cors_url_loader_factory.cc | Explore in Territory

// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "services/network/cors/cors_url_loader_factory.h"

#include <utility>

#include "base/debug/crash_logging.h"
#include "base/functional/bind.h"
#include "base/logging.h"
#include "base/trace_event/typed_macros.h"
#include "base/types/optional_util.h"
#include "mojo/public/cpp/bindings/message.h"
#include "mojo/public/cpp/bindings/remote.h"
#include "net/base/load_flags.h"
#include "net/http/http_request_headers.h"
#include "net/http/http_util.h"
#include "net/shared_dictionary/shared_dictionary_isolation_key.h"
#include "services/network/cors/cors_url_loader.h"
#include "services/network/cors/preflight_controller.h"
#include "services/network/network_service.h"
#include "services/network/prefetch_matching_url_loader_factory.h"
#include "services/network/private_network_access_checker.h"
#include "services/network/public/cpp/cors/cors.h"
#include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/header_util.h"
#include "services/network/public/cpp/initiator_lock_compatibility.h"
#include "services/network/public/cpp/is_potentially_trustworthy.h"
#include "services/network/public/cpp/request_mode.h"
#include "services/network/public/cpp/resource_request.h"
#include "services/network/public/mojom/fetch_api.mojom.h"
#include "services/network/resource_scheduler/resource_scheduler_client.h"
#include "services/network/shared_dictionary/shared_dictionary_manager.h"
#include "services/network/shared_dictionary/shared_dictionary_storage.h"
#include "services/network/url_loader.h"
#include "services/network/url_loader_factory.h"
#include "services/network/web_bundle/web_bundle_url_loader_factory.h"
#include "url/gurl.h"
#include "url/origin.h"

namespace network::cors {

namespace {

// Verifies state that should hold for Trust Tokens parameters provided by a
// functioning renderer:
// - Trust Tokens should be enabled
// - the request should come from a trustworthy context
// - It should be from a context where the underlying operations are permitted
// (as specified by URLLoaderFactoryParams::trust_token_redemption_policy and
// URLLoaderFactoryParams::trust_token_issuance_policy).
bool VerifyTrustTokenParamsIntegrityIfPresent(
    const ResourceRequest& resource_request,
    const NetworkContext* context,
    mojom::TrustTokenOperationPolicyVerdict trust_token_issuance_policy,
    mojom::TrustTokenOperationPolicyVerdict trust_token_redemption_policy) { … }

base::debug::CrashKeyString* GetRequestInitiatorOriginLockCrashKey() { … }

bool IsTrustedNavigationRequestFromSecureContext(
    const ResourceRequest& request) { … }

}  // namespace

class CorsURLLoaderFactory::FactoryOverride final { … };

bool CorsURLLoaderFactory::allow_external_preflights_for_testing_ = …;

CorsURLLoaderFactory::CorsURLLoaderFactory(
    NetworkContext* context,
    mojom::URLLoaderFactoryParamsPtr params,
    scoped_refptr<ResourceSchedulerClient> resource_scheduler_client,
    mojo::PendingReceiver<mojom::URLLoaderFactory> receiver,
    const OriginAccessList* origin_access_list,
    PrefetchMatchingURLLoaderFactory* owner)
    : … { … }

CorsURLLoaderFactory::~CorsURLLoaderFactory() { … }

// This function is only used as an export for URLLoaderNetworkServiceObserver
// gained from URLLoaderFactoryParams, which might be invalid in a few cases.
// Please call URLLoaderFactory::GetURLLoaderNetworkServiceObserver() instead.
mojom::URLLoaderNetworkServiceObserver*
CorsURLLoaderFactory::url_loader_network_service_observer() const { … }

void CorsURLLoaderFactory::OnURLLoaderCreated(
    std::unique_ptr<URLLoader> loader) { … }

void CorsURLLoaderFactory::OnCorsURLLoaderCreated(
    std::unique_ptr<CorsURLLoader> loader) { … }

void CorsURLLoaderFactory::DestroyURLLoader(URLLoader* loader) { … }

void CorsURLLoaderFactory::DestroyCorsURLLoader(CorsURLLoader* loader) { … }

void CorsURLLoaderFactory::CreateLoaderAndStart(
    mojo::PendingReceiver<mojom::URLLoader> receiver,
    int32_t request_id,
    uint32_t options,
    const ResourceRequest& resource_request,
    mojo::PendingRemote<mojom::URLLoaderClient> client,
    const net::MutableNetworkTrafficAnnotationTag& traffic_annotation) { … }

void CorsURLLoaderFactory::Clone(
    mojo::PendingReceiver<mojom::URLLoaderFactory> receiver) { … }

void CorsURLLoaderFactory::ClearBindings() { … }

void CorsURLLoaderFactory::DeleteIfNeeded() { … }

// static
bool CorsURLLoaderFactory::IsValidCorsExemptHeaders(
    const base::flat_set<std::string>& allowed_exempt_headers,
    const net::HttpRequestHeaders& headers) { … }

bool CorsURLLoaderFactory::IsValidRequest(const ResourceRequest& request,
                                          uint32_t options) { … }

bool CorsURLLoaderFactory::GetAllowAnyCorsExemptHeaderForBrowser() const { … }

mojo::PendingRemote<mojom::DevToolsObserver>
CorsURLLoaderFactory::GetDevToolsObserver(
    const ResourceRequest& resource_request) const { … }

mojom::SharedDictionaryAccessObserver*
CorsURLLoaderFactory::GetSharedDictionaryAccessObserver() const { … }

net::handles::NetworkHandle CorsURLLoaderFactory::GetBoundNetworkForTesting()
    const { … }

void CorsURLLoaderFactory::CancelRequestsIfNonceMatchesAndUrlNotExempted(
    const base::UnguessableToken& nonce,
    const std::set<GURL>& exemptions) { … }

}  // namespace network::cors
chromium/services/network/cors/cors_url_loader_factory.cc
