Isolated Web Apps are a proposal for “a way of building applications using web standard technologies that will have useful security properties unavailable to normal web pages” (explainer).
Rather than being hosted on live web servers and fetched over HTTPS, these applications are packaged into Web Bundles, signed by their developer, and distributed to end-users through one or more distribution methods.
isolated-app:
SchemeIsolated Web Apps are served from an isolated-app:
(chrome::kIsolatedAppScheme
) scheme. This explainer provides more details. The scheme is registered in ChromeContentClient
.
The hostname of a URL with the isolated-app:
scheme must be a valid Web Bundle ID, which is also detailed in the explainer above.
This section provides a brief overview of the classes involved in serving content from an Isolated Web App:
IsolatedWebAppURLLoaderFactory
retrieves a request with the isolated-app:
scheme.IsolatedWebAppURLLoader
to handle the request.IsolatedWebAppURLLoader
passes the request on to the IsolatedWebAppReaderRegistry::ReadResponse
method.ReadResponse
depends on whether an instance of SignedWebBundleReader
for the given Signed Web Bundle has already been cached.SignedWebBundleReader
is cached, then that reader is used to read the response from the Signed Web Bundle and the response is sent back to the loader. This is very fast, since the reader has a map of URLs to offsets into the Signed Web Bundle.SignedWebBundleReader
is not cached, however, the process continues and a new reader is created.IsolatedWebAppValidator::ValidateIntegrityBlock
. This includes a check on whether the browser trusts the public key(s) used to sign the Web Bundle. TODO(crbug.com/1365852): Not yet implemented.web_package::SignedWebBundleSignatureVerifier
.IsolatedWebAppValidator::ValidateMetadata
. This includes a check that validates that URLs contained in the Signed Web Bundle use the isolated-app:
scheme, and more.SignedWebBundleReader
is added to the cache and the response for the given request is read from it.Isolated Web Apps use Signed Web Bundles as their container format. Currently, Isolated Web Apps are the only use case for Signed Web Bundles. In the future, other use cases inside Chrome may come up. In preparation for additional use cases outside of Isolated Web Apps, we strive to maintain a split between the generic code for Signed Web Bundles, and the code for Isolated Web Apps built on top of it:
//components/web_package
and //services/data_decoder
.//chrome/browser/web_applications/isolated_web_apps
, but there are also other bits and pieces throughout //content
.web_app::SignedWebBundleReader
The web_package::WebBundleParser
can not be directly used from the browser process in //chrome/browser/web_applications/isolated_web_apps
due to the rule of 2 (it is implemented in an unsafe language, C++, and handles untrustworthy input). Therefore, the Isolated Web App code in //chrome/browser/web_applications/isolated_web_apps
must use data_decoder::SafeWebBundleParser
from //services/data_decoder
to run the parser in a separate data decoder process.
web_app::SignedWebBundleReader
wraps data_decoder::SafeWebBundleParser
, and adds support for automatic reconnection in case it disconnects while parsing responses. The SafeWebBundleParser
might disconnect, for example, if one of the other DataDecoder
s that run on the same utility process crashes, or when the utility process is terminated for other reasons, like Android's OOM killer.
The following graphic illustrates the relationship between the aforementioned classes:
The SignedWebBundleReader
is supposed to be a generic reader for Signed Web Bundles, unrelated to Isolated Web Apps. As such, it does not know anything about Isolated Web Apps or the isolated-app:
scheme. The more specific requirements for Signed Web Bundles when used as Isolated Web Apps are checked as part of the IsolatedWebAppValidator
, IsolatedWebAppReaderRegistry
, and IsolatedWebAppURLLoader
. For example, the IsolatedWebAppValidator
checks that the URLs contained in the Signed Web Bundle do not have query parameters or fragments.