blob: 3b381630e92cb67c7dd91c8a6b0b664cfa56029b [file] [log] [blame]
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "base/component_export.h"
#include "base/optional.h"
#include "url/origin.h"
namespace network {
namespace mojom {
class URLLoaderFactoryParams;
} // namespace mojom
// These values are logged to UMA. Entries should not be renumbered and
// numeric values should never be reused. Please keep in sync with
// "RequestInitiatorOriginLockCompatibility" in
// tools/metrics/histograms/enums.xml.
enum class InitiatorLockCompatibility {
// Request came from a browser process and so the
// |request_initiator_site_lock| doesn't apply.
kBrowserProcess = 0,
// |request_initiator_site_lock| is missing - see
// and RenderProcessHostImpl::CreateURLLoaderFactoryWithOptionalOrigin.
kNoLock = 1,
// |request_initiator| is missing. This indicates that the renderer has a bug
// or has been compromised by an attacker.
kNoInitiator = 2,
// |request.request_initiator| is compatible with
// |factory_params_.request_initiator_site_lock| - either
// |request.request_initiator| is opaque or it is equal to
// |request_initiator_site_lock|.
kCompatibleLock = 3,
// |request.request_initiator| is incompatible with
// |factory_params_.request_initiator_site_lock|. Cases known so far where
// this can occur:
// - HTML Imports (see
kIncorrectLock = 4,
// Covered by ExcludeSchemeFromRequestInitiatorSiteLockChecks.
kExcludedScheme = 5,
// Covered by CrossOriginReadBlocking::ShouldAllowForPlugin.
kExcludedUniversalAccessPlugin = 6,
kMaxValue = kExcludedUniversalAccessPlugin,
// Verifies if |request.request_initiator| matches
// |factory_params.request_initiator_site_lock|.
// This overload should only be called for requests from renderer processes
// (ones that are not coverd by the kExcludedPlugin exception).
InitiatorLockCompatibility VerifyRequestInitiatorLock(
const base::Optional<url::Origin>& request_initiator_site_lock,
const base::Optional<url::Origin>& request_initiator);
// Verifies if |request.request_initiator| matches
// |factory_params.request_initiator_site_lock|.
// This overload takes into account exception for the browser process and/or for
// renderer processes that embed universal-access plugins.
InitiatorLockCompatibility VerifyRequestInitiatorLock(
uint32_t process_id,
const base::Optional<url::Origin>& request_initiator_site_lock,
const base::Optional<url::Origin>& request_initiator);
// Gets initiator of request, falling back to a unique origin if
// 1) |request_initiator| is missing or
// 2) |request_initiator| is incompatible with |request_initiator_site_lock|.
// |request_initiator_site_lock| is the origin to which the URLLoaderFactory of
// the request is locked in a trustworthy way.
// Example:
// URLLoaderFactoryParams::request_initiator_site_lock
// SubresourceSignedExchangeURLLoaderFactory::request_initiator_site_lock
// |request_initiator| should come from net::URLRequest::initiator() or
// network::ResourceRequest::request_initiator which may be initially set in an
// untrustworthy process (eg: renderer process).
// TODO(lukasza): Remove this function if sticks
// (i.e. if ResourceRequest::request_initiator is sanitized and made trustworthy
// by CorsURLLoaderFactory::CreateLoaderAndStart and IsSane).
url::Origin GetTrustworthyInitiator(
const base::Optional<url::Origin>& request_initiator_site_lock,
const base::Optional<url::Origin>& request_initiator);
// Registers a scheme that should not be subject to
// |request_initiator_site_lock| checks (e.g. a scheme that is typically
// used in isolated worlds, with a separate origin, such as
// "chrome-extensions").
// TODO(lukasza): Remove this method once isolated
// worlds use the same |request_initiator| as the main world.
void ExcludeSchemeFromRequestInitiatorSiteLockChecks(const std::string& scheme);
} // namespace network