| // Copyright 2017 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef SERVICES_NETWORK_INITIATOR_LOCK_COMPATIBILITY_H_ |
| #define SERVICES_NETWORK_INITIATOR_LOCK_COMPATIBILITY_H_ |
| |
| #include "base/component_export.h" |
| #include "base/optional.h" |
| #include "url/origin.h" |
| |
| namespace network { |
| |
| namespace mojom { |
| class URLLoaderFactoryParams; |
| } // namespace mojom |
| |
| // These values are logged to UMA. Entries should not be renumbered and |
| // numeric values should never be reused. Please keep in sync with |
| // "RequestInitiatorOriginLockCompatibility" in |
| // tools/metrics/histograms/enums.xml. |
| enum class InitiatorLockCompatibility { |
| // Request came from a browser process and so the |
| // |request_initiator_site_lock| doesn't apply. |
| kBrowserProcess = 0, |
| |
| // |request_initiator_site_lock| is missing - see https://crbug.com/891872 |
| // and RenderProcessHostImpl::CreateURLLoaderFactoryWithOptionalOrigin. |
| kNoLock = 1, |
| |
| // |request_initiator| is missing. This indicates that the renderer has a bug |
| // or has been compromised by an attacker. |
| kNoInitiator = 2, |
| |
| // |request.request_initiator| is compatible with |
| // |factory_params_.request_initiator_site_lock| - either |
| // |request.request_initiator| is opaque or it is equal to |
| // |request_initiator_site_lock|. |
| kCompatibleLock = 3, |
| |
| // |request.request_initiator| is incompatible with |
| // |factory_params_.request_initiator_site_lock|. Cases known so far where |
| // this can occur: |
| // - HTML Imports (see https://crbug.com/871827#c9). |
| kIncorrectLock = 4, |
| |
| // Covered by ExcludeSchemeFromRequestInitiatorSiteLockChecks. |
| kExcludedScheme = 5, |
| |
| // Covered by CrossOriginReadBlocking::ShouldAllowForPlugin. |
| kExcludedUniversalAccessPlugin = 6, |
| |
| kMaxValue = kExcludedUniversalAccessPlugin, |
| }; |
| |
| // Verifies if |request.request_initiator| matches |
| // |factory_params.request_initiator_site_lock|. |
| // |
| // This overload should only be called for requests from renderer processes |
| // (ones that are not coverd by the kExcludedPlugin exception). |
| COMPONENT_EXPORT(NETWORK_SERVICE) |
| InitiatorLockCompatibility VerifyRequestInitiatorLock( |
| const base::Optional<url::Origin>& request_initiator_site_lock, |
| const base::Optional<url::Origin>& request_initiator); |
| |
| // Verifies if |request.request_initiator| matches |
| // |factory_params.request_initiator_site_lock|. |
| // |
| // This overload takes into account exception for the browser process and/or for |
| // renderer processes that embed universal-access plugins. |
| COMPONENT_EXPORT(NETWORK_SERVICE) |
| InitiatorLockCompatibility VerifyRequestInitiatorLock( |
| uint32_t process_id, |
| const base::Optional<url::Origin>& request_initiator_site_lock, |
| const base::Optional<url::Origin>& request_initiator); |
| |
| // Gets initiator of request, falling back to a unique origin if |
| // 1) |request_initiator| is missing or |
| // 2) |request_initiator| is incompatible with |request_initiator_site_lock|. |
| // |
| // |request_initiator_site_lock| is the origin to which the URLLoaderFactory of |
| // the request is locked in a trustworthy way. |
| // Example: |
| // URLLoaderFactoryParams::request_initiator_site_lock |
| // SubresourceSignedExchangeURLLoaderFactory::request_initiator_site_lock |
| // |request_initiator| should come from net::URLRequest::initiator() or |
| // network::ResourceRequest::request_initiator which may be initially set in an |
| // untrustworthy process (eg: renderer process). |
| // |
| // TODO(lukasza): Remove this function if https://crrev.com/c/1661114 sticks |
| // (i.e. if ResourceRequest::request_initiator is sanitized and made trustworthy |
| // by CorsURLLoaderFactory::CreateLoaderAndStart and IsSane). |
| url::Origin GetTrustworthyInitiator( |
| const base::Optional<url::Origin>& request_initiator_site_lock, |
| const base::Optional<url::Origin>& request_initiator); |
| |
| // Registers a scheme that should not be subject to |
| // |request_initiator_site_lock| checks (e.g. a scheme that is typically |
| // used in isolated worlds, with a separate origin, such as |
| // "chrome-extensions"). |
| // |
| // TODO(lukasza): https://crbug.com/940068: Remove this method once isolated |
| // worlds use the same |request_initiator| as the main world. |
| void ExcludeSchemeFromRequestInitiatorSiteLockChecks(const std::string& scheme); |
| |
| } // namespace network |
| |
| #endif // SERVICES_NETWORK_INITIATOR_LOCK_COMPATIBILITY_H_ |