Content settings: remove some plugin-related code/resources when... there are no...
[chromium-blink-merge.git] / content / public / browser / url_data_source.h
blobc9e5f1c5a041186a36076ce084bf57285f8410bb
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_
6 #define CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_
8 #include <string>
10 #include "base/callback.h"
11 #include "content/common/content_export.h"
13 namespace base {
14 class MessageLoop;
15 class RefCountedMemory;
18 namespace net {
19 class URLRequest;
22 namespace content {
23 class BrowserContext;
25 // A URLDataSource is an object that can answer requests for WebUI data
26 // asynchronously. An implementation of URLDataSource should handle calls to
27 // StartDataRequest() by starting its (implementation-specific) asynchronous
28 // request for the data, then running the callback given in that method to
29 // notify.
30 class CONTENT_EXPORT URLDataSource {
31 public:
32 // Adds a URL data source to |browser_context|.
33 static void Add(BrowserContext* browser_context, URLDataSource* source);
35 virtual ~URLDataSource() {}
37 // The name of this source.
38 // E.g., for favicons, this could be "favicon", which results in paths for
39 // specific resources like "favicon/34" getting sent to this source. For
40 // sources where a scheme is used instead of the hostname as the unique
41 // identifier, the suffix "://" must be added to the return value, eg. for a
42 // URLDataSource which would display resources with URLs on the form
43 // your-scheme://anything , GetSource() must return "your-scheme://".
44 virtual std::string GetSource() const = 0;
46 // Used by StartDataRequest so that the child class can return the data when
47 // it's available.
48 typedef base::Callback<void(base::RefCountedMemory*)> GotDataCallback;
50 // Called by URLDataSource to request data at |path|. The string parameter is
51 // the path of the request. The child class should run |callback| when the
52 // data is available or if the request could not be satisfied. This can be
53 // called either in this callback or asynchronously with the response.
54 virtual void StartDataRequest(const std::string& path,
55 int render_process_id,
56 int render_frame_id,
57 const GotDataCallback& callback) = 0;
59 // Return the mimetype that should be sent with this response, or empty
60 // string to specify no mime type.
61 virtual std::string GetMimeType(const std::string& path) const = 0;
63 // The following methods are all called on the IO thread.
65 // Returns the MessageLoop on which the delegate wishes to have
66 // StartDataRequest called to handle the request for |path|. The default
67 // implementation returns BrowserThread::UI. If the delegate does not care
68 // which thread StartDataRequest is called on, this should return nullptr.
69 // It may be beneficial to return nullptr for requests that are safe to handle
70 // directly on the IO thread. This can improve performance by satisfying such
71 // requests more rapidly when there is a large amount of UI thread contention.
72 // Or the delegate can return a specific thread's Messageloop if they wish.
73 virtual base::MessageLoop* MessageLoopForRequestPath(
74 const std::string& path) const;
76 // Returns true if the URLDataSource should replace an existing URLDataSource
77 // with the same name that has already been registered. The default is true.
79 // WARNING: this is invoked on the IO thread.
81 // TODO: nuke this and convert all callers to not replace.
82 virtual bool ShouldReplaceExistingSource() const;
84 // Returns true if responses from this URLDataSource can be cached.
85 virtual bool AllowCaching() const;
87 // If you are overriding this, then you have a bug.
88 // It is not acceptable to disable content-security-policy on chrome:// pages
89 // to permit functionality excluded by CSP, such as inline script.
90 // Instead, you must go back and change your WebUI page so that it is
91 // compliant with the policy. This typically involves ensuring that all script
92 // is delivered through the data manager backend. Talk to tsepez for more
93 // info.
94 virtual bool ShouldAddContentSecurityPolicy() const;
96 // It is OK to override the following two methods to a custom CSP directive
97 // thereby slightly reducing the protection applied to the page.
99 // By default, "object-src 'none';" is added to CSP. Override to change this.
100 virtual std::string GetContentSecurityPolicyObjectSrc() const;
101 // By default, "frame-src 'none';" is added to CSP. Override to change this.
102 virtual std::string GetContentSecurityPolicyFrameSrc() const;
104 // By default, the "X-Frame-Options: DENY" header is sent. To stop this from
105 // happening, return false. It is OK to return false as needed.
106 virtual bool ShouldDenyXFrameOptions() const;
108 // By default, only chrome: and chrome-devtools: requests are allowed.
109 // Override in specific WebUI data sources to enable for additional schemes or
110 // to implement fancier access control. Typically used in concert with
111 // ContentBrowserClient::GetAdditionalWebUISchemes() to permit additional
112 // WebUI scheme support for an embedder.
113 virtual bool ShouldServiceRequest(const net::URLRequest* request) const;
115 // By default, Content-Type: header is not sent along with the response.
116 // To start sending mime type returned by GetMimeType in HTTP headers,
117 // return true. It is useful when tunneling response served from this data
118 // source programmatically. Or when AppCache is enabled for this source as it
119 // is for chrome-devtools.
120 virtual bool ShouldServeMimeTypeAsContentTypeHeader() const;
122 // This method is called when the request contains "Origin:" header. The value
123 // of the header is passed in |origin| parameter. If the returned value is not
124 // empty, it is used as a value for "Access-Control-Allow-Origin:" response
125 // header, otherwise the header is not set. This method should return either
126 // |origin|, or "*", or "none", or empty string.
127 // Default implementation returns an empty string.
128 virtual std::string GetAccessControlAllowOriginForOrigin(
129 const std::string& origin) const;
131 // Called to inform the source that StartDataRequest() will be called soon.
132 // Gives the source an opportunity to rewrite |path| to incorporate extra
133 // information from the URLRequest prior to serving.
134 virtual void WillServiceRequest(
135 const net::URLRequest* request,
136 std::string* path) const {}
139 } // namespace content
141 #endif // CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_