Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / ios / web / webui / url_data_manager_ios_backend.cc
blobcc3e3e9af8886bfdab7f8a0ee3822425feeab4a3
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "ios/web/webui/url_data_manager_ios_backend.h"
7 #include <set>
9 #include "base/basictypes.h"
10 #include "base/bind.h"
11 #include "base/command_line.h"
12 #include "base/compiler_specific.h"
13 #include "base/debug/alias.h"
14 #include "base/lazy_instance.h"
15 #include "base/memory/ref_counted.h"
16 #include "base/memory/ref_counted_memory.h"
17 #include "base/memory/weak_ptr.h"
18 #include "base/message_loop/message_loop.h"
19 #include "base/strings/string_util.h"
20 #include "base/strings/stringprintf.h"
21 #include "base/trace_event/trace_event.h"
22 #include "ios/web/public/browser_state.h"
23 #include "ios/web/public/web_client.h"
24 #include "ios/web/public/web_thread.h"
25 #include "ios/web/webui/shared_resources_data_source_ios.h"
26 #include "ios/web/webui/url_data_source_ios_impl.h"
27 #include "net/base/io_buffer.h"
28 #include "net/base/net_errors.h"
29 #include "net/http/http_response_headers.h"
30 #include "net/http/http_status_code.h"
31 #include "net/url_request/url_request.h"
32 #include "net/url_request/url_request_context.h"
33 #include "net/url_request/url_request_job.h"
34 #include "net/url_request/url_request_job_factory.h"
35 #include "url/url_util.h"
37 using web::WebThread;
39 namespace web {
41 namespace {
43 // TODO(tsepez) remove unsafe-eval when bidichecker_packaged.js fixed.
44 const char kChromeURLContentSecurityPolicyHeaderBase[] =
45 "Content-Security-Policy: script-src chrome://resources "
46 "'self' 'unsafe-eval'; ";
48 const char kChromeURLXFrameOptionsHeader[] = "X-Frame-Options: DENY";
50 bool SchemeIsInSchemes(const std::string& scheme,
51 const std::vector<std::string>& schemes) {
52 return std::find(schemes.begin(), schemes.end(), scheme) != schemes.end();
55 // Returns whether |url| passes some sanity checks and is a valid GURL.
56 bool CheckURLIsValid(const GURL& url) {
57 std::vector<std::string> additional_schemes;
58 DCHECK(GetWebClient()->IsAppSpecificURL(url) ||
59 (GetWebClient()->GetAdditionalWebUISchemes(&additional_schemes),
60 SchemeIsInSchemes(url.scheme(), additional_schemes)));
62 if (!url.is_valid()) {
63 NOTREACHED();
64 return false;
67 return true;
70 // Parse |url| to get the path which will be used to resolve the request. The
71 // path is the remaining portion after the scheme and hostname.
72 void URLToRequestPath(const GURL& url, std::string* path) {
73 const std::string& spec = url.possibly_invalid_spec();
74 const url::Parsed& parsed = url.parsed_for_possibly_invalid_spec();
75 // + 1 to skip the slash at the beginning of the path.
76 int offset = parsed.CountCharactersBefore(url::Parsed::PATH, false) + 1;
78 if (offset < static_cast<int>(spec.size()))
79 path->assign(spec.substr(offset));
82 } // namespace
84 // URLRequestChromeJob is a net::URLRequestJob that manages running
85 // chrome-internal resource requests asynchronously.
86 // It hands off URL requests to ChromeURLDataManagerIOS, which asynchronously
87 // calls back once the data is available.
88 class URLRequestChromeJob : public net::URLRequestJob {
89 public:
90 // |is_incognito| set when job is generated from an incognito profile.
91 URLRequestChromeJob(net::URLRequest* request,
92 net::NetworkDelegate* network_delegate,
93 BrowserState* browser_state,
94 bool is_incognito);
96 // net::URLRequestJob implementation.
97 void Start() override;
98 void Kill() override;
99 bool ReadRawData(net::IOBuffer* buf, int buf_size, int* bytes_read) override;
100 bool GetMimeType(std::string* mime_type) const override;
101 int GetResponseCode() const override;
102 void GetResponseInfo(net::HttpResponseInfo* info) override;
104 // Used to notify that the requested data's |mime_type| is ready.
105 void MimeTypeAvailable(const std::string& mime_type);
107 // Called by ChromeURLDataManagerIOS to notify us that the data blob is ready
108 // for us.
109 void DataAvailable(base::RefCountedMemory* bytes);
111 void set_mime_type(const std::string& mime_type) { mime_type_ = mime_type; }
113 void set_allow_caching(bool allow_caching) { allow_caching_ = allow_caching; }
115 void set_add_content_security_policy(bool add_content_security_policy) {
116 add_content_security_policy_ = add_content_security_policy;
119 void set_content_security_policy_object_source(const std::string& data) {
120 content_security_policy_object_source_ = data;
123 void set_content_security_policy_frame_source(const std::string& data) {
124 content_security_policy_frame_source_ = data;
127 void set_deny_xframe_options(bool deny_xframe_options) {
128 deny_xframe_options_ = deny_xframe_options;
131 void set_send_content_type_header(bool send_content_type_header) {
132 send_content_type_header_ = send_content_type_header;
135 // Returns true when job was generated from an incognito profile.
136 bool is_incognito() const { return is_incognito_; }
138 private:
139 friend class URLDataManagerIOSBackend;
141 ~URLRequestChromeJob() override;
143 // Do the actual copy from data_ (the data we're serving) into |buf|.
144 // Separate from ReadRawData so we can handle async I/O.
145 void CompleteRead(net::IOBuffer* buf, int buf_size, int* bytes_read);
147 // The actual data we're serving. NULL until it's been fetched.
148 scoped_refptr<base::RefCountedMemory> data_;
149 // The current offset into the data that we're handing off to our
150 // callers via the Read interfaces.
151 int data_offset_;
153 // For async reads, we keep around a pointer to the buffer that
154 // we're reading into.
155 scoped_refptr<net::IOBuffer> pending_buf_;
156 int pending_buf_size_;
157 std::string mime_type_;
159 // If true, set a header in the response to prevent it from being cached.
160 bool allow_caching_;
162 // If true, set the Content Security Policy (CSP) header.
163 bool add_content_security_policy_;
165 // These are used with the CSP.
166 std::string content_security_policy_object_source_;
167 std::string content_security_policy_frame_source_;
169 // If true, sets the "X-Frame-Options: DENY" header.
170 bool deny_xframe_options_;
172 // If true, sets the "Content-Type: <mime-type>" header.
173 bool send_content_type_header_;
175 // True when job is generated from an incognito profile.
176 const bool is_incognito_;
178 // The BrowserState with which this job is associated.
179 BrowserState* browser_state_;
181 // The backend is owned by the BrowserState and always outlives us. It is
182 // obtained from the BrowserState on the IO thread.
183 URLDataManagerIOSBackend* backend_;
185 base::WeakPtrFactory<URLRequestChromeJob> weak_factory_;
187 DISALLOW_COPY_AND_ASSIGN(URLRequestChromeJob);
190 URLRequestChromeJob::URLRequestChromeJob(
191 net::URLRequest* request,
192 net::NetworkDelegate* network_delegate,
193 BrowserState* browser_state,
194 bool is_incognito)
195 : net::URLRequestJob(request, network_delegate),
196 data_offset_(0),
197 pending_buf_size_(0),
198 allow_caching_(true),
199 add_content_security_policy_(true),
200 content_security_policy_object_source_("object-src 'none';"),
201 content_security_policy_frame_source_("frame-src 'none';"),
202 deny_xframe_options_(true),
203 send_content_type_header_(false),
204 is_incognito_(is_incognito),
205 browser_state_(browser_state),
206 backend_(NULL),
207 weak_factory_(this) {
208 DCHECK(browser_state_);
211 URLRequestChromeJob::~URLRequestChromeJob() {
212 if (backend_) {
213 CHECK(!backend_->HasPendingJob(this));
217 void URLRequestChromeJob::Start() {
218 TRACE_EVENT_ASYNC_BEGIN1("browser",
219 "DataManager:Request",
220 this,
221 "URL",
222 request_->url().possibly_invalid_spec());
224 if (!request_)
225 return;
226 DCHECK(browser_state_);
228 // Obtain the URLDataManagerIOSBackend instance that is associated with
229 // |browser_state_|. Note that this *must* be done on the IO thread.
230 backend_ = browser_state_->GetURLDataManagerIOSBackendOnIOThread();
231 DCHECK(backend_);
233 if (!backend_->StartRequest(request_, this)) {
234 NotifyStartError(net::URLRequestStatus(net::URLRequestStatus::FAILED,
235 net::ERR_INVALID_URL));
239 void URLRequestChromeJob::Kill() {
240 weak_factory_.InvalidateWeakPtrs();
241 if (backend_)
242 backend_->RemoveRequest(this);
243 URLRequestJob::Kill();
246 bool URLRequestChromeJob::GetMimeType(std::string* mime_type) const {
247 *mime_type = mime_type_;
248 return !mime_type_.empty();
251 int URLRequestChromeJob::GetResponseCode() const {
252 return net::HTTP_OK;
255 void URLRequestChromeJob::GetResponseInfo(net::HttpResponseInfo* info) {
256 DCHECK(!info->headers.get());
257 // Set the headers so that requests serviced by ChromeURLDataManagerIOS
258 // return a status code of 200. Without this they return a 0, which makes the
259 // status indistiguishable from other error types. Instant relies on getting
260 // a 200.
261 info->headers = new net::HttpResponseHeaders("HTTP/1.1 200 OK");
263 // Determine the least-privileged content security policy header, if any,
264 // that is compatible with a given WebUI URL, and append it to the existing
265 // response headers.
266 if (add_content_security_policy_) {
267 std::string base = kChromeURLContentSecurityPolicyHeaderBase;
268 base.append(content_security_policy_object_source_);
269 base.append(content_security_policy_frame_source_);
270 info->headers->AddHeader(base);
273 if (deny_xframe_options_)
274 info->headers->AddHeader(kChromeURLXFrameOptionsHeader);
276 if (!allow_caching_)
277 info->headers->AddHeader("Cache-Control: no-cache");
279 if (send_content_type_header_ && !mime_type_.empty()) {
280 std::string content_type = base::StringPrintf(
281 "%s:%s", net::HttpRequestHeaders::kContentType, mime_type_.c_str());
282 info->headers->AddHeader(content_type);
286 void URLRequestChromeJob::MimeTypeAvailable(const std::string& mime_type) {
287 set_mime_type(mime_type);
288 NotifyHeadersComplete();
291 void URLRequestChromeJob::DataAvailable(base::RefCountedMemory* bytes) {
292 TRACE_EVENT_ASYNC_END0("browser", "DataManager:Request", this);
293 if (bytes) {
294 // The request completed, and we have all the data.
295 // Clear any IO pending status.
296 SetStatus(net::URLRequestStatus());
298 data_ = bytes;
299 int bytes_read;
300 if (pending_buf_.get()) {
301 CHECK(pending_buf_->data());
302 CompleteRead(pending_buf_.get(), pending_buf_size_, &bytes_read);
303 pending_buf_ = NULL;
304 NotifyReadComplete(bytes_read);
306 } else {
307 // The request failed.
308 NotifyDone(
309 net::URLRequestStatus(net::URLRequestStatus::FAILED, net::ERR_FAILED));
313 bool URLRequestChromeJob::ReadRawData(net::IOBuffer* buf,
314 int buf_size,
315 int* bytes_read) {
316 if (!data_.get()) {
317 SetStatus(net::URLRequestStatus(net::URLRequestStatus::IO_PENDING, 0));
318 DCHECK(!pending_buf_.get());
319 CHECK(buf->data());
320 pending_buf_ = buf;
321 pending_buf_size_ = buf_size;
322 return false; // Tell the caller we're still waiting for data.
325 // Otherwise, the data is available.
326 CompleteRead(buf, buf_size, bytes_read);
327 return true;
330 void URLRequestChromeJob::CompleteRead(net::IOBuffer* buf,
331 int buf_size,
332 int* bytes_read) {
333 // http://crbug.com/373841
334 char url_buf[128];
335 base::strlcpy(url_buf, request_->url().spec().c_str(), arraysize(url_buf));
336 base::debug::Alias(url_buf);
338 int remaining = static_cast<int>(data_->size()) - data_offset_;
339 if (buf_size > remaining)
340 buf_size = remaining;
341 if (buf_size > 0) {
342 memcpy(buf->data(), data_->front() + data_offset_, buf_size);
343 data_offset_ += buf_size;
345 *bytes_read = buf_size;
348 namespace {
350 // Gets mime type for data that is available from |source| by |path|.
351 // After that, notifies |job| that mime type is available. This method
352 // should be called on the UI thread, but notification is performed on
353 // the IO thread.
354 void GetMimeTypeOnUI(URLDataSourceIOSImpl* source,
355 const std::string& path,
356 const base::WeakPtr<URLRequestChromeJob>& job) {
357 DCHECK_CURRENTLY_ON_WEB_THREAD(WebThread::UI);
358 std::string mime_type = source->source()->GetMimeType(path);
359 WebThread::PostTask(
360 WebThread::IO, FROM_HERE,
361 base::Bind(&URLRequestChromeJob::MimeTypeAvailable, job, mime_type));
364 } // namespace
366 namespace {
368 class ChromeProtocolHandler
369 : public net::URLRequestJobFactory::ProtocolHandler {
370 public:
371 // |is_incognito| should be set for incognito profiles.
372 ChromeProtocolHandler(BrowserState* browser_state,
373 bool is_incognito)
374 : browser_state_(browser_state), is_incognito_(is_incognito) {}
375 ~ChromeProtocolHandler() override {}
377 net::URLRequestJob* MaybeCreateJob(
378 net::URLRequest* request,
379 net::NetworkDelegate* network_delegate) const override {
380 DCHECK(request);
382 return new URLRequestChromeJob(
383 request, network_delegate, browser_state_, is_incognito_);
386 bool IsSafeRedirectTarget(const GURL& location) const override {
387 return false;
390 private:
391 BrowserState* browser_state_;
393 // True when generated from an incognito profile.
394 const bool is_incognito_;
396 DISALLOW_COPY_AND_ASSIGN(ChromeProtocolHandler);
399 } // namespace
401 URLDataManagerIOSBackend::URLDataManagerIOSBackend() : next_request_id_(0) {
402 URLDataSourceIOS* shared_source = new SharedResourcesDataSourceIOS();
403 URLDataSourceIOSImpl* source_impl =
404 new URLDataSourceIOSImpl(shared_source->GetSource(), shared_source);
405 AddDataSource(source_impl);
408 URLDataManagerIOSBackend::~URLDataManagerIOSBackend() {
409 for (DataSourceMap::iterator i = data_sources_.begin();
410 i != data_sources_.end();
411 ++i) {
412 i->second->backend_ = NULL;
414 data_sources_.clear();
417 // static
418 scoped_ptr<net::URLRequestJobFactory::ProtocolHandler>
419 URLDataManagerIOSBackend::CreateProtocolHandler(BrowserState* browser_state) {
420 DCHECK(browser_state);
421 return make_scoped_ptr(new ChromeProtocolHandler(
422 browser_state, browser_state->IsOffTheRecord()));
425 void URLDataManagerIOSBackend::AddDataSource(URLDataSourceIOSImpl* source) {
426 DCHECK_CURRENTLY_ON_WEB_THREAD(WebThread::IO);
427 DataSourceMap::iterator i = data_sources_.find(source->source_name());
428 if (i != data_sources_.end()) {
429 if (!source->source()->ShouldReplaceExistingSource())
430 return;
431 i->second->backend_ = NULL;
433 data_sources_[source->source_name()] = source;
434 source->backend_ = this;
437 bool URLDataManagerIOSBackend::HasPendingJob(URLRequestChromeJob* job) const {
438 for (PendingRequestMap::const_iterator i = pending_requests_.begin();
439 i != pending_requests_.end();
440 ++i) {
441 if (i->second == job)
442 return true;
444 return false;
447 bool URLDataManagerIOSBackend::StartRequest(const net::URLRequest* request,
448 URLRequestChromeJob* job) {
449 if (!CheckURLIsValid(request->url()))
450 return false;
452 URLDataSourceIOSImpl* source = GetDataSourceFromURL(request->url());
453 if (!source)
454 return false;
456 if (!source->source()->ShouldServiceRequest(request))
457 return false;
459 std::string path;
460 URLToRequestPath(request->url(), &path);
461 source->source()->WillServiceRequest(request, &path);
463 // Save this request so we know where to send the data.
464 RequestID request_id = next_request_id_++;
465 pending_requests_.insert(std::make_pair(request_id, job));
467 job->set_allow_caching(source->source()->AllowCaching());
468 job->set_add_content_security_policy(true);
469 job->set_content_security_policy_object_source(
470 source->source()->GetContentSecurityPolicyObjectSrc());
471 job->set_content_security_policy_frame_source("frame-src 'none';");
472 job->set_deny_xframe_options(source->source()->ShouldDenyXFrameOptions());
473 job->set_send_content_type_header(false);
475 // Forward along the request to the data source.
476 // URLRequestChromeJob should receive mime type before data. This
477 // is guaranteed because request for mime type is placed in the
478 // message loop before request for data. And correspondingly their
479 // replies are put on the IO thread in the same order.
480 base::MessageLoop* target_message_loop =
481 web::WebThread::UnsafeGetMessageLoopForThread(web::WebThread::UI);
482 target_message_loop->PostTask(
483 FROM_HERE,
484 base::Bind(&GetMimeTypeOnUI,
485 scoped_refptr<URLDataSourceIOSImpl>(source),
486 path,
487 job->weak_factory_.GetWeakPtr()));
489 target_message_loop->PostTask(
490 FROM_HERE,
491 base::Bind(&URLDataManagerIOSBackend::CallStartRequest,
492 make_scoped_refptr(source),
493 path,
494 request_id));
495 return true;
498 URLDataSourceIOSImpl* URLDataManagerIOSBackend::GetDataSourceFromURL(
499 const GURL& url) {
500 // The input usually looks like: chrome://source_name/extra_bits?foo
501 // so do a lookup using the host of the URL.
502 DataSourceMap::iterator i = data_sources_.find(url.host());
503 if (i != data_sources_.end())
504 return i->second.get();
506 // No match using the host of the URL, so do a lookup using the scheme for
507 // URLs on the form source_name://extra_bits/foo .
508 i = data_sources_.find(url.scheme() + "://");
509 if (i != data_sources_.end())
510 return i->second.get();
512 // No matches found, so give up.
513 return NULL;
516 void URLDataManagerIOSBackend::CallStartRequest(
517 scoped_refptr<URLDataSourceIOSImpl> source,
518 const std::string& path,
519 int request_id) {
520 source->source()->StartDataRequest(
521 path,
522 base::Bind(&URLDataSourceIOSImpl::SendResponse, source, request_id));
525 void URLDataManagerIOSBackend::RemoveRequest(URLRequestChromeJob* job) {
526 // Remove the request from our list of pending requests.
527 // If/when the source sends the data that was requested, the data will just
528 // be thrown away.
529 for (PendingRequestMap::iterator i = pending_requests_.begin();
530 i != pending_requests_.end();
531 ++i) {
532 if (i->second == job) {
533 pending_requests_.erase(i);
534 return;
539 void URLDataManagerIOSBackend::DataAvailable(RequestID request_id,
540 base::RefCountedMemory* bytes) {
541 // Forward this data on to the pending net::URLRequest, if it exists.
542 PendingRequestMap::iterator i = pending_requests_.find(request_id);
543 if (i != pending_requests_.end()) {
544 URLRequestChromeJob* job(i->second);
545 pending_requests_.erase(i);
546 job->DataAvailable(bytes);
550 } // namespace web