1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // See http://dev.chromium.org/developers/design-documents/multi-process-resource-loading
6
7 #include "content/browser/loader/resource_dispatcher_host_impl.h"
8
9 #include <set>
10 #include <vector>
11
12 #include "base/bind.h"
13 #include "base/bind_helpers.h"
14 #include "base/command_line.h"
15 #include "base/compiler_specific.h"
16 #include "base/debug/alias.h"
17 #include "base/logging.h"
18 #include "base/memory/scoped_ptr.h"
19 #include "base/memory/shared_memory.h"
20 #include "base/message_loop/message_loop.h"
21 #include "base/metrics/histogram.h"
22 #include "base/metrics/sparse_histogram.h"
23 #include "base/stl_util.h"
24 #include "base/third_party/dynamic_annotations/dynamic_annotations.h"
25 #include "content/browser/appcache/chrome_appcache_service.h"
26 #include "content/browser/cert_store_impl.h"
27 #include "content/browser/child_process_security_policy_impl.h"
28 #include "content/browser/cross_site_request_manager.h"
29 #include "content/browser/download/download_resource_handler.h"
30 #include "content/browser/download/save_file_manager.h"
31 #include "content/browser/download/save_file_resource_handler.h"
32 #include "content/browser/fileapi/chrome_blob_storage_context.h"
33 #include "content/browser/loader/async_resource_handler.h"
34 #include "content/browser/loader/buffered_resource_handler.h"
35 #include "content/browser/loader/cross_site_resource_handler.h"
36 #include "content/browser/loader/detachable_resource_handler.h"
37 #include "content/browser/loader/power_save_block_resource_throttle.h"
38 #include "content/browser/loader/redirect_to_file_resource_handler.h"
39 #include "content/browser/loader/resource_message_filter.h"
40 #include "content/browser/loader/resource_request_info_impl.h"
41 #include "content/browser/loader/stream_resource_handler.h"
42 #include "content/browser/loader/sync_resource_handler.h"
43 #include "content/browser/loader/throttling_resource_handler.h"
44 #include "content/browser/loader/upload_data_stream_builder.h"
45 #include "content/browser/plugin_service_impl.h"
46 #include "content/browser/renderer_host/render_view_host_delegate.h"
47 #include "content/browser/renderer_host/render_view_host_impl.h"
48 #include "content/browser/resource_context_impl.h"
49 #include "content/browser/streams/stream.h"
50 #include "content/browser/streams/stream_context.h"
51 #include "content/browser/streams/stream_registry.h"
52 #include "content/browser/worker_host/worker_service_impl.h"
53 #include "content/common/resource_messages.h"
54 #include "content/common/ssl_status_serialization.h"
55 #include "content/common/view_messages.h"
56 #include "content/public/browser/browser_thread.h"
57 #include "content/public/browser/content_browser_client.h"
58 #include "content/public/browser/download_manager.h"
59 #include "content/public/browser/download_url_parameters.h"
60 #include "content/public/browser/global_request_id.h"
61 #include "content/public/browser/resource_dispatcher_host_delegate.h"
62 #include "content/public/browser/resource_request_details.h"
63 #include "content/public/browser/resource_throttle.h"
64 #include "content/public/browser/stream_handle.h"
65 #include "content/public/browser/user_metrics.h"
66 #include "content/public/common/content_switches.h"
67 #include "content/public/common/process_type.h"
68 #include "content/public/common/url_constants.h"
69 #include "ipc/ipc_message_macros.h"
70 #include "ipc/ipc_message_start.h"
71 #include "net/base/auth.h"
72 #include "net/base/load_flags.h"
73 #include "net/base/mime_util.h"
74 #include "net/base/net_errors.h"
75 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
76 #include "net/base/request_priority.h"
77 #include "net/base/upload_data_stream.h"
78 #include "net/cert/cert_status_flags.h"
79 #include "net/cookies/cookie_monster.h"
80 #include "net/http/http_response_headers.h"
81 #include "net/http/http_response_info.h"
82 #include "net/ssl/ssl_cert_request_info.h"
83 #include "net/url_request/url_request.h"
84 #include "net/url_request/url_request_context.h"
85 #include "net/url_request/url_request_job_factory.h"
86 #include "webkit/browser/appcache/appcache_interceptor.h"
87 #include "webkit/common/blob/blob_data.h"
88 #include "webkit/browser/blob/blob_data_handle.h"
89 #include "webkit/browser/blob/blob_storage_context.h"
90 #include "webkit/browser/blob/blob_url_request_job_factory.h"
91 #include "webkit/browser/fileapi/file_permission_policy.h"
92 #include "webkit/browser/fileapi/file_system_context.h"
93 #include "webkit/common/appcache/appcache_interfaces.h"
94 #include "webkit/common/blob/shareable_file_reference.h"
95 #include "webkit/common/resource_request_body.h"
96
97 using base::Time;
98 using base::TimeDelta;
99 using base::TimeTicks;
100 using webkit_blob::ShareableFileReference;
101 using webkit_glue::ResourceRequestBody;
102
103 // ----------------------------------------------------------------------------
104
105 namespace content {
106
107 namespace {
108
109 static ResourceDispatcherHostImpl* g_resource_dispatcher_host;
110
111 // The interval for calls to ResourceDispatcherHostImpl::UpdateLoadStates
112 const int kUpdateLoadStatesIntervalMsec = 100;
113
114 // Maximum byte "cost" of all the outstanding requests for a renderer.
115 // See delcaration of |max_outstanding_requests_cost_per_process_| for details.
116 // This bound is 25MB, which allows for around 6000 outstanding requests.
117 const int kMaxOutstandingRequestsCostPerProcess = 26214400;
118
119 // The number of milliseconds after noting a user gesture that we will
120 // tag newly-created URLRequest objects with the
121 // net::LOAD_MAYBE_USER_GESTURE load flag. This is a fairly arbitrary
122 // guess at how long to expect direct impact from a user gesture, but
123 // this should be OK as the load flag is a best-effort thing only,
124 // rather than being intended as fully accurate.
125 const int kUserGestureWindowMs = 3500;
126
127 // Ratio of |max_num_in_flight_requests_| that any one renderer is allowed to
128 // use. Arbitrarily chosen.
129 const double kMaxRequestsPerProcessRatio = 0.45;
130
131 // TODO(jkarlin): The value is high to reduce the chance of the detachable
132 // request timing out, forcing a blocked second request to open a new connection
133 // and start over. Reduce this value once we have a better idea of what it
134 // should be and once we stop blocking multiple simultaneous requests for the
135 // same resource (see bugs 46104 and 31014).
136 const int kDefaultDetachableCancelDelayMs = 30000;
137
IsDetachableResourceType(ResourceType::Type type)138 bool IsDetachableResourceType(ResourceType::Type type) {
139 switch (type) {
140 case ResourceType::PREFETCH:
141 case ResourceType::PING:
142 return true;
143 default:
144 return false;
145 }
146 }
147
148 // Aborts a request before an URLRequest has actually been created.
AbortRequestBeforeItStarts(ResourceMessageFilter * filter,IPC::Message * sync_result,int request_id)149 void AbortRequestBeforeItStarts(ResourceMessageFilter* filter,
150 IPC::Message* sync_result,
151 int request_id) {
152 if (sync_result) {
153 SyncLoadResult result;
154 result.error_code = net::ERR_ABORTED;
155 ResourceHostMsg_SyncLoad::WriteReplyParams(sync_result, result);
156 filter->Send(sync_result);
157 } else {
158 // Tell the renderer that this request was disallowed.
159 filter->Send(new ResourceMsg_RequestComplete(
160 request_id,
161 net::ERR_ABORTED,
162 false,
163 std::string(), // No security info needed, connection not established.
164 base::TimeTicks()));
165 }
166 }
167
SetReferrerForRequest(net::URLRequest * request,const Referrer & referrer)168 void SetReferrerForRequest(net::URLRequest* request, const Referrer& referrer) {
169 if (!referrer.url.is_valid() ||
170 CommandLine::ForCurrentProcess()->HasSwitch(switches::kNoReferrers)) {
171 request->SetReferrer(std::string());
172 } else {
173 request->SetReferrer(referrer.url.spec());
174 }
175
176 net::URLRequest::ReferrerPolicy net_referrer_policy =
177 net::URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE;
178 switch (referrer.policy) {
179 case blink::WebReferrerPolicyDefault:
180 net_referrer_policy =
181 net::URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE;
182 break;
183 case blink::WebReferrerPolicyAlways:
184 case blink::WebReferrerPolicyNever:
185 case blink::WebReferrerPolicyOrigin:
186 net_referrer_policy = net::URLRequest::NEVER_CLEAR_REFERRER;
187 break;
188 }
189 request->set_referrer_policy(net_referrer_policy);
190 }
191
192 // Consults the RendererSecurity policy to determine whether the
193 // ResourceDispatcherHostImpl should service this request. A request might be
194 // disallowed if the renderer is not authorized to retrieve the request URL or
195 // if the renderer is attempting to upload an unauthorized file.
ShouldServiceRequest(int process_type,int child_id,const ResourceHostMsg_Request & request_data,fileapi::FileSystemContext * file_system_context)196 bool ShouldServiceRequest(int process_type,
197 int child_id,
198 const ResourceHostMsg_Request& request_data,
199 fileapi::FileSystemContext* file_system_context) {
200 if (process_type == PROCESS_TYPE_PLUGIN)
201 return true;
202
203 ChildProcessSecurityPolicyImpl* policy =
204 ChildProcessSecurityPolicyImpl::GetInstance();
205
206 // Check if the renderer is permitted to request the requested URL.
207 if (!policy->CanRequestURL(child_id, request_data.url)) {
208 VLOG(1) << "Denied unauthorized request for "
209 << request_data.url.possibly_invalid_spec();
210 return false;
211 }
212
213 // Check if the renderer is permitted to upload the requested files.
214 if (request_data.request_body.get()) {
215 const std::vector<ResourceRequestBody::Element>* uploads =
216 request_data.request_body->elements();
217 std::vector<ResourceRequestBody::Element>::const_iterator iter;
218 for (iter = uploads->begin(); iter != uploads->end(); ++iter) {
219 if (iter->type() == ResourceRequestBody::Element::TYPE_FILE &&
220 !policy->CanReadFile(child_id, iter->path())) {
221 NOTREACHED() << "Denied unauthorized upload of "
222 << iter->path().value();
223 return false;
224 }
225 if (iter->type() == ResourceRequestBody::Element::TYPE_FILE_FILESYSTEM) {
226 fileapi::FileSystemURL url =
227 file_system_context->CrackURL(iter->filesystem_url());
228 if (!policy->CanReadFileSystemFile(child_id, url)) {
229 NOTREACHED() << "Denied unauthorized upload of "
230 << iter->filesystem_url().spec();
231 return false;
232 }
233 }
234 }
235 }
236
237 return true;
238 }
239
RemoveDownloadFileFromChildSecurityPolicy(int child_id,const base::FilePath & path)240 void RemoveDownloadFileFromChildSecurityPolicy(int child_id,
241 const base::FilePath& path) {
242 ChildProcessSecurityPolicyImpl::GetInstance()->RevokeAllPermissionsForFile(
243 child_id, path);
244 }
245
246 #if defined(OS_WIN)
247 #pragma warning(disable: 4748)
248 #pragma optimize("", off)
249 #endif
250
251 #if defined(OS_WIN)
252 #pragma optimize("", on)
253 #pragma warning(default: 4748)
254 #endif
255
CallbackAndReturn(const DownloadUrlParameters::OnStartedCallback & started_cb,net::Error net_error)256 net::Error CallbackAndReturn(
257 const DownloadUrlParameters::OnStartedCallback& started_cb,
258 net::Error net_error) {
259 if (started_cb.is_null())
260 return net_error;
261 BrowserThread::PostTask(
262 BrowserThread::UI, FROM_HERE,
263 base::Bind(started_cb, static_cast<DownloadItem*>(NULL), net_error));
264
265 return net_error;
266 }
267
GetCertID(net::URLRequest * request,int child_id)268 int GetCertID(net::URLRequest* request, int child_id) {
269 if (request->ssl_info().cert.get()) {
270 return CertStore::GetInstance()->StoreCert(request->ssl_info().cert.get(),
271 child_id);
272 }
273 return 0;
274 }
275
NotifyRedirectOnUI(int render_process_id,int render_view_id,scoped_ptr<ResourceRedirectDetails> details)276 void NotifyRedirectOnUI(int render_process_id,
277 int render_view_id,
278 scoped_ptr<ResourceRedirectDetails> details) {
279 RenderViewHostImpl* host =
280 RenderViewHostImpl::FromID(render_process_id, render_view_id);
281 if (!host)
282 return;
283
284 RenderViewHostDelegate* delegate = host->GetDelegate();
285 delegate->DidGetRedirectForResourceRequest(*details.get());
286 }
287
NotifyResponseOnUI(int render_process_id,int render_view_id,scoped_ptr<ResourceRequestDetails> details)288 void NotifyResponseOnUI(int render_process_id,
289 int render_view_id,
290 scoped_ptr<ResourceRequestDetails> details) {
291 RenderViewHostImpl* host =
292 RenderViewHostImpl::FromID(render_process_id, render_view_id);
293 if (!host)
294 return;
295
296 RenderViewHostDelegate* delegate = host->GetDelegate();
297 delegate->DidGetResourceResponseStart(*details.get());
298 }
299
300 } // namespace
301
302 // static
Get()303 ResourceDispatcherHost* ResourceDispatcherHost::Get() {
304 return g_resource_dispatcher_host;
305 }
306
ResourceDispatcherHostImpl()307 ResourceDispatcherHostImpl::ResourceDispatcherHostImpl()
308 : save_file_manager_(new SaveFileManager()),
309 request_id_(-1),
310 is_shutdown_(false),
311 num_in_flight_requests_(0),
312 max_num_in_flight_requests_(base::SharedMemory::GetHandleLimit()),
313 max_num_in_flight_requests_per_process_(
314 static_cast<int>(
315 max_num_in_flight_requests_ * kMaxRequestsPerProcessRatio)),
316 max_outstanding_requests_cost_per_process_(
317 kMaxOutstandingRequestsCostPerProcess),
318 filter_(NULL),
319 delegate_(NULL),
320 allow_cross_origin_auth_prompt_(false) {
321 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
322 DCHECK(!g_resource_dispatcher_host);
323 g_resource_dispatcher_host = this;
324
325 GetContentClient()->browser()->ResourceDispatcherHostCreated();
326
327 ANNOTATE_BENIGN_RACE(
328 &last_user_gesture_time_,
329 "We don't care about the precise value, see http://crbug.com/92889");
330
331 BrowserThread::PostTask(BrowserThread::IO,
332 FROM_HERE,
333 base::Bind(&ResourceDispatcherHostImpl::OnInit,
334 base::Unretained(this)));
335
336 update_load_states_timer_.reset(
337 new base::RepeatingTimer<ResourceDispatcherHostImpl>());
338 }
339
~ResourceDispatcherHostImpl()340 ResourceDispatcherHostImpl::~ResourceDispatcherHostImpl() {
341 DCHECK(outstanding_requests_stats_map_.empty());
342 DCHECK(g_resource_dispatcher_host);
343 g_resource_dispatcher_host = NULL;
344 }
345
346 // static
Get()347 ResourceDispatcherHostImpl* ResourceDispatcherHostImpl::Get() {
348 return g_resource_dispatcher_host;
349 }
350
SetDelegate(ResourceDispatcherHostDelegate * delegate)351 void ResourceDispatcherHostImpl::SetDelegate(
352 ResourceDispatcherHostDelegate* delegate) {
353 delegate_ = delegate;
354 }
355
SetAllowCrossOriginAuthPrompt(bool value)356 void ResourceDispatcherHostImpl::SetAllowCrossOriginAuthPrompt(bool value) {
357 allow_cross_origin_auth_prompt_ = value;
358 }
359
AddResourceContext(ResourceContext * context)360 void ResourceDispatcherHostImpl::AddResourceContext(ResourceContext* context) {
361 active_resource_contexts_.insert(context);
362 }
363
RemoveResourceContext(ResourceContext * context)364 void ResourceDispatcherHostImpl::RemoveResourceContext(
365 ResourceContext* context) {
366 CHECK(ContainsKey(active_resource_contexts_, context));
367 active_resource_contexts_.erase(context);
368 }
369
CancelRequestsForContext(ResourceContext * context)370 void ResourceDispatcherHostImpl::CancelRequestsForContext(
371 ResourceContext* context) {
372 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
373 DCHECK(context);
374
375 CHECK(ContainsKey(active_resource_contexts_, context));
376
377 // Note that request cancellation has side effects. Therefore, we gather all
378 // the requests to cancel first, and then we start cancelling. We assert at
379 // the end that there are no more to cancel since the context is about to go
380 // away.
381 typedef std::vector<linked_ptr<ResourceLoader> > LoaderList;
382 LoaderList loaders_to_cancel;
383
384 for (LoaderMap::iterator i = pending_loaders_.begin();
385 i != pending_loaders_.end();) {
386 if (i->second->GetRequestInfo()->GetContext() == context) {
387 loaders_to_cancel.push_back(i->second);
388 IncrementOutstandingRequestsMemory(-1, *i->second->GetRequestInfo());
389 pending_loaders_.erase(i++);
390 } else {
391 ++i;
392 }
393 }
394
395 for (BlockedLoadersMap::iterator i = blocked_loaders_map_.begin();
396 i != blocked_loaders_map_.end();) {
397 BlockedLoadersList* loaders = i->second;
398 if (loaders->empty()) {
399 // This can happen if BlockRequestsForRoute() has been called for a route,
400 // but we haven't blocked any matching requests yet.
401 ++i;
402 continue;
403 }
404 ResourceRequestInfoImpl* info = loaders->front()->GetRequestInfo();
405 if (info->GetContext() == context) {
406 blocked_loaders_map_.erase(i++);
407 for (BlockedLoadersList::const_iterator it = loaders->begin();
408 it != loaders->end(); ++it) {
409 linked_ptr<ResourceLoader> loader = *it;
410 info = loader->GetRequestInfo();
411 // We make the assumption that all requests on the list have the same
412 // ResourceContext.
413 DCHECK_EQ(context, info->GetContext());
414 IncrementOutstandingRequestsMemory(-1, *info);
415 loaders_to_cancel.push_back(loader);
416 }
417 delete loaders;
418 } else {
419 ++i;
420 }
421 }
422
423 #ifndef NDEBUG
424 for (LoaderList::iterator i = loaders_to_cancel.begin();
425 i != loaders_to_cancel.end(); ++i) {
426 // There is no strict requirement that this be the case, but currently
427 // downloads, streams, detachable requests, and transferred requests are the
428 // only requests that aren't cancelled when the associated processes go
429 // away. It may be OK for this invariant to change in the future, but if
430 // this assertion fires without the invariant changing, then it's indicative
431 // of a leak.
432 DCHECK((*i)->GetRequestInfo()->IsDownload() ||
433 (*i)->GetRequestInfo()->is_stream() ||
434 ((*i)->GetRequestInfo()->detachable_handler() &&
435 (*i)->GetRequestInfo()->detachable_handler()->is_detached()) ||
436 (*i)->is_transferring());
437 }
438 #endif
439
440 loaders_to_cancel.clear();
441
442 // Validate that no more requests for this context were added.
443 for (LoaderMap::const_iterator i = pending_loaders_.begin();
444 i != pending_loaders_.end(); ++i) {
445 // http://crbug.com/90971
446 CHECK_NE(i->second->GetRequestInfo()->GetContext(), context);
447 }
448
449 for (BlockedLoadersMap::const_iterator i = blocked_loaders_map_.begin();
450 i != blocked_loaders_map_.end(); ++i) {
451 BlockedLoadersList* loaders = i->second;
452 if (!loaders->empty()) {
453 ResourceRequestInfoImpl* info = loaders->front()->GetRequestInfo();
454 // http://crbug.com/90971
455 CHECK_NE(info->GetContext(), context);
456 }
457 }
458 }
459
BeginDownload(scoped_ptr<net::URLRequest> request,const Referrer & referrer,bool is_content_initiated,ResourceContext * context,int child_id,int route_id,bool prefer_cache,scoped_ptr<DownloadSaveInfo> save_info,uint32 download_id,const DownloadStartedCallback & started_callback)460 net::Error ResourceDispatcherHostImpl::BeginDownload(
461 scoped_ptr<net::URLRequest> request,
462 const Referrer& referrer,
463 bool is_content_initiated,
464 ResourceContext* context,
465 int child_id,
466 int route_id,
467 bool prefer_cache,
468 scoped_ptr<DownloadSaveInfo> save_info,
469 uint32 download_id,
470 const DownloadStartedCallback& started_callback) {
471 if (is_shutdown_)
472 return CallbackAndReturn(started_callback, net::ERR_INSUFFICIENT_RESOURCES);
473
474 const GURL& url = request->original_url();
475
476 // http://crbug.com/90971
477 char url_buf[128];
478 base::strlcpy(url_buf, url.spec().c_str(), arraysize(url_buf));
479 base::debug::Alias(url_buf);
480 CHECK(ContainsKey(active_resource_contexts_, context));
481
482 SetReferrerForRequest(request.get(), referrer);
483
484 int extra_load_flags = net::LOAD_IS_DOWNLOAD;
485 if (prefer_cache) {
486 // If there is upload data attached, only retrieve from cache because there
487 // is no current mechanism to prompt the user for their consent for a
488 // re-post. For GETs, try to retrieve data from the cache and skip
489 // validating the entry if present.
490 if (request->get_upload() != NULL)
491 extra_load_flags |= net::LOAD_ONLY_FROM_CACHE;
492 else
493 extra_load_flags |= net::LOAD_PREFERRING_CACHE;
494 } else {
495 extra_load_flags |= net::LOAD_DISABLE_CACHE;
496 }
497 request->SetLoadFlags(request->load_flags() | extra_load_flags);
498
499 // No need to get offline load flags for downloads, but make sure
500 // we have an OfflinePolicy to receive request completions.
501 GlobalRoutingID id(child_id, route_id);
502 if (!offline_policy_map_[id])
503 offline_policy_map_[id] = new OfflinePolicy();
504
505 // Check if the renderer is permitted to request the requested URL.
506 if (!ChildProcessSecurityPolicyImpl::GetInstance()->
507 CanRequestURL(child_id, url)) {
508 VLOG(1) << "Denied unauthorized download request for "
509 << url.possibly_invalid_spec();
510 return CallbackAndReturn(started_callback, net::ERR_ACCESS_DENIED);
511 }
512
513 request_id_--;
514
515 const net::URLRequestContext* request_context = context->GetRequestContext();
516 if (!request_context->job_factory()->IsHandledURL(url)) {
517 VLOG(1) << "Download request for unsupported protocol: "
518 << url.possibly_invalid_spec();
519 return CallbackAndReturn(started_callback, net::ERR_ACCESS_DENIED);
520 }
521
522 ResourceRequestInfoImpl* extra_info =
523 CreateRequestInfo(child_id, route_id, true, context);
524 extra_info->AssociateWithRequest(request.get()); // Request takes ownership.
525
526 if (request->url().SchemeIs(chrome::kBlobScheme)) {
527 ChromeBlobStorageContext* blob_context =
528 GetChromeBlobStorageContextForResourceContext(context);
529 webkit_blob::BlobProtocolHandler::SetRequestedBlobDataHandle(
530 request.get(),
531 blob_context->context()->GetBlobDataFromPublicURL(request->url()));
532 }
533
534 // From this point forward, the |DownloadResourceHandler| is responsible for
535 // |started_callback|.
536 scoped_ptr<ResourceHandler> handler(
537 CreateResourceHandlerForDownload(request.get(), is_content_initiated,
538 true, download_id, save_info.Pass(),
539 started_callback));
540
541 BeginRequestInternal(request.Pass(), handler.Pass());
542
543 return net::OK;
544 }
545
ClearLoginDelegateForRequest(net::URLRequest * request)546 void ResourceDispatcherHostImpl::ClearLoginDelegateForRequest(
547 net::URLRequest* request) {
548 ResourceRequestInfoImpl* info = ResourceRequestInfoImpl::ForRequest(request);
549 if (info) {
550 ResourceLoader* loader = GetLoader(info->GetGlobalRequestID());
551 if (loader)
552 loader->ClearLoginDelegate();
553 }
554 }
555
Shutdown()556 void ResourceDispatcherHostImpl::Shutdown() {
557 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
558 BrowserThread::PostTask(BrowserThread::IO,
559 FROM_HERE,
560 base::Bind(&ResourceDispatcherHostImpl::OnShutdown,
561 base::Unretained(this)));
562 }
563
564 scoped_ptr<ResourceHandler>
CreateResourceHandlerForDownload(net::URLRequest * request,bool is_content_initiated,bool must_download,uint32 id,scoped_ptr<DownloadSaveInfo> save_info,const DownloadUrlParameters::OnStartedCallback & started_cb)565 ResourceDispatcherHostImpl::CreateResourceHandlerForDownload(
566 net::URLRequest* request,
567 bool is_content_initiated,
568 bool must_download,
569 uint32 id,
570 scoped_ptr<DownloadSaveInfo> save_info,
571 const DownloadUrlParameters::OnStartedCallback& started_cb) {
572 scoped_ptr<ResourceHandler> handler(
573 new DownloadResourceHandler(id, request, started_cb, save_info.Pass()));
574 if (delegate_) {
575 const ResourceRequestInfo* request_info(
576 ResourceRequestInfo::ForRequest(request));
577
578 ScopedVector<ResourceThrottle> throttles;
579 delegate_->DownloadStarting(
580 request, request_info->GetContext(), request_info->GetChildID(),
581 request_info->GetRouteID(), request_info->GetRequestID(),
582 is_content_initiated, must_download, &throttles);
583 if (!throttles.empty()) {
584 handler.reset(
585 new ThrottlingResourceHandler(
586 handler.Pass(), request, throttles.Pass()));
587 }
588 }
589 return handler.Pass();
590 }
591
592 scoped_ptr<ResourceHandler>
MaybeInterceptAsStream(net::URLRequest * request,ResourceResponse * response)593 ResourceDispatcherHostImpl::MaybeInterceptAsStream(net::URLRequest* request,
594 ResourceResponse* response) {
595 ResourceRequestInfoImpl* info = ResourceRequestInfoImpl::ForRequest(request);
596 const std::string& mime_type = response->head.mime_type;
597
598 GURL origin;
599 std::string target_id;
600 if (!delegate_ ||
601 !delegate_->ShouldInterceptResourceAsStream(info->GetContext(),
602 request->url(),
603 mime_type,
604 &origin,
605 &target_id)) {
606 return scoped_ptr<ResourceHandler>();
607 }
608
609 StreamContext* stream_context =
610 GetStreamContextForResourceContext(info->GetContext());
611
612 scoped_ptr<StreamResourceHandler> handler(
613 new StreamResourceHandler(request,
614 stream_context->registry(),
615 origin));
616
617 info->set_is_stream(true);
618 delegate_->OnStreamCreated(
619 info->GetContext(),
620 info->GetChildID(),
621 info->GetRouteID(),
622 target_id,
623 handler->stream()->CreateHandle(request->url(), mime_type),
624 request->GetExpectedContentSize());
625 return handler.PassAs<ResourceHandler>();
626 }
627
ClearSSLClientAuthHandlerForRequest(net::URLRequest * request)628 void ResourceDispatcherHostImpl::ClearSSLClientAuthHandlerForRequest(
629 net::URLRequest* request) {
630 ResourceRequestInfoImpl* info = ResourceRequestInfoImpl::ForRequest(request);
631 if (info) {
632 ResourceLoader* loader = GetLoader(info->GetGlobalRequestID());
633 if (loader)
634 loader->ClearSSLClientAuthHandler();
635 }
636 }
637
638 ResourceDispatcherHostLoginDelegate*
CreateLoginDelegate(ResourceLoader * loader,net::AuthChallengeInfo * auth_info)639 ResourceDispatcherHostImpl::CreateLoginDelegate(
640 ResourceLoader* loader,
641 net::AuthChallengeInfo* auth_info) {
642 if (!delegate_)
643 return NULL;
644
645 return delegate_->CreateLoginDelegate(auth_info, loader->request());
646 }
647
AcceptAuthRequest(ResourceLoader * loader,net::AuthChallengeInfo * auth_info)648 bool ResourceDispatcherHostImpl::AcceptAuthRequest(
649 ResourceLoader* loader,
650 net::AuthChallengeInfo* auth_info) {
651 if (delegate_ && !delegate_->AcceptAuthRequest(loader->request(), auth_info))
652 return false;
653
654 return true;
655 }
656
AcceptSSLClientCertificateRequest(ResourceLoader * loader,net::SSLCertRequestInfo * cert_info)657 bool ResourceDispatcherHostImpl::AcceptSSLClientCertificateRequest(
658 ResourceLoader* loader,
659 net::SSLCertRequestInfo* cert_info) {
660 if (delegate_ && !delegate_->AcceptSSLClientCertificateRequest(
661 loader->request(), cert_info)) {
662 return false;
663 }
664
665 return true;
666 }
667
HandleExternalProtocol(ResourceLoader * loader,const GURL & url)668 bool ResourceDispatcherHostImpl::HandleExternalProtocol(ResourceLoader* loader,
669 const GURL& url) {
670 if (!delegate_)
671 return false;
672
673 ResourceRequestInfoImpl* info = loader->GetRequestInfo();
674
675 if (!ResourceType::IsFrame(info->GetResourceType()))
676 return false;
677
678 const net::URLRequestJobFactory* job_factory =
679 info->GetContext()->GetRequestContext()->job_factory();
680 if (job_factory->IsHandledURL(url))
681 return false;
682
683 return delegate_->HandleExternalProtocol(url, info->GetChildID(),
684 info->GetRouteID());
685 }
686
DidStartRequest(ResourceLoader * loader)687 void ResourceDispatcherHostImpl::DidStartRequest(ResourceLoader* loader) {
688 // Make sure we have the load state monitor running
689 if (!update_load_states_timer_->IsRunning()) {
690 update_load_states_timer_->Start(FROM_HERE,
691 TimeDelta::FromMilliseconds(kUpdateLoadStatesIntervalMsec),
692 this, &ResourceDispatcherHostImpl::UpdateLoadStates);
693 }
694 }
695
DidReceiveRedirect(ResourceLoader * loader,const GURL & new_url)696 void ResourceDispatcherHostImpl::DidReceiveRedirect(ResourceLoader* loader,
697 const GURL& new_url) {
698 ResourceRequestInfoImpl* info = loader->GetRequestInfo();
699
700 int render_process_id, render_view_id;
701 if (!info->GetAssociatedRenderView(&render_process_id, &render_view_id))
702 return;
703
704 // Notify the observers on the UI thread.
705 scoped_ptr<ResourceRedirectDetails> detail(new ResourceRedirectDetails(
706 loader->request(),
707 GetCertID(loader->request(), info->GetChildID()),
708 new_url));
709 BrowserThread::PostTask(
710 BrowserThread::UI, FROM_HERE,
711 base::Bind(
712 &NotifyRedirectOnUI,
713 render_process_id, render_view_id, base::Passed(&detail)));
714 }
715
DidReceiveResponse(ResourceLoader * loader)716 void ResourceDispatcherHostImpl::DidReceiveResponse(ResourceLoader* loader) {
717 ResourceRequestInfoImpl* info = loader->GetRequestInfo();
718
719 // There should be an entry in the map created when we dispatched the
720 // request unless it's been detached and the renderer has died.
721 OfflineMap::iterator policy_it(
722 offline_policy_map_.find(info->GetGlobalRoutingID()));
723 if (offline_policy_map_.end() != policy_it) {
724 policy_it->second->UpdateStateForSuccessfullyStartedRequest(
725 loader->request()->response_info());
726 } else {
727 // Unless detached, we should have an entry in offline_policy_map_ from
728 // when this request traversed Begin{Download,SaveFile,Request}.
729 // TODO(rdsmith): This isn't currently true; see http://crbug.com/241176.
730 DCHECK(info->detachable_handler() &&
731 info->detachable_handler()->is_detached());
732 }
733
734 int render_process_id, render_view_id;
735 if (!info->GetAssociatedRenderView(&render_process_id, &render_view_id))
736 return;
737
738 // Notify the observers on the UI thread.
739 scoped_ptr<ResourceRequestDetails> detail(new ResourceRequestDetails(
740 loader->request(),
741 GetCertID(loader->request(), info->GetChildID())));
742 BrowserThread::PostTask(
743 BrowserThread::UI, FROM_HERE,
744 base::Bind(
745 &NotifyResponseOnUI,
746 render_process_id, render_view_id, base::Passed(&detail)));
747 }
748
DidFinishLoading(ResourceLoader * loader)749 void ResourceDispatcherHostImpl::DidFinishLoading(ResourceLoader* loader) {
750 ResourceRequestInfo* info = loader->GetRequestInfo();
751
752 // Record final result of all resource loads.
753 if (info->GetResourceType() == ResourceType::MAIN_FRAME) {
754 // This enumeration has "3" appended to its name to distinguish it from
755 // older versions.
756 UMA_HISTOGRAM_SPARSE_SLOWLY(
757 "Net.ErrorCodesForMainFrame3",
758 -loader->request()->status().error());
759
760 if (loader->request()->url().SchemeIsSecure() &&
761 loader->request()->url().host() == "www.google.com") {
762 UMA_HISTOGRAM_SPARSE_SLOWLY(
763 "Net.ErrorCodesForHTTPSGoogleMainFrame2",
764 -loader->request()->status().error());
765 }
766 } else {
767 if (info->GetResourceType() == ResourceType::IMAGE) {
768 UMA_HISTOGRAM_SPARSE_SLOWLY(
769 "Net.ErrorCodesForImages",
770 -loader->request()->status().error());
771 }
772 // This enumeration has "2" appended to distinguish it from older versions.
773 UMA_HISTOGRAM_SPARSE_SLOWLY(
774 "Net.ErrorCodesForSubresources2",
775 -loader->request()->status().error());
776 }
777
778 // Destroy the ResourceLoader.
779 RemovePendingRequest(info->GetChildID(), info->GetRequestID());
780 }
781
782 // static
RenderViewForRequest(const net::URLRequest * request,int * render_process_id,int * render_view_id)783 bool ResourceDispatcherHostImpl::RenderViewForRequest(
784 const net::URLRequest* request,
785 int* render_process_id,
786 int* render_view_id) {
787 const ResourceRequestInfoImpl* info =
788 ResourceRequestInfoImpl::ForRequest(request);
789 if (!info) {
790 *render_process_id = -1;
791 *render_view_id = -1;
792 return false;
793 }
794
795 return info->GetAssociatedRenderView(render_process_id, render_view_id);
796 }
797
OnInit()798 void ResourceDispatcherHostImpl::OnInit() {
799 scheduler_.reset(new ResourceScheduler);
800 appcache::AppCacheInterceptor::EnsureRegistered();
801 }
802
OnShutdown()803 void ResourceDispatcherHostImpl::OnShutdown() {
804 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
805
806 is_shutdown_ = true;
807 pending_loaders_.clear();
808
809 // Make sure we shutdown the timer now, otherwise by the time our destructor
810 // runs if the timer is still running the Task is deleted twice (once by
811 // the MessageLoop and the second time by RepeatingTimer).
812 update_load_states_timer_.reset();
813
814 // Clear blocked requests if any left.
815 // Note that we have to do this in 2 passes as we cannot call
816 // CancelBlockedRequestsForRoute while iterating over
817 // blocked_loaders_map_, as it modifies it.
818 std::set<GlobalRoutingID> ids;
819 for (BlockedLoadersMap::const_iterator iter = blocked_loaders_map_.begin();
820 iter != blocked_loaders_map_.end(); ++iter) {
821 std::pair<std::set<GlobalRoutingID>::iterator, bool> result =
822 ids.insert(iter->first);
823 // We should not have duplicates.
824 DCHECK(result.second);
825 }
826 for (std::set<GlobalRoutingID>::const_iterator iter = ids.begin();
827 iter != ids.end(); ++iter) {
828 CancelBlockedRequestsForRoute(iter->child_id, iter->route_id);
829 }
830
831 scheduler_.reset();
832 }
833
OnMessageReceived(const IPC::Message & message,ResourceMessageFilter * filter,bool * message_was_ok)834 bool ResourceDispatcherHostImpl::OnMessageReceived(
835 const IPC::Message& message,
836 ResourceMessageFilter* filter,
837 bool* message_was_ok) {
838 filter_ = filter;
839 bool handled = true;
840 IPC_BEGIN_MESSAGE_MAP_EX(ResourceDispatcherHostImpl, message, *message_was_ok)
841 IPC_MESSAGE_HANDLER(ResourceHostMsg_RequestResource, OnRequestResource)
842 IPC_MESSAGE_HANDLER_DELAY_REPLY(ResourceHostMsg_SyncLoad, OnSyncLoad)
843 IPC_MESSAGE_HANDLER(ResourceHostMsg_ReleaseDownloadedFile,
844 OnReleaseDownloadedFile)
845 IPC_MESSAGE_HANDLER(ResourceHostMsg_DataDownloaded_ACK, OnDataDownloadedACK)
846 IPC_MESSAGE_HANDLER(ResourceHostMsg_UploadProgress_ACK, OnUploadProgressACK)
847 IPC_MESSAGE_HANDLER(ResourceHostMsg_CancelRequest, OnCancelRequest)
848 IPC_MESSAGE_UNHANDLED(handled = false)
849 IPC_END_MESSAGE_MAP_EX()
850
851 if (!handled && IPC_MESSAGE_ID_CLASS(message.type()) == ResourceMsgStart) {
852 PickleIterator iter(message);
853 int request_id = -1;
854 bool ok = iter.ReadInt(&request_id);
855 DCHECK(ok);
856 GlobalRequestID id(filter_->child_id(), request_id);
857 DelegateMap::iterator it = delegate_map_.find(id);
858 if (it != delegate_map_.end()) {
859 ObserverList<ResourceMessageDelegate>::Iterator del_it(*it->second);
860 ResourceMessageDelegate* delegate;
861 while (!handled && (delegate = del_it.GetNext()) != NULL) {
862 handled = delegate->OnMessageReceived(message, message_was_ok);
863 }
864 }
865 }
866
867 filter_ = NULL;
868 return handled;
869 }
870
OnRequestResource(const IPC::Message & message,int request_id,const ResourceHostMsg_Request & request_data)871 void ResourceDispatcherHostImpl::OnRequestResource(
872 const IPC::Message& message,
873 int request_id,
874 const ResourceHostMsg_Request& request_data) {
875 BeginRequest(request_id, request_data, NULL, message.routing_id());
876 }
877
878 // Begins a resource request with the given params on behalf of the specified
879 // child process. Responses will be dispatched through the given receiver. The
880 // process ID is used to lookup WebContentsImpl from routing_id's in the case of
881 // a request from a renderer. request_context is the cookie/cache context to be
882 // used for this request.
883 //
884 // If sync_result is non-null, then a SyncLoad reply will be generated, else
885 // a normal asynchronous set of response messages will be generated.
OnSyncLoad(int request_id,const ResourceHostMsg_Request & request_data,IPC::Message * sync_result)886 void ResourceDispatcherHostImpl::OnSyncLoad(
887 int request_id,
888 const ResourceHostMsg_Request& request_data,
889 IPC::Message* sync_result) {
890 BeginRequest(request_id, request_data, sync_result,
891 sync_result->routing_id());
892 }
893
UpdateRequestForTransfer(int child_id,int route_id,int request_id,const ResourceHostMsg_Request & request_data,const linked_ptr<ResourceLoader> & loader)894 void ResourceDispatcherHostImpl::UpdateRequestForTransfer(
895 int child_id,
896 int route_id,
897 int request_id,
898 const ResourceHostMsg_Request& request_data,
899 const linked_ptr<ResourceLoader>& loader) {
900 ResourceRequestInfoImpl* info = loader->GetRequestInfo();
901 GlobalRoutingID old_routing_id(
902 request_data.transferred_request_child_id, info->GetRouteID());
903 GlobalRequestID old_request_id(request_data.transferred_request_child_id,
904 request_data.transferred_request_request_id);
905 GlobalRoutingID new_routing_id(child_id, route_id);
906 GlobalRequestID new_request_id(child_id, request_id);
907
908 // Clear out data that depends on |info| before updating it.
909 IncrementOutstandingRequestsMemory(-1, *info);
910 OustandingRequestsStats empty_stats = { 0, 0 };
911 OustandingRequestsStats old_stats = GetOutstandingRequestsStats(*info);
912 UpdateOutstandingRequestsStats(*info, empty_stats);
913 pending_loaders_.erase(old_request_id);
914
915 // ResourceHandlers should always get state related to the request from the
916 // ResourceRequestInfo rather than caching it locally. This lets us update
917 // the info object when a transfer occurs.
918 info->UpdateForTransfer(child_id, route_id, request_data.origin_pid,
919 request_id, request_data.frame_id,
920 request_data.parent_frame_id, filter_->GetWeakPtr());
921
922 // Update maps that used the old IDs, if necessary. Some transfers in tests
923 // do not actually use a different ID, so not all maps need to be updated.
924 pending_loaders_[new_request_id] = loader;
925 UpdateOutstandingRequestsStats(*info, old_stats);
926 IncrementOutstandingRequestsMemory(1, *info);
927 if (old_routing_id != new_routing_id) {
928 if (offline_policy_map_.find(old_routing_id) != offline_policy_map_.end()) {
929 if (offline_policy_map_.find(new_routing_id) !=
930 offline_policy_map_.end())
931 delete offline_policy_map_[new_routing_id];
932 offline_policy_map_[new_routing_id] = offline_policy_map_[old_routing_id];
933 offline_policy_map_.erase(old_routing_id);
934 }
935 if (blocked_loaders_map_.find(old_routing_id) !=
936 blocked_loaders_map_.end()) {
937 blocked_loaders_map_[new_routing_id] =
938 blocked_loaders_map_[old_routing_id];
939 blocked_loaders_map_.erase(old_routing_id);
940 }
941 }
942 if (old_request_id != new_request_id) {
943 DelegateMap::iterator it = delegate_map_.find(old_request_id);
944 if (it != delegate_map_.end()) {
945 // Tell each delegate that the request ID has changed.
946 ObserverList<ResourceMessageDelegate>::Iterator del_it(*it->second);
947 ResourceMessageDelegate* delegate;
948 while ((delegate = del_it.GetNext()) != NULL) {
949 delegate->set_request_id(new_request_id);
950 }
951 // Now store the observer list under the new request ID.
952 delegate_map_[new_request_id] = delegate_map_[old_request_id];
953 delegate_map_.erase(old_request_id);
954 }
955 }
956
957 // Notify the delegate to allow it to update state as well.
958 if (delegate_) {
959 delegate_->WillTransferRequestToNewProcess(old_routing_id.child_id,
960 old_routing_id.route_id,
961 old_request_id.request_id,
962 child_id,
963 route_id,
964 request_id);
965 }
966
967 appcache::AppCacheInterceptor::CompleteCrossSiteTransfer(
968 loader->request(),
969 child_id,
970 request_data.appcache_host_id);
971
972 // We should have a CrossSiteResourceHandler to finish the transfer.
973 DCHECK(info->cross_site_handler());
974 }
975
BeginRequest(int request_id,const ResourceHostMsg_Request & request_data,IPC::Message * sync_result,int route_id)976 void ResourceDispatcherHostImpl::BeginRequest(
977 int request_id,
978 const ResourceHostMsg_Request& request_data,
979 IPC::Message* sync_result, // only valid for sync
980 int route_id) {
981 int process_type = filter_->process_type();
982 int child_id = filter_->child_id();
983
984 // Reject invalid priority.
985 if (request_data.priority < net::MINIMUM_PRIORITY ||
986 request_data.priority > net::MAXIMUM_PRIORITY) {
987 RecordAction(UserMetricsAction("BadMessageTerminate_RDH"));
988 filter_->BadMessageReceived();
989 return;
990 }
991
992 // If we crash here, figure out what URL the renderer was requesting.
993 // http://crbug.com/91398
994 char url_buf[128];
995 base::strlcpy(url_buf, request_data.url.spec().c_str(), arraysize(url_buf));
996 base::debug::Alias(url_buf);
997
998 // If the request that's coming in is being transferred from another process,
999 // we want to reuse and resume the old loader rather than start a new one.
1000 linked_ptr<ResourceLoader> deferred_loader;
1001 {
1002 LoaderMap::iterator it = pending_loaders_.find(
1003 GlobalRequestID(request_data.transferred_request_child_id,
1004 request_data.transferred_request_request_id));
1005 if (it != pending_loaders_.end()) {
1006 // If the request is transferring to a new process, we can update our
1007 // state and let it resume with its existing ResourceHandlers.
1008 if (it->second->is_transferring()) {
1009 deferred_loader = it->second;
1010 UpdateRequestForTransfer(child_id, route_id, request_id,
1011 request_data, deferred_loader);
1012
1013 deferred_loader->CompleteTransfer();
1014 } else {
1015 RecordAction(UserMetricsAction("BadMessageTerminate_RDH"));
1016 filter_->BadMessageReceived();
1017 }
1018 return;
1019 }
1020 }
1021
1022 ResourceContext* resource_context = NULL;
1023 net::URLRequestContext* request_context = NULL;
1024 filter_->GetContexts(request_data, &resource_context, &request_context);
1025 // http://crbug.com/90971
1026 CHECK(ContainsKey(active_resource_contexts_, resource_context));
1027
1028 if (is_shutdown_ ||
1029 !ShouldServiceRequest(process_type, child_id, request_data,
1030 filter_->file_system_context())) {
1031 AbortRequestBeforeItStarts(filter_, sync_result, request_id);
1032 return;
1033 }
1034
1035 const Referrer referrer(request_data.referrer, request_data.referrer_policy);
1036
1037 // Allow the observer to block/handle the request.
1038 if (delegate_ && !delegate_->ShouldBeginRequest(child_id,
1039 route_id,
1040 request_data.method,
1041 request_data.url,
1042 request_data.resource_type,
1043 resource_context)) {
1044 AbortRequestBeforeItStarts(filter_, sync_result, request_id);
1045 return;
1046 }
1047
1048 bool is_sync_load = sync_result != NULL;
1049 int load_flags =
1050 BuildLoadFlagsForRequest(request_data, child_id, is_sync_load);
1051
1052 GlobalRoutingID id(child_id, route_id);
1053 if (!offline_policy_map_[id])
1054 offline_policy_map_[id] = new OfflinePolicy();
1055 load_flags |= offline_policy_map_[id]->GetAdditionalLoadFlags(
1056 load_flags, request_data.resource_type == ResourceType::MAIN_FRAME);
1057
1058 // Sync loads should have maximum priority and should be the only
1059 // requets that have the ignore limits flag set.
1060 if (is_sync_load) {
1061 DCHECK_EQ(request_data.priority, net::MAXIMUM_PRIORITY);
1062 DCHECK_NE(load_flags & net::LOAD_IGNORE_LIMITS, 0);
1063 } else {
1064 DCHECK_EQ(load_flags & net::LOAD_IGNORE_LIMITS, 0);
1065 }
1066
1067 // Construct the request.
1068 scoped_ptr<net::URLRequest> new_request;
1069 net::URLRequest* request;
1070 new_request = request_context->CreateRequest(
1071 request_data.url, request_data.priority, NULL);
1072 request = new_request.get();
1073
1074 request->set_method(request_data.method);
1075 request->set_first_party_for_cookies(request_data.first_party_for_cookies);
1076 SetReferrerForRequest(request, referrer);
1077
1078 net::HttpRequestHeaders headers;
1079 headers.AddHeadersFromString(request_data.headers);
1080 request->SetExtraRequestHeaders(headers);
1081
1082 request->SetLoadFlags(load_flags);
1083
1084 // Resolve elements from request_body and prepare upload data.
1085 if (request_data.request_body.get()) {
1086 webkit_blob::BlobStorageContext* blob_context = NULL;
1087 if (filter_->blob_storage_context())
1088 blob_context = filter_->blob_storage_context()->context();
1089 request->set_upload(UploadDataStreamBuilder::Build(
1090 request_data.request_body.get(),
1091 blob_context,
1092 filter_->file_system_context(),
1093 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::FILE)
1094 .get()));
1095 }
1096
1097 bool allow_download = request_data.allow_download &&
1098 ResourceType::IsFrame(request_data.resource_type);
1099
1100 // Make extra info and read footer (contains request ID).
1101 ResourceRequestInfoImpl* extra_info =
1102 new ResourceRequestInfoImpl(
1103 process_type,
1104 child_id,
1105 route_id,
1106 request_data.origin_pid,
1107 request_id,
1108 request_data.render_frame_id,
1109 request_data.is_main_frame,
1110 request_data.frame_id,
1111 request_data.parent_is_main_frame,
1112 request_data.parent_frame_id,
1113 request_data.resource_type,
1114 request_data.transition_type,
1115 request_data.should_replace_current_entry,
1116 false, // is download
1117 false, // is stream
1118 allow_download,
1119 request_data.has_user_gesture,
1120 request_data.referrer_policy,
1121 resource_context,
1122 filter_->GetWeakPtr(),
1123 !is_sync_load);
1124 extra_info->AssociateWithRequest(request); // Request takes ownership.
1125
1126 if (request->url().SchemeIs(chrome::kBlobScheme)) {
1127 // Hang on to a reference to ensure the blob is not released prior
1128 // to the job being started.
1129 webkit_blob::BlobProtocolHandler::SetRequestedBlobDataHandle(
1130 request,
1131 filter_->blob_storage_context()->context()->
1132 GetBlobDataFromPublicURL(request->url()));
1133 }
1134
1135 // Have the appcache associate its extra info with the request.
1136 appcache::AppCacheInterceptor::SetExtraRequestInfo(
1137 request, filter_->appcache_service(), child_id,
1138 request_data.appcache_host_id, request_data.resource_type);
1139
1140 scoped_ptr<ResourceHandler> handler(
1141 CreateResourceHandler(
1142 request,
1143 request_data, sync_result, route_id, process_type, child_id,
1144 resource_context));
1145
1146 BeginRequestInternal(new_request.Pass(), handler.Pass());
1147 }
1148
CreateResourceHandler(net::URLRequest * request,const ResourceHostMsg_Request & request_data,IPC::Message * sync_result,int route_id,int process_type,int child_id,ResourceContext * resource_context)1149 scoped_ptr<ResourceHandler> ResourceDispatcherHostImpl::CreateResourceHandler(
1150 net::URLRequest* request,
1151 const ResourceHostMsg_Request& request_data,
1152 IPC::Message* sync_result,
1153 int route_id,
1154 int process_type,
1155 int child_id,
1156 ResourceContext* resource_context) {
1157 // Construct the IPC resource handler.
1158 scoped_ptr<ResourceHandler> handler;
1159 if (sync_result) {
1160 handler.reset(new SyncResourceHandler(request, sync_result, this));
1161 } else {
1162 handler.reset(new AsyncResourceHandler(request, this));
1163 if (IsDetachableResourceType(request_data.resource_type)) {
1164 handler.reset(new DetachableResourceHandler(
1165 request,
1166 base::TimeDelta::FromMilliseconds(kDefaultDetachableCancelDelayMs),
1167 handler.Pass()));
1168 }
1169 }
1170
1171 // The RedirectToFileResourceHandler depends on being next in the chain.
1172 if (request_data.download_to_file) {
1173 handler.reset(
1174 new RedirectToFileResourceHandler(handler.Pass(), request, this));
1175 }
1176
1177 // Install a CrossSiteResourceHandler for all main frame requests. This will
1178 // let us check whether a transfer is required and pause for the unload
1179 // handler either if so or if a cross-process navigation is already under way.
1180 if (request_data.resource_type == ResourceType::MAIN_FRAME &&
1181 process_type == PROCESS_TYPE_RENDERER) {
1182 handler.reset(new CrossSiteResourceHandler(handler.Pass(), request));
1183 }
1184
1185 // Insert a buffered event handler before the actual one.
1186 handler.reset(
1187 new BufferedResourceHandler(handler.Pass(), this, request));
1188
1189 ScopedVector<ResourceThrottle> throttles;
1190 if (delegate_) {
1191 delegate_->RequestBeginning(request,
1192 resource_context,
1193 filter_->appcache_service(),
1194 request_data.resource_type,
1195 child_id,
1196 route_id,
1197 &throttles);
1198 }
1199
1200 if (request->has_upload()) {
1201 // Block power save while uploading data.
1202 throttles.push_back(new PowerSaveBlockResourceThrottle());
1203 }
1204
1205 throttles.push_back(
1206 scheduler_->ScheduleRequest(child_id, route_id, request).release());
1207
1208 handler.reset(
1209 new ThrottlingResourceHandler(handler.Pass(), request, throttles.Pass()));
1210
1211 return handler.Pass();
1212 }
1213
OnReleaseDownloadedFile(int request_id)1214 void ResourceDispatcherHostImpl::OnReleaseDownloadedFile(int request_id) {
1215 UnregisterDownloadedTempFile(filter_->child_id(), request_id);
1216 }
1217
OnDataDownloadedACK(int request_id)1218 void ResourceDispatcherHostImpl::OnDataDownloadedACK(int request_id) {
1219 // TODO(michaeln): maybe throttle DataDownloaded messages
1220 }
1221
RegisterDownloadedTempFile(int child_id,int request_id,ShareableFileReference * reference)1222 void ResourceDispatcherHostImpl::RegisterDownloadedTempFile(
1223 int child_id, int request_id, ShareableFileReference* reference) {
1224 registered_temp_files_[child_id][request_id] = reference;
1225 ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
1226 child_id, reference->path());
1227
1228 // When the temp file is deleted, revoke permissions that the renderer has
1229 // to that file. This covers an edge case where the file is deleted and then
1230 // the same name is re-used for some other purpose, we don't want the old
1231 // renderer to still have access to it.
1232 //
1233 // We do this when the file is deleted because the renderer can take a blob
1234 // reference to the temp file that outlives the url loaded that it was
1235 // loaded with to keep the file (and permissions) alive.
1236 reference->AddFinalReleaseCallback(
1237 base::Bind(&RemoveDownloadFileFromChildSecurityPolicy,
1238 child_id));
1239 }
1240
UnregisterDownloadedTempFile(int child_id,int request_id)1241 void ResourceDispatcherHostImpl::UnregisterDownloadedTempFile(
1242 int child_id, int request_id) {
1243 DeletableFilesMap& map = registered_temp_files_[child_id];
1244 DeletableFilesMap::iterator found = map.find(request_id);
1245 if (found == map.end())
1246 return;
1247
1248 map.erase(found);
1249
1250 // Note that we don't remove the security bits here. This will be done
1251 // when all file refs are deleted (see RegisterDownloadedTempFile).
1252 }
1253
Send(IPC::Message * message)1254 bool ResourceDispatcherHostImpl::Send(IPC::Message* message) {
1255 delete message;
1256 return false;
1257 }
1258
OnUploadProgressACK(int request_id)1259 void ResourceDispatcherHostImpl::OnUploadProgressACK(int request_id) {
1260 ResourceLoader* loader = GetLoader(filter_->child_id(), request_id);
1261 if (loader)
1262 loader->OnUploadProgressACK();
1263 }
1264
OnCancelRequest(int request_id)1265 void ResourceDispatcherHostImpl::OnCancelRequest(int request_id) {
1266 CancelRequest(filter_->child_id(), request_id, true);
1267 }
1268
CreateRequestInfo(int child_id,int route_id,bool download,ResourceContext * context)1269 ResourceRequestInfoImpl* ResourceDispatcherHostImpl::CreateRequestInfo(
1270 int child_id,
1271 int route_id,
1272 bool download,
1273 ResourceContext* context) {
1274 return new ResourceRequestInfoImpl(
1275 PROCESS_TYPE_RENDERER,
1276 child_id,
1277 route_id,
1278 0,
1279 request_id_,
1280 MSG_ROUTING_NONE, // render_frame_id
1281 false, // is_main_frame
1282 -1, // frame_id
1283 false, // parent_is_main_frame
1284 -1, // parent_frame_id
1285 ResourceType::SUB_RESOURCE,
1286 PAGE_TRANSITION_LINK,
1287 false, // should_replace_current_entry
1288 download, // is_download
1289 false, // is_stream
1290 download, // allow_download
1291 false, // has_user_gesture
1292 blink::WebReferrerPolicyDefault,
1293 context,
1294 base::WeakPtr<ResourceMessageFilter>(), // filter
1295 true); // is_async
1296 }
1297
OnRenderViewHostCreated(int child_id,int route_id)1298 void ResourceDispatcherHostImpl::OnRenderViewHostCreated(
1299 int child_id,
1300 int route_id) {
1301 scheduler_->OnClientCreated(child_id, route_id);
1302 }
1303
OnRenderViewHostDeleted(int child_id,int route_id)1304 void ResourceDispatcherHostImpl::OnRenderViewHostDeleted(
1305 int child_id,
1306 int route_id) {
1307 scheduler_->OnClientDeleted(child_id, route_id);
1308 CancelRequestsForRoute(child_id, route_id);
1309 }
1310
1311 // This function is only used for saving feature.
BeginSaveFile(const GURL & url,const Referrer & referrer,int child_id,int route_id,ResourceContext * context)1312 void ResourceDispatcherHostImpl::BeginSaveFile(
1313 const GURL& url,
1314 const Referrer& referrer,
1315 int child_id,
1316 int route_id,
1317 ResourceContext* context) {
1318 if (is_shutdown_)
1319 return;
1320
1321 // http://crbug.com/90971
1322 char url_buf[128];
1323 base::strlcpy(url_buf, url.spec().c_str(), arraysize(url_buf));
1324 base::debug::Alias(url_buf);
1325 CHECK(ContainsKey(active_resource_contexts_, context));
1326
1327 scoped_ptr<ResourceHandler> handler(
1328 new SaveFileResourceHandler(child_id,
1329 route_id,
1330 url,
1331 save_file_manager_.get()));
1332 request_id_--;
1333
1334 const net::URLRequestContext* request_context = context->GetRequestContext();
1335 bool known_proto =
1336 request_context->job_factory()->IsHandledURL(url);
1337 if (!known_proto) {
1338 // Since any URLs which have non-standard scheme have been filtered
1339 // by save manager(see GURL::SchemeIsStandard). This situation
1340 // should not happen.
1341 NOTREACHED();
1342 return;
1343 }
1344
1345 scoped_ptr<net::URLRequest> request(
1346 request_context->CreateRequest(url, net::DEFAULT_PRIORITY, NULL));
1347 request->set_method("GET");
1348 SetReferrerForRequest(request.get(), referrer);
1349
1350 // So far, for saving page, we need fetch content from cache, in the
1351 // future, maybe we can use a configuration to configure this behavior.
1352 request->SetLoadFlags(net::LOAD_PREFERRING_CACHE);
1353
1354 // No need to get offline load flags for save files, but make sure
1355 // we have an OfflinePolicy to receive request completions.
1356 GlobalRoutingID id(child_id, route_id);
1357 if (!offline_policy_map_[id])
1358 offline_policy_map_[id] = new OfflinePolicy();
1359
1360 // Since we're just saving some resources we need, disallow downloading.
1361 ResourceRequestInfoImpl* extra_info =
1362 CreateRequestInfo(child_id, route_id, false, context);
1363 extra_info->AssociateWithRequest(request.get()); // Request takes ownership.
1364
1365 BeginRequestInternal(request.Pass(), handler.Pass());
1366 }
1367
MarkAsTransferredNavigation(const GlobalRequestID & id,const GURL & target_url)1368 void ResourceDispatcherHostImpl::MarkAsTransferredNavigation(
1369 const GlobalRequestID& id, const GURL& target_url) {
1370 GetLoader(id)->MarkAsTransferring(target_url);
1371 }
1372
ResumeDeferredNavigation(const GlobalRequestID & id)1373 void ResourceDispatcherHostImpl::ResumeDeferredNavigation(
1374 const GlobalRequestID& id) {
1375 ResourceLoader* loader = GetLoader(id);
1376 if (loader) {
1377 // The response we were meant to resume could have already been canceled.
1378 ResourceRequestInfoImpl* info = loader->GetRequestInfo();
1379 if (info->cross_site_handler())
1380 info->cross_site_handler()->ResumeResponse();
1381 }
1382 }
1383
1384 // The object died, so cancel and detach all requests associated with it except
1385 // for downloads and detachable resources, which belong to the browser process
1386 // even if initiated via a renderer.
CancelRequestsForProcess(int child_id)1387 void ResourceDispatcherHostImpl::CancelRequestsForProcess(int child_id) {
1388 CancelRequestsForRoute(child_id, -1 /* cancel all */);
1389 registered_temp_files_.erase(child_id);
1390 }
1391
CancelRequestsForRoute(int child_id,int route_id)1392 void ResourceDispatcherHostImpl::CancelRequestsForRoute(int child_id,
1393 int route_id) {
1394 // Since pending_requests_ is a map, we first build up a list of all of the
1395 // matching requests to be cancelled, and then we cancel them. Since there
1396 // may be more than one request to cancel, we cannot simply hold onto the map
1397 // iterators found in the first loop.
1398
1399 // Find the global ID of all matching elements.
1400 bool any_requests_transferring = false;
1401 std::vector<GlobalRequestID> matching_requests;
1402 for (LoaderMap::const_iterator i = pending_loaders_.begin();
1403 i != pending_loaders_.end(); ++i) {
1404 if (i->first.child_id != child_id)
1405 continue;
1406
1407 ResourceRequestInfoImpl* info = i->second->GetRequestInfo();
1408
1409 GlobalRequestID id(child_id, i->first.request_id);
1410 DCHECK(id == i->first);
1411 // Don't cancel navigations that are expected to live beyond this process.
1412 if (IsTransferredNavigation(id))
1413 any_requests_transferring = true;
1414 if (info->detachable_handler()) {
1415 info->detachable_handler()->Detach();
1416 } else if (!info->IsDownload() && !info->is_stream() &&
1417 !IsTransferredNavigation(id) &&
1418 (route_id == -1 || route_id == info->GetRouteID())) {
1419 matching_requests.push_back(id);
1420 }
1421 }
1422
1423 // Remove matches.
1424 for (size_t i = 0; i < matching_requests.size(); ++i) {
1425 LoaderMap::iterator iter = pending_loaders_.find(matching_requests[i]);
1426 // Although every matching request was in pending_requests_ when we built
1427 // matching_requests, it is normal for a matching request to be not found
1428 // in pending_requests_ after we have removed some matching requests from
1429 // pending_requests_. For example, deleting a net::URLRequest that has
1430 // exclusive (write) access to an HTTP cache entry may unblock another
1431 // net::URLRequest that needs exclusive access to the same cache entry, and
1432 // that net::URLRequest may complete and remove itself from
1433 // pending_requests_. So we need to check that iter is not equal to
1434 // pending_requests_.end().
1435 if (iter != pending_loaders_.end())
1436 RemovePendingLoader(iter);
1437 }
1438
1439 // Don't clear the blocked loaders or offline policy maps if any of the
1440 // requests in route_id are being transferred to a new process, since those
1441 // maps will be updated with the new route_id after the transfer. Otherwise
1442 // we will lose track of this info when the old route goes away, before the
1443 // new one is created.
1444 if (any_requests_transferring)
1445 return;
1446
1447 // Now deal with blocked requests if any.
1448 if (route_id != -1) {
1449 if (blocked_loaders_map_.find(GlobalRoutingID(child_id, route_id)) !=
1450 blocked_loaders_map_.end()) {
1451 CancelBlockedRequestsForRoute(child_id, route_id);
1452 }
1453 } else {
1454 // We have to do all render views for the process |child_id|.
1455 // Note that we have to do this in 2 passes as we cannot call
1456 // CancelBlockedRequestsForRoute while iterating over
1457 // blocked_loaders_map_, as it modifies it.
1458 std::set<int> route_ids;
1459 for (BlockedLoadersMap::const_iterator iter = blocked_loaders_map_.begin();
1460 iter != blocked_loaders_map_.end(); ++iter) {
1461 if (iter->first.child_id == child_id)
1462 route_ids.insert(iter->first.route_id);
1463 }
1464 for (std::set<int>::const_iterator iter = route_ids.begin();
1465 iter != route_ids.end(); ++iter) {
1466 CancelBlockedRequestsForRoute(child_id, *iter);
1467 }
1468 }
1469
1470 // Cleanup the offline state for the route.
1471 if (-1 != route_id) {
1472 OfflineMap::iterator it = offline_policy_map_.find(
1473 GlobalRoutingID(child_id, route_id));
1474 if (offline_policy_map_.end() != it) {
1475 delete it->second;
1476 offline_policy_map_.erase(it);
1477 }
1478 } else {
1479 for (OfflineMap::iterator it = offline_policy_map_.begin();
1480 offline_policy_map_.end() != it;) {
1481 // Increment iterator so deletion doesn't invalidate it.
1482 OfflineMap::iterator current_it = it++;
1483
1484 if (child_id == current_it->first.child_id) {
1485 delete current_it->second;
1486 offline_policy_map_.erase(current_it);
1487 }
1488 }
1489 }
1490 }
1491
1492 // Cancels the request and removes it from the list.
RemovePendingRequest(int child_id,int request_id)1493 void ResourceDispatcherHostImpl::RemovePendingRequest(int child_id,
1494 int request_id) {
1495 LoaderMap::iterator i = pending_loaders_.find(
1496 GlobalRequestID(child_id, request_id));
1497 if (i == pending_loaders_.end()) {
1498 NOTREACHED() << "Trying to remove a request that's not here";
1499 return;
1500 }
1501 RemovePendingLoader(i);
1502 }
1503
RemovePendingLoader(const LoaderMap::iterator & iter)1504 void ResourceDispatcherHostImpl::RemovePendingLoader(
1505 const LoaderMap::iterator& iter) {
1506 ResourceRequestInfoImpl* info = iter->second->GetRequestInfo();
1507
1508 // Remove the memory credit that we added when pushing the request onto
1509 // the pending list.
1510 IncrementOutstandingRequestsMemory(-1, *info);
1511
1512 pending_loaders_.erase(iter);
1513
1514 // If we have no more pending requests, then stop the load state monitor
1515 if (pending_loaders_.empty() && update_load_states_timer_)
1516 update_load_states_timer_->Stop();
1517 }
1518
CancelRequest(int child_id,int request_id,bool from_renderer)1519 void ResourceDispatcherHostImpl::CancelRequest(int child_id,
1520 int request_id,
1521 bool from_renderer) {
1522 if (from_renderer) {
1523 // When the old renderer dies, it sends a message to us to cancel its
1524 // requests.
1525 if (IsTransferredNavigation(GlobalRequestID(child_id, request_id)))
1526 return;
1527 }
1528
1529 ResourceLoader* loader = GetLoader(child_id, request_id);
1530 if (!loader) {
1531 // We probably want to remove this warning eventually, but I wanted to be
1532 // able to notice when this happens during initial development since it
1533 // should be rare and may indicate a bug.
1534 DVLOG(1) << "Canceling a request that wasn't found";
1535 return;
1536 }
1537
1538 loader->CancelRequest(from_renderer);
1539 }
1540
1541 ResourceDispatcherHostImpl::OustandingRequestsStats
GetOutstandingRequestsStats(const ResourceRequestInfoImpl & info)1542 ResourceDispatcherHostImpl::GetOutstandingRequestsStats(
1543 const ResourceRequestInfoImpl& info) {
1544 OutstandingRequestsStatsMap::iterator entry =
1545 outstanding_requests_stats_map_.find(info.GetChildID());
1546 OustandingRequestsStats stats = { 0, 0 };
1547 if (entry != outstanding_requests_stats_map_.end())
1548 stats = entry->second;
1549 return stats;
1550 }
1551
UpdateOutstandingRequestsStats(const ResourceRequestInfoImpl & info,const OustandingRequestsStats & stats)1552 void ResourceDispatcherHostImpl::UpdateOutstandingRequestsStats(
1553 const ResourceRequestInfoImpl& info,
1554 const OustandingRequestsStats& stats) {
1555 if (stats.memory_cost == 0 && stats.num_requests == 0)
1556 outstanding_requests_stats_map_.erase(info.GetChildID());
1557 else
1558 outstanding_requests_stats_map_[info.GetChildID()] = stats;
1559 }
1560
1561 ResourceDispatcherHostImpl::OustandingRequestsStats
IncrementOutstandingRequestsMemory(int count,const ResourceRequestInfoImpl & info)1562 ResourceDispatcherHostImpl::IncrementOutstandingRequestsMemory(
1563 int count,
1564 const ResourceRequestInfoImpl& info) {
1565 DCHECK_EQ(1, abs(count));
1566
1567 // Retrieve the previous value (defaulting to 0 if not found).
1568 OustandingRequestsStats stats = GetOutstandingRequestsStats(info);
1569
1570 // Insert/update the total; delete entries when their count reaches 0.
1571 stats.memory_cost += count * info.memory_cost();
1572 DCHECK_GE(stats.memory_cost, 0);
1573 UpdateOutstandingRequestsStats(info, stats);
1574
1575 return stats;
1576 }
1577
1578 ResourceDispatcherHostImpl::OustandingRequestsStats
IncrementOutstandingRequestsCount(int count,const ResourceRequestInfoImpl & info)1579 ResourceDispatcherHostImpl::IncrementOutstandingRequestsCount(
1580 int count,
1581 const ResourceRequestInfoImpl& info) {
1582 DCHECK_EQ(1, abs(count));
1583 num_in_flight_requests_ += count;
1584
1585 OustandingRequestsStats stats = GetOutstandingRequestsStats(info);
1586 stats.num_requests += count;
1587 DCHECK_GE(stats.num_requests, 0);
1588 UpdateOutstandingRequestsStats(info, stats);
1589
1590 return stats;
1591 }
1592
HasSufficientResourcesForRequest(const net::URLRequest * request_)1593 bool ResourceDispatcherHostImpl::HasSufficientResourcesForRequest(
1594 const net::URLRequest* request_) {
1595 const ResourceRequestInfoImpl* info =
1596 ResourceRequestInfoImpl::ForRequest(request_);
1597 OustandingRequestsStats stats = IncrementOutstandingRequestsCount(1, *info);
1598
1599 if (stats.num_requests > max_num_in_flight_requests_per_process_)
1600 return false;
1601 if (num_in_flight_requests_ > max_num_in_flight_requests_)
1602 return false;
1603
1604 return true;
1605 }
1606
FinishedWithResourcesForRequest(const net::URLRequest * request_)1607 void ResourceDispatcherHostImpl::FinishedWithResourcesForRequest(
1608 const net::URLRequest* request_) {
1609 const ResourceRequestInfoImpl* info =
1610 ResourceRequestInfoImpl::ForRequest(request_);
1611 IncrementOutstandingRequestsCount(-1, *info);
1612 }
1613
1614 // static
CalculateApproximateMemoryCost(net::URLRequest * request)1615 int ResourceDispatcherHostImpl::CalculateApproximateMemoryCost(
1616 net::URLRequest* request) {
1617 // The following fields should be a minor size contribution (experimentally
1618 // on the order of 100). However since they are variable length, it could
1619 // in theory be a sizeable contribution.
1620 int strings_cost = request->extra_request_headers().ToString().size() +
1621 request->original_url().spec().size() +
1622 request->referrer().size() +
1623 request->method().size();
1624
1625 // Note that this expression will typically be dominated by:
1626 // |kAvgBytesPerOutstandingRequest|.
1627 return kAvgBytesPerOutstandingRequest + strings_cost;
1628 }
1629
BeginRequestInternal(scoped_ptr<net::URLRequest> request,scoped_ptr<ResourceHandler> handler)1630 void ResourceDispatcherHostImpl::BeginRequestInternal(
1631 scoped_ptr<net::URLRequest> request,
1632 scoped_ptr<ResourceHandler> handler) {
1633 DCHECK(!request->is_pending());
1634 ResourceRequestInfoImpl* info =
1635 ResourceRequestInfoImpl::ForRequest(request.get());
1636
1637 if ((TimeTicks::Now() - last_user_gesture_time_) <
1638 TimeDelta::FromMilliseconds(kUserGestureWindowMs)) {
1639 request->SetLoadFlags(
1640 request->load_flags() | net::LOAD_MAYBE_USER_GESTURE);
1641 }
1642
1643 // Add the memory estimate that starting this request will consume.
1644 info->set_memory_cost(CalculateApproximateMemoryCost(request.get()));
1645
1646 // If enqueing/starting this request will exceed our per-process memory
1647 // bound, abort it right away.
1648 OustandingRequestsStats stats = IncrementOutstandingRequestsMemory(1, *info);
1649 if (stats.memory_cost > max_outstanding_requests_cost_per_process_) {
1650 // We call "CancelWithError()" as a way of setting the net::URLRequest's
1651 // status -- it has no effect beyond this, since the request hasn't started.
1652 request->CancelWithError(net::ERR_INSUFFICIENT_RESOURCES);
1653
1654 bool defer = false;
1655 handler->OnResponseCompleted(info->GetRequestID(), request->status(),
1656 std::string(), &defer);
1657 if (defer) {
1658 // TODO(darin): The handler is not ready for us to kill the request. Oops!
1659 NOTREACHED();
1660 }
1661
1662 IncrementOutstandingRequestsMemory(-1, *info);
1663
1664 // A ResourceHandler must not outlive its associated URLRequest.
1665 handler.reset();
1666 return;
1667 }
1668
1669 linked_ptr<ResourceLoader> loader(
1670 new ResourceLoader(request.Pass(), handler.Pass(), this));
1671
1672 GlobalRoutingID id(info->GetGlobalRoutingID());
1673 BlockedLoadersMap::const_iterator iter = blocked_loaders_map_.find(id);
1674 if (iter != blocked_loaders_map_.end()) {
1675 // The request should be blocked.
1676 iter->second->push_back(loader);
1677 return;
1678 }
1679
1680 StartLoading(info, loader);
1681 }
1682
StartLoading(ResourceRequestInfoImpl * info,const linked_ptr<ResourceLoader> & loader)1683 void ResourceDispatcherHostImpl::StartLoading(
1684 ResourceRequestInfoImpl* info,
1685 const linked_ptr<ResourceLoader>& loader) {
1686 pending_loaders_[info->GetGlobalRequestID()] = loader;
1687
1688 loader->StartRequest();
1689 }
1690
OnUserGesture(WebContentsImpl * contents)1691 void ResourceDispatcherHostImpl::OnUserGesture(WebContentsImpl* contents) {
1692 last_user_gesture_time_ = TimeTicks::Now();
1693 }
1694
GetURLRequest(const GlobalRequestID & id)1695 net::URLRequest* ResourceDispatcherHostImpl::GetURLRequest(
1696 const GlobalRequestID& id) {
1697 ResourceLoader* loader = GetLoader(id);
1698 if (!loader)
1699 return NULL;
1700
1701 return loader->request();
1702 }
1703
1704 namespace {
1705
1706 // This function attempts to return the "more interesting" load state of |a|
1707 // and |b|. We don't have temporal information about these load states
1708 // (meaning we don't know when we transitioned into these states), so we just
1709 // rank them according to how "interesting" the states are.
1710 //
1711 // We take advantage of the fact that the load states are an enumeration listed
1712 // in the order in which they occur during the lifetime of a request, so we can
1713 // regard states with larger numeric values as being further along toward
1714 // completion. We regard those states as more interesting to report since they
1715 // represent progress.
1716 //
1717 // For example, by this measure "tranferring data" is a more interesting state
1718 // than "resolving host" because when we are transferring data we are actually
1719 // doing something that corresponds to changes that the user might observe,
1720 // whereas waiting for a host name to resolve implies being stuck.
1721 //
MoreInterestingLoadState(const net::LoadStateWithParam & a,const net::LoadStateWithParam & b)1722 const net::LoadStateWithParam& MoreInterestingLoadState(
1723 const net::LoadStateWithParam& a, const net::LoadStateWithParam& b) {
1724 return (a.state < b.state) ? b : a;
1725 }
1726
1727 // Carries information about a load state change.
1728 struct LoadInfo {
1729 GURL url;
1730 net::LoadStateWithParam load_state;
1731 uint64 upload_position;
1732 uint64 upload_size;
1733 };
1734
1735 // Map from ProcessID+RouteID pair to LoadState
1736 typedef std::map<GlobalRoutingID, LoadInfo> LoadInfoMap;
1737
1738 // Used to marshal calls to LoadStateChanged from the IO to UI threads. We do
1739 // them all as a single callback to avoid spamming the UI thread.
LoadInfoUpdateCallback(const LoadInfoMap & info_map)1740 void LoadInfoUpdateCallback(const LoadInfoMap& info_map) {
1741 LoadInfoMap::const_iterator i;
1742 for (i = info_map.begin(); i != info_map.end(); ++i) {
1743 RenderViewHostImpl* view =
1744 RenderViewHostImpl::FromID(i->first.child_id, i->first.route_id);
1745 if (view) // The view could be gone at this point.
1746 view->LoadStateChanged(i->second.url, i->second.load_state,
1747 i->second.upload_position,
1748 i->second.upload_size);
1749 }
1750 }
1751
1752 } // namespace
1753
UpdateLoadStates()1754 void ResourceDispatcherHostImpl::UpdateLoadStates() {
1755 // Populate this map with load state changes, and then send them on to the UI
1756 // thread where they can be passed along to the respective RVHs.
1757 LoadInfoMap info_map;
1758
1759 LoaderMap::const_iterator i;
1760
1761 // Determine the largest upload size of all requests
1762 // in each View (good chance it's zero).
1763 std::map<GlobalRoutingID, uint64> largest_upload_size;
1764 for (i = pending_loaders_.begin(); i != pending_loaders_.end(); ++i) {
1765 net::URLRequest* request = i->second->request();
1766 ResourceRequestInfoImpl* info = i->second->GetRequestInfo();
1767 uint64 upload_size = request->GetUploadProgress().size();
1768 if (request->GetLoadState().state != net::LOAD_STATE_SENDING_REQUEST)
1769 upload_size = 0;
1770 GlobalRoutingID id(info->GetGlobalRoutingID());
1771 if (upload_size && largest_upload_size[id] < upload_size)
1772 largest_upload_size[id] = upload_size;
1773 }
1774
1775 for (i = pending_loaders_.begin(); i != pending_loaders_.end(); ++i) {
1776 net::URLRequest* request = i->second->request();
1777 ResourceRequestInfoImpl* info = i->second->GetRequestInfo();
1778 net::LoadStateWithParam load_state = request->GetLoadState();
1779 net::UploadProgress progress = request->GetUploadProgress();
1780
1781 // We also poll for upload progress on this timer and send upload
1782 // progress ipc messages to the plugin process.
1783 i->second->ReportUploadProgress();
1784
1785 GlobalRoutingID id(info->GetGlobalRoutingID());
1786
1787 // If a request is uploading data, ignore all other requests so that the
1788 // upload progress takes priority for being shown in the status bar.
1789 if (largest_upload_size.find(id) != largest_upload_size.end() &&
1790 progress.size() < largest_upload_size[id])
1791 continue;
1792
1793 net::LoadStateWithParam to_insert = load_state;
1794 LoadInfoMap::iterator existing = info_map.find(id);
1795 if (existing != info_map.end()) {
1796 to_insert =
1797 MoreInterestingLoadState(existing->second.load_state, load_state);
1798 if (to_insert.state == existing->second.load_state.state)
1799 continue;
1800 }
1801 LoadInfo& load_info = info_map[id];
1802 load_info.url = request->url();
1803 load_info.load_state = to_insert;
1804 load_info.upload_size = progress.size();
1805 load_info.upload_position = progress.position();
1806 }
1807
1808 if (info_map.empty())
1809 return;
1810
1811 BrowserThread::PostTask(
1812 BrowserThread::UI, FROM_HERE,
1813 base::Bind(&LoadInfoUpdateCallback, info_map));
1814 }
1815
BlockRequestsForRoute(int child_id,int route_id)1816 void ResourceDispatcherHostImpl::BlockRequestsForRoute(int child_id,
1817 int route_id) {
1818 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
1819 GlobalRoutingID key(child_id, route_id);
1820 DCHECK(blocked_loaders_map_.find(key) == blocked_loaders_map_.end()) <<
1821 "BlockRequestsForRoute called multiple time for the same RVH";
1822 blocked_loaders_map_[key] = new BlockedLoadersList();
1823 }
1824
ResumeBlockedRequestsForRoute(int child_id,int route_id)1825 void ResourceDispatcherHostImpl::ResumeBlockedRequestsForRoute(int child_id,
1826 int route_id) {
1827 ProcessBlockedRequestsForRoute(child_id, route_id, false);
1828 }
1829
CancelBlockedRequestsForRoute(int child_id,int route_id)1830 void ResourceDispatcherHostImpl::CancelBlockedRequestsForRoute(int child_id,
1831 int route_id) {
1832 ProcessBlockedRequestsForRoute(child_id, route_id, true);
1833 }
1834
ProcessBlockedRequestsForRoute(int child_id,int route_id,bool cancel_requests)1835 void ResourceDispatcherHostImpl::ProcessBlockedRequestsForRoute(
1836 int child_id,
1837 int route_id,
1838 bool cancel_requests) {
1839 BlockedLoadersMap::iterator iter = blocked_loaders_map_.find(
1840 GlobalRoutingID(child_id, route_id));
1841 if (iter == blocked_loaders_map_.end()) {
1842 // It's possible to reach here if the renderer crashed while an interstitial
1843 // page was showing.
1844 return;
1845 }
1846
1847 BlockedLoadersList* loaders = iter->second;
1848
1849 // Removing the vector from the map unblocks any subsequent requests.
1850 blocked_loaders_map_.erase(iter);
1851
1852 for (BlockedLoadersList::iterator loaders_iter = loaders->begin();
1853 loaders_iter != loaders->end(); ++loaders_iter) {
1854 linked_ptr<ResourceLoader> loader = *loaders_iter;
1855 ResourceRequestInfoImpl* info = loader->GetRequestInfo();
1856 if (cancel_requests) {
1857 IncrementOutstandingRequestsMemory(-1, *info);
1858 } else {
1859 StartLoading(info, loader);
1860 }
1861 }
1862
1863 delete loaders;
1864 }
1865
1866 ResourceDispatcherHostImpl::HttpAuthRelationType
HttpAuthRelationTypeOf(const GURL & request_url,const GURL & first_party)1867 ResourceDispatcherHostImpl::HttpAuthRelationTypeOf(
1868 const GURL& request_url,
1869 const GURL& first_party) {
1870 if (!first_party.is_valid())
1871 return HTTP_AUTH_RELATION_TOP;
1872
1873 if (net::registry_controlled_domains::SameDomainOrHost(
1874 first_party, request_url,
1875 net::registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES))
1876 return HTTP_AUTH_RELATION_SAME_DOMAIN;
1877
1878 if (allow_cross_origin_auth_prompt())
1879 return HTTP_AUTH_RELATION_ALLOWED_CROSS;
1880
1881 return HTTP_AUTH_RELATION_BLOCKED_CROSS;
1882 }
1883
allow_cross_origin_auth_prompt()1884 bool ResourceDispatcherHostImpl::allow_cross_origin_auth_prompt() {
1885 return allow_cross_origin_auth_prompt_;
1886 }
1887
IsTransferredNavigation(const GlobalRequestID & id) const1888 bool ResourceDispatcherHostImpl::IsTransferredNavigation(
1889 const GlobalRequestID& id) const {
1890 ResourceLoader* loader = GetLoader(id);
1891 return loader ? loader->is_transferring() : false;
1892 }
1893
GetLoader(const GlobalRequestID & id) const1894 ResourceLoader* ResourceDispatcherHostImpl::GetLoader(
1895 const GlobalRequestID& id) const {
1896 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
1897
1898 LoaderMap::const_iterator i = pending_loaders_.find(id);
1899 if (i == pending_loaders_.end())
1900 return NULL;
1901
1902 return i->second.get();
1903 }
1904
GetLoader(int child_id,int request_id) const1905 ResourceLoader* ResourceDispatcherHostImpl::GetLoader(int child_id,
1906 int request_id) const {
1907 return GetLoader(GlobalRequestID(child_id, request_id));
1908 }
1909
RegisterResourceMessageDelegate(const GlobalRequestID & id,ResourceMessageDelegate * delegate)1910 void ResourceDispatcherHostImpl::RegisterResourceMessageDelegate(
1911 const GlobalRequestID& id, ResourceMessageDelegate* delegate) {
1912 DelegateMap::iterator it = delegate_map_.find(id);
1913 if (it == delegate_map_.end()) {
1914 it = delegate_map_.insert(
1915 std::make_pair(id, new ObserverList<ResourceMessageDelegate>)).first;
1916 }
1917 it->second->AddObserver(delegate);
1918 }
1919
UnregisterResourceMessageDelegate(const GlobalRequestID & id,ResourceMessageDelegate * delegate)1920 void ResourceDispatcherHostImpl::UnregisterResourceMessageDelegate(
1921 const GlobalRequestID& id, ResourceMessageDelegate* delegate) {
1922 DCHECK(ContainsKey(delegate_map_, id));
1923 DelegateMap::iterator it = delegate_map_.find(id);
1924 DCHECK(it->second->HasObserver(delegate));
1925 it->second->RemoveObserver(delegate);
1926 if (!it->second->might_have_observers()) {
1927 delete it->second;
1928 delegate_map_.erase(it);
1929 }
1930 }
1931
BuildLoadFlagsForRequest(const ResourceHostMsg_Request & request_data,int child_id,bool is_sync_load)1932 int ResourceDispatcherHostImpl::BuildLoadFlagsForRequest(
1933 const ResourceHostMsg_Request& request_data,
1934 int child_id,
1935 bool is_sync_load) {
1936 int load_flags = request_data.load_flags;
1937
1938 // Although EV status is irrelevant to sub-frames and sub-resources, we have
1939 // to perform EV certificate verification on all resources because an HTTP
1940 // keep-alive connection created to load a sub-frame or a sub-resource could
1941 // be reused to load a main frame.
1942 load_flags |= net::LOAD_VERIFY_EV_CERT;
1943 if (request_data.resource_type == ResourceType::MAIN_FRAME) {
1944 load_flags |= net::LOAD_MAIN_FRAME;
1945 } else if (request_data.resource_type == ResourceType::SUB_FRAME) {
1946 load_flags |= net::LOAD_SUB_FRAME;
1947 } else if (request_data.resource_type == ResourceType::PREFETCH) {
1948 load_flags |= (net::LOAD_PREFETCH | net::LOAD_DO_NOT_PROMPT_FOR_LOGIN);
1949 } else if (request_data.resource_type == ResourceType::FAVICON) {
1950 load_flags |= net::LOAD_DO_NOT_PROMPT_FOR_LOGIN;
1951 } else if (request_data.resource_type == ResourceType::IMAGE) {
1952 // Prevent third-party image content from prompting for login, as this
1953 // is often a scam to extract credentials for another domain from the user.
1954 // Only block image loads, as the attack applies largely to the "src"
1955 // property of the <img> tag. It is common for web properties to allow
1956 // untrusted values for <img src>; this is considered a fair thing for an
1957 // HTML sanitizer to do. Conversely, any HTML sanitizer that didn't
1958 // filter sources for <script>, <link>, <embed>, <object>, <iframe> tags
1959 // would be considered vulnerable in and of itself.
1960 HttpAuthRelationType relation_type = HttpAuthRelationTypeOf(
1961 request_data.url, request_data.first_party_for_cookies);
1962 if (relation_type == HTTP_AUTH_RELATION_BLOCKED_CROSS) {
1963 load_flags |= (net::LOAD_DO_NOT_USE_EMBEDDED_IDENTITY |
1964 net::LOAD_DO_NOT_PROMPT_FOR_LOGIN);
1965 }
1966 }
1967
1968 if (is_sync_load)
1969 load_flags |= net::LOAD_IGNORE_LIMITS;
1970
1971 ChildProcessSecurityPolicyImpl* policy =
1972 ChildProcessSecurityPolicyImpl::GetInstance();
1973 if (!policy->CanSendCookiesForOrigin(child_id, request_data.url)) {
1974 load_flags |= (net::LOAD_DO_NOT_SEND_COOKIES |
1975 net::LOAD_DO_NOT_SEND_AUTH_DATA |
1976 net::LOAD_DO_NOT_SAVE_COOKIES);
1977 }
1978
1979 // Raw headers are sensitive, as they include Cookie/Set-Cookie, so only
1980 // allow requesting them if requester has ReadRawCookies permission.
1981 if ((load_flags & net::LOAD_REPORT_RAW_HEADERS)
1982 && !policy->CanReadRawCookies(child_id)) {
1983 VLOG(1) << "Denied unauthorized request for raw headers";
1984 load_flags &= ~net::LOAD_REPORT_RAW_HEADERS;
1985 }
1986
1987 return load_flags;
1988 }
1989
1990 } // namespace content
1991