStandardResourceThrottles( |
| net::URLRequest* request, |
| content::ResourceContext* resource_context, |
| ResourceType::Type resource_type, |
| ScopedVector<content::ResourceThrottle>* throttles) { |
| ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); |
| #if defined(FULL_SAFE_BROWSING) || defined(MOBILE_SAFE_BROWSING) |
| // Insert safe browsing at the front of the list, so it gets to decide on |
| // policies first. |
| if (io_data->safe_browsing_enabled()->GetValue()) { |
| bool is_subresource_request = resource_type != ResourceType::MAIN_FRAME; |
| content::ResourceThrottle* throttle = |
| SafeBrowsingResourceThrottleFactory::Create(request, |
| is_subresource_request, |
| safe_browsing_.get()); |
| if (throttle) |
| throttles->push_back(throttle); |
| } |
| #endif |
| |
| #if defined(ENABLE_MANAGED_USERS) |
| bool is_subresource_request = resource_type != ResourceType::MAIN_FRAME; |
| throttles->push_back(new ManagedModeResourceThrottle( |
| request, !is_subresource_request, |
| io_data->managed_mode_url_filter())); |
| #endif |
| |
| content::ResourceThrottle* throttle = |
| user_script_listener_->CreateResourceThrottle(request->url(), |
| resource_type); |
| if (throttle) |
| throttles->push_back(throttle); |
| |
| const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); |
| if (prerender_tracker_->IsPrerenderingOnIOThread(info->GetChildID(), |
| info->GetRouteID())) { |
| throttles->push_back(new prerender::PrerenderResourceThrottle( |
| request, prerender_tracker_)); |
| } |
| } |
| |
| #if defined(ENABLE_ONE_CLICK_SIGNIN) |
| void ChromeResourceDispatcherHostDelegate::AppendChromeSyncGaiaHeader( |
| net::URLRequest* request, |
| content::ResourceContext* resource_context) { |
| static const char kAllowChromeSignIn[] = "Allow-Chrome-SignIn"; |
| |
| ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); |
| OneClickSigninHelper::Offer offer = |
| OneClickSigninHelper::CanOfferOnIOThread(request, io_data); |
| switch (offer) { |
| case OneClickSigninHelper::CAN_OFFER: |
| request->SetExtraRequestHeaderByName(kAllowChromeSignIn, "1", false); |
| break; |
| case OneClickSigninHelper::DONT_OFFER: |
| request->RemoveRequestHeaderByName(kAllowChromeSignIn); |
| break; |
| case OneClickSigninHelper::IGNORE_REQUEST: |
| break; |
| } |
| } |
| #endif |
| |
| bool ChromeResourceDispatcherHostDelegate::ShouldForceDownloadResource( |
| const GURL& url, const std::string& mime_type) { |
| // Special-case user scripts to get downloaded instead of viewed. |
| return extensions::UserScript::IsURLUserScript(url, mime_type); |
| } |
| |
| bool ChromeResourceDispatcherHostDelegate::ShouldInterceptResourceAsStream( |
| content::ResourceContext* resource_context, |
| const GURL& url, |
| const std::string& mime_type, |
| GURL* origin, |
| std::string* target_id) { |
| #if !defined(OS_ANDROID) |
| ProfileIOData* io_data = |
| ProfileIOData::FromResourceContext(resource_context); |
| bool profile_is_incognito = io_data->is_incognito(); |
| const scoped_refptr<const ExtensionInfoMap> extension_info_map( |
| io_data->GetExtensionInfoMap()); |
| std::vector<std::string> whitelist = MimeTypesHandler::GetMIMETypeWhitelist(); |
| // Go through the white-listed extensions and try to use them to intercept |
| // the URL request. |
| for (size_t i = 0; i < whitelist.size(); ++i) { |
| const char* extension_id = whitelist[i].c_str(); |
| const Extension* extension = |
| extension_info_map->extensions().GetByID(extension_id); |
| // The white-listed extension may not be installed, so we have to NULL check |
| // |extension|. |
| if (!extension || |
| (profile_is_incognito && |
| !extension_info_map->IsIncognitoEnabled(extension_id))) { |
| continue; |
| } |
| |
| if (ExtensionCanHandleMimeType(extension, mime_type)) { |
| *origin = Extension::GetBaseURLFromExtensionId(extension_id); |
| *target_id = extension_id; |
| return true; |
| } |
| } |
| #endif |
| return false; |
| } |
| |
| void ChromeResourceDispatcherHostDelegate::OnStreamCreated( |
| content::ResourceContext* resource_context, |
| int render_process_id, |
| int render_view_id, |
| const std::string& target_id, |
| scoped_ptr<content::StreamHandle> stream, |
| int64 expected_content_size) { |
| #if !defined(OS_ANDROID) |
| content::BrowserThread::PostTask( |
| content::BrowserThread::UI, FROM_HERE, |
| base::Bind(&SendExecuteMimeTypeHandlerEvent, base::Passed(&stream), |
| expected_content_size, render_process_id, render_view_id, |
| target_id)); |
| #endif |
| } |
| |
| void ChromeResourceDispatcherHostDelegate::OnResponseStarted( |
| net::URLRequest* request, |
| content::ResourceContext* resource_context, |
| content::ResourceResponse* response, |
| IPC::Sender* sender) { |
| const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); |
| |
| if (request->url().SchemeIsSecure()) { |
| const net::URLRequestContext* context = request->context(); |
| net::TransportSecurityState* state = context->transport_security_state(); |
| if (state) { |
| net::TransportSecurityState::DomainState domain_state; |
| bool has_sni = net::SSLConfigService::IsSNIAvailable( |
| context->ssl_config_service()); |
| if (state->GetDomainState(request->url().host(), has_sni, |
| &domain_state) && |
| domain_state.ShouldUpgradeToSSL()) { |
| sender->Send(new ChromeViewMsg_AddStrictSecurityHost( |
| info->GetRouteID(), request->url().host())); |
| } |
| } |
| } |
| |
| // See if the response contains the X-Auto-Login header. If so, this was |
| // a request for a login page, and the server is allowing the browser to |
| // suggest auto-login, if available. |
| AutoLoginPrompter::ShowInfoBarIfPossible(request, info->GetChildID(), |
| info->GetRouteID()); |
| |
| ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); |
| |
| #if defined(ENABLE_ONE_CLICK_SIGNIN) |
| // See if the response contains the Google-Accounts-SignIn header. If so, |
| // then the user has just finished signing in, and the server is allowing the |
| // browser to suggest connecting the user's profile to the account. |
| OneClickSigninHelper::ShowInfoBarIfPossible(request, io_data, |
| info->GetChildID(), |
| info->GetRouteID()); |
| #endif |
| |
| // Build in additional protection for the chrome web store origin. |
| GURL webstore_url(extension_urls::GetWebstoreLaunchURL()); |
| if (request->url().DomainIs(webstore_url.host().c_str())) { |
| net::HttpResponseHeaders* response_headers = request->response_headers(); |
| if (!response_headers->HasHeaderValue("x-frame-options", "deny") && |
| !response_headers->HasHeaderValue("x-frame-options", "sameorigin")) { |
| response_headers->RemoveHeader("x-frame-options"); |
| response_headers->AddHeader("x-frame-options: sameorigin"); |
| } |
| } |
| |
| if (io_data->resource_prefetch_predictor_observer()) |
| io_data->resource_prefetch_predictor_observer()->OnResponseStarted(request); |
| |
| prerender::URLRequestResponseStarted(request); |
| } |
| |
| void ChromeResourceDispatcherHostDelegate::OnRequestRedirected( |
| const GURL& redirect_url, |
| net::URLRequest* request, |
| content::ResourceContext* resource_context, |
| content::ResourceResponse* response) { |
| ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); |
| |
| #if defined(ENABLE_ONE_CLICK_SIGNIN) |
| const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request); |
| |
| // See if the response contains the Google-Accounts-SignIn header. If so, |
| // then the user has just finished signing in, and the server is allowing the |
| // browser to suggest connecting the user's profile to the account. |
| OneClickSigninHelper::ShowInfoBarIfPossible(request, io_data, |
| info->GetChildID(), |
| info->GetRouteID()); |
| AppendChromeSyncGaiaHeader(request, resource_context); |
| #endif |
| |
| if (io_data->resource_prefetch_predictor_observer()) { |
| io_data->resource_prefetch_predictor_observer()->OnRequestRedirected( |
| redirect_url, request); |
| } |
| |
| int child_id, route_id; |
| if (!prerender::PrerenderManager::DoesURLHaveValidScheme(redirect_url) && |
| ResourceRequestInfo::ForRequest(request)->GetAssociatedRenderView( |
| &child_id, &route_id) && |
| prerender_tracker_->IsPrerenderingOnIOThread(child_id, route_id) && |
| prerender_tracker_->TryCancel( |
| child_id, route_id, prerender::FINAL_STATUS_UNSUPPORTED_SCHEME)) { |
| ReportUnsupportedPrerenderScheme(redirect_url); |
| request->Cancel(); |
| } |
| } |