// Copyright 2021 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "content/browser/renderer_host/private_network_access_util.h" #include "base/command_line.h" #include "base/feature_list.h" #include "build/chromeos_buildflags.h" #include "content/browser/renderer_host/policy_container_host.h" #include "content/common/features.h" #include "content/public/browser/content_browser_client.h" #include "content/public/common/content_features.h" #include "content/public/common/content_switches.h" #include "content/public/common/url_constants.h" #include "services/network/public/cpp/cross_origin_embedder_policy.h" #include "services/network/public/cpp/ip_address_space_util.h" #include "services/network/public/mojom/client_security_state.mojom.h" #include "services/network/public/mojom/ip_address_space.mojom.h" #include "services/network/public/mojom/url_response_head.mojom.h" namespace content { namespace { Policy; AddressSpace; RequestContext; // Represents the state of feature flags for a given `RequestContext`. enum class FeatureState { … }; FeatureState FeatureStateForContext(RequestContext request_context) { … } } // namespace Policy DerivePrivateNetworkRequestPolicy( const PolicyContainerPolicies& policies, RequestContext private_network_request_context) { … } Policy DerivePolicyForNonSecureContext(AddressSpace ip_address_space) { … } Policy DerivePolicyForSecureContext(AddressSpace ip_address_space) { … } Policy ApplyFeatureStateToPolicy(FeatureState feature_state, Policy policy) { … } Policy DerivePrivateNetworkRequestPolicy( AddressSpace ip_address_space, bool is_web_secure_context, RequestContext private_network_request_context) { … } network::mojom::ClientSecurityStatePtr DeriveClientSecurityState( const PolicyContainerPolicies& policies, PrivateNetworkRequestContext private_network_request_context) { … } // Special chrome schemes cannot directly be categorized in public/private/local // address spaces using information from the network or the PolicyContainer. We // have to classify them manually. In its default state an unhandled scheme will // have an IPAddressSpace of kUnknown, which is equivalent to public. // This means a couple of things: // - They cannot embed anything private or local without being secure contexts // and triggering a CORS preflight. // - Private Network Access does not prevent them being embedded by less private // content. // - It pollutes metrics since kUnknown could also mean a missed edge case. // To address these issues we list here a number of schemes that should be // considered local. // TODO(titouan): It might be better to have these schemes (and in general // other schemes such as data: or blob:) handled directly by the URLLoaders. // Investigate on whether this is worth doing. AddressSpace IPAddressSpaceForSpecialScheme(const GURL& url, ContentBrowserClient* client) { … } AddressSpace CalculateIPAddressSpace( const GURL& url, network::mojom::URLResponseHead* response_head, ContentBrowserClient* client) { … } network::mojom::PrivateNetworkRequestPolicy OverrideBlockWithWarn( network::mojom::PrivateNetworkRequestPolicy policy) { … } } // namespace content
Codebase Browser
chromium