// Copyright 2020 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "content/browser/security/coop/cross_origin_opener_policy_status.h" #include <utility> #include "base/feature_list.h" #include "base/time/time.h" #include "content/browser/renderer_host/frame_tree_node.h" #include "content/browser/renderer_host/navigation_request.h" #include "content/browser/renderer_host/render_frame_host_delegate.h" #include "content/browser/security/coop/cross_origin_opener_policy_access_report_manager.h" #include "services/network/public/cpp/cross_origin_opener_policy.h" #include "services/network/public/cpp/features.h" #include "services/network/public/cpp/is_potentially_trustworthy.h" #include "services/network/public/mojom/network_context.mojom.h" #include "third_party/blink/public/common/origin_trials/trial_token_validator.h" namespace { void SanitizeCoopRestrictPropertiesHeadersIfDisabled( network::CrossOriginOpenerPolicy& coop, const GURL& url, net::HttpResponseHeaders* headers) { … } } // namespace namespace content { // This function returns whether the BrowsingInstance should change following // COOP rules defined in: // https://gist.github.com/annevk/6f2dd8c79c77123f39797f6bdac43f3e#changes-to-navigation // // The SiteInstance selection model heavily relies on this function to be // correct, and documents these assumptions, many of which would crash the // browser if incorrect. In particular, it assumes that returning a value of // CoopSwapResult::kSwapRelated means that the current browsing context group // will NOT be found suitable for reuse, as that would effectively mean no swap // has happened. CoopSwapResult ShouldSwapBrowsingInstanceForCrossOriginOpenerPolicy( network::mojom::CrossOriginOpenerPolicyValue initiator_coop, const url::Origin& initiator_origin, bool is_navigation_from_initial_empty_document, network::mojom::CrossOriginOpenerPolicyValue destination_coop, const url::Origin& destination_origin) { … } CrossOriginOpenerPolicyStatus::CrossOriginOpenerPolicyStatus( NavigationRequest* navigation_request) : … { … } CrossOriginOpenerPolicyStatus::~CrossOriginOpenerPolicyStatus() { … } void CrossOriginOpenerPolicyStatus::RenderProcessExited( content::RenderProcessHost* host, const content::ChildProcessTerminationInfo& info) { … } void CrossOriginOpenerPolicyStatus::RenderProcessHostDestroyed( content::RenderProcessHost* host) { … } std::optional<network::mojom::BlockedByResponseReason> CrossOriginOpenerPolicyStatus::SanitizeResponse( network::mojom::URLResponseHead* response) { … } void CrossOriginOpenerPolicyStatus::EnforceCOOP( const network::CrossOriginOpenerPolicy& response_coop, const url::Origin& response_origin, const net::NetworkAnonymizationKey& network_anonymization_key) { … } void CrossOriginOpenerPolicyStatus::SetReportingEndpoints( const url::Origin& response_origin, StoragePartition* storage_partition, const base::UnguessableToken& reporting_source, const net::IsolationInfo& isolation_info) { … } void CrossOriginOpenerPolicyStatus::ClearTransientReportingSources() { … } std::unique_ptr<CrossOriginOpenerPolicyReporter> CrossOriginOpenerPolicyStatus::TakeCoopReporter() { … } void CrossOriginOpenerPolicyStatus::UpdateReporterStoragePartition( StoragePartition* storage_partition) { … } // We blank out the COOP headers in a number of situations. // - When the headers were not sent over HTTPS. // - For subframes. // - When the feature is disabled. // We also strip the "reporting" parts when the reporting feature is disabled // for the |response_url|. void CrossOriginOpenerPolicyStatus::SanitizeCoopHeaders( const GURL& response_url, network::mojom::URLResponseHead* response_head) const { … } } // namespace content
Codebase Browser
chromium