extensions/browser/url_loader_factory_manager.h - chromium/src - Git at Google

 // Copyright 2018 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef EXTENSIONS_BROWSER_URL_LOADER_FACTORY_MANAGER_H_
 #define EXTENSIONS_BROWSER_URL_LOADER_FACTORY_MANAGER_H_

 #include "base/macros.h"
 #include "base/no_destructor.h"
 #include "base/types/pass_key.h"
 #include "content/public/browser/navigation_handle.h"
 #include "extensions/common/extension.h"
 #include "mojo/public/cpp/bindings/pending_remote.h"
 #include "services/network/public/mojom/network_context.mojom.h"
 #include "url/gurl.h"

 namespace content {
 class BrowserContext;
 class RenderFrameHost;
 }  // namespace content

 namespace url {
 class Origin;
 }  // namespace url

 namespace extensions {

 class ContentScriptTracker;

 // This class manages URLLoaderFactory objects that handle network requests that
 // require extension-specific permissions (related to relaxed CORB and CORS).
 //
 // See also https://crbug.com/846346 for motivation for having separate
 // URLLoaderFactory objects for content scripts.
 class URLLoaderFactoryManager {
  public:
   // Only static methods.
   URLLoaderFactoryManager() = delete;

   // Invoked when `navigation` is ready to commit with the set of `extensions`
   // asked to inject content script into the target frame using
   // declarations in the extension manifest approach:
   // https://developer.chrome.com/docs/extensions/mv2/content_scripts/#declaratively
   static void WillInjectContentScriptsWhenNavigationCommits(
       base::PassKey<ContentScriptTracker> pass_key,
       content::NavigationHandle* navigation,
       const std::vector<const Extension*>& extensions);

   // Invoked when `extension` asks to inject a content script into `frame`
   // (invoked before an IPC with the content script injection request is
   // actually sent to the renderer process).  This covers injections via
   // `chrome.declarativeContent` and `chrome.scripting.executeScript` APIs -
   // see:
   // https://developer.chrome.com/docs/extensions/mv2/content_scripts/#programmatic
   // and
   // https://developer.chrome.com/docs/extensions/reference/declarativeContent/#type-RequestContentScript
   static void WillProgrammaticallyInjectContentScript(
       base::PassKey<ContentScriptTracker> pass_key,
       content::RenderFrameHost* frame,
       const Extension& extension);

   // Creates a URLLoaderFactory that should be used for requests initiated from
   // |process| by |origin|.
   //
   // The behavior of this method depends on the intended consumer of the
   // URLLoaderFactory:
   // - "web": No changes are made to |factory_params| - an extensions-agnostic,
   //   default URLLoaderFactory should be used
   // - "extension": Extension-specific permissions are set in |factory_params|
   //   if the factory will be used by an extension frame (e.g. from an extension
   //   background page).
   // - "content script": For most extensions no changes are made to
   //   |factory_params|, but platform apps might need to set app-specific
   //   security properties in the URLLoaderFactory used by content scripts.
   // The method recognizes the intended consumer based on |origin| ("web" vs
   // other cases) and |is_for_isolated_world| ("extension" vs "content script").
   //
   // The following examples might help understand the difference between
   // |origin| and other properties of a factory and/or network request:
   //
   //                                 |   web     |  extension  | content script
   // --------------------------------|-----------|-------------|---------------
   // network::ResourceRequest:       |           |             |
   // - request_initiator             |    web    |  extension  |     web
   // - isolated_world_origin         |  nullopt  |   nullopt   |  extension
   //                                 |           |             |
   // OverrideFactory...Params:       |           |             |
   // - origin                        |    web    |  extension  |  extension
   //                                 |           |             |
   // URLLoaderFactoryParams:         |           |             |
   // - request_initiator_origin_lock |    web    |  extension  |     web
   // - overridden properties?        |    no     |     yes     |  if needed
   //    - is_corb_enabled            | secure-   |  ext-based  | ext-based for
   //    - ..._access_patterns        |  -default |             | platform apps
   static void OverrideURLLoaderFactoryParams(
       content::BrowserContext* browser_context,
       const url::Origin& origin,
       bool is_for_isolated_world,
       network::mojom::URLLoaderFactoryParams* factory_params);

  private:
   DISALLOW_COPY_AND_ASSIGN(URLLoaderFactoryManager);
 };

 }  // namespace extensions

 #endif  // EXTENSIONS_BROWSER_URL_LOADER_FACTORY_MANAGER_H_
	// Copyright 2018 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef EXTENSIONS_BROWSER_URL_LOADER_FACTORY_MANAGER_H_
	#define EXTENSIONS_BROWSER_URL_LOADER_FACTORY_MANAGER_H_

	#include "base/macros.h"
	#include "base/no_destructor.h"
	#include "base/types/pass_key.h"
	#include "content/public/browser/navigation_handle.h"
	#include "extensions/common/extension.h"
	#include "mojo/public/cpp/bindings/pending_remote.h"
	#include "services/network/public/mojom/network_context.mojom.h"
	#include "url/gurl.h"

	namespace content {
	class BrowserContext;
	class RenderFrameHost;
	} // namespace content

	namespace url {
	class Origin;
	} // namespace url

	namespace extensions {

	class ContentScriptTracker;

	// This class manages URLLoaderFactory objects that handle network requests that
	// require extension-specific permissions (related to relaxed CORB and CORS).
	//
	// See also https://crbug.com/846346 for motivation for having separate
	// URLLoaderFactory objects for content scripts.
	class URLLoaderFactoryManager {
	public:
	// Only static methods.
	URLLoaderFactoryManager() = delete;

	// Invoked when `navigation` is ready to commit with the set of `extensions`
	// asked to inject content script into the target frame using
	// declarations in the extension manifest approach:
	// https://developer.chrome.com/docs/extensions/mv2/content_scripts/#declaratively
	static void WillInjectContentScriptsWhenNavigationCommits(
	base::PassKey<ContentScriptTracker> pass_key,
	content::NavigationHandle* navigation,
	const std::vector<const Extension*>& extensions);

	// Invoked when `extension` asks to inject a content script into `frame`
	// (invoked before an IPC with the content script injection request is
	// actually sent to the renderer process). This covers injections via
	// `chrome.declarativeContent` and `chrome.scripting.executeScript` APIs -
	// see:
	// https://developer.chrome.com/docs/extensions/mv2/content_scripts/#programmatic
	// and
	// https://developer.chrome.com/docs/extensions/reference/declarativeContent/#type-RequestContentScript
	static void WillProgrammaticallyInjectContentScript(
	base::PassKey<ContentScriptTracker> pass_key,
	content::RenderFrameHost* frame,
	const Extension& extension);

	// Creates a URLLoaderFactory that should be used for requests initiated from
	// \|process\| by \|origin\|.
	//
	// The behavior of this method depends on the intended consumer of the
	// URLLoaderFactory:
	// - "web": No changes are made to \|factory_params\| - an extensions-agnostic,
	// default URLLoaderFactory should be used
	// - "extension": Extension-specific permissions are set in \|factory_params\|
	// if the factory will be used by an extension frame (e.g. from an extension
	// background page).
	// - "content script": For most extensions no changes are made to
	// \|factory_params\|, but platform apps might need to set app-specific
	// security properties in the URLLoaderFactory used by content scripts.
	// The method recognizes the intended consumer based on \|origin\| ("web" vs
	// other cases) and \|is_for_isolated_world\| ("extension" vs "content script").
	//
	// The following examples might help understand the difference between
	// \|origin\| and other properties of a factory and/or network request:
	//
	// \| web \| extension \| content script
	// --------------------------------\|-----------\|-------------\|---------------
	// network::ResourceRequest: \| \| \|
	// - request_initiator \| web \| extension \| web
	// - isolated_world_origin \| nullopt \| nullopt \| extension
	// \| \| \|
	// OverrideFactory...Params: \| \| \|
	// - origin \| web \| extension \| extension
	// \| \| \|
	// URLLoaderFactoryParams: \| \| \|
	// - request_initiator_origin_lock \| web \| extension \| web
	// - overridden properties? \| no \| yes \| if needed
	// - is_corb_enabled \| secure- \| ext-based \| ext-based for
	// - ..._access_patterns \| -default \| \| platform apps
	static void OverrideURLLoaderFactoryParams(
	content::BrowserContext* browser_context,
	const url::Origin& origin,
	bool is_for_isolated_world,
	network::mojom::URLLoaderFactoryParams* factory_params);

	private:
	DISALLOW_COPY_AND_ASSIGN(URLLoaderFactoryManager);
	};

	} // namespace extensions

	#endif // EXTENSIONS_BROWSER_URL_LOADER_FACTORY_MANAGER_H_