| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef CONTENT_BROWSER_BROWSING_INSTANCE_H_ |
| #define CONTENT_BROWSER_BROWSING_INSTANCE_H_ |
| |
| #include <stddef.h> |
| |
| #include <string> |
| #include <unordered_map> |
| |
| #include "base/gtest_prod_util.h" |
| #include "base/lazy_instance.h" |
| #include "base/logging.h" |
| #include "base/macros.h" |
| #include "base/memory/ref_counted.h" |
| #include "content/browser/isolation_context.h" |
| #include "content/common/content_export.h" |
| #include "content/public/browser/browser_context.h" |
| #include "content/public/browser/render_process_host_observer.h" |
| |
| class GURL; |
| |
| namespace content { |
| class RenderProcessHost; |
| class SiteInstanceImpl; |
| |
| /////////////////////////////////////////////////////////////////////////////// |
| // |
| // BrowsingInstance class |
| // |
| // A browsing instance corresponds to the notion of a "unit of related browsing |
| // contexts" in the HTML 5 spec. Intuitively, it represents a collection of |
| // tabs and frames that can have script connections to each other. In that |
| // sense, it reflects the user interface, and not the contents of the tabs and |
| // frames. |
| // |
| // We further subdivide a BrowsingInstance into SiteInstances, which represent |
| // the documents within each BrowsingInstance that are from the same site and |
| // thus can have script access to each other. Different SiteInstances can |
| // safely run in different processes, because their documents cannot access |
| // each other's contents (due to the same origin policy). |
| // |
| // It is important to only have one SiteInstance per site within a given |
| // BrowsingInstance. This is because any two documents from the same site |
| // might be able to script each other if they are in the same BrowsingInstance. |
| // Thus, they must be rendered in the same process. |
| // |
| // A BrowsingInstance is live as long as any SiteInstance has a reference to |
| // it. A SiteInstance is live as long as any NavigationEntry or RenderViewHost |
| // have references to it. Because both classes are RefCounted, they do not |
| // need to be manually deleted. |
| // |
| // BrowsingInstance has no public members, as it is designed to be |
| // visible only from the SiteInstance class. To get a new |
| // SiteInstance that is part of the same BrowsingInstance, use |
| // SiteInstance::GetRelatedSiteInstance. Because of this, |
| // BrowsingInstances and SiteInstances are tested together in |
| // site_instance_unittest.cc. |
| // |
| // Note that a browsing instance in the browser is independently tracked in |
| // the renderer inside blink::Page::RelatedPages() method (in theory the browser |
| // and renderer should always stay in sync). |
| // |
| /////////////////////////////////////////////////////////////////////////////// |
| class CONTENT_EXPORT BrowsingInstance final |
| : public base::RefCounted<BrowsingInstance>, |
| public RenderProcessHostObserver { |
| private: |
| friend class base::RefCounted<BrowsingInstance>; |
| friend class SiteInstanceImpl; |
| FRIEND_TEST_ALL_PREFIXES(SiteInstanceTest, OneSiteInstancePerSite); |
| FRIEND_TEST_ALL_PREFIXES(SiteInstanceTest, |
| OneSiteInstancePerSiteInBrowserContext); |
| |
| // Return an ID of the next BrowsingInstance to be created. This ID is |
| // guaranteed to be higher than any ID of an existing BrowsingInstance. This |
| // does *not* increment the global counter used for assigning |
| // BrowsingInstance IDs: that happens only in the BrowsingInstance |
| // constructor. |
| static BrowsingInstanceId NextBrowsingInstanceId(); |
| |
| // Create a new BrowsingInstance. |
| explicit BrowsingInstance(BrowserContext* context); |
| |
| ~BrowsingInstance() final; |
| |
| // RenderProcessHostObserver implementation. |
| void RenderProcessHostDestroyed(RenderProcessHost* host) final; |
| |
| // Get the browser context to which this BrowsingInstance belongs. |
| BrowserContext* GetBrowserContext() const; |
| |
| // Get the IsolationContext associated with this BrowsingInstance. This can |
| // be used to track this BrowsingInstance in other areas of the code, along |
| // with any other state needed to make isolation decisions. |
| const IsolationContext& isolation_context() { return isolation_context_; } |
| |
| // Returns whether this BrowsingInstance has registered a SiteInstance for |
| // the site of the given URL. |
| bool HasSiteInstance(const GURL& url); |
| |
| // Get the SiteInstance responsible for rendering the given URL. Should |
| // create a new one if necessary, but should not create more than one |
| // SiteInstance per site. |
| // |
| // |allow_default_instance| should be set to true in cases where the caller |
| // is ok with |url| sharing a process with other sites that do not require |
| // a dedicated process. Note that setting this to true means that the |
| // SiteInstanceImpl you get back may return "http://unisolated.invalid" for |
| // GetSiteURL() and lock_url() calls because the default instance is not |
| // bound to a single site. |
| scoped_refptr<SiteInstanceImpl> GetSiteInstanceForURL( |
| const GURL& url, |
| bool allow_default_instance); |
| |
| // Gets site and lock URLs for |url| that are identical with what these |
| // values would be if we called GetSiteInstanceForURL() with the same |
| // |url| and |allow_default_instance|. This method is used when we need this |
| // information, but do not want to create a SiteInstance yet. |
| void GetSiteAndLockForURL(const GURL& url, |
| bool allow_default_instance, |
| GURL* site_url, |
| GURL* lock_url); |
| |
| // Helper function used by GetSiteInstanceForURL() and GetSiteAndLockForURL() |
| // that returns an existing SiteInstance from |site_instance_map_| or |
| // returns |default_site_instance_| if |allow_default_instance| is true and |
| // other conditions are met. If there is no existing SiteInstance that is |
| // appropriate for |url|, |allow_default_instance| combination, then a nullptr |
| // is returned. |
| // |
| // Note: This method is not intended to be called by code outside this object. |
| scoped_refptr<SiteInstanceImpl> GetSiteInstanceForURLHelper( |
| const GURL& url, |
| bool allow_default_instance); |
| |
| // Adds the given SiteInstance to our map, to ensure that we do not create |
| // another SiteInstance for the same site. |
| void RegisterSiteInstance(SiteInstanceImpl* site_instance); |
| |
| // Removes the given SiteInstance from our map, after all references to it |
| // have been deleted. This means it is safe to create a new SiteInstance |
| // if the user later visits a page from this site, within this |
| // BrowsingInstance. |
| void UnregisterSiteInstance(SiteInstanceImpl* site_instance); |
| |
| // Tracks the number of WebContents currently in this BrowsingInstance. |
| size_t active_contents_count() const { return active_contents_count_; } |
| void increment_active_contents_count() { active_contents_count_++; } |
| void decrement_active_contents_count() { |
| DCHECK_LT(0u, active_contents_count_); |
| active_contents_count_--; |
| } |
| |
| // Stores the process that should be used if a SiteInstance doesn't need |
| // a dedicated process. |
| void SetDefaultProcess(RenderProcessHost* default_process); |
| RenderProcessHost* default_process() const { return default_process_; } |
| |
| bool IsDefaultSiteInstance(const SiteInstanceImpl* site_instance) const; |
| |
| // Map of site to SiteInstance, to ensure we only have one SiteInstance per |
| // site. |
| typedef std::unordered_map<std::string, SiteInstanceImpl*> SiteInstanceMap; |
| |
| // The next available browser-global BrowsingInstance ID. |
| static int next_browsing_instance_id_; |
| |
| // The IsolationContext associated with this BrowsingInstance. This will not |
| // change after the BrowsingInstance is constructed. |
| // |
| // This holds a common BrowserContext to which all SiteInstances in this |
| // BrowsingInstance must belong. |
| const IsolationContext isolation_context_; |
| |
| // Map of site to SiteInstance, to ensure we only have one SiteInstance per |
| // site. The site string should be the possibly_invalid_spec() of a GURL |
| // obtained with SiteInstanceImpl::GetSiteForURL. Note that this map may not |
| // contain every active SiteInstance, because a race exists where two |
| // SiteInstances can be assigned to the same site. This is ok in rare cases. |
| // It also does not contain SiteInstances which have not yet been assigned a |
| // site, such as about:blank. See NavigatorImpl::ShouldAssignSiteForURL. |
| // This map only contains instances that map to a single site. The |
| // |default_site_instance_|, which associates multiple sites with a single |
| // instance, is not contained in this map. |
| SiteInstanceMap site_instance_map_; |
| |
| // Number of WebContentses currently using this BrowsingInstance. |
| size_t active_contents_count_; |
| |
| // The process to use for any SiteInstance in this BrowsingInstance that |
| // doesn't require a dedicated process. |
| RenderProcessHost* default_process_; |
| |
| // SiteInstance to use if a URL does not correspond to an instance in |
| // |site_instance_map_| and it does not require a dedicated process. |
| // This field and |default_process_| are mutually exclusive and this field |
| // should only be set if kProcessSharingWithStrictSiteInstances is not |
| // enabled. |
| scoped_refptr<SiteInstanceImpl> default_site_instance_; |
| |
| DISALLOW_COPY_AND_ASSIGN(BrowsingInstance); |
| }; |
| |
| } // namespace content |
| |
| #endif // CONTENT_BROWSER_BROWSING_INSTANCE_H_ |