1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_
6 #define CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_
13 #include "base/callback_forward.h"
14 #include "base/memory/linked_ptr.h"
15 #include "base/memory/scoped_ptr.h"
16 #include "base/memory/scoped_vector.h"
17 #include "base/values.h"
18 #include "content/public/browser/certificate_request_result_type.h"
19 #include "content/public/browser/desktop_notification_delegate.h"
20 #include "content/public/common/content_client.h"
21 #include "content/public/common/media_stream_request.h"
22 #include "content/public/common/resource_type.h"
23 #include "content/public/common/socket_permission_request.h"
24 #include "content/public/common/window_container_type.h"
25 #include "net/base/mime_util.h"
26 #include "net/cookies/canonical_cookie.h"
27 #include "net/url_request/url_request_interceptor.h"
28 #include "net/url_request/url_request_job_factory.h"
29 #include "storage/browser/fileapi/file_system_context.h"
30 #include "third_party/WebKit/public/platform/WebNotificationPermission.h"
31 #include "ui/base/window_open_disposition.h"
33 #if defined(OS_POSIX) && !defined(OS_MACOSX)
34 #include "base/posix/global_descriptors.h"
38 #include "content/public/browser/file_descriptor_info.h"
45 class DictionaryValue;
50 struct WebWindowFeatures;
60 class HttpNetworkSession;
62 class SSLCertRequestInfo;
65 class URLRequestContext;
66 class URLRequestContextGetter;
67 class X509Certificate;
75 class SelectFilePolicy;
79 class ExternalMountPoints;
80 class FileSystemBackend;
85 class AccessTokenStore;
86 class BrowserChildProcessHost;
88 class BrowserMainParts;
89 class BrowserPluginGuestDelegate;
90 class BrowserPpapiHost;
91 class BrowserURLHandler;
92 class DesktopNotificationDelegate;
93 class DevToolsManagerDelegate;
94 class ExternalVideoSurfaceContainer;
95 class LocationProvider;
97 class QuotaPermissionContext;
98 class RenderFrameHost;
99 class RenderProcessHost;
100 class RenderViewHost;
101 class ResourceContext;
103 class SpeechRecognitionManagerDelegate;
104 class VibrationProvider;
106 class WebContentsViewDelegate;
107 struct MainFunctionParams;
109 struct ShowDesktopNotificationHostMsgParams;
110 struct WebPreferences;
112 // A mapping from the scheme name to the protocol handler that services its
115 std::string, linked_ptr<net::URLRequestJobFactory::ProtocolHandler> >
118 // A scoped vector of protocol interceptors.
119 typedef ScopedVector<net::URLRequestInterceptor>
120 URLRequestInterceptorScopedVector;
122 // Embedder API (or SPI) for participating in browser logic, to be implemented
123 // by the client of the content browser. See ChromeContentBrowserClient for the
124 // principal implementation. The methods are assumed to be called on the UI
125 // thread unless otherwise specified. Use this "escape hatch" sparingly, to
126 // avoid the embedder interface ballooning and becoming very specific to Chrome.
127 // (Often, the call out to the client can happen in a different part of the code
128 // that either already has a hook out to the embedder, or calls out to one of
129 // the observer interfaces.)
130 class CONTENT_EXPORT ContentBrowserClient {
132 virtual ~ContentBrowserClient() {}
134 // Allows the embedder to set any number of custom BrowserMainParts
135 // implementations for the browser startup code. See comments in
136 // browser_main_parts.h.
137 virtual BrowserMainParts* CreateBrowserMainParts(
138 const MainFunctionParams& parameters);
140 // If content creates the WebContentsView implementation, it will ask the
141 // embedder to return an (optional) delegate to customize it. The view will
143 virtual WebContentsViewDelegate* GetWebContentsViewDelegate(
144 WebContents* web_contents);
146 // Notifies that a render process will be created. This is called before
147 // the content layer adds its own BrowserMessageFilters, so that the
148 // embedder's IPC filters have priority.
149 virtual void RenderProcessWillLaunch(RenderProcessHost* host) {}
151 // Notifies that a BrowserChildProcessHost has been created.
152 virtual void BrowserChildProcessHostCreated(BrowserChildProcessHost* host) {}
154 // Get the effective URL for the given actual URL, to allow an embedder to
155 // group different url schemes in the same SiteInstance.
156 virtual GURL GetEffectiveURL(BrowserContext* browser_context,
159 // Returns whether all instances of the specified effective URL should be
160 // rendered by the same process, rather than using process-per-site-instance.
161 virtual bool ShouldUseProcessPerSite(BrowserContext* browser_context,
162 const GURL& effective_url);
164 // Returns a list additional WebUI schemes, if any. These additional schemes
165 // act as aliases to the chrome: scheme. The additional schemes may or may
166 // not serve specific WebUI pages depending on the particular URLDataSource
167 // and its override of URLDataSource::ShouldServiceRequest. For all schemes
168 // returned here, view-source is allowed.
169 virtual void GetAdditionalWebUISchemes(
170 std::vector<std::string>* additional_schemes) {}
172 // Returns a list of webUI hosts to ignore the storage partition check in
173 // URLRequestChromeJob::CheckStoragePartitionMatches.
174 virtual void GetAdditionalWebUIHostsToIgnoreParititionCheck(
175 std::vector<std::string>* hosts) {}
177 // Creates the main net::URLRequestContextGetter. Should only be called once
178 // per ContentBrowserClient object.
179 // TODO(ajwong): Remove once http://crbug.com/159193 is resolved.
180 virtual net::URLRequestContextGetter* CreateRequestContext(
181 BrowserContext* browser_context,
182 ProtocolHandlerMap* protocol_handlers,
183 URLRequestInterceptorScopedVector request_interceptors);
185 // Creates the net::URLRequestContextGetter for a StoragePartition. Should
186 // only be called once per partition_path per ContentBrowserClient object.
187 // TODO(ajwong): Remove once http://crbug.com/159193 is resolved.
188 virtual net::URLRequestContextGetter* CreateRequestContextForStoragePartition(
189 BrowserContext* browser_context,
190 const base::FilePath& partition_path,
192 ProtocolHandlerMap* protocol_handlers,
193 URLRequestInterceptorScopedVector request_interceptors);
195 // Returns whether a specified URL is handled by the embedder's internal
196 // protocol handlers.
197 virtual bool IsHandledURL(const GURL& url);
199 // Returns whether the given process is allowed to commit |url|. This is a
200 // more conservative check than IsSuitableHost, since it is used after a
201 // navigation has committed to ensure that the process did not exceed its
203 virtual bool CanCommitURL(RenderProcessHost* process_host, const GURL& url);
205 // Returns whether a URL should be allowed to open from a specific context.
206 // This also applies in cases where the new URL will open in another process.
207 virtual bool ShouldAllowOpenURL(SiteInstance* site_instance, const GURL& url);
209 // Returns whether a new view for a given |site_url| can be launched in a
210 // given |process_host|.
211 virtual bool IsSuitableHost(RenderProcessHost* process_host,
212 const GURL& site_url);
214 // Returns whether a new view for a new site instance can be added to a
215 // given |process_host|.
216 virtual bool MayReuseHost(RenderProcessHost* process_host);
218 // Returns whether a new process should be created or an existing one should
219 // be reused based on the URL we want to load. This should return false,
220 // unless there is a good reason otherwise.
221 virtual bool ShouldTryToUseExistingProcessHost(
222 BrowserContext* browser_context, const GURL& url);
224 // Called when a site instance is first associated with a process.
225 virtual void SiteInstanceGotProcess(SiteInstance* site_instance) {}
227 // Called from a site instance's destructor.
228 virtual void SiteInstanceDeleting(SiteInstance* site_instance) {}
230 // Returns true if for the navigation from |current_url| to |new_url|
231 // in |site_instance|, a new SiteInstance and BrowsingInstance should be
232 // created (even if we are in a process model that doesn't usually swap.)
233 // This forces a process swap and severs script connections with existing
235 virtual bool ShouldSwapBrowsingInstancesForNavigation(
236 SiteInstance* site_instance,
237 const GURL& current_url,
238 const GURL& new_url);
240 // Returns true if the given navigation redirect should cause a renderer
242 // This is called on the IO thread.
243 virtual bool ShouldSwapProcessesForRedirect(ResourceContext* resource_context,
244 const GURL& current_url,
245 const GURL& new_url);
247 // Returns true if the passed in URL should be assigned as the site of the
248 // current SiteInstance, if it does not yet have a site.
249 virtual bool ShouldAssignSiteForURL(const GURL& url);
251 // See CharacterEncoding's comment.
252 virtual std::string GetCanonicalEncodingNameByAliasName(
253 const std::string& alias_name);
255 // Allows the embedder to pass extra command line flags.
256 // switches::kProcessType will already be set at this point.
257 virtual void AppendExtraCommandLineSwitches(base::CommandLine* command_line,
258 int child_process_id) {}
260 // Returns the locale used by the application.
261 // This is called on the UI and IO threads.
262 virtual std::string GetApplicationLocale();
264 // Returns the languages used in the Accept-Languages HTTP header.
265 // (Not called GetAcceptLanguages so it doesn't clash with win32).
266 virtual std::string GetAcceptLangs(BrowserContext* context);
268 // Returns the default favicon. The callee doesn't own the given bitmap.
269 virtual const gfx::ImageSkia* GetDefaultFavicon();
271 // Allow the embedder to control if an AppCache can be used for the given url.
272 // This is called on the IO thread.
273 virtual bool AllowAppCache(const GURL& manifest_url,
274 const GURL& first_party,
275 ResourceContext* context);
277 // Allow the embedder to control if the given cookie can be read.
278 // This is called on the IO thread.
279 virtual bool AllowGetCookie(const GURL& url,
280 const GURL& first_party,
281 const net::CookieList& cookie_list,
282 ResourceContext* context,
283 int render_process_id,
284 int render_frame_id);
286 // Allow the embedder to control if the given cookie can be set.
287 // This is called on the IO thread.
288 virtual bool AllowSetCookie(const GURL& url,
289 const GURL& first_party,
290 const std::string& cookie_line,
291 ResourceContext* context,
292 int render_process_id,
294 net::CookieOptions* options);
296 // This is called on the IO thread.
297 virtual bool AllowSaveLocalState(ResourceContext* context);
299 // Allow the embedder to control if access to web database by a shared worker
300 // is allowed. |render_frame| is a vector of pairs of
301 // RenderProcessID/RenderFrameID of RenderFrame that are using this worker.
302 // This is called on the IO thread.
303 virtual bool AllowWorkerDatabase(
305 const base::string16& name,
306 const base::string16& display_name,
307 unsigned long estimated_size,
308 ResourceContext* context,
309 const std::vector<std::pair<int, int> >& render_frames);
311 // Allow the embedder to control if access to file system by a shared worker
313 // This is called on the IO thread.
314 virtual void AllowWorkerFileSystem(
316 ResourceContext* context,
317 const std::vector<std::pair<int, int> >& render_frames,
318 base::Callback<void(bool)> callback);
320 // Allow the embedder to control if access to IndexedDB by a shared worker
322 // This is called on the IO thread.
323 virtual bool AllowWorkerIndexedDB(
325 const base::string16& name,
326 ResourceContext* context,
327 const std::vector<std::pair<int, int> >& render_frames);
329 // Allow the embedder to override the request context based on the URL for
330 // certain operations, like cookie access. Returns NULL to indicate the
331 // regular request context should be used.
332 // This is called on the IO thread.
333 virtual net::URLRequestContext* OverrideRequestContextForURL(
334 const GURL& url, ResourceContext* context);
336 // Allow the embedder to specify a string version of the storage partition
337 // config with a site.
338 virtual std::string GetStoragePartitionIdForSite(
339 BrowserContext* browser_context,
342 // Allows the embedder to provide a validation check for |partition_id|s.
343 // This domain of valid entries should match the range of outputs for
344 // GetStoragePartitionIdForChildProcess().
345 virtual bool IsValidStoragePartitionId(BrowserContext* browser_context,
346 const std::string& partition_id);
348 // Allows the embedder to provide a storage parititon configuration for a
349 // site. A storage partition configuration includes a domain of the embedder's
350 // choice, an optional name within that domain, and whether the partition is
353 // If |can_be_default| is false, the caller is telling the embedder that the
354 // |site| is known to not be in the default partition. This is useful in
355 // some shutdown situations where the bookkeeping logic that maps sites to
356 // their partition configuration are no longer valid.
358 // The |partition_domain| is [a-z]* UTF-8 string, specifying the domain in
359 // which partitions live (similar to namespace). Within a domain, partitions
360 // can be uniquely identified by the combination of |partition_name| and
361 // |in_memory| values. When a partition is not to be persisted, the
362 // |in_memory| value must be set to true.
363 virtual void GetStoragePartitionConfigForSite(
364 BrowserContext* browser_context,
367 std::string* partition_domain,
368 std::string* partition_name,
371 // Create and return a new quota permission context.
372 virtual QuotaPermissionContext* CreateQuotaPermissionContext();
374 // Informs the embedder that a certificate error has occured. If
375 // |overridable| is true and if |strict_enforcement| is false, the user
376 // can ignore the error and continue. The embedder can call the callback
377 // asynchronously. If |result| is not set to
378 // CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE, the request will be cancelled
379 // or denied immediately, and the callback won't be run.
380 virtual void AllowCertificateError(int render_process_id,
383 const net::SSLInfo& ssl_info,
384 const GURL& request_url,
385 ResourceType resource_type,
387 bool strict_enforcement,
388 bool expired_previous_decision,
389 const base::Callback<void(bool)>& callback,
390 CertificateRequestResultType* result) {}
392 // Selects a SSL client certificate and returns it to the |callback|. If no
393 // certificate was selected NULL is returned to the |callback|.
394 virtual void SelectClientCertificate(
395 int render_process_id,
397 const net::HttpNetworkSession* network_session,
398 net::SSLCertRequestInfo* cert_request_info,
399 const base::Callback<void(net::X509Certificate*)>& callback) {}
401 // Adds a new installable certificate or private key.
402 // Typically used to install an X.509 user certificate.
403 // Note that it's up to the embedder to verify that the data is
404 // well-formed. |cert_data| will be NULL if |cert_size| is 0.
405 virtual void AddCertificate(net::CertificateMimeType cert_type,
406 const void* cert_data,
408 int render_process_id,
409 int render_frame_id) {}
411 // Returns a class to get notifications about media event. The embedder can
412 // return NULL if they're not interested.
413 virtual MediaObserver* GetMediaObserver();
415 // Asks permission to show desktop notifications. |callback| needs to be run
416 // when the user approves the request.
417 virtual void RequestDesktopNotificationPermission(
418 const GURL& source_origin,
419 RenderFrameHost* render_frame_host,
420 const base::Callback<void(blink::WebNotificationPermission)>& callback) {}
422 // Checks if the given page has permission to show desktop notifications.
423 // This is called on the IO thread.
424 virtual blink::WebNotificationPermission
425 CheckDesktopNotificationPermission(
426 const GURL& source_url,
427 ResourceContext* context,
428 int render_process_id);
430 // Show a desktop notification. If |cancel_callback| is non-null, it's set to
431 // a callback which can be used to cancel the notification.
432 virtual void ShowDesktopNotification(
433 const ShowDesktopNotificationHostMsgParams& params,
434 RenderFrameHost* render_frame_host,
435 scoped_ptr<DesktopNotificationDelegate> delegate,
436 base::Closure* cancel_callback) {}
438 // The renderer is requesting permission to use Geolocation. When the answer
439 // to a permission request has been determined, |result_callback| should be
440 // called with the result. If |cancel_callback| is non-null, it's set to a
441 // callback which can be used to cancel the permission request.
442 virtual void RequestGeolocationPermission(
443 WebContents* web_contents,
445 const GURL& requesting_frame,
447 base::Callback<void(bool)> result_callback,
448 base::Closure* cancel_callback);
450 // Invoked when the Geolocation API uses its permission.
451 virtual void DidUseGeolocationPermission(WebContents* web_contents,
452 const GURL& frame_url,
453 const GURL& main_frame_url) {}
455 // Requests a permission to use system exclusive messages in MIDI events.
456 // |result_callback| will be invoked when the request is resolved. If
457 // |cancel_callback| is non-null, it's set to a callback which can be used to
458 // cancel the permission request.
459 virtual void RequestMidiSysExPermission(
460 WebContents* web_contents,
462 const GURL& requesting_frame,
464 base::Callback<void(bool)> result_callback,
465 base::Closure* cancel_callback);
467 // Request permission to access protected media identifier. |result_callback
468 // will tell whether it's permitted. If |cancel_callback| is non-null, it's
469 // set to a callback which can be used to cancel the permission request.
470 virtual void RequestProtectedMediaIdentifierPermission(
471 WebContents* web_contents,
473 base::Callback<void(bool)> result_callback,
474 base::Closure* cancel_callback);
476 // Returns true if the given page is allowed to open a window of the given
477 // type. If true is returned, |no_javascript_access| will indicate whether
478 // the window that is created should be scriptable/in the same process.
479 // This is called on the IO thread.
480 virtual bool CanCreateWindow(const GURL& opener_url,
481 const GURL& opener_top_level_frame_url,
482 const GURL& source_origin,
483 WindowContainerType container_type,
484 const GURL& target_url,
485 const Referrer& referrer,
486 WindowOpenDisposition disposition,
487 const blink::WebWindowFeatures& features,
489 bool opener_suppressed,
490 ResourceContext* context,
491 int render_process_id,
493 bool* no_javascript_access);
495 // Notifies the embedder that the ResourceDispatcherHost has been created.
496 // This is when it can optionally add a delegate.
497 virtual void ResourceDispatcherHostCreated() {}
499 // Allows the embedder to return a delegate for the SpeechRecognitionManager.
500 // The delegate will be owned by the manager. It's valid to return NULL.
501 virtual SpeechRecognitionManagerDelegate*
502 GetSpeechRecognitionManagerDelegate();
504 // Getters for common objects.
505 virtual net::NetLog* GetNetLog();
507 // Creates a new AccessTokenStore for gelocation.
508 virtual AccessTokenStore* CreateAccessTokenStore();
510 // Returns true if fast shutdown is possible.
511 virtual bool IsFastShutdownPossible();
513 // Called by WebContents to override the WebKit preferences that are used by
514 // the renderer. The content layer will add its own settings, and then it's up
515 // to the embedder to update it if it wants.
516 virtual void OverrideWebkitPrefs(RenderViewHost* render_view_host,
518 WebPreferences* prefs) {}
520 // Notifies that BrowserURLHandler has been created, so that the embedder can
521 // optionally add their own handlers.
522 virtual void BrowserURLHandlerCreated(BrowserURLHandler* handler) {}
524 // Clears browser cache.
525 virtual void ClearCache(RenderViewHost* rvh) {}
527 // Clears browser cookies.
528 virtual void ClearCookies(RenderViewHost* rvh) {}
530 // Returns the default download directory.
531 // This can be called on any thread.
532 virtual base::FilePath GetDefaultDownloadDirectory();
534 // Returns the default filename used in downloads when we have no idea what
535 // else we should do with the file.
536 virtual std::string GetDefaultDownloadName();
538 // Notification that a pepper plugin has just been spawned. This allows the
539 // embedder to add filters onto the host to implement interfaces.
540 // This is called on the IO thread.
541 virtual void DidCreatePpapiPlugin(BrowserPpapiHost* browser_host) {}
543 // Gets the host for an external out-of-process plugin.
544 virtual BrowserPpapiHost* GetExternalBrowserPpapiHost(
545 int plugin_child_id);
547 // Returns true if the socket operation specified by |params| is allowed from
548 // the given |browser_context| and |url|. If |params| is NULL, this method
549 // checks the basic "socket" permission, which is for those operations that
550 // don't require a specific socket permission rule.
551 // |private_api| indicates whether this permission check is for the private
552 // Pepper socket API or the public one.
553 virtual bool AllowPepperSocketAPI(BrowserContext* browser_context,
556 const SocketPermissionRequest* params);
558 // Returns an implementation of a file selecition policy. Can return NULL.
559 virtual ui::SelectFilePolicy* CreateSelectFilePolicy(
560 WebContents* web_contents);
562 // Returns additional allowed scheme set which can access files in
564 virtual void GetAdditionalAllowedSchemesForFileSystem(
565 std::vector<std::string>* additional_schemes) {}
567 // Returns auto mount handlers for URL requests for FileSystem APIs.
568 virtual void GetURLRequestAutoMountHandlers(
569 std::vector<storage::URLRequestAutoMountHandler>* handlers) {}
571 // Returns additional file system backends for FileSystem API.
572 // |browser_context| is needed in the additional FileSystemBackends.
573 // It has mount points to create objects returned by additional
574 // FileSystemBackends, and SpecialStoragePolicy for permission granting.
575 virtual void GetAdditionalFileSystemBackends(
576 BrowserContext* browser_context,
577 const base::FilePath& storage_partition_path,
578 ScopedVector<storage::FileSystemBackend>* additional_backends) {}
580 // Allows an embedder to return its own LocationProvider implementation.
581 // Return NULL to use the default one for the platform to be created.
582 // FYI: Used by an external project; please don't remove.
583 // Contact Viatcheslav Ostapenko at sl.ostapenko@samsung.com for more
585 virtual LocationProvider* OverrideSystemLocationProvider();
587 // Allows an embedder to return its own VibrationProvider implementation.
588 // Return NULL to use the default one for the platform to be created.
589 // FYI: Used by an external project; please don't remove.
590 // Contact Viatcheslav Ostapenko at sl.ostapenko@samsung.com for more
592 virtual VibrationProvider* OverrideVibrationProvider();
594 // Creates a new DevToolsManagerDelegate. The caller owns the returned value.
595 // It's valid to return NULL.
596 virtual DevToolsManagerDelegate* GetDevToolsManagerDelegate();
598 // Returns true if plugin referred to by the url can use
599 // pp::FileIO::RequestOSFileHandle.
600 virtual bool IsPluginAllowedToCallRequestOSFileHandle(
601 BrowserContext* browser_context,
604 // Returns true if dev channel APIs are available for plugins.
605 virtual bool IsPluginAllowedToUseDevChannelAPIs(
606 BrowserContext* browser_context,
609 // Returns a special cookie store to use for a given render process, or NULL
610 // if the default cookie store should be used
611 // This is called on the IO thread.
612 virtual net::CookieStore* OverrideCookieStoreForRenderProcess(
613 int render_process_id);
615 #if defined(OS_POSIX) && !defined(OS_MACOSX)
616 // Populates |mappings| with all files that need to be mapped before launching
618 virtual void GetAdditionalMappedFilesForChildProcess(
619 const base::CommandLine& command_line,
620 int child_process_id,
621 std::vector<FileDescriptorInfo>* mappings) {}
625 // Returns the name of the dll that contains cursors and other resources.
626 virtual const wchar_t* GetResourceDllName();
628 // This is called on the PROCESS_LAUNCHER thread before the renderer process
629 // is launched. It gives the embedder a chance to add loosen the sandbox
631 virtual void PreSpawnRenderer(sandbox::TargetPolicy* policy,
635 #if defined(VIDEO_HOLE)
636 // Allows an embedder to provide its own ExternalVideoSurfaceContainer
637 // implementation. Return NULL to disable external surface video.
638 virtual ExternalVideoSurfaceContainer*
639 OverrideCreateExternalVideoSurfaceContainer(WebContents* web_contents);
642 // Checks if |security_origin| has permission to access the microphone or
643 // camera. Note that this does not query the user. |type| must be
644 // MEDIA_DEVICE_AUDIO_CAPTURE or MEDIA_DEVICE_VIDEO_CAPTURE.
645 virtual bool CheckMediaAccessPermission(BrowserContext* browser_context,
646 const GURL& security_origin,
647 MediaStreamType type);
650 } // namespace content
652 #endif // CONTENT_PUBLIC_BROWSER_CONTENT_BROWSER_CLIENT_H_