1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // See http://dev.chromium.org/developers/design-documents/multi-process-resource-loading
7 #include "content/browser/loader/resource_dispatcher_host_impl.h"
13 #include "base/bind.h"
14 #include "base/bind_helpers.h"
15 #include "base/command_line.h"
16 #include "base/compiler_specific.h"
17 #include "base/debug/alias.h"
18 #include "base/logging.h"
19 #include "base/memory/scoped_ptr.h"
20 #include "base/memory/shared_memory.h"
21 #include "base/message_loop/message_loop.h"
22 #include "base/metrics/histogram.h"
23 #include "base/metrics/sparse_histogram.h"
24 #include "base/stl_util.h"
25 #include "base/third_party/dynamic_annotations/dynamic_annotations.h"
26 #include "content/browser/appcache/appcache_interceptor.h"
27 #include "content/browser/appcache/chrome_appcache_service.h"
28 #include "content/browser/cert_store_impl.h"
29 #include "content/browser/child_process_security_policy_impl.h"
30 #include "content/browser/cross_site_request_manager.h"
31 #include "content/browser/download/download_resource_handler.h"
32 #include "content/browser/download/save_file_manager.h"
33 #include "content/browser/download/save_file_resource_handler.h"
34 #include "content/browser/fileapi/chrome_blob_storage_context.h"
35 #include "content/browser/loader/async_resource_handler.h"
36 #include "content/browser/loader/buffered_resource_handler.h"
37 #include "content/browser/loader/cross_site_resource_handler.h"
38 #include "content/browser/loader/detachable_resource_handler.h"
39 #include "content/browser/loader/power_save_block_resource_throttle.h"
40 #include "content/browser/loader/redirect_to_file_resource_handler.h"
41 #include "content/browser/loader/resource_message_filter.h"
42 #include "content/browser/loader/resource_request_info_impl.h"
43 #include "content/browser/loader/stream_resource_handler.h"
44 #include "content/browser/loader/sync_resource_handler.h"
45 #include "content/browser/loader/throttling_resource_handler.h"
46 #include "content/browser/loader/upload_data_stream_builder.h"
47 #include "content/browser/plugin_service_impl.h"
48 #include "content/browser/renderer_host/render_view_host_delegate.h"
49 #include "content/browser/renderer_host/render_view_host_impl.h"
50 #include "content/browser/resource_context_impl.h"
51 #include "content/browser/service_worker/service_worker_request_handler.h"
52 #include "content/browser/streams/stream.h"
53 #include "content/browser/streams/stream_context.h"
54 #include "content/browser/streams/stream_registry.h"
55 #include "content/browser/worker_host/worker_service_impl.h"
56 #include "content/browser/web_contents/web_contents_impl.h"
57 #include "content/common/resource_messages.h"
58 #include "content/common/resource_request_body.h"
59 #include "content/common/ssl_status_serialization.h"
60 #include "content/common/view_messages.h"
61 #include "content/public/browser/browser_thread.h"
62 #include "content/public/browser/content_browser_client.h"
63 #include "content/public/browser/download_manager.h"
64 #include "content/public/browser/download_url_parameters.h"
65 #include "content/public/browser/global_request_id.h"
66 #include "content/public/browser/resource_dispatcher_host_delegate.h"
67 #include "content/public/browser/resource_request_details.h"
68 #include "content/public/browser/resource_throttle.h"
69 #include "content/public/browser/stream_handle.h"
70 #include "content/public/browser/user_metrics.h"
71 #include "content/public/common/content_switches.h"
72 #include "content/public/common/process_type.h"
73 #include "content/public/common/url_constants.h"
74 #include "ipc/ipc_message_macros.h"
75 #include "ipc/ipc_message_start.h"
76 #include "net/base/auth.h"
77 #include "net/base/load_flags.h"
78 #include "net/base/mime_util.h"
79 #include "net/base/net_errors.h"
80 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
81 #include "net/base/request_priority.h"
82 #include "net/base/upload_data_stream.h"
83 #include "net/cert/cert_status_flags.h"
84 #include "net/cookies/cookie_monster.h"
85 #include "net/http/http_response_headers.h"
86 #include "net/http/http_response_info.h"
87 #include "net/ssl/ssl_cert_request_info.h"
88 #include "net/url_request/url_request.h"
89 #include "net/url_request/url_request_context.h"
90 #include "net/url_request/url_request_job_factory.h"
91 #include "webkit/common/blob/blob_data.h"
92 #include "webkit/browser/blob/blob_data_handle.h"
93 #include "webkit/browser/blob/blob_storage_context.h"
94 #include "webkit/browser/blob/blob_url_request_job_factory.h"
95 #include "webkit/browser/fileapi/file_permission_policy.h"
96 #include "webkit/browser/fileapi/file_system_context.h"
97 #include "webkit/common/appcache/appcache_interfaces.h"
98 #include "webkit/common/blob/shareable_file_reference.h"
101 using base::TimeDelta;
102 using base::TimeTicks;
103 using webkit_blob::ShareableFileReference;
105 // ----------------------------------------------------------------------------
111 static ResourceDispatcherHostImpl* g_resource_dispatcher_host;
113 // The interval for calls to ResourceDispatcherHostImpl::UpdateLoadStates
114 const int kUpdateLoadStatesIntervalMsec = 100;
116 // Maximum byte "cost" of all the outstanding requests for a renderer.
117 // See delcaration of |max_outstanding_requests_cost_per_process_| for details.
118 // This bound is 25MB, which allows for around 6000 outstanding requests.
119 const int kMaxOutstandingRequestsCostPerProcess = 26214400;
121 // The number of milliseconds after noting a user gesture that we will
122 // tag newly-created URLRequest objects with the
123 // net::LOAD_MAYBE_USER_GESTURE load flag. This is a fairly arbitrary
124 // guess at how long to expect direct impact from a user gesture, but
125 // this should be OK as the load flag is a best-effort thing only,
126 // rather than being intended as fully accurate.
127 const int kUserGestureWindowMs = 3500;
129 // Ratio of |max_num_in_flight_requests_| that any one renderer is allowed to
130 // use. Arbitrarily chosen.
131 const double kMaxRequestsPerProcessRatio = 0.45;
133 // TODO(jkarlin): The value is high to reduce the chance of the detachable
134 // request timing out, forcing a blocked second request to open a new connection
135 // and start over. Reduce this value once we have a better idea of what it
136 // should be and once we stop blocking multiple simultaneous requests for the
137 // same resource (see bugs 46104 and 31014).
138 const int kDefaultDetachableCancelDelayMs = 30000;
140 bool IsDetachableResourceType(ResourceType::Type type) {
142 case ResourceType::PREFETCH:
143 case ResourceType::PING:
150 // Aborts a request before an URLRequest has actually been created.
151 void AbortRequestBeforeItStarts(ResourceMessageFilter* filter,
152 IPC::Message* sync_result,
155 SyncLoadResult result;
156 result.error_code = net::ERR_ABORTED;
157 ResourceHostMsg_SyncLoad::WriteReplyParams(sync_result, result);
158 filter->Send(sync_result);
160 // Tell the renderer that this request was disallowed.
161 ResourceMsg_RequestCompleteData request_complete_data;
162 request_complete_data.error_code = net::ERR_ABORTED;
163 request_complete_data.was_ignored_by_handler = false;
164 request_complete_data.exists_in_cache = false;
165 // No security info needed, connection not established.
166 request_complete_data.completion_time = base::TimeTicks();
167 request_complete_data.encoded_data_length = 0;
168 filter->Send(new ResourceMsg_RequestComplete(
169 request_id, request_complete_data));
173 void SetReferrerForRequest(net::URLRequest* request, const Referrer& referrer) {
174 if (!referrer.url.is_valid() ||
175 CommandLine::ForCurrentProcess()->HasSwitch(switches::kNoReferrers)) {
176 request->SetReferrer(std::string());
178 request->SetReferrer(referrer.url.spec());
181 net::URLRequest::ReferrerPolicy net_referrer_policy =
182 net::URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE;
183 switch (referrer.policy) {
184 case blink::WebReferrerPolicyDefault:
185 net_referrer_policy =
186 net::URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE;
188 case blink::WebReferrerPolicyAlways:
189 case blink::WebReferrerPolicyNever:
190 case blink::WebReferrerPolicyOrigin:
191 net_referrer_policy = net::URLRequest::NEVER_CLEAR_REFERRER;
194 request->set_referrer_policy(net_referrer_policy);
197 // Consults the RendererSecurity policy to determine whether the
198 // ResourceDispatcherHostImpl should service this request. A request might be
199 // disallowed if the renderer is not authorized to retrieve the request URL or
200 // if the renderer is attempting to upload an unauthorized file.
201 bool ShouldServiceRequest(int process_type,
203 const ResourceHostMsg_Request& request_data,
204 fileapi::FileSystemContext* file_system_context) {
205 if (process_type == PROCESS_TYPE_PLUGIN)
208 ChildProcessSecurityPolicyImpl* policy =
209 ChildProcessSecurityPolicyImpl::GetInstance();
211 // Check if the renderer is permitted to request the requested URL.
212 if (!policy->CanRequestURL(child_id, request_data.url)) {
213 VLOG(1) << "Denied unauthorized request for "
214 << request_data.url.possibly_invalid_spec();
218 // Check if the renderer is permitted to upload the requested files.
219 if (request_data.request_body.get()) {
220 const std::vector<ResourceRequestBody::Element>* uploads =
221 request_data.request_body->elements();
222 std::vector<ResourceRequestBody::Element>::const_iterator iter;
223 for (iter = uploads->begin(); iter != uploads->end(); ++iter) {
224 if (iter->type() == ResourceRequestBody::Element::TYPE_FILE &&
225 !policy->CanReadFile(child_id, iter->path())) {
226 NOTREACHED() << "Denied unauthorized upload of "
227 << iter->path().value();
230 if (iter->type() == ResourceRequestBody::Element::TYPE_FILE_FILESYSTEM) {
231 fileapi::FileSystemURL url =
232 file_system_context->CrackURL(iter->filesystem_url());
233 if (!policy->CanReadFileSystemFile(child_id, url)) {
234 NOTREACHED() << "Denied unauthorized upload of "
235 << iter->filesystem_url().spec();
245 void RemoveDownloadFileFromChildSecurityPolicy(int child_id,
246 const base::FilePath& path) {
247 ChildProcessSecurityPolicyImpl::GetInstance()->RevokeAllPermissionsForFile(
252 #pragma warning(disable: 4748)
253 #pragma optimize("", off)
257 #pragma optimize("", on)
258 #pragma warning(default: 4748)
261 DownloadInterruptReason CallbackAndReturn(
262 const DownloadUrlParameters::OnStartedCallback& started_cb,
263 DownloadInterruptReason interrupt_reason) {
264 if (started_cb.is_null())
265 return interrupt_reason;
266 BrowserThread::PostTask(
270 started_cb, static_cast<DownloadItem*>(NULL), interrupt_reason));
272 return interrupt_reason;
275 int GetCertID(net::URLRequest* request, int child_id) {
276 if (request->ssl_info().cert.get()) {
277 return CertStore::GetInstance()->StoreCert(request->ssl_info().cert.get(),
283 void NotifyRedirectOnUI(int render_process_id,
284 int render_frame_host,
285 scoped_ptr<ResourceRedirectDetails> details) {
286 RenderFrameHostImpl* host =
287 RenderFrameHostImpl::FromID(render_process_id, render_frame_host);
288 WebContentsImpl* web_contents =
289 static_cast<WebContentsImpl*>(WebContents::FromRenderFrameHost(host));
292 web_contents->DidGetRedirectForResourceRequest(
293 host->render_view_host(), *details.get());
296 void NotifyResponseOnUI(int render_process_id,
297 int render_frame_host,
298 scoped_ptr<ResourceRequestDetails> details) {
299 RenderFrameHostImpl* host =
300 RenderFrameHostImpl::FromID(render_process_id, render_frame_host);
301 WebContentsImpl* web_contents =
302 static_cast<WebContentsImpl*>(WebContents::FromRenderFrameHost(host));
305 web_contents->DidGetResourceResponseStart(*details.get());
309 const net::SignedCertificateTimestampAndStatus& sct_status) {
310 return sct_status.status == net::ct::SCT_STATUS_OK;
316 ResourceDispatcherHost* ResourceDispatcherHost::Get() {
317 return g_resource_dispatcher_host;
320 ResourceDispatcherHostImpl::ResourceDispatcherHostImpl()
321 : save_file_manager_(new SaveFileManager()),
324 num_in_flight_requests_(0),
325 max_num_in_flight_requests_(base::SharedMemory::GetHandleLimit()),
326 max_num_in_flight_requests_per_process_(
328 max_num_in_flight_requests_ * kMaxRequestsPerProcessRatio)),
329 max_outstanding_requests_cost_per_process_(
330 kMaxOutstandingRequestsCostPerProcess),
333 allow_cross_origin_auth_prompt_(false) {
334 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
335 DCHECK(!g_resource_dispatcher_host);
336 g_resource_dispatcher_host = this;
338 GetContentClient()->browser()->ResourceDispatcherHostCreated();
340 ANNOTATE_BENIGN_RACE(
341 &last_user_gesture_time_,
342 "We don't care about the precise value, see http://crbug.com/92889");
344 BrowserThread::PostTask(BrowserThread::IO,
346 base::Bind(&ResourceDispatcherHostImpl::OnInit,
347 base::Unretained(this)));
349 update_load_states_timer_.reset(
350 new base::RepeatingTimer<ResourceDispatcherHostImpl>());
353 ResourceDispatcherHostImpl::~ResourceDispatcherHostImpl() {
354 DCHECK(outstanding_requests_stats_map_.empty());
355 DCHECK(g_resource_dispatcher_host);
356 g_resource_dispatcher_host = NULL;
360 ResourceDispatcherHostImpl* ResourceDispatcherHostImpl::Get() {
361 return g_resource_dispatcher_host;
364 void ResourceDispatcherHostImpl::SetDelegate(
365 ResourceDispatcherHostDelegate* delegate) {
366 delegate_ = delegate;
369 void ResourceDispatcherHostImpl::SetAllowCrossOriginAuthPrompt(bool value) {
370 allow_cross_origin_auth_prompt_ = value;
373 void ResourceDispatcherHostImpl::AddResourceContext(ResourceContext* context) {
374 active_resource_contexts_.insert(context);
377 void ResourceDispatcherHostImpl::RemoveResourceContext(
378 ResourceContext* context) {
379 CHECK(ContainsKey(active_resource_contexts_, context));
380 active_resource_contexts_.erase(context);
383 void ResourceDispatcherHostImpl::CancelRequestsForContext(
384 ResourceContext* context) {
385 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
388 CHECK(ContainsKey(active_resource_contexts_, context));
390 // Note that request cancellation has side effects. Therefore, we gather all
391 // the requests to cancel first, and then we start cancelling. We assert at
392 // the end that there are no more to cancel since the context is about to go
394 typedef std::vector<linked_ptr<ResourceLoader> > LoaderList;
395 LoaderList loaders_to_cancel;
397 for (LoaderMap::iterator i = pending_loaders_.begin();
398 i != pending_loaders_.end();) {
399 if (i->second->GetRequestInfo()->GetContext() == context) {
400 loaders_to_cancel.push_back(i->second);
401 IncrementOutstandingRequestsMemory(-1, *i->second->GetRequestInfo());
402 pending_loaders_.erase(i++);
408 for (BlockedLoadersMap::iterator i = blocked_loaders_map_.begin();
409 i != blocked_loaders_map_.end();) {
410 BlockedLoadersList* loaders = i->second;
411 if (loaders->empty()) {
412 // This can happen if BlockRequestsForRoute() has been called for a route,
413 // but we haven't blocked any matching requests yet.
417 ResourceRequestInfoImpl* info = loaders->front()->GetRequestInfo();
418 if (info->GetContext() == context) {
419 blocked_loaders_map_.erase(i++);
420 for (BlockedLoadersList::const_iterator it = loaders->begin();
421 it != loaders->end(); ++it) {
422 linked_ptr<ResourceLoader> loader = *it;
423 info = loader->GetRequestInfo();
424 // We make the assumption that all requests on the list have the same
426 DCHECK_EQ(context, info->GetContext());
427 IncrementOutstandingRequestsMemory(-1, *info);
428 loaders_to_cancel.push_back(loader);
437 for (LoaderList::iterator i = loaders_to_cancel.begin();
438 i != loaders_to_cancel.end(); ++i) {
439 // There is no strict requirement that this be the case, but currently
440 // downloads, streams, detachable requests, and transferred requests are the
441 // only requests that aren't cancelled when the associated processes go
442 // away. It may be OK for this invariant to change in the future, but if
443 // this assertion fires without the invariant changing, then it's indicative
445 DCHECK((*i)->GetRequestInfo()->IsDownload() ||
446 (*i)->GetRequestInfo()->is_stream() ||
447 ((*i)->GetRequestInfo()->detachable_handler() &&
448 (*i)->GetRequestInfo()->detachable_handler()->is_detached()) ||
449 (*i)->is_transferring());
453 loaders_to_cancel.clear();
455 // Validate that no more requests for this context were added.
456 for (LoaderMap::const_iterator i = pending_loaders_.begin();
457 i != pending_loaders_.end(); ++i) {
458 // http://crbug.com/90971
459 CHECK_NE(i->second->GetRequestInfo()->GetContext(), context);
462 for (BlockedLoadersMap::const_iterator i = blocked_loaders_map_.begin();
463 i != blocked_loaders_map_.end(); ++i) {
464 BlockedLoadersList* loaders = i->second;
465 if (!loaders->empty()) {
466 ResourceRequestInfoImpl* info = loaders->front()->GetRequestInfo();
467 // http://crbug.com/90971
468 CHECK_NE(info->GetContext(), context);
473 DownloadInterruptReason ResourceDispatcherHostImpl::BeginDownload(
474 scoped_ptr<net::URLRequest> request,
475 const Referrer& referrer,
476 bool is_content_initiated,
477 ResourceContext* context,
481 scoped_ptr<DownloadSaveInfo> save_info,
483 const DownloadStartedCallback& started_callback) {
485 return CallbackAndReturn(started_callback,
486 DOWNLOAD_INTERRUPT_REASON_USER_SHUTDOWN);
488 const GURL& url = request->original_url();
490 // http://crbug.com/90971
492 base::strlcpy(url_buf, url.spec().c_str(), arraysize(url_buf));
493 base::debug::Alias(url_buf);
494 CHECK(ContainsKey(active_resource_contexts_, context));
496 SetReferrerForRequest(request.get(), referrer);
498 int extra_load_flags = net::LOAD_IS_DOWNLOAD;
500 // If there is upload data attached, only retrieve from cache because there
501 // is no current mechanism to prompt the user for their consent for a
502 // re-post. For GETs, try to retrieve data from the cache and skip
503 // validating the entry if present.
504 if (request->get_upload() != NULL)
505 extra_load_flags |= net::LOAD_ONLY_FROM_CACHE;
507 extra_load_flags |= net::LOAD_PREFERRING_CACHE;
509 extra_load_flags |= net::LOAD_DISABLE_CACHE;
511 request->SetLoadFlags(request->load_flags() | extra_load_flags);
513 // No need to get offline load flags for downloads, but make sure
514 // we have an OfflinePolicy to receive request completions.
515 GlobalRoutingID id(child_id, route_id);
516 if (!offline_policy_map_[id])
517 offline_policy_map_[id] = new OfflinePolicy();
519 // Check if the renderer is permitted to request the requested URL.
520 if (!ChildProcessSecurityPolicyImpl::GetInstance()->
521 CanRequestURL(child_id, url)) {
522 VLOG(1) << "Denied unauthorized download request for "
523 << url.possibly_invalid_spec();
524 return CallbackAndReturn(started_callback,
525 DOWNLOAD_INTERRUPT_REASON_NETWORK_INVALID_REQUEST);
530 const net::URLRequestContext* request_context = context->GetRequestContext();
531 if (!request_context->job_factory()->IsHandledURL(url)) {
532 VLOG(1) << "Download request for unsupported protocol: "
533 << url.possibly_invalid_spec();
534 return CallbackAndReturn(started_callback,
535 DOWNLOAD_INTERRUPT_REASON_NETWORK_INVALID_REQUEST);
538 ResourceRequestInfoImpl* extra_info =
539 CreateRequestInfo(child_id, route_id, true, context);
540 extra_info->AssociateWithRequest(request.get()); // Request takes ownership.
542 if (request->url().SchemeIs(kBlobScheme)) {
543 ChromeBlobStorageContext* blob_context =
544 GetChromeBlobStorageContextForResourceContext(context);
545 webkit_blob::BlobProtocolHandler::SetRequestedBlobDataHandle(
547 blob_context->context()->GetBlobDataFromPublicURL(request->url()));
550 // From this point forward, the |DownloadResourceHandler| is responsible for
551 // |started_callback|.
552 scoped_ptr<ResourceHandler> handler(
553 CreateResourceHandlerForDownload(request.get(), is_content_initiated,
554 true, download_id, save_info.Pass(),
557 BeginRequestInternal(request.Pass(), handler.Pass());
559 return DOWNLOAD_INTERRUPT_REASON_NONE;
562 void ResourceDispatcherHostImpl::ClearLoginDelegateForRequest(
563 net::URLRequest* request) {
564 ResourceRequestInfoImpl* info = ResourceRequestInfoImpl::ForRequest(request);
566 ResourceLoader* loader = GetLoader(info->GetGlobalRequestID());
568 loader->ClearLoginDelegate();
572 void ResourceDispatcherHostImpl::Shutdown() {
573 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
574 BrowserThread::PostTask(BrowserThread::IO,
576 base::Bind(&ResourceDispatcherHostImpl::OnShutdown,
577 base::Unretained(this)));
580 scoped_ptr<ResourceHandler>
581 ResourceDispatcherHostImpl::CreateResourceHandlerForDownload(
582 net::URLRequest* request,
583 bool is_content_initiated,
586 scoped_ptr<DownloadSaveInfo> save_info,
587 const DownloadUrlParameters::OnStartedCallback& started_cb) {
588 scoped_ptr<ResourceHandler> handler(
589 new DownloadResourceHandler(id, request, started_cb, save_info.Pass()));
591 const ResourceRequestInfo* request_info(
592 ResourceRequestInfo::ForRequest(request));
594 ScopedVector<ResourceThrottle> throttles;
595 delegate_->DownloadStarting(
596 request, request_info->GetContext(), request_info->GetChildID(),
597 request_info->GetRouteID(), request_info->GetRequestID(),
598 is_content_initiated, must_download, &throttles);
599 if (!throttles.empty()) {
601 new ThrottlingResourceHandler(
602 handler.Pass(), request, throttles.Pass()));
605 return handler.Pass();
608 scoped_ptr<ResourceHandler>
609 ResourceDispatcherHostImpl::MaybeInterceptAsStream(net::URLRequest* request,
610 ResourceResponse* response) {
611 ResourceRequestInfoImpl* info = ResourceRequestInfoImpl::ForRequest(request);
612 const std::string& mime_type = response->head.mime_type;
615 std::string target_id;
617 !delegate_->ShouldInterceptResourceAsStream(info->GetContext(),
622 return scoped_ptr<ResourceHandler>();
625 StreamContext* stream_context =
626 GetStreamContextForResourceContext(info->GetContext());
628 scoped_ptr<StreamResourceHandler> handler(
629 new StreamResourceHandler(request,
630 stream_context->registry(),
633 info->set_is_stream(true);
634 delegate_->OnStreamCreated(
639 handler->stream()->CreateHandle(
642 response->head.headers),
643 request->GetExpectedContentSize());
644 return handler.PassAs<ResourceHandler>();
647 void ResourceDispatcherHostImpl::ClearSSLClientAuthHandlerForRequest(
648 net::URLRequest* request) {
649 ResourceRequestInfoImpl* info = ResourceRequestInfoImpl::ForRequest(request);
651 ResourceLoader* loader = GetLoader(info->GetGlobalRequestID());
653 loader->ClearSSLClientAuthHandler();
657 ResourceDispatcherHostLoginDelegate*
658 ResourceDispatcherHostImpl::CreateLoginDelegate(
659 ResourceLoader* loader,
660 net::AuthChallengeInfo* auth_info) {
664 return delegate_->CreateLoginDelegate(auth_info, loader->request());
667 bool ResourceDispatcherHostImpl::HandleExternalProtocol(ResourceLoader* loader,
672 ResourceRequestInfoImpl* info = loader->GetRequestInfo();
674 if (!ResourceType::IsFrame(info->GetResourceType()))
677 const net::URLRequestJobFactory* job_factory =
678 info->GetContext()->GetRequestContext()->job_factory();
679 if (job_factory->IsHandledURL(url))
682 bool initiated_by_user_gesture =
683 (loader->request()->load_flags() & net::LOAD_MAYBE_USER_GESTURE) != 0;
684 bool handled = delegate_->HandleExternalProtocol(url, info->GetChildID(),
686 initiated_by_user_gesture);
687 // Consume the user gesture if the external protocol dialog is shown.
689 last_user_gesture_time_ = base::TimeTicks();
693 void ResourceDispatcherHostImpl::DidStartRequest(ResourceLoader* loader) {
694 // Make sure we have the load state monitor running
695 if (!update_load_states_timer_->IsRunning()) {
696 update_load_states_timer_->Start(FROM_HERE,
697 TimeDelta::FromMilliseconds(kUpdateLoadStatesIntervalMsec),
698 this, &ResourceDispatcherHostImpl::UpdateLoadStates);
702 void ResourceDispatcherHostImpl::DidReceiveRedirect(ResourceLoader* loader,
703 const GURL& new_url) {
704 ResourceRequestInfoImpl* info = loader->GetRequestInfo();
706 int render_process_id, render_frame_host;
707 if (!info->GetAssociatedRenderFrame(&render_process_id, &render_frame_host))
710 // Notify the observers on the UI thread.
711 scoped_ptr<ResourceRedirectDetails> detail(new ResourceRedirectDetails(
713 GetCertID(loader->request(), info->GetChildID()),
715 BrowserThread::PostTask(
716 BrowserThread::UI, FROM_HERE,
719 render_process_id, render_frame_host, base::Passed(&detail)));
722 void ResourceDispatcherHostImpl::DidReceiveResponse(ResourceLoader* loader) {
723 ResourceRequestInfoImpl* info = loader->GetRequestInfo();
725 if (loader->request()->was_fetched_via_proxy() &&
726 loader->request()->was_fetched_via_spdy() &&
727 loader->request()->url().SchemeIs("http")) {
728 scheduler_->OnReceivedSpdyProxiedHttpResponse(
729 info->GetChildID(), info->GetRouteID());
732 // There should be an entry in the map created when we dispatched the
733 // request unless it's been detached and the renderer has died.
734 OfflineMap::iterator policy_it(
735 offline_policy_map_.find(info->GetGlobalRoutingID()));
736 if (offline_policy_map_.end() != policy_it) {
737 policy_it->second->UpdateStateForSuccessfullyStartedRequest(
738 loader->request()->response_info());
740 // Unless detached, we should have an entry in offline_policy_map_ from
741 // when this request traversed Begin{Download,SaveFile,Request}.
742 // TODO(rdsmith): This isn't currently true; see http://crbug.com/241176.
743 DCHECK(info->detachable_handler() &&
744 info->detachable_handler()->is_detached());
747 int render_process_id, render_frame_host;
748 if (!info->GetAssociatedRenderFrame(&render_process_id, &render_frame_host))
751 // Notify the observers on the UI thread.
752 scoped_ptr<ResourceRequestDetails> detail(new ResourceRequestDetails(
754 GetCertID(loader->request(), info->GetChildID())));
755 BrowserThread::PostTask(
756 BrowserThread::UI, FROM_HERE,
759 render_process_id, render_frame_host, base::Passed(&detail)));
762 void ResourceDispatcherHostImpl::DidFinishLoading(ResourceLoader* loader) {
763 ResourceRequestInfo* info = loader->GetRequestInfo();
765 // Record final result of all resource loads.
766 if (info->GetResourceType() == ResourceType::MAIN_FRAME) {
767 // This enumeration has "3" appended to its name to distinguish it from
769 UMA_HISTOGRAM_SPARSE_SLOWLY(
770 "Net.ErrorCodesForMainFrame3",
771 -loader->request()->status().error());
773 if (loader->request()->url().SchemeIsSecure()) {
774 if (loader->request()->url().host() == "www.google.com") {
775 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.ErrorCodesForHTTPSGoogleMainFrame2",
776 -loader->request()->status().error());
779 int num_valid_scts = std::count_if(
780 loader->request()->ssl_info().signed_certificate_timestamps.begin(),
781 loader->request()->ssl_info().signed_certificate_timestamps.end(),
783 UMA_HISTOGRAM_COUNTS_100(
784 "Net.CertificateTransparency.MainFrameValidSCTCount", num_valid_scts);
787 if (info->GetResourceType() == ResourceType::IMAGE) {
788 UMA_HISTOGRAM_SPARSE_SLOWLY(
789 "Net.ErrorCodesForImages",
790 -loader->request()->status().error());
792 // This enumeration has "2" appended to distinguish it from older versions.
793 UMA_HISTOGRAM_SPARSE_SLOWLY(
794 "Net.ErrorCodesForSubresources2",
795 -loader->request()->status().error());
799 delegate_->RequestComplete(loader->request());
801 // Destroy the ResourceLoader.
802 RemovePendingRequest(info->GetChildID(), info->GetRequestID());
805 void ResourceDispatcherHostImpl::OnInit() {
806 scheduler_.reset(new ResourceScheduler);
807 AppCacheInterceptor::EnsureRegistered();
810 void ResourceDispatcherHostImpl::OnShutdown() {
811 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
814 pending_loaders_.clear();
816 // Make sure we shutdown the timer now, otherwise by the time our destructor
817 // runs if the timer is still running the Task is deleted twice (once by
818 // the MessageLoop and the second time by RepeatingTimer).
819 update_load_states_timer_.reset();
821 // Clear blocked requests if any left.
822 // Note that we have to do this in 2 passes as we cannot call
823 // CancelBlockedRequestsForRoute while iterating over
824 // blocked_loaders_map_, as it modifies it.
825 std::set<GlobalRoutingID> ids;
826 for (BlockedLoadersMap::const_iterator iter = blocked_loaders_map_.begin();
827 iter != blocked_loaders_map_.end(); ++iter) {
828 std::pair<std::set<GlobalRoutingID>::iterator, bool> result =
829 ids.insert(iter->first);
830 // We should not have duplicates.
831 DCHECK(result.second);
833 for (std::set<GlobalRoutingID>::const_iterator iter = ids.begin();
834 iter != ids.end(); ++iter) {
835 CancelBlockedRequestsForRoute(iter->child_id, iter->route_id);
841 bool ResourceDispatcherHostImpl::OnMessageReceived(
842 const IPC::Message& message,
843 ResourceMessageFilter* filter,
844 bool* message_was_ok) {
847 IPC_BEGIN_MESSAGE_MAP_EX(ResourceDispatcherHostImpl, message, *message_was_ok)
848 IPC_MESSAGE_HANDLER(ResourceHostMsg_RequestResource, OnRequestResource)
849 IPC_MESSAGE_HANDLER_DELAY_REPLY(ResourceHostMsg_SyncLoad, OnSyncLoad)
850 IPC_MESSAGE_HANDLER(ResourceHostMsg_ReleaseDownloadedFile,
851 OnReleaseDownloadedFile)
852 IPC_MESSAGE_HANDLER(ResourceHostMsg_DataDownloaded_ACK, OnDataDownloadedACK)
853 IPC_MESSAGE_HANDLER(ResourceHostMsg_UploadProgress_ACK, OnUploadProgressACK)
854 IPC_MESSAGE_HANDLER(ResourceHostMsg_CancelRequest, OnCancelRequest)
855 IPC_MESSAGE_UNHANDLED(handled = false)
856 IPC_END_MESSAGE_MAP_EX()
858 if (!handled && IPC_MESSAGE_ID_CLASS(message.type()) == ResourceMsgStart) {
859 PickleIterator iter(message);
861 bool ok = iter.ReadInt(&request_id);
863 GlobalRequestID id(filter_->child_id(), request_id);
864 DelegateMap::iterator it = delegate_map_.find(id);
865 if (it != delegate_map_.end()) {
866 ObserverList<ResourceMessageDelegate>::Iterator del_it(*it->second);
867 ResourceMessageDelegate* delegate;
868 while (!handled && (delegate = del_it.GetNext()) != NULL) {
869 handled = delegate->OnMessageReceived(message, message_was_ok);
873 // As the unhandled resource message effectively has no consumer, mark it as
874 // handled to prevent needless propagation through the filter pipeline.
882 void ResourceDispatcherHostImpl::OnRequestResource(
883 const IPC::Message& message,
885 const ResourceHostMsg_Request& request_data) {
886 BeginRequest(request_id, request_data, NULL, message.routing_id());
889 // Begins a resource request with the given params on behalf of the specified
890 // child process. Responses will be dispatched through the given receiver. The
891 // process ID is used to lookup WebContentsImpl from routing_id's in the case of
892 // a request from a renderer. request_context is the cookie/cache context to be
893 // used for this request.
895 // If sync_result is non-null, then a SyncLoad reply will be generated, else
896 // a normal asynchronous set of response messages will be generated.
897 void ResourceDispatcherHostImpl::OnSyncLoad(
899 const ResourceHostMsg_Request& request_data,
900 IPC::Message* sync_result) {
901 BeginRequest(request_id, request_data, sync_result,
902 sync_result->routing_id());
905 void ResourceDispatcherHostImpl::UpdateRequestForTransfer(
909 const ResourceHostMsg_Request& request_data,
910 const linked_ptr<ResourceLoader>& loader) {
911 ResourceRequestInfoImpl* info = loader->GetRequestInfo();
912 GlobalRoutingID old_routing_id(
913 request_data.transferred_request_child_id, info->GetRouteID());
914 GlobalRequestID old_request_id(request_data.transferred_request_child_id,
915 request_data.transferred_request_request_id);
916 GlobalRoutingID new_routing_id(child_id, route_id);
917 GlobalRequestID new_request_id(child_id, request_id);
919 // Clear out data that depends on |info| before updating it.
920 IncrementOutstandingRequestsMemory(-1, *info);
921 OustandingRequestsStats empty_stats = { 0, 0 };
922 OustandingRequestsStats old_stats = GetOutstandingRequestsStats(*info);
923 UpdateOutstandingRequestsStats(*info, empty_stats);
924 pending_loaders_.erase(old_request_id);
926 // ResourceHandlers should always get state related to the request from the
927 // ResourceRequestInfo rather than caching it locally. This lets us update
928 // the info object when a transfer occurs.
929 info->UpdateForTransfer(child_id, route_id, request_data.origin_pid,
930 request_id, request_data.parent_render_frame_id,
931 filter_->GetWeakPtr());
933 // Update maps that used the old IDs, if necessary. Some transfers in tests
934 // do not actually use a different ID, so not all maps need to be updated.
935 pending_loaders_[new_request_id] = loader;
936 UpdateOutstandingRequestsStats(*info, old_stats);
937 IncrementOutstandingRequestsMemory(1, *info);
938 if (old_routing_id != new_routing_id) {
939 if (offline_policy_map_.find(old_routing_id) != offline_policy_map_.end()) {
940 if (offline_policy_map_.find(new_routing_id) !=
941 offline_policy_map_.end())
942 delete offline_policy_map_[new_routing_id];
943 offline_policy_map_[new_routing_id] = offline_policy_map_[old_routing_id];
944 offline_policy_map_.erase(old_routing_id);
946 if (blocked_loaders_map_.find(old_routing_id) !=
947 blocked_loaders_map_.end()) {
948 blocked_loaders_map_[new_routing_id] =
949 blocked_loaders_map_[old_routing_id];
950 blocked_loaders_map_.erase(old_routing_id);
953 if (old_request_id != new_request_id) {
954 DelegateMap::iterator it = delegate_map_.find(old_request_id);
955 if (it != delegate_map_.end()) {
956 // Tell each delegate that the request ID has changed.
957 ObserverList<ResourceMessageDelegate>::Iterator del_it(*it->second);
958 ResourceMessageDelegate* delegate;
959 while ((delegate = del_it.GetNext()) != NULL) {
960 delegate->set_request_id(new_request_id);
962 // Now store the observer list under the new request ID.
963 delegate_map_[new_request_id] = delegate_map_[old_request_id];
964 delegate_map_.erase(old_request_id);
968 AppCacheInterceptor::CompleteCrossSiteTransfer(
971 request_data.appcache_host_id);
973 // We should have a CrossSiteResourceHandler to finish the transfer.
974 DCHECK(info->cross_site_handler());
977 void ResourceDispatcherHostImpl::BeginRequest(
979 const ResourceHostMsg_Request& request_data,
980 IPC::Message* sync_result, // only valid for sync
982 int process_type = filter_->process_type();
983 int child_id = filter_->child_id();
985 // Reject invalid priority.
986 if (request_data.priority < net::MINIMUM_PRIORITY ||
987 request_data.priority > net::MAXIMUM_PRIORITY) {
988 RecordAction(base::UserMetricsAction("BadMessageTerminate_RDH"));
989 filter_->BadMessageReceived();
993 // If we crash here, figure out what URL the renderer was requesting.
994 // http://crbug.com/91398
996 base::strlcpy(url_buf, request_data.url.spec().c_str(), arraysize(url_buf));
997 base::debug::Alias(url_buf);
999 // If the request that's coming in is being transferred from another process,
1000 // we want to reuse and resume the old loader rather than start a new one.
1002 LoaderMap::iterator it = pending_loaders_.find(
1003 GlobalRequestID(request_data.transferred_request_child_id,
1004 request_data.transferred_request_request_id));
1005 if (it != pending_loaders_.end()) {
1006 // If the request is transferring to a new process, we can update our
1007 // state and let it resume with its existing ResourceHandlers.
1008 if (it->second->is_transferring()) {
1009 linked_ptr<ResourceLoader> deferred_loader = it->second;
1010 UpdateRequestForTransfer(child_id, route_id, request_id,
1011 request_data, deferred_loader);
1013 deferred_loader->CompleteTransfer();
1015 RecordAction(base::UserMetricsAction("BadMessageTerminate_RDH"));
1016 filter_->BadMessageReceived();
1022 ResourceContext* resource_context = NULL;
1023 net::URLRequestContext* request_context = NULL;
1024 filter_->GetContexts(request_data, &resource_context, &request_context);
1025 // http://crbug.com/90971
1026 CHECK(ContainsKey(active_resource_contexts_, resource_context));
1029 !ShouldServiceRequest(process_type, child_id, request_data,
1030 filter_->file_system_context())) {
1031 AbortRequestBeforeItStarts(filter_, sync_result, request_id);
1035 // Allow the observer to block/handle the request.
1036 if (delegate_ && !delegate_->ShouldBeginRequest(child_id,
1038 request_data.method,
1040 request_data.resource_type,
1041 resource_context)) {
1042 AbortRequestBeforeItStarts(filter_, sync_result, request_id);
1046 bool is_sync_load = sync_result != NULL;
1048 BuildLoadFlagsForRequest(request_data, child_id, is_sync_load);
1050 GlobalRoutingID id(child_id, route_id);
1051 if (!offline_policy_map_[id])
1052 offline_policy_map_[id] = new OfflinePolicy();
1053 load_flags |= offline_policy_map_[id]->GetAdditionalLoadFlags(
1054 load_flags, request_data.resource_type == ResourceType::MAIN_FRAME);
1056 // Sync loads should have maximum priority and should be the only
1057 // requets that have the ignore limits flag set.
1059 DCHECK_EQ(request_data.priority, net::MAXIMUM_PRIORITY);
1060 DCHECK_NE(load_flags & net::LOAD_IGNORE_LIMITS, 0);
1062 DCHECK_EQ(load_flags & net::LOAD_IGNORE_LIMITS, 0);
1065 // Construct the request.
1066 net::CookieStore* cookie_store =
1067 GetContentClient()->browser()->OverrideCookieStoreForRenderProcess(
1069 scoped_ptr<net::URLRequest> new_request;
1070 new_request = request_context->CreateRequest(
1071 request_data.url, request_data.priority, NULL, cookie_store);
1073 new_request->set_method(request_data.method);
1074 new_request->set_first_party_for_cookies(
1075 request_data.first_party_for_cookies);
1077 const Referrer referrer(request_data.referrer, request_data.referrer_policy);
1078 SetReferrerForRequest(new_request.get(), referrer);
1080 net::HttpRequestHeaders headers;
1081 headers.AddHeadersFromString(request_data.headers);
1082 new_request->SetExtraRequestHeaders(headers);
1084 new_request->SetLoadFlags(load_flags);
1086 // Resolve elements from request_body and prepare upload data.
1087 if (request_data.request_body.get()) {
1088 webkit_blob::BlobStorageContext* blob_context = NULL;
1089 if (filter_->blob_storage_context())
1090 blob_context = filter_->blob_storage_context()->context();
1091 new_request->set_upload(UploadDataStreamBuilder::Build(
1092 request_data.request_body.get(),
1094 filter_->file_system_context(),
1095 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::FILE)
1099 bool allow_download = request_data.allow_download &&
1100 ResourceType::IsFrame(request_data.resource_type);
1102 // Make extra info and read footer (contains request ID).
1103 ResourceRequestInfoImpl* extra_info =
1104 new ResourceRequestInfoImpl(
1108 request_data.origin_pid,
1110 request_data.render_frame_id,
1111 request_data.is_main_frame,
1112 request_data.parent_is_main_frame,
1113 request_data.parent_render_frame_id,
1114 request_data.resource_type,
1115 request_data.transition_type,
1116 request_data.should_replace_current_entry,
1117 false, // is download
1120 request_data.has_user_gesture,
1121 request_data.referrer_policy,
1122 request_data.visiblity_state,
1124 filter_->GetWeakPtr(),
1126 // Request takes ownership.
1127 extra_info->AssociateWithRequest(new_request.get());
1129 if (new_request->url().SchemeIs(kBlobScheme)) {
1130 // Hang on to a reference to ensure the blob is not released prior
1131 // to the job being started.
1132 webkit_blob::BlobProtocolHandler::SetRequestedBlobDataHandle(
1134 filter_->blob_storage_context()->context()->
1135 GetBlobDataFromPublicURL(new_request->url()));
1138 // Initialize the service worker handler for the request.
1139 ServiceWorkerRequestHandler::InitializeHandler(
1141 filter_->service_worker_context(),
1143 request_data.service_worker_provider_id,
1144 request_data.resource_type);
1146 // Have the appcache associate its extra info with the request.
1147 AppCacheInterceptor::SetExtraRequestInfo(
1148 new_request.get(), filter_->appcache_service(), child_id,
1149 request_data.appcache_host_id, request_data.resource_type);
1151 scoped_ptr<ResourceHandler> handler(
1152 CreateResourceHandler(
1154 request_data, sync_result, route_id, process_type, child_id,
1158 BeginRequestInternal(new_request.Pass(), handler.Pass());
1161 scoped_ptr<ResourceHandler> ResourceDispatcherHostImpl::CreateResourceHandler(
1162 net::URLRequest* request,
1163 const ResourceHostMsg_Request& request_data,
1164 IPC::Message* sync_result,
1168 ResourceContext* resource_context) {
1169 // Construct the IPC resource handler.
1170 scoped_ptr<ResourceHandler> handler;
1172 // download_to_file is not supported for synchronous requests.
1173 if (request_data.download_to_file) {
1174 RecordAction(base::UserMetricsAction("BadMessageTerminate_RDH"));
1175 filter_->BadMessageReceived();
1176 return scoped_ptr<ResourceHandler>();
1179 handler.reset(new SyncResourceHandler(request, sync_result, this));
1181 handler.reset(new AsyncResourceHandler(request, this));
1183 // The RedirectToFileResourceHandler depends on being next in the chain.
1184 if (request_data.download_to_file) {
1186 new RedirectToFileResourceHandler(handler.Pass(), request));
1190 // Prefetches and <a ping> requests outlive their child process.
1191 if (!sync_result && IsDetachableResourceType(request_data.resource_type)) {
1192 handler.reset(new DetachableResourceHandler(
1194 base::TimeDelta::FromMilliseconds(kDefaultDetachableCancelDelayMs),
1198 // Install a CrossSiteResourceHandler for all main frame requests. This will
1199 // let us check whether a transfer is required and pause for the unload
1200 // handler either if so or if a cross-process navigation is already under way.
1201 bool is_swappable_navigation =
1202 request_data.resource_type == ResourceType::MAIN_FRAME;
1203 // If we are using --site-per-process, install it for subframes as well.
1204 if (!is_swappable_navigation &&
1205 CommandLine::ForCurrentProcess()->HasSwitch(switches::kSitePerProcess)) {
1206 is_swappable_navigation =
1207 request_data.resource_type == ResourceType::SUB_FRAME;
1209 if (is_swappable_navigation && process_type == PROCESS_TYPE_RENDERER)
1210 handler.reset(new CrossSiteResourceHandler(handler.Pass(), request));
1212 // Insert a buffered event handler before the actual one.
1214 new BufferedResourceHandler(handler.Pass(), this, request));
1216 ScopedVector<ResourceThrottle> throttles;
1218 delegate_->RequestBeginning(request,
1220 filter_->appcache_service(),
1221 request_data.resource_type,
1227 if (request->has_upload()) {
1228 // Block power save while uploading data.
1229 throttles.push_back(new PowerSaveBlockResourceThrottle());
1232 throttles.push_back(
1233 scheduler_->ScheduleRequest(child_id, route_id, request).release());
1236 new ThrottlingResourceHandler(handler.Pass(), request, throttles.Pass()));
1238 return handler.Pass();
1241 void ResourceDispatcherHostImpl::OnReleaseDownloadedFile(int request_id) {
1242 UnregisterDownloadedTempFile(filter_->child_id(), request_id);
1245 void ResourceDispatcherHostImpl::OnDataDownloadedACK(int request_id) {
1246 // TODO(michaeln): maybe throttle DataDownloaded messages
1249 void ResourceDispatcherHostImpl::RegisterDownloadedTempFile(
1250 int child_id, int request_id, const base::FilePath& file_path) {
1251 scoped_refptr<ShareableFileReference> reference =
1252 ShareableFileReference::Get(file_path);
1255 registered_temp_files_[child_id][request_id] = reference;
1256 ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
1257 child_id, reference->path());
1259 // When the temp file is deleted, revoke permissions that the renderer has
1260 // to that file. This covers an edge case where the file is deleted and then
1261 // the same name is re-used for some other purpose, we don't want the old
1262 // renderer to still have access to it.
1264 // We do this when the file is deleted because the renderer can take a blob
1265 // reference to the temp file that outlives the url loaded that it was
1266 // loaded with to keep the file (and permissions) alive.
1267 reference->AddFinalReleaseCallback(
1268 base::Bind(&RemoveDownloadFileFromChildSecurityPolicy,
1272 void ResourceDispatcherHostImpl::UnregisterDownloadedTempFile(
1273 int child_id, int request_id) {
1274 DeletableFilesMap& map = registered_temp_files_[child_id];
1275 DeletableFilesMap::iterator found = map.find(request_id);
1276 if (found == map.end())
1281 // Note that we don't remove the security bits here. This will be done
1282 // when all file refs are deleted (see RegisterDownloadedTempFile).
1285 bool ResourceDispatcherHostImpl::Send(IPC::Message* message) {
1290 void ResourceDispatcherHostImpl::OnUploadProgressACK(int request_id) {
1291 ResourceLoader* loader = GetLoader(filter_->child_id(), request_id);
1293 loader->OnUploadProgressACK();
1296 // Note that this cancel is subtly different from the other
1297 // CancelRequest methods in this file, which also tear down the loader.
1298 void ResourceDispatcherHostImpl::OnCancelRequest(int request_id) {
1299 int child_id = filter_->child_id();
1301 // When the old renderer dies, it sends a message to us to cancel its
1303 if (IsTransferredNavigation(GlobalRequestID(child_id, request_id)))
1306 ResourceLoader* loader = GetLoader(child_id, request_id);
1308 // We probably want to remove this warning eventually, but I wanted to be
1309 // able to notice when this happens during initial development since it
1310 // should be rare and may indicate a bug.
1311 DVLOG(1) << "Canceling a request that wasn't found";
1315 loader->CancelRequest(true);
1318 ResourceRequestInfoImpl* ResourceDispatcherHostImpl::CreateRequestInfo(
1322 ResourceContext* context) {
1323 return new ResourceRequestInfoImpl(
1324 PROCESS_TYPE_RENDERER,
1329 MSG_ROUTING_NONE, // render_frame_id
1330 false, // is_main_frame
1331 false, // parent_is_main_frame
1332 -1, // parent_render_frame_id
1333 ResourceType::SUB_RESOURCE,
1334 PAGE_TRANSITION_LINK,
1335 false, // should_replace_current_entry
1336 download, // is_download
1338 download, // allow_download
1339 false, // has_user_gesture
1340 blink::WebReferrerPolicyDefault,
1341 blink::WebPageVisibilityStateVisible,
1343 base::WeakPtr<ResourceMessageFilter>(), // filter
1347 void ResourceDispatcherHostImpl::OnRenderViewHostCreated(
1350 scheduler_->OnClientCreated(child_id, route_id);
1353 void ResourceDispatcherHostImpl::OnRenderViewHostDeleted(
1356 scheduler_->OnClientDeleted(child_id, route_id);
1357 CancelRequestsForRoute(child_id, route_id);
1360 // This function is only used for saving feature.
1361 void ResourceDispatcherHostImpl::BeginSaveFile(
1363 const Referrer& referrer,
1366 ResourceContext* context) {
1370 // http://crbug.com/90971
1372 base::strlcpy(url_buf, url.spec().c_str(), arraysize(url_buf));
1373 base::debug::Alias(url_buf);
1374 CHECK(ContainsKey(active_resource_contexts_, context));
1376 scoped_ptr<ResourceHandler> handler(
1377 new SaveFileResourceHandler(child_id,
1380 save_file_manager_.get()));
1383 const net::URLRequestContext* request_context = context->GetRequestContext();
1385 request_context->job_factory()->IsHandledURL(url);
1387 // Since any URLs which have non-standard scheme have been filtered
1388 // by save manager(see GURL::SchemeIsStandard). This situation
1389 // should not happen.
1394 net::CookieStore* cookie_store =
1395 GetContentClient()->browser()->OverrideCookieStoreForRenderProcess(
1397 scoped_ptr<net::URLRequest> request(
1398 request_context->CreateRequest(url, net::DEFAULT_PRIORITY, NULL,
1401 request->set_method("GET");
1402 SetReferrerForRequest(request.get(), referrer);
1404 // So far, for saving page, we need fetch content from cache, in the
1405 // future, maybe we can use a configuration to configure this behavior.
1406 request->SetLoadFlags(net::LOAD_PREFERRING_CACHE);
1408 // No need to get offline load flags for save files, but make sure
1409 // we have an OfflinePolicy to receive request completions.
1410 GlobalRoutingID id(child_id, route_id);
1411 if (!offline_policy_map_[id])
1412 offline_policy_map_[id] = new OfflinePolicy();
1414 // Since we're just saving some resources we need, disallow downloading.
1415 ResourceRequestInfoImpl* extra_info =
1416 CreateRequestInfo(child_id, route_id, false, context);
1417 extra_info->AssociateWithRequest(request.get()); // Request takes ownership.
1419 BeginRequestInternal(request.Pass(), handler.Pass());
1422 void ResourceDispatcherHostImpl::MarkAsTransferredNavigation(
1423 const GlobalRequestID& id) {
1424 GetLoader(id)->MarkAsTransferring();
1427 void ResourceDispatcherHostImpl::CancelTransferringNavigation(
1428 const GlobalRequestID& id) {
1429 // Request should still exist and be in the middle of a transfer.
1430 DCHECK(IsTransferredNavigation(id));
1431 RemovePendingRequest(id.child_id, id.request_id);
1434 void ResourceDispatcherHostImpl::ResumeDeferredNavigation(
1435 const GlobalRequestID& id) {
1436 ResourceLoader* loader = GetLoader(id);
1438 // The response we were meant to resume could have already been canceled.
1439 ResourceRequestInfoImpl* info = loader->GetRequestInfo();
1440 if (info->cross_site_handler())
1441 info->cross_site_handler()->ResumeResponse();
1445 // The object died, so cancel and detach all requests associated with it except
1446 // for downloads and detachable resources, which belong to the browser process
1447 // even if initiated via a renderer.
1448 void ResourceDispatcherHostImpl::CancelRequestsForProcess(int child_id) {
1449 CancelRequestsForRoute(child_id, -1 /* cancel all */);
1450 registered_temp_files_.erase(child_id);
1453 void ResourceDispatcherHostImpl::CancelRequestsForRoute(int child_id,
1455 // Since pending_requests_ is a map, we first build up a list of all of the
1456 // matching requests to be cancelled, and then we cancel them. Since there
1457 // may be more than one request to cancel, we cannot simply hold onto the map
1458 // iterators found in the first loop.
1460 // Find the global ID of all matching elements.
1461 bool any_requests_transferring = false;
1462 std::vector<GlobalRequestID> matching_requests;
1463 for (LoaderMap::const_iterator i = pending_loaders_.begin();
1464 i != pending_loaders_.end(); ++i) {
1465 if (i->first.child_id != child_id)
1468 ResourceRequestInfoImpl* info = i->second->GetRequestInfo();
1470 GlobalRequestID id(child_id, i->first.request_id);
1471 DCHECK(id == i->first);
1472 // Don't cancel navigations that are expected to live beyond this process.
1473 if (IsTransferredNavigation(id))
1474 any_requests_transferring = true;
1475 if (info->detachable_handler()) {
1476 info->detachable_handler()->Detach();
1477 } else if (!info->IsDownload() && !info->is_stream() &&
1478 !IsTransferredNavigation(id) &&
1479 (route_id == -1 || route_id == info->GetRouteID())) {
1480 matching_requests.push_back(id);
1485 for (size_t i = 0; i < matching_requests.size(); ++i) {
1486 LoaderMap::iterator iter = pending_loaders_.find(matching_requests[i]);
1487 // Although every matching request was in pending_requests_ when we built
1488 // matching_requests, it is normal for a matching request to be not found
1489 // in pending_requests_ after we have removed some matching requests from
1490 // pending_requests_. For example, deleting a net::URLRequest that has
1491 // exclusive (write) access to an HTTP cache entry may unblock another
1492 // net::URLRequest that needs exclusive access to the same cache entry, and
1493 // that net::URLRequest may complete and remove itself from
1494 // pending_requests_. So we need to check that iter is not equal to
1495 // pending_requests_.end().
1496 if (iter != pending_loaders_.end())
1497 RemovePendingLoader(iter);
1500 // Don't clear the blocked loaders or offline policy maps if any of the
1501 // requests in route_id are being transferred to a new process, since those
1502 // maps will be updated with the new route_id after the transfer. Otherwise
1503 // we will lose track of this info when the old route goes away, before the
1504 // new one is created.
1505 if (any_requests_transferring)
1508 // Now deal with blocked requests if any.
1509 if (route_id != -1) {
1510 if (blocked_loaders_map_.find(GlobalRoutingID(child_id, route_id)) !=
1511 blocked_loaders_map_.end()) {
1512 CancelBlockedRequestsForRoute(child_id, route_id);
1515 // We have to do all render views for the process |child_id|.
1516 // Note that we have to do this in 2 passes as we cannot call
1517 // CancelBlockedRequestsForRoute while iterating over
1518 // blocked_loaders_map_, as it modifies it.
1519 std::set<int> route_ids;
1520 for (BlockedLoadersMap::const_iterator iter = blocked_loaders_map_.begin();
1521 iter != blocked_loaders_map_.end(); ++iter) {
1522 if (iter->first.child_id == child_id)
1523 route_ids.insert(iter->first.route_id);
1525 for (std::set<int>::const_iterator iter = route_ids.begin();
1526 iter != route_ids.end(); ++iter) {
1527 CancelBlockedRequestsForRoute(child_id, *iter);
1531 // Cleanup the offline state for the route.
1532 if (-1 != route_id) {
1533 OfflineMap::iterator it = offline_policy_map_.find(
1534 GlobalRoutingID(child_id, route_id));
1535 if (offline_policy_map_.end() != it) {
1537 offline_policy_map_.erase(it);
1540 for (OfflineMap::iterator it = offline_policy_map_.begin();
1541 offline_policy_map_.end() != it;) {
1542 // Increment iterator so deletion doesn't invalidate it.
1543 OfflineMap::iterator current_it = it++;
1545 if (child_id == current_it->first.child_id) {
1546 delete current_it->second;
1547 offline_policy_map_.erase(current_it);
1553 // Cancels the request and removes it from the list.
1554 void ResourceDispatcherHostImpl::RemovePendingRequest(int child_id,
1556 LoaderMap::iterator i = pending_loaders_.find(
1557 GlobalRequestID(child_id, request_id));
1558 if (i == pending_loaders_.end()) {
1559 NOTREACHED() << "Trying to remove a request that's not here";
1562 RemovePendingLoader(i);
1565 void ResourceDispatcherHostImpl::RemovePendingLoader(
1566 const LoaderMap::iterator& iter) {
1567 ResourceRequestInfoImpl* info = iter->second->GetRequestInfo();
1569 // Remove the memory credit that we added when pushing the request onto
1570 // the pending list.
1571 IncrementOutstandingRequestsMemory(-1, *info);
1573 pending_loaders_.erase(iter);
1575 // If we have no more pending requests, then stop the load state monitor
1576 if (pending_loaders_.empty() && update_load_states_timer_)
1577 update_load_states_timer_->Stop();
1580 void ResourceDispatcherHostImpl::CancelRequest(int child_id,
1582 ResourceLoader* loader = GetLoader(child_id, request_id);
1584 // We probably want to remove this warning eventually, but I wanted to be
1585 // able to notice when this happens during initial development since it
1586 // should be rare and may indicate a bug.
1587 DVLOG(1) << "Canceling a request that wasn't found";
1591 RemovePendingRequest(child_id, request_id);
1594 ResourceDispatcherHostImpl::OustandingRequestsStats
1595 ResourceDispatcherHostImpl::GetOutstandingRequestsStats(
1596 const ResourceRequestInfoImpl& info) {
1597 OutstandingRequestsStatsMap::iterator entry =
1598 outstanding_requests_stats_map_.find(info.GetChildID());
1599 OustandingRequestsStats stats = { 0, 0 };
1600 if (entry != outstanding_requests_stats_map_.end())
1601 stats = entry->second;
1605 void ResourceDispatcherHostImpl::UpdateOutstandingRequestsStats(
1606 const ResourceRequestInfoImpl& info,
1607 const OustandingRequestsStats& stats) {
1608 if (stats.memory_cost == 0 && stats.num_requests == 0)
1609 outstanding_requests_stats_map_.erase(info.GetChildID());
1611 outstanding_requests_stats_map_[info.GetChildID()] = stats;
1614 ResourceDispatcherHostImpl::OustandingRequestsStats
1615 ResourceDispatcherHostImpl::IncrementOutstandingRequestsMemory(
1617 const ResourceRequestInfoImpl& info) {
1618 DCHECK_EQ(1, abs(count));
1620 // Retrieve the previous value (defaulting to 0 if not found).
1621 OustandingRequestsStats stats = GetOutstandingRequestsStats(info);
1623 // Insert/update the total; delete entries when their count reaches 0.
1624 stats.memory_cost += count * info.memory_cost();
1625 DCHECK_GE(stats.memory_cost, 0);
1626 UpdateOutstandingRequestsStats(info, stats);
1631 ResourceDispatcherHostImpl::OustandingRequestsStats
1632 ResourceDispatcherHostImpl::IncrementOutstandingRequestsCount(
1634 const ResourceRequestInfoImpl& info) {
1635 DCHECK_EQ(1, abs(count));
1636 num_in_flight_requests_ += count;
1638 OustandingRequestsStats stats = GetOutstandingRequestsStats(info);
1639 stats.num_requests += count;
1640 DCHECK_GE(stats.num_requests, 0);
1641 UpdateOutstandingRequestsStats(info, stats);
1646 bool ResourceDispatcherHostImpl::HasSufficientResourcesForRequest(
1647 const net::URLRequest* request_) {
1648 const ResourceRequestInfoImpl* info =
1649 ResourceRequestInfoImpl::ForRequest(request_);
1650 OustandingRequestsStats stats = IncrementOutstandingRequestsCount(1, *info);
1652 if (stats.num_requests > max_num_in_flight_requests_per_process_)
1654 if (num_in_flight_requests_ > max_num_in_flight_requests_)
1660 void ResourceDispatcherHostImpl::FinishedWithResourcesForRequest(
1661 const net::URLRequest* request_) {
1662 const ResourceRequestInfoImpl* info =
1663 ResourceRequestInfoImpl::ForRequest(request_);
1664 IncrementOutstandingRequestsCount(-1, *info);
1668 int ResourceDispatcherHostImpl::CalculateApproximateMemoryCost(
1669 net::URLRequest* request) {
1670 // The following fields should be a minor size contribution (experimentally
1671 // on the order of 100). However since they are variable length, it could
1672 // in theory be a sizeable contribution.
1673 int strings_cost = request->extra_request_headers().ToString().size() +
1674 request->original_url().spec().size() +
1675 request->referrer().size() +
1676 request->method().size();
1678 // Note that this expression will typically be dominated by:
1679 // |kAvgBytesPerOutstandingRequest|.
1680 return kAvgBytesPerOutstandingRequest + strings_cost;
1683 void ResourceDispatcherHostImpl::BeginRequestInternal(
1684 scoped_ptr<net::URLRequest> request,
1685 scoped_ptr<ResourceHandler> handler) {
1686 DCHECK(!request->is_pending());
1687 ResourceRequestInfoImpl* info =
1688 ResourceRequestInfoImpl::ForRequest(request.get());
1690 if ((TimeTicks::Now() - last_user_gesture_time_) <
1691 TimeDelta::FromMilliseconds(kUserGestureWindowMs)) {
1692 request->SetLoadFlags(
1693 request->load_flags() | net::LOAD_MAYBE_USER_GESTURE);
1696 // Add the memory estimate that starting this request will consume.
1697 info->set_memory_cost(CalculateApproximateMemoryCost(request.get()));
1699 // If enqueing/starting this request will exceed our per-process memory
1700 // bound, abort it right away.
1701 OustandingRequestsStats stats = IncrementOutstandingRequestsMemory(1, *info);
1702 if (stats.memory_cost > max_outstanding_requests_cost_per_process_) {
1703 // We call "CancelWithError()" as a way of setting the net::URLRequest's
1704 // status -- it has no effect beyond this, since the request hasn't started.
1705 request->CancelWithError(net::ERR_INSUFFICIENT_RESOURCES);
1708 handler->OnResponseCompleted(info->GetRequestID(), request->status(),
1709 std::string(), &defer);
1711 // TODO(darin): The handler is not ready for us to kill the request. Oops!
1715 IncrementOutstandingRequestsMemory(-1, *info);
1717 // A ResourceHandler must not outlive its associated URLRequest.
1722 linked_ptr<ResourceLoader> loader(
1723 new ResourceLoader(request.Pass(), handler.Pass(), this));
1725 GlobalRoutingID id(info->GetGlobalRoutingID());
1726 BlockedLoadersMap::const_iterator iter = blocked_loaders_map_.find(id);
1727 if (iter != blocked_loaders_map_.end()) {
1728 // The request should be blocked.
1729 iter->second->push_back(loader);
1733 StartLoading(info, loader);
1736 void ResourceDispatcherHostImpl::StartLoading(
1737 ResourceRequestInfoImpl* info,
1738 const linked_ptr<ResourceLoader>& loader) {
1739 pending_loaders_[info->GetGlobalRequestID()] = loader;
1741 loader->StartRequest();
1744 void ResourceDispatcherHostImpl::OnUserGesture(WebContentsImpl* contents) {
1745 last_user_gesture_time_ = TimeTicks::Now();
1748 net::URLRequest* ResourceDispatcherHostImpl::GetURLRequest(
1749 const GlobalRequestID& id) {
1750 ResourceLoader* loader = GetLoader(id);
1754 return loader->request();
1759 // This function attempts to return the "more interesting" load state of |a|
1760 // and |b|. We don't have temporal information about these load states
1761 // (meaning we don't know when we transitioned into these states), so we just
1762 // rank them according to how "interesting" the states are.
1764 // We take advantage of the fact that the load states are an enumeration listed
1765 // in the order in which they occur during the lifetime of a request, so we can
1766 // regard states with larger numeric values as being further along toward
1767 // completion. We regard those states as more interesting to report since they
1768 // represent progress.
1770 // For example, by this measure "tranferring data" is a more interesting state
1771 // than "resolving host" because when we are transferring data we are actually
1772 // doing something that corresponds to changes that the user might observe,
1773 // whereas waiting for a host name to resolve implies being stuck.
1775 const net::LoadStateWithParam& MoreInterestingLoadState(
1776 const net::LoadStateWithParam& a, const net::LoadStateWithParam& b) {
1777 return (a.state < b.state) ? b : a;
1780 // Carries information about a load state change.
1783 net::LoadStateWithParam load_state;
1784 uint64 upload_position;
1788 // Map from ProcessID+RouteID pair to LoadState
1789 typedef std::map<GlobalRoutingID, LoadInfo> LoadInfoMap;
1791 // Used to marshal calls to LoadStateChanged from the IO to UI threads. We do
1792 // them all as a single callback to avoid spamming the UI thread.
1793 void LoadInfoUpdateCallback(const LoadInfoMap& info_map) {
1794 LoadInfoMap::const_iterator i;
1795 for (i = info_map.begin(); i != info_map.end(); ++i) {
1796 RenderViewHostImpl* view =
1797 RenderViewHostImpl::FromID(i->first.child_id, i->first.route_id);
1798 if (view) // The view could be gone at this point.
1799 view->LoadStateChanged(i->second.url, i->second.load_state,
1800 i->second.upload_position,
1801 i->second.upload_size);
1807 void ResourceDispatcherHostImpl::UpdateLoadStates() {
1808 // Populate this map with load state changes, and then send them on to the UI
1809 // thread where they can be passed along to the respective RVHs.
1810 LoadInfoMap info_map;
1812 LoaderMap::const_iterator i;
1814 // Determine the largest upload size of all requests
1815 // in each View (good chance it's zero).
1816 std::map<GlobalRoutingID, uint64> largest_upload_size;
1817 for (i = pending_loaders_.begin(); i != pending_loaders_.end(); ++i) {
1818 net::URLRequest* request = i->second->request();
1819 ResourceRequestInfoImpl* info = i->second->GetRequestInfo();
1820 uint64 upload_size = request->GetUploadProgress().size();
1821 if (request->GetLoadState().state != net::LOAD_STATE_SENDING_REQUEST)
1823 GlobalRoutingID id(info->GetGlobalRoutingID());
1824 if (upload_size && largest_upload_size[id] < upload_size)
1825 largest_upload_size[id] = upload_size;
1828 for (i = pending_loaders_.begin(); i != pending_loaders_.end(); ++i) {
1829 net::URLRequest* request = i->second->request();
1830 ResourceRequestInfoImpl* info = i->second->GetRequestInfo();
1831 net::LoadStateWithParam load_state = request->GetLoadState();
1832 net::UploadProgress progress = request->GetUploadProgress();
1834 // We also poll for upload progress on this timer and send upload
1835 // progress ipc messages to the plugin process.
1836 i->second->ReportUploadProgress();
1838 GlobalRoutingID id(info->GetGlobalRoutingID());
1840 // If a request is uploading data, ignore all other requests so that the
1841 // upload progress takes priority for being shown in the status bar.
1842 if (largest_upload_size.find(id) != largest_upload_size.end() &&
1843 progress.size() < largest_upload_size[id])
1846 net::LoadStateWithParam to_insert = load_state;
1847 LoadInfoMap::iterator existing = info_map.find(id);
1848 if (existing != info_map.end()) {
1850 MoreInterestingLoadState(existing->second.load_state, load_state);
1851 if (to_insert.state == existing->second.load_state.state)
1854 LoadInfo& load_info = info_map[id];
1855 load_info.url = request->url();
1856 load_info.load_state = to_insert;
1857 load_info.upload_size = progress.size();
1858 load_info.upload_position = progress.position();
1861 if (info_map.empty())
1864 BrowserThread::PostTask(
1865 BrowserThread::UI, FROM_HERE,
1866 base::Bind(&LoadInfoUpdateCallback, info_map));
1869 void ResourceDispatcherHostImpl::BlockRequestsForRoute(int child_id,
1871 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
1872 GlobalRoutingID key(child_id, route_id);
1873 DCHECK(blocked_loaders_map_.find(key) == blocked_loaders_map_.end()) <<
1874 "BlockRequestsForRoute called multiple time for the same RVH";
1875 blocked_loaders_map_[key] = new BlockedLoadersList();
1878 void ResourceDispatcherHostImpl::ResumeBlockedRequestsForRoute(int child_id,
1880 ProcessBlockedRequestsForRoute(child_id, route_id, false);
1883 void ResourceDispatcherHostImpl::CancelBlockedRequestsForRoute(int child_id,
1885 ProcessBlockedRequestsForRoute(child_id, route_id, true);
1888 void ResourceDispatcherHostImpl::ProcessBlockedRequestsForRoute(
1891 bool cancel_requests) {
1892 BlockedLoadersMap::iterator iter = blocked_loaders_map_.find(
1893 GlobalRoutingID(child_id, route_id));
1894 if (iter == blocked_loaders_map_.end()) {
1895 // It's possible to reach here if the renderer crashed while an interstitial
1896 // page was showing.
1900 BlockedLoadersList* loaders = iter->second;
1902 // Removing the vector from the map unblocks any subsequent requests.
1903 blocked_loaders_map_.erase(iter);
1905 for (BlockedLoadersList::iterator loaders_iter = loaders->begin();
1906 loaders_iter != loaders->end(); ++loaders_iter) {
1907 linked_ptr<ResourceLoader> loader = *loaders_iter;
1908 ResourceRequestInfoImpl* info = loader->GetRequestInfo();
1909 if (cancel_requests) {
1910 IncrementOutstandingRequestsMemory(-1, *info);
1912 StartLoading(info, loader);
1919 ResourceDispatcherHostImpl::HttpAuthRelationType
1920 ResourceDispatcherHostImpl::HttpAuthRelationTypeOf(
1921 const GURL& request_url,
1922 const GURL& first_party) {
1923 if (!first_party.is_valid())
1924 return HTTP_AUTH_RELATION_TOP;
1926 if (net::registry_controlled_domains::SameDomainOrHost(
1927 first_party, request_url,
1928 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES))
1929 return HTTP_AUTH_RELATION_SAME_DOMAIN;
1931 if (allow_cross_origin_auth_prompt())
1932 return HTTP_AUTH_RELATION_ALLOWED_CROSS;
1934 return HTTP_AUTH_RELATION_BLOCKED_CROSS;
1937 bool ResourceDispatcherHostImpl::allow_cross_origin_auth_prompt() {
1938 return allow_cross_origin_auth_prompt_;
1941 bool ResourceDispatcherHostImpl::IsTransferredNavigation(
1942 const GlobalRequestID& id) const {
1943 ResourceLoader* loader = GetLoader(id);
1944 return loader ? loader->is_transferring() : false;
1947 ResourceLoader* ResourceDispatcherHostImpl::GetLoader(
1948 const GlobalRequestID& id) const {
1949 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
1951 LoaderMap::const_iterator i = pending_loaders_.find(id);
1952 if (i == pending_loaders_.end())
1955 return i->second.get();
1958 ResourceLoader* ResourceDispatcherHostImpl::GetLoader(int child_id,
1959 int request_id) const {
1960 return GetLoader(GlobalRequestID(child_id, request_id));
1963 void ResourceDispatcherHostImpl::RegisterResourceMessageDelegate(
1964 const GlobalRequestID& id, ResourceMessageDelegate* delegate) {
1965 DelegateMap::iterator it = delegate_map_.find(id);
1966 if (it == delegate_map_.end()) {
1967 it = delegate_map_.insert(
1968 std::make_pair(id, new ObserverList<ResourceMessageDelegate>)).first;
1970 it->second->AddObserver(delegate);
1973 void ResourceDispatcherHostImpl::UnregisterResourceMessageDelegate(
1974 const GlobalRequestID& id, ResourceMessageDelegate* delegate) {
1975 DCHECK(ContainsKey(delegate_map_, id));
1976 DelegateMap::iterator it = delegate_map_.find(id);
1977 DCHECK(it->second->HasObserver(delegate));
1978 it->second->RemoveObserver(delegate);
1979 if (!it->second->might_have_observers()) {
1981 delegate_map_.erase(it);
1985 int ResourceDispatcherHostImpl::BuildLoadFlagsForRequest(
1986 const ResourceHostMsg_Request& request_data,
1988 bool is_sync_load) {
1989 int load_flags = request_data.load_flags;
1991 // Although EV status is irrelevant to sub-frames and sub-resources, we have
1992 // to perform EV certificate verification on all resources because an HTTP
1993 // keep-alive connection created to load a sub-frame or a sub-resource could
1994 // be reused to load a main frame.
1995 load_flags |= net::LOAD_VERIFY_EV_CERT;
1996 if (request_data.resource_type == ResourceType::MAIN_FRAME) {
1997 load_flags |= net::LOAD_MAIN_FRAME;
1998 } else if (request_data.resource_type == ResourceType::SUB_FRAME) {
1999 load_flags |= net::LOAD_SUB_FRAME;
2000 } else if (request_data.resource_type == ResourceType::PREFETCH) {
2001 load_flags |= (net::LOAD_PREFETCH | net::LOAD_DO_NOT_PROMPT_FOR_LOGIN);
2002 } else if (request_data.resource_type == ResourceType::FAVICON) {
2003 load_flags |= net::LOAD_DO_NOT_PROMPT_FOR_LOGIN;
2004 } else if (request_data.resource_type == ResourceType::IMAGE) {
2005 // Prevent third-party image content from prompting for login, as this
2006 // is often a scam to extract credentials for another domain from the user.
2007 // Only block image loads, as the attack applies largely to the "src"
2008 // property of the <img> tag. It is common for web properties to allow
2009 // untrusted values for <img src>; this is considered a fair thing for an
2010 // HTML sanitizer to do. Conversely, any HTML sanitizer that didn't
2011 // filter sources for <script>, <link>, <embed>, <object>, <iframe> tags
2012 // would be considered vulnerable in and of itself.
2013 HttpAuthRelationType relation_type = HttpAuthRelationTypeOf(
2014 request_data.url, request_data.first_party_for_cookies);
2015 if (relation_type == HTTP_AUTH_RELATION_BLOCKED_CROSS) {
2016 load_flags |= (net::LOAD_DO_NOT_USE_EMBEDDED_IDENTITY |
2017 net::LOAD_DO_NOT_PROMPT_FOR_LOGIN);
2022 load_flags |= net::LOAD_IGNORE_LIMITS;
2024 ChildProcessSecurityPolicyImpl* policy =
2025 ChildProcessSecurityPolicyImpl::GetInstance();
2026 if (!policy->CanSendCookiesForOrigin(child_id, request_data.url)) {
2027 load_flags |= (net::LOAD_DO_NOT_SEND_COOKIES |
2028 net::LOAD_DO_NOT_SEND_AUTH_DATA |
2029 net::LOAD_DO_NOT_SAVE_COOKIES);
2032 // Raw headers are sensitive, as they include Cookie/Set-Cookie, so only
2033 // allow requesting them if requester has ReadRawCookies permission.
2034 if ((load_flags & net::LOAD_REPORT_RAW_HEADERS)
2035 && !policy->CanReadRawCookies(child_id)) {
2036 VLOG(1) << "Denied unauthorized request for raw headers";
2037 load_flags &= ~net::LOAD_REPORT_RAW_HEADERS;
2043 } // namespace content