| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef CONTENT_PUBLIC_BROWSER_SITE_INSTANCE_H_ |
| #define CONTENT_PUBLIC_BROWSER_SITE_INSTANCE_H_ |
| |
| #include <stddef.h> |
| #include <stdint.h> |
| |
| #include "base/memory/ref_counted.h" |
| #include "content/common/content_export.h" |
| #include "url/gurl.h" |
| |
| namespace content { |
| class BrowserContext; |
| class RenderProcessHost; |
| |
| /////////////////////////////////////////////////////////////////////////////// |
| // SiteInstance interface. |
| // |
| // A SiteInstance represents a group of web pages that must live in the same |
| // renderer process. Pages able to synchronously script each other will always |
| // be placed in the same SiteInstance. Pages unable to synchronously script |
| // each other may also be placed in the same SiteInstance, as determined by the |
| // process model. |
| // |
| // A page's SiteInstance is determined by a combination of where the page comes |
| // from (the site) and which frames have references to each other (the |
| // instance). Here, a "site" is similar to the page's origin but includes only |
| // the registered domain name and scheme, not the port or subdomains. This |
| // accounts for the fact that changes to document.domain allow similar origin |
| // pages with different ports or subdomains to script each other. An "instance" |
| // includes all frames that might be able to script each other because of how |
| // they were created (e.g., window.open or targeted links). We represent |
| // instances using the BrowsingInstance class. |
| // |
| // Four process models are currently supported: |
| // |
| // PROCESS PER SITE INSTANCE (the current default): SiteInstances are created |
| // (1) when the user manually creates a new tab (which also creates a new |
| // BrowsingInstance), and (2) when the user navigates across site boundaries |
| // (which uses the same BrowsingInstance). If the user navigates within a site, |
| // the same SiteInstance is used. Caveat: we currently allow renderer-initiated |
| // cross-site navigations to stay in the same SiteInstance, to preserve |
| // compatibility in cases like cross-site iframes that open popups. |
| // |
| // SITE PER PROCESS (currently experimental): is the most granular process |
| // model and is made possible by our support for out-of-process iframes. A |
| // subframe will be given a different SiteInstance if its site differs from the |
| // containing document. Cross-site navigation of top-level frames or subframes |
| // will trigger a change of SiteInstances, even if the navigation is renderer |
| // initiated. In this model, each process can be dedicated to documents from |
| // just one site, allowing the same origin policy to be enforced by the sandbox. |
| // |
| // PROCESS PER TAB: SiteInstances are created when the user manually creates a |
| // new tab, but not when navigating across site boundaries (unless a process |
| // swap is required for security reasons, such as navigating from a privileged |
| // WebUI page to a normal web page). This corresponds to one process per |
| // BrowsingInstance. |
| // |
| // PROCESS PER SITE: We consolidate all SiteInstances for a given site into the |
| // same process, throughout the entire browser context. This ensures that only |
| // one process will be used for each site. |
| // |
| // Each NavigationEntry for a WebContents points to the SiteInstance that |
| // rendered it. Each RenderFrameHost also points to the SiteInstance that it is |
| // associated with. A SiteInstance keeps track of the number of these |
| // references and deletes itself when the count goes to zero. This means that |
| // a SiteInstance is only live as long as it is accessible, either from new |
| // tabs with no NavigationEntries or in NavigationEntries in the history. |
| // |
| /////////////////////////////////////////////////////////////////////////////// |
| class CONTENT_EXPORT SiteInstance : public base::RefCounted<SiteInstance> { |
| public: |
| // Returns a unique ID for this SiteInstance. |
| virtual int32_t GetId() = 0; |
| |
| // Whether this SiteInstance has a running process associated with it. |
| // This may return true before the first call to GetProcess(), in cases where |
| // we use process-per-site and there is an existing process available. |
| virtual bool HasProcess() const = 0; |
| |
| // Returns the current RenderProcessHost being used to render pages for this |
| // SiteInstance. If there is no RenderProcessHost (because either none has |
| // yet been created or there was one but it was cleanly destroyed (e.g. when |
| // it is not actively being used)), then this method will create a new |
| // RenderProcessHost (and a new ID). Note that renderer process crashes leave |
| // the current RenderProcessHost (and ID) in place. |
| // |
| // For sites that require process-per-site mode (e.g., WebUI), this will |
| // ensure only one RenderProcessHost for the site exists/ within the |
| // BrowserContext. |
| virtual content::RenderProcessHost* GetProcess() = 0; |
| |
| // Browser context to which this SiteInstance (and all related |
| // SiteInstances) belongs. |
| virtual content::BrowserContext* GetBrowserContext() const = 0; |
| |
| // Get the web site that this SiteInstance is rendering pages for. |
| // This includes the scheme and registered domain, but not the port. |
| virtual const GURL& GetSiteURL() const = 0; |
| |
| // Gets a SiteInstance for the given URL that shares the current |
| // BrowsingInstance, creating a new SiteInstance if necessary. This ensures |
| // that a BrowsingInstance only has one SiteInstance per site, so that pages |
| // in a BrowsingInstance have the ability to script each other. Callers |
| // should ensure that this SiteInstance becomes ref counted, by storing it in |
| // a scoped_refptr. (By having this method, we can hide the BrowsingInstance |
| // class from the rest of the codebase.) |
| // TODO(creis): This may be an argument to build a pass_refptr<T> class, as |
| // Darin suggests. |
| virtual SiteInstance* GetRelatedSiteInstance(const GURL& url) = 0; |
| |
| // Returns whether the given SiteInstance is in the same BrowsingInstance as |
| // this one. If so, JavaScript interactions that are permitted across |
| // origins (e.g., postMessage) should be supported. |
| virtual bool IsRelatedSiteInstance(const SiteInstance* instance) = 0; |
| |
| // Returns the total active WebContents count for this SiteInstance and all |
| // related SiteInstances in the same BrowsingInstance. |
| virtual size_t GetRelatedActiveContentsCount() = 0; |
| |
| // Returns true if this SiteInstance is for a site that requires a dedicated |
| // process. This only returns true under the "site per process" process model. |
| virtual bool RequiresDedicatedProcess() = 0; |
| |
| // Factory method to create a new SiteInstance. This will create a new |
| // new BrowsingInstance, so it should only be used when creating a new tab |
| // from scratch (or similar circumstances). Callers should ensure that |
| // this SiteInstance becomes ref counted, by storing it in a scoped_refptr. |
| // |
| // The render process host factory may be nullptr. See SiteInstance |
| // constructor. |
| // |
| // TODO(creis): This may be an argument to build a pass_refptr<T> class, as |
| // Darin suggests. |
| static SiteInstance* Create(content::BrowserContext* browser_context); |
| |
| // Factory method to get the appropriate SiteInstance for the given URL, in |
| // a new BrowsingInstance. Use this instead of Create when you know the URL, |
| // since it allows special site grouping rules to be applied (for example, |
| // to group chrome-ui pages into the same instance). |
| static SiteInstance* CreateForURL( |
| content::BrowserContext* browser_context, const GURL& url); |
| |
| // Return whether both URLs are part of the same web site, for the purpose of |
| // assigning them to processes accordingly. The decision is currently based |
| // on the registered domain of the URLs (google.com, bbc.co.uk), as well as |
| // the scheme (https, http). This ensures that two pages will be in |
| // the same process if they can communicate with other via JavaScript. |
| // (e.g., docs.google.com and mail.google.com have DOM access to each other |
| // if they both set their document.domain properties to google.com.) |
| // Note that if the destination is a blank page, we consider that to be part |
| // of the same web site for the purposes for process assignment. |
| static bool IsSameWebSite(content::BrowserContext* browser_context, |
| const GURL& src_url, |
| const GURL& dest_url); |
| |
| // Returns the site for the given URL, which includes only the scheme and |
| // registered domain. Returns an empty GURL if the URL has no host. |
| static GURL GetSiteForURL(BrowserContext* context, const GURL& url); |
| |
| protected: |
| friend class base::RefCounted<SiteInstance>; |
| |
| SiteInstance() {} |
| virtual ~SiteInstance() {} |
| }; |
| |
| } // namespace content. |
| |
| #endif // CONTENT_PUBLIC_BROWSER_SITE_INSTANCE_H_ |