summaryrefslogtreecommitdiffstats
path: root/chromium/components/policy/content/policy_blocklist_navigation_throttle.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/components/policy/content/policy_blocklist_navigation_throttle.cc')
-rw-r--r--chromium/components/policy/content/policy_blocklist_navigation_throttle.cc116
1 files changed, 116 insertions, 0 deletions
diff --git a/chromium/components/policy/content/policy_blocklist_navigation_throttle.cc b/chromium/components/policy/content/policy_blocklist_navigation_throttle.cc
new file mode 100644
index 00000000000..0043b2e7a5b
--- /dev/null
+++ b/chromium/components/policy/content/policy_blocklist_navigation_throttle.cc
@@ -0,0 +1,116 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/policy/content/policy_blocklist_navigation_throttle.h"
+
+#include "base/bind.h"
+#include "base/check_op.h"
+#include "components/policy/content/policy_blocklist_service.h"
+#include "components/policy/core/browser/url_blocklist_manager.h"
+#include "components/policy/core/browser/url_blocklist_policy_handler.h"
+#include "components/policy/core/common/policy_pref_names.h"
+#include "components/prefs/pref_service.h"
+#include "components/user_prefs/user_prefs.h"
+#include "content/public/browser/browser_context.h"
+#include "content/public/browser/navigation_entry.h"
+#include "content/public/browser/navigation_handle.h"
+#include "url/gurl.h"
+
+using URLBlocklistState = policy::URLBlocklist::URLBlocklistState;
+using SafeSitesFilterBehavior = policy::SafeSitesFilterBehavior;
+
+// Passing an Unretained pointer for the safe_sites_navigation_throttle_
+// callback is safe because this object owns safe_sites_navigation_throttle_,
+// which runs the callback from within the object.
+PolicyBlocklistNavigationThrottle::PolicyBlocklistNavigationThrottle(
+ content::NavigationHandle* navigation_handle,
+ content::BrowserContext* context)
+ : content::NavigationThrottle(navigation_handle),
+ safe_sites_navigation_throttle_(
+ navigation_handle,
+ context,
+ base::BindRepeating(
+ &PolicyBlocklistNavigationThrottle::OnDeferredSafeSitesResult,
+ base::Unretained(this))),
+ blocklist_service_(PolicyBlocklistFactory::GetForBrowserContext(context)),
+ prefs_(user_prefs::UserPrefs::Get(context)) {
+ DCHECK(prefs_);
+}
+
+PolicyBlocklistNavigationThrottle::~PolicyBlocklistNavigationThrottle() =
+ default;
+
+bool PolicyBlocklistNavigationThrottle::IsBlockedViewSourceNavigation() {
+ content::NavigationEntry* nav_entry =
+ navigation_handle()->GetNavigationEntry();
+ if (!nav_entry || !nav_entry->IsViewSourceMode())
+ return false;
+
+ GURL view_source_url = GURL(std::string("view-source:") +
+ navigation_handle()->GetURL().spec());
+
+ return (blocklist_service_->GetURLBlocklistState(view_source_url) ==
+ URLBlocklistState::URL_IN_BLOCKLIST);
+}
+
+content::NavigationThrottle::ThrottleCheckResult
+PolicyBlocklistNavigationThrottle::WillStartRequest() {
+ const GURL& url = navigation_handle()->GetURL();
+
+ // Ignore blob scheme because we may use it to deliver navigation responses
+ // to the renderer process.
+ if (url.SchemeIs(url::kBlobScheme))
+ return PROCEED;
+
+ URLBlocklistState blocklist_state =
+ blocklist_service_->GetURLBlocklistState(url);
+ if (blocklist_state == URLBlocklistState::URL_IN_BLOCKLIST) {
+ return ThrottleCheckResult(BLOCK_REQUEST,
+ net::ERR_BLOCKED_BY_ADMINISTRATOR);
+ }
+
+ if (IsBlockedViewSourceNavigation()) {
+ return ThrottleCheckResult(BLOCK_REQUEST,
+ net::ERR_BLOCKED_BY_ADMINISTRATOR);
+ }
+
+ if (blocklist_state == URLBlocklistState::URL_IN_ALLOWLIST)
+ return PROCEED;
+
+ return CheckSafeSitesFilter(url);
+}
+
+// SafeSitesNavigationThrottle is unconditional and does not check PrefService
+// because it is used outside //chrome. Therefore, the policy must be checked
+// here to determine whether to use SafeSitesNavigationThrottle.
+content::NavigationThrottle::ThrottleCheckResult
+PolicyBlocklistNavigationThrottle::CheckSafeSitesFilter(const GURL& url) {
+ SafeSitesFilterBehavior filter_behavior =
+ static_cast<SafeSitesFilterBehavior>(
+ prefs_->GetInteger(policy::policy_prefs::kSafeSitesFilterBehavior));
+ if (filter_behavior == SafeSitesFilterBehavior::kSafeSitesFilterDisabled)
+ return PROCEED;
+
+ DCHECK_EQ(filter_behavior, SafeSitesFilterBehavior::kSafeSitesFilterEnabled);
+ return safe_sites_navigation_throttle_.WillStartRequest();
+}
+
+content::NavigationThrottle::ThrottleCheckResult
+PolicyBlocklistNavigationThrottle::WillRedirectRequest() {
+ return WillStartRequest();
+}
+
+const char* PolicyBlocklistNavigationThrottle::GetNameForLogging() {
+ return "PolicyBlocklistNavigationThrottle";
+}
+
+void PolicyBlocklistNavigationThrottle::OnDeferredSafeSitesResult(
+ bool is_safe,
+ ThrottleCheckResult cancel_result) {
+ if (is_safe) {
+ Resume();
+ } else {
+ CancelDeferredNavigation(cancel_result);
+ }
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-25 14:05:57 +0000