// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
type ShouldSendTokenToUrlFunction = (token: string) => boolean;
type AllowedRequestFunction = (request: string) => boolean;
type OnBeforeSendHeadersListener = (obj: any) =>
chrome.webRequest.BlockingResponse|null;
/**
* Class that handles managing and configuring a <webview> for use
* for embedded hosted web apps in system components. Handles
* settings options to provide for the security and control of the
* content in the webview. Using this class doesn't precluding configuring
* the webview outside of this class. Rather, this class is intended to
* standardize some common configurations of webview.
*/
export class WebviewManager {
private webview_: chrome.webviewTag.WebView;
/**
* Tracks the current listener used to filter destinations
* to which we send access tokens.
*/
private shouldSendTokenToUrlListener_: OnBeforeSendHeadersListener|null;
/**
* Tracks the current listener used to filter destinations
* to which we send allow requests.
*/
private allowedRequestListener_: OnBeforeSendHeadersListener|null;
constructor(webview: chrome.webviewTag.WebView) {
this.webview_ = webview;
}
/**
* Configures the webview to use the specified token to authenticate the user.
* Sets the token as part of the Auhtorization: Bearer HTTP header.
* @param {string} accessToken the access token
* @param {!function(string):boolean} shouldSendTokenToUrlFn function that
* returns true if the access token should be sent to the specified host.
*/
setAccessToken(
accessToken: string,
shouldSendTokenToUrlFn: ShouldSendTokenToUrlFunction) {
if (this.shouldSendTokenToUrlListener_) {
this.webview_.request.onBeforeSendHeaders.removeListener(
this.shouldSendTokenToUrlListener_);
this.shouldSendTokenToUrlListener_ = null;
}
this.shouldSendTokenToUrlListener_ = (details) => {
if (shouldSendTokenToUrlFn(details.url)) {
details.requestHeaders.push({
name: 'Authorization',
value: 'Bearer ' + accessToken,
});
}
return {requestHeaders: details.requestHeaders};
};
this.webview_.request.onBeforeSendHeaders.addListener(
this.shouldSendTokenToUrlListener_, {urls: ['<all_urls>']},
['blocking', 'requestHeaders']);
}
/**
* Configures the webview to permit navigation only to URLs allowed
* by the specified function.
* @param {!function(string):boolean} allowedRequestFn function that returns
* true if the request to the specified URL is allowed.
*/
setAllowRequestFn(allowedRequestFn: AllowedRequestFunction) {
if (this.allowedRequestListener_) {
this.webview_.request.onBeforeSendHeaders.removeListener(
this.allowedRequestListener_);
this.allowedRequestListener_ = null;
}
this.allowedRequestListener_ = (details) => {
return {cancel: !allowedRequestFn(details.url)};
};
this.webview_.request.onBeforeRequest.addListener(
this.allowedRequestListener_, {urls: ['<all_urls>']}, ['blocking']);
}
}
Codebase Browser
chromium