1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.h"
6
7 #include <string>
8 #include <vector>
9
10 #include "base/base64.h"
11 #include "base/guid.h"
12 #include "base/logging.h"
13 #include "chrome/browser/browser_process.h"
14 #include "chrome/browser/chrome_notification_types.h"
15 #include "chrome/browser/component_updater/component_updater_service.h"
16 #include "chrome/browser/component_updater/pnacl/pnacl_component_installer.h"
17 #include "chrome/browser/content_settings/host_content_settings_map.h"
18 #include "chrome/browser/download/download_request_limiter.h"
19 #include "chrome/browser/download/download_resource_throttle.h"
20 #include "chrome/browser/extensions/api/streams_private/streams_private_api.h"
21 #include "chrome/browser/extensions/extension_renderer_state.h"
22 #include "chrome/browser/extensions/user_script_listener.h"
23 #include "chrome/browser/metrics/variations/variations_http_header_provider.h"
24 #include "chrome/browser/prefetch/prefetch.h"
25 #include "chrome/browser/prerender/prerender_manager.h"
26 #include "chrome/browser/prerender/prerender_manager_factory.h"
27 #include "chrome/browser/prerender/prerender_pending_swap_throttle.h"
28 #include "chrome/browser/prerender/prerender_resource_throttle.h"
29 #include "chrome/browser/prerender/prerender_tracker.h"
30 #include "chrome/browser/prerender/prerender_util.h"
31 #include "chrome/browser/profiles/profile.h"
32 #include "chrome/browser/profiles/profile_io_data.h"
33 #include "chrome/browser/renderer_host/safe_browsing_resource_throttle_factory.h"
34 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
35 #include "chrome/browser/signin/signin_header_helper.h"
36 #include "chrome/browser/tab_contents/tab_util.h"
37 #include "chrome/browser/ui/login/login_prompt.h"
38 #include "chrome/browser/ui/sync/one_click_signin_helper.h"
39 #include "chrome/common/extensions/extension_constants.h"
40 #include "chrome/common/extensions/manifest_handlers/mime_types_handler.h"
41 #include "chrome/common/render_messages.h"
42 #include "chrome/common/url_constants.h"
43 #include "components/google/core/browser/google_util.h"
44 #include "content/public/browser/browser_thread.h"
45 #include "content/public/browser/notification_service.h"
46 #include "content/public/browser/render_process_host.h"
47 #include "content/public/browser/render_view_host.h"
48 #include "content/public/browser/resource_context.h"
49 #include "content/public/browser/resource_dispatcher_host.h"
50 #include "content/public/browser/resource_request_info.h"
51 #include "content/public/browser/stream_handle.h"
52 #include "content/public/browser/web_contents.h"
53 #include "content/public/common/resource_response.h"
54 #include "extensions/browser/info_map.h"
55 #include "extensions/common/constants.h"
56 #include "extensions/common/user_script.h"
57 #include "net/base/load_flags.h"
58 #include "net/base/load_timing_info.h"
59 #include "net/base/request_priority.h"
60 #include "net/http/http_response_headers.h"
61 #include "net/url_request/url_request.h"
62
63 #if defined(ENABLE_CONFIGURATION_POLICY)
64 #include "components/policy/core/common/cloud/policy_header_io_helper.h"
65 #endif
66
67 #if defined(ENABLE_MANAGED_USERS)
68 #include "chrome/browser/supervised_user/supervised_user_resource_throttle.h"
69 #endif
70
71 #if defined(USE_SYSTEM_PROTOBUF)
72 #include <google/protobuf/repeated_field.h>
73 #else
74 #include "third_party/protobuf/src/google/protobuf/repeated_field.h"
75 #endif
76
77 #if defined(OS_ANDROID)
78 #include "chrome/browser/android/intercept_download_resource_throttle.h"
79 #include "chrome/browser/ui/android/infobars/auto_login_prompter.h"
80 #include "components/navigation_interception/intercept_navigation_delegate.h"
81 #else
82 #include "chrome/browser/apps/app_url_redirector.h"
83 #include "chrome/browser/apps/ephemeral_app_throttle.h"
84 #endif
85
86 #if defined(OS_CHROMEOS)
87 #include "chrome/browser/chromeos/login/signin/merge_session_throttle.h"
88 // TODO(oshima): Enable this for other platforms.
89 #include "chrome/browser/renderer_host/offline_resource_throttle.h"
90 #endif
91
92 using content::BrowserThread;
93 using content::RenderViewHost;
94 using content::ResourceDispatcherHostLoginDelegate;
95 using content::ResourceRequestInfo;
96 using extensions::Extension;
97 using extensions::StreamsPrivateAPI;
98
99 #if defined(OS_ANDROID)
100 using navigation_interception::InterceptNavigationDelegate;
101 #endif
102
103 namespace {
104
105 ExternalProtocolHandler::Delegate* g_external_protocol_handler_delegate = NULL;
106
NotifyDownloadInitiatedOnUI(int render_process_id,int render_view_id)107 void NotifyDownloadInitiatedOnUI(int render_process_id, int render_view_id) {
108 RenderViewHost* rvh = RenderViewHost::FromID(render_process_id,
109 render_view_id);
110 if (!rvh)
111 return;
112
113 content::NotificationService::current()->Notify(
114 chrome::NOTIFICATION_DOWNLOAD_INITIATED,
115 content::Source<RenderViewHost>(rvh),
116 content::NotificationService::NoDetails());
117 }
118
GetPrerenderManager(int render_process_id,int render_view_id)119 prerender::PrerenderManager* GetPrerenderManager(int render_process_id,
120 int render_view_id) {
121 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
122
123 content::WebContents* web_contents =
124 tab_util::GetWebContentsByID(render_process_id, render_view_id);
125 if (!web_contents)
126 return NULL;
127
128 content::BrowserContext* browser_context = web_contents->GetBrowserContext();
129 if (!browser_context)
130 return NULL;
131
132 Profile* profile = Profile::FromBrowserContext(browser_context);
133 if (!profile)
134 return NULL;
135
136 return prerender::PrerenderManagerFactory::GetForProfile(profile);
137 }
138
UpdatePrerenderNetworkBytesCallback(int render_process_id,int render_view_id,int64 bytes)139 void UpdatePrerenderNetworkBytesCallback(int render_process_id,
140 int render_view_id,
141 int64 bytes) {
142 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
143
144 content::WebContents* web_contents =
145 tab_util::GetWebContentsByID(render_process_id, render_view_id);
146 // PrerenderContents::FromWebContents handles the NULL case.
147 prerender::PrerenderContents* prerender_contents =
148 prerender::PrerenderContents::FromWebContents(web_contents);
149
150 if (prerender_contents)
151 prerender_contents->AddNetworkBytes(bytes);
152
153 prerender::PrerenderManager* prerender_manager =
154 GetPrerenderManager(render_process_id, render_view_id);
155 if (prerender_manager)
156 prerender_manager->AddProfileNetworkBytesIfEnabled(bytes);
157 }
158
159 #if !defined(OS_ANDROID)
SendExecuteMimeTypeHandlerEvent(scoped_ptr<content::StreamHandle> stream,int64 expected_content_size,int render_process_id,int render_view_id,const std::string & extension_id,const std::string & view_id)160 void SendExecuteMimeTypeHandlerEvent(scoped_ptr<content::StreamHandle> stream,
161 int64 expected_content_size,
162 int render_process_id,
163 int render_view_id,
164 const std::string& extension_id,
165 const std::string& view_id) {
166 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
167
168 content::WebContents* web_contents =
169 tab_util::GetWebContentsByID(render_process_id, render_view_id);
170 if (!web_contents)
171 return;
172
173 // If the request was for a prerender, abort the prerender and do not
174 // continue.
175 prerender::PrerenderContents* prerender_contents =
176 prerender::PrerenderContents::FromWebContents(web_contents);
177 if (prerender_contents) {
178 prerender_contents->Destroy(prerender::FINAL_STATUS_DOWNLOAD);
179 return;
180 }
181
182 Profile* profile =
183 Profile::FromBrowserContext(web_contents->GetBrowserContext());
184
185 StreamsPrivateAPI* streams_private = StreamsPrivateAPI::Get(profile);
186 if (!streams_private)
187 return;
188 streams_private->ExecuteMimeTypeHandler(
189 extension_id, web_contents, stream.Pass(), view_id,
190 expected_content_size);
191 }
192
LaunchURL(const GURL & url,int render_process_id,int render_view_id)193 void LaunchURL(const GURL& url, int render_process_id, int render_view_id) {
194 // If there is no longer a WebContents, the request may have raced with tab
195 // closing. Don't fire the external request. (It may have been a prerender.)
196 content::WebContents* web_contents =
197 tab_util::GetWebContentsByID(render_process_id, render_view_id);
198 if (!web_contents)
199 return;
200
201 // Do not launch external requests attached to unswapped prerenders.
202 prerender::PrerenderContents* prerender_contents =
203 prerender::PrerenderContents::FromWebContents(web_contents);
204 if (prerender_contents) {
205 prerender_contents->Destroy(prerender::FINAL_STATUS_UNSUPPORTED_SCHEME);
206 prerender::ReportPrerenderExternalURL();
207 return;
208 }
209
210 ExternalProtocolHandler::LaunchUrlWithDelegate(
211 url,
212 render_process_id,
213 render_view_id,
214 g_external_protocol_handler_delegate);
215 }
216 #endif // !defined(OS_ANDROID)
217
AppendComponentUpdaterThrottles(net::URLRequest * request,content::ResourceContext * resource_context,ResourceType::Type resource_type,ScopedVector<content::ResourceThrottle> * throttles)218 void AppendComponentUpdaterThrottles(
219 net::URLRequest* request,
220 content::ResourceContext* resource_context,
221 ResourceType::Type resource_type,
222 ScopedVector<content::ResourceThrottle>* throttles) {
223 const char* crx_id = NULL;
224 component_updater::ComponentUpdateService* cus =
225 g_browser_process->component_updater();
226 if (!cus)
227 return;
228 // Check for PNaCl pexe request.
229 if (resource_type == ResourceType::OBJECT) {
230 const net::HttpRequestHeaders& headers = request->extra_request_headers();
231 std::string accept_headers;
232 if (headers.GetHeader("Accept", &accept_headers)) {
233 if (accept_headers.find("application/x-pnacl") != std::string::npos &&
234 pnacl::NeedsOnDemandUpdate())
235 crx_id = "hnimpnehoodheedghdeeijklkeaacbdc";
236 }
237 }
238
239 if (crx_id) {
240 // We got a component we need to install, so throttle the resource
241 // until the component is installed.
242 throttles->push_back(
243 cus->GetOnDemandUpdater().GetOnDemandResourceThrottle(request, crx_id));
244 }
245 }
246
247 } // end namespace
248
ChromeResourceDispatcherHostDelegate(prerender::PrerenderTracker * prerender_tracker)249 ChromeResourceDispatcherHostDelegate::ChromeResourceDispatcherHostDelegate(
250 prerender::PrerenderTracker* prerender_tracker)
251 : download_request_limiter_(g_browser_process->download_request_limiter()),
252 safe_browsing_(g_browser_process->safe_browsing_service()),
253 user_script_listener_(new extensions::UserScriptListener()),
254 prerender_tracker_(prerender_tracker) {
255 }
256
~ChromeResourceDispatcherHostDelegate()257 ChromeResourceDispatcherHostDelegate::~ChromeResourceDispatcherHostDelegate() {
258 CHECK(stream_target_info_.empty());
259 }
260
ShouldBeginRequest(int child_id,int route_id,const std::string & method,const GURL & url,ResourceType::Type resource_type,content::ResourceContext * resource_context)261 bool ChromeResourceDispatcherHostDelegate::ShouldBeginRequest(
262 int child_id,
263 int route_id,
264 const std::string& method,
265 const GURL& url,
266 ResourceType::Type resource_type,
267 content::ResourceContext* resource_context) {
268 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
269
270 // Handle a PREFETCH resource type. If prefetch is disabled, squelch the
271 // request. Otherwise, do a normal request to warm the cache.
272 if (resource_type == ResourceType::PREFETCH) {
273 // All PREFETCH requests should be GETs, but be defensive about it.
274 if (method != "GET")
275 return false;
276
277 // If prefetch is disabled, kill the request.
278 if (!prefetch::IsPrefetchEnabled(resource_context))
279 return false;
280 }
281
282 return true;
283 }
284
RequestBeginning(net::URLRequest * request,content::ResourceContext * resource_context,appcache::AppCacheService * appcache_service,ResourceType::Type resource_type,int child_id,int route_id,ScopedVector<content::ResourceThrottle> * throttles)285 void ChromeResourceDispatcherHostDelegate::RequestBeginning(
286 net::URLRequest* request,
287 content::ResourceContext* resource_context,
288 appcache::AppCacheService* appcache_service,
289 ResourceType::Type resource_type,
290 int child_id,
291 int route_id,
292 ScopedVector<content::ResourceThrottle>* throttles) {
293 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request);
294 bool is_prerendering =
295 info->GetVisibilityState() == blink::WebPageVisibilityStatePrerender;
296 if (is_prerendering) {
297 // Requests with the IGNORE_LIMITS flag set (i.e., sync XHRs)
298 // should remain at MAXIMUM_PRIORITY.
299 if (request->load_flags() & net::LOAD_IGNORE_LIMITS) {
300 DCHECK_EQ(request->priority(), net::MAXIMUM_PRIORITY);
301 } else {
302 request->SetPriority(net::IDLE);
303 }
304 }
305
306 ProfileIOData* io_data = ProfileIOData::FromResourceContext(
307 resource_context);
308
309 #if defined(OS_ANDROID)
310 // TODO(davidben): This is insufficient to integrate with prerender properly.
311 // https://crbug.com/370595
312 if (resource_type == ResourceType::MAIN_FRAME && !is_prerendering) {
313 throttles->push_back(
314 InterceptNavigationDelegate::CreateThrottleFor(request));
315 }
316 #else
317 if (resource_type == ResourceType::MAIN_FRAME) {
318 // Redirect some navigations to apps that have registered matching URL
319 // handlers ('url_handlers' in the manifest).
320 content::ResourceThrottle* url_to_app_throttle =
321 AppUrlRedirector::MaybeCreateThrottleFor(request, io_data);
322 if (url_to_app_throttle)
323 throttles->push_back(url_to_app_throttle);
324
325 if (!is_prerendering) {
326 // Experimental: Launch ephemeral apps from search results.
327 content::ResourceThrottle* ephemeral_app_throttle =
328 EphemeralAppThrottle::MaybeCreateThrottleForLaunch(
329 request, io_data);
330 if (ephemeral_app_throttle)
331 throttles->push_back(ephemeral_app_throttle);
332 }
333 }
334 #endif
335
336 #if defined(OS_CHROMEOS)
337 // Check if we need to add offline throttle. This should be done only
338 // for main frames.
339 if (resource_type == ResourceType::MAIN_FRAME) {
340 // We check offline first, then check safe browsing so that we still can
341 // block unsafe site after we remove offline page.
342 throttles->push_back(new OfflineResourceThrottle(request,
343 appcache_service));
344 }
345
346 // Check if we need to add merge session throttle. This throttle will postpone
347 // loading of main frames and XHR request.
348 if (resource_type == ResourceType::MAIN_FRAME ||
349 resource_type == ResourceType::XHR) {
350 // Add interstitial page while merge session process (cookie
351 // reconstruction from OAuth2 refresh token in ChromeOS login) is still in
352 // progress while we are attempting to load a google property.
353 if (!MergeSessionThrottle::AreAllSessionMergedAlready() &&
354 request->url().SchemeIsHTTPOrHTTPS()) {
355 throttles->push_back(new MergeSessionThrottle(request, resource_type));
356 }
357 }
358 #endif
359
360 // Don't attempt to append headers to requests that have already started.
361 // TODO(stevet): Remove this once the request ordering issues are resolved
362 // in crbug.com/128048.
363 if (!request->is_pending()) {
364 net::HttpRequestHeaders headers;
365 headers.CopyFrom(request->extra_request_headers());
366 bool is_off_the_record = io_data->IsOffTheRecord();
367 chrome_variations::VariationsHttpHeaderProvider::GetInstance()->
368 AppendHeaders(request->url(),
369 is_off_the_record,
370 !is_off_the_record &&
371 io_data->GetMetricsEnabledStateOnIOThread(),
372 &headers);
373 request->SetExtraRequestHeaders(headers);
374 }
375
376 #if defined(ENABLE_ONE_CLICK_SIGNIN)
377 AppendChromeSyncGaiaHeader(request, resource_context);
378 #endif
379
380 #if defined(ENABLE_CONFIGURATION_POLICY)
381 if (io_data->policy_header_helper())
382 io_data->policy_header_helper()->AddPolicyHeaders(request->url(), request);
383 #endif
384
385 signin::AppendMirrorRequestHeaderIfPossible(
386 request, GURL() /* redirect_url */,
387 io_data, info->GetChildID(), info->GetRouteID());
388
389 AppendStandardResourceThrottles(request,
390 resource_context,
391 resource_type,
392 throttles);
393 if (!is_prerendering) {
394 AppendComponentUpdaterThrottles(request,
395 resource_context,
396 resource_type,
397 throttles);
398 }
399 }
400
DownloadStarting(net::URLRequest * request,content::ResourceContext * resource_context,int child_id,int route_id,int request_id,bool is_content_initiated,bool must_download,ScopedVector<content::ResourceThrottle> * throttles)401 void ChromeResourceDispatcherHostDelegate::DownloadStarting(
402 net::URLRequest* request,
403 content::ResourceContext* resource_context,
404 int child_id,
405 int route_id,
406 int request_id,
407 bool is_content_initiated,
408 bool must_download,
409 ScopedVector<content::ResourceThrottle>* throttles) {
410 BrowserThread::PostTask(
411 BrowserThread::UI, FROM_HERE,
412 base::Bind(&NotifyDownloadInitiatedOnUI, child_id, route_id));
413
414 // If it's from the web, we don't trust it, so we push the throttle on.
415 if (is_content_initiated) {
416 throttles->push_back(
417 new DownloadResourceThrottle(download_request_limiter_.get(),
418 child_id,
419 route_id,
420 request->url(),
421 request->method()));
422 #if defined(OS_ANDROID)
423 throttles->push_back(
424 new chrome::InterceptDownloadResourceThrottle(
425 request, child_id, route_id, request_id));
426 #endif
427 }
428
429 // If this isn't a new request, we've seen this before and added the standard
430 // resource throttles already so no need to add it again.
431 if (!request->is_pending()) {
432 AppendStandardResourceThrottles(request,
433 resource_context,
434 ResourceType::MAIN_FRAME,
435 throttles);
436 }
437 }
438
439 ResourceDispatcherHostLoginDelegate*
CreateLoginDelegate(net::AuthChallengeInfo * auth_info,net::URLRequest * request)440 ChromeResourceDispatcherHostDelegate::CreateLoginDelegate(
441 net::AuthChallengeInfo* auth_info, net::URLRequest* request) {
442 return CreateLoginPrompt(auth_info, request);
443 }
444
HandleExternalProtocol(const GURL & url,int child_id,int route_id)445 bool ChromeResourceDispatcherHostDelegate::HandleExternalProtocol(
446 const GURL& url,
447 int child_id,
448 int route_id) {
449 #if defined(OS_ANDROID)
450 // Android use a resource throttle to handle external as well as internal
451 // protocols.
452 return false;
453 #else
454
455 ExtensionRendererState::WebViewInfo info;
456 if (ExtensionRendererState::GetInstance()->GetWebViewInfo(child_id,
457 route_id,
458 &info)) {
459 return false;
460 }
461
462 BrowserThread::PostTask(BrowserThread::UI,
463 FROM_HERE,
464 base::Bind(&LaunchURL, url, child_id, route_id));
465 return true;
466 #endif
467 }
468
AppendStandardResourceThrottles(net::URLRequest * request,content::ResourceContext * resource_context,ResourceType::Type resource_type,ScopedVector<content::ResourceThrottle> * throttles)469 void ChromeResourceDispatcherHostDelegate::AppendStandardResourceThrottles(
470 net::URLRequest* request,
471 content::ResourceContext* resource_context,
472 ResourceType::Type resource_type,
473 ScopedVector<content::ResourceThrottle>* throttles) {
474 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context);
475 #if defined(FULL_SAFE_BROWSING) || defined(MOBILE_SAFE_BROWSING)
476 // Insert safe browsing at the front of the list, so it gets to decide on
477 // policies first.
478 if (io_data->safe_browsing_enabled()->GetValue()
479 #if defined(OS_ANDROID)
480 || io_data->data_reduction_proxy_enabled()->GetValue()
481 #endif
482 ) {
483 bool is_subresource_request = resource_type != ResourceType::MAIN_FRAME;
484 content::ResourceThrottle* throttle =
485 SafeBrowsingResourceThrottleFactory::Create(request,
486 resource_context,
487 is_subresource_request,
488 safe_browsing_.get());
489 if (throttle)
490 throttles->push_back(throttle);
491 }
492 #endif
493
494 #if defined(ENABLE_MANAGED_USERS)
495 bool is_subresource_request = resource_type != ResourceType::MAIN_FRAME;
496 throttles->push_back(new SupervisedUserResourceThrottle(
497 request, !is_subresource_request,
498 io_data->supervised_user_url_filter()));
499 #endif
500
501 content::ResourceThrottle* throttle =
502 user_script_listener_->CreateResourceThrottle(request->url(),
503 resource_type);
504 if (throttle)
505 throttles->push_back(throttle);
506
507 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request);
508 if (info->GetVisibilityState() == blink::WebPageVisibilityStatePrerender) {
509 throttles->push_back(new prerender::PrerenderResourceThrottle(request));
510 }
511 if (prerender_tracker_->IsPendingSwapRequestOnIOThread(
512 info->GetChildID(), info->GetRenderFrameID(), request->url())) {
513 throttles->push_back(new prerender::PrerenderPendingSwapThrottle(
514 request, prerender_tracker_));
515 }
516 }
517
518 #if defined(ENABLE_ONE_CLICK_SIGNIN)
AppendChromeSyncGaiaHeader(net::URLRequest * request,content::ResourceContext * resource_context)519 void ChromeResourceDispatcherHostDelegate::AppendChromeSyncGaiaHeader(
520 net::URLRequest* request,
521 content::ResourceContext* resource_context) {
522 static const char kAllowChromeSignIn[] = "Allow-Chrome-SignIn";
523
524 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context);
525 OneClickSigninHelper::Offer offer =
526 OneClickSigninHelper::CanOfferOnIOThread(request, io_data);
527 switch (offer) {
528 case OneClickSigninHelper::CAN_OFFER:
529 request->SetExtraRequestHeaderByName(kAllowChromeSignIn, "1", false);
530 break;
531 case OneClickSigninHelper::DONT_OFFER:
532 request->RemoveRequestHeaderByName(kAllowChromeSignIn);
533 break;
534 case OneClickSigninHelper::IGNORE_REQUEST:
535 break;
536 }
537 }
538 #endif
539
ShouldForceDownloadResource(const GURL & url,const std::string & mime_type)540 bool ChromeResourceDispatcherHostDelegate::ShouldForceDownloadResource(
541 const GURL& url, const std::string& mime_type) {
542 // Special-case user scripts to get downloaded instead of viewed.
543 return extensions::UserScript::IsURLUserScript(url, mime_type);
544 }
545
ShouldInterceptResourceAsStream(net::URLRequest * request,const std::string & mime_type,GURL * origin,std::string * payload)546 bool ChromeResourceDispatcherHostDelegate::ShouldInterceptResourceAsStream(
547 net::URLRequest* request,
548 const std::string& mime_type,
549 GURL* origin,
550 std::string* payload) {
551 #if !defined(OS_ANDROID)
552 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request);
553 ProfileIOData* io_data =
554 ProfileIOData::FromResourceContext(info->GetContext());
555 bool profile_is_off_the_record = io_data->IsOffTheRecord();
556 const scoped_refptr<const extensions::InfoMap> extension_info_map(
557 io_data->GetExtensionInfoMap());
558 std::vector<std::string> whitelist = MimeTypesHandler::GetMIMETypeWhitelist();
559 // Go through the white-listed extensions and try to use them to intercept
560 // the URL request.
561 for (size_t i = 0; i < whitelist.size(); ++i) {
562 const char* extension_id = whitelist[i].c_str();
563 const Extension* extension =
564 extension_info_map->extensions().GetByID(extension_id);
565 // The white-listed extension may not be installed, so we have to NULL check
566 // |extension|.
567 if (!extension ||
568 (profile_is_off_the_record &&
569 !extension_info_map->IsIncognitoEnabled(extension_id))) {
570 continue;
571 }
572
573 MimeTypesHandler* handler = MimeTypesHandler::GetHandler(extension);
574 if (handler && handler->CanHandleMIMEType(mime_type)) {
575 StreamTargetInfo target_info;
576 *origin = Extension::GetBaseURLFromExtensionId(extension_id);
577 target_info.extension_id = extension_id;
578 if (!handler->handler_url().empty()) {
579 target_info.view_id = base::GenerateGUID();
580 *payload = origin->spec() + handler->handler_url() +
581 "?id=" + target_info.view_id;
582 }
583 stream_target_info_[request] = target_info;
584 return true;
585 }
586 }
587 #endif
588 return false;
589 }
590
OnStreamCreated(net::URLRequest * request,scoped_ptr<content::StreamHandle> stream)591 void ChromeResourceDispatcherHostDelegate::OnStreamCreated(
592 net::URLRequest* request,
593 scoped_ptr<content::StreamHandle> stream) {
594 #if !defined(OS_ANDROID)
595 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request);
596 std::map<net::URLRequest*, StreamTargetInfo>::iterator ix =
597 stream_target_info_.find(request);
598 CHECK(ix != stream_target_info_.end());
599 content::BrowserThread::PostTask(
600 content::BrowserThread::UI, FROM_HERE,
601 base::Bind(&SendExecuteMimeTypeHandlerEvent, base::Passed(&stream),
602 request->GetExpectedContentSize(),
603 info->GetChildID(), info->GetRouteID(),
604 ix->second.extension_id, ix->second.view_id));
605 stream_target_info_.erase(request);
606 #endif
607 }
608
OnResponseStarted(net::URLRequest * request,content::ResourceContext * resource_context,content::ResourceResponse * response,IPC::Sender * sender)609 void ChromeResourceDispatcherHostDelegate::OnResponseStarted(
610 net::URLRequest* request,
611 content::ResourceContext* resource_context,
612 content::ResourceResponse* response,
613 IPC::Sender* sender) {
614 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request);
615
616 #if defined(OS_ANDROID)
617 // See if the response contains the X-Auto-Login header. If so, this was
618 // a request for a login page, and the server is allowing the browser to
619 // suggest auto-login, if available.
620 AutoLoginPrompter::ShowInfoBarIfPossible(request, info->GetChildID(),
621 info->GetRouteID());
622 #endif
623
624 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context);
625
626 #if defined(ENABLE_ONE_CLICK_SIGNIN)
627 // See if the response contains the Google-Accounts-SignIn header. If so,
628 // then the user has just finished signing in, and the server is allowing the
629 // browser to suggest connecting the user's profile to the account.
630 OneClickSigninHelper::ShowInfoBarIfPossible(request, io_data,
631 info->GetChildID(),
632 info->GetRouteID());
633 #endif
634
635 // See if the response contains the X-Chrome-Manage-Accounts header. If so
636 // show the profile avatar bubble so that user can complete signin/out action
637 // the native UI.
638 signin::ProcessMirrorResponseHeaderIfExists(request, io_data,
639 info->GetChildID(),
640 info->GetRouteID());
641
642 // Build in additional protection for the chrome web store origin.
643 GURL webstore_url(extension_urls::GetWebstoreLaunchURL());
644 if (request->url().DomainIs(webstore_url.host().c_str())) {
645 net::HttpResponseHeaders* response_headers = request->response_headers();
646 if (!response_headers->HasHeaderValue("x-frame-options", "deny") &&
647 !response_headers->HasHeaderValue("x-frame-options", "sameorigin")) {
648 response_headers->RemoveHeader("x-frame-options");
649 response_headers->AddHeader("x-frame-options: sameorigin");
650 }
651 }
652
653 // Ignores x-frame-options for the chrome signin UI.
654 const std::string request_spec(
655 request->first_party_for_cookies().GetOrigin().spec());
656 #if defined(OS_CHROMEOS)
657 if (request_spec == chrome::kChromeUIOobeURL ||
658 request_spec == chrome::kChromeUIChromeSigninURL) {
659 #else
660 if (request_spec == chrome::kChromeUIChromeSigninURL) {
661 #endif
662 net::HttpResponseHeaders* response_headers = request->response_headers();
663 if (response_headers && response_headers->HasHeader("x-frame-options"))
664 response_headers->RemoveHeader("x-frame-options");
665 }
666
667 prerender::URLRequestResponseStarted(request);
668 }
669
670 void ChromeResourceDispatcherHostDelegate::OnRequestRedirected(
671 const GURL& redirect_url,
672 net::URLRequest* request,
673 content::ResourceContext* resource_context,
674 content::ResourceResponse* response) {
675 ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context);
676 const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request);
677
678 #if defined(ENABLE_ONE_CLICK_SIGNIN)
679 // See if the response contains the Google-Accounts-SignIn header. If so,
680 // then the user has just finished signing in, and the server is allowing the
681 // browser to suggest connecting the user's profile to the account.
682 OneClickSigninHelper::ShowInfoBarIfPossible(request, io_data,
683 info->GetChildID(),
684 info->GetRouteID());
685 AppendChromeSyncGaiaHeader(request, resource_context);
686 #endif
687
688 // In the Mirror world, Chrome should append a X-Chrome-Connected header to
689 // all Gaia requests from a connected profile so Gaia could return a 204
690 // response and let Chrome handle the action with native UI. The only
691 // exception is requests from gaia webview, since the native profile
692 // management UI is built on top of it.
693 signin::AppendMirrorRequestHeaderIfPossible(request, redirect_url, io_data,
694 info->GetChildID(), info->GetRouteID());
695
696 #if defined(ENABLE_CONFIGURATION_POLICY)
697 if (io_data->policy_header_helper())
698 io_data->policy_header_helper()->AddPolicyHeaders(redirect_url, request);
699 #endif
700 }
701
702 // Notification that a request has completed.
703 void ChromeResourceDispatcherHostDelegate::RequestComplete(
704 net::URLRequest* url_request) {
705 // Jump on the UI thread and inform the prerender about the bytes.
706 const ResourceRequestInfo* info =
707 ResourceRequestInfo::ForRequest(url_request);
708 if (url_request && !url_request->was_cached()) {
709 BrowserThread::PostTask(BrowserThread::UI,
710 FROM_HERE,
711 base::Bind(&UpdatePrerenderNetworkBytesCallback,
712 info->GetChildID(),
713 info->GetRouteID(),
714 url_request->GetTotalReceivedBytes()));
715 }
716 }
717
718 // static
719 void ChromeResourceDispatcherHostDelegate::
720 SetExternalProtocolHandlerDelegateForTesting(
721 ExternalProtocolHandler::Delegate* delegate) {
722 g_external_protocol_handler_delegate = delegate;
723 }
724