src/core/renderer/content_settings_observer_qt.cpp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

// Copyright (C) 2018 The Qt Company Ltd.
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only

// Based on chrome/renderer/content_settings_observer.cc:
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "content_settings_observer_qt.h"

#include "content/public/renderer/render_frame.h"
#include "third_party/blink/public/platform/web_security_origin.h"
#include "third_party/blink/public/web/web_document.h"
#include "third_party/blink/public/web/web_local_frame.h"
#include "url/origin.h"

#include "common/qt_messages.h"

namespace {

bool IsUniqueFrame(blink::WebFrame *frame)
{
    return frame->GetSecurityOrigin().IsOpaque() ||
           frame->Top()->GetSecurityOrigin().IsOpaque();
}

} // namespace

namespace QtWebEngineCore {

ContentSettingsObserverQt::ContentSettingsObserverQt(content::RenderFrame *render_frame)
    : content::RenderFrameObserver(render_frame)
    , content::RenderFrameObserverTracker<ContentSettingsObserverQt>(render_frame)
    , m_currentRequestId(0)
{
    ClearBlockedContentSettings();
    render_frame->GetWebFrame()->SetContentSettingsClient(this);
}

ContentSettingsObserverQt::~ContentSettingsObserverQt() {}

bool ContentSettingsObserverQt::OnMessageReceived(const IPC::Message &message)
{
    bool handled = true;
    IPC_BEGIN_MESSAGE_MAP(ContentSettingsObserverQt, message)
        IPC_MESSAGE_HANDLER(QtWebEngineMsg_RequestStorageAccessAsyncResponse, OnRequestStorageAccessAsyncResponse)
        IPC_MESSAGE_UNHANDLED(handled = false)
    IPC_END_MESSAGE_MAP()

    return handled;
}

void ContentSettingsObserverQt::DidCommitProvisionalLoad(ui::PageTransition /*transition*/)
{
    blink::WebLocalFrame *frame = render_frame()->GetWebFrame();
    if (frame->Parent())
        return; // Not a top-level navigation.

    ClearBlockedContentSettings();

    GURL url = frame->GetDocument().Url();
    // If we start failing this DCHECK, please makes sure we don't regress
    // this bug: http://code.google.com/p/chromium/issues/detail?id=79304
    DCHECK(frame->GetDocument().GetSecurityOrigin().ToString() == "null" || !url.SchemeIs(url::kDataScheme));
}

void ContentSettingsObserverQt::OnDestruct()
{
    delete this;
}

void ContentSettingsObserverQt::AllowStorageAccess(StorageType storage_type,
                                                   base::OnceCallback<void(bool)> callback)
{
    blink::WebFrame *frame = render_frame()->GetWebFrame();
    if (IsUniqueFrame(frame)) {
        std::move(callback).Run(false);
        return;
    }

    ++m_currentRequestId;
    bool inserted = m_permissionRequests.insert(std::make_pair(m_currentRequestId, std::move(callback))).second;

    // Verify there are no duplicate insertions.
    DCHECK(inserted);

    Send(new QtWebEngineHostMsg_RequestStorageAccessAsync(routing_id(), m_currentRequestId,
                                                          url::Origin(frame->GetSecurityOrigin()).GetURL(),
                                                          url::Origin(frame->Top()->GetSecurityOrigin()).GetURL(),
                                                          int(storage_type)));
}

bool ContentSettingsObserverQt::AllowStorageAccessSync(StorageType storage_type)
{
    blink::WebLocalFrame *frame = render_frame()->GetWebFrame();
    if (IsUniqueFrame(frame))
        return false;

    bool sameOrigin = url::Origin(frame->Top()->GetSecurityOrigin()).IsSameOriginWith(url::Origin(frame->GetSecurityOrigin()));
    StoragePermissionsKey key(url::Origin(frame->GetSecurityOrigin()).GetURL(), int(storage_type));
    if (sameOrigin) {
        const auto permissions = m_cachedStoragePermissions.find(key);
        if (permissions != m_cachedStoragePermissions.end())
            return permissions->second;
    }

    bool result = false;
    Send(new QtWebEngineHostMsg_AllowStorageAccess(routing_id(), url::Origin(frame->GetSecurityOrigin()).GetURL(),
                                                   url::Origin(frame->Top()->GetSecurityOrigin()).GetURL(),
                                                   int(storage_type), &result));
    if (sameOrigin)
        m_cachedStoragePermissions[key] = result;
    return result;
}

void ContentSettingsObserverQt::OnRequestStorageAccessAsyncResponse(int request_id, bool allowed)
{
    auto it = m_permissionRequests.find(request_id);
    if (it == m_permissionRequests.end())
        return;

    base::OnceCallback<void(bool)> callback = std::move(it->second);
    m_permissionRequests.erase(it);

    std::move(callback).Run(allowed);
}

void ContentSettingsObserverQt::ClearBlockedContentSettings()
{
    m_cachedStoragePermissions.clear();
}

} // namespace QtWebEngineCore