This is now the default for WebUI bindings, so setting true is
unnecessary. In this CL updating all uses within content/, docs/ and
ui/webui/examples/
Bug: 1002798
Change-Id: If2ab305c5b56524e5f2f4b4313c58ea664f9ad4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5009906
Reviewed-by: Bo Liu <boliu@chromium.org>
Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org>
Commit-Queue: Rebekah Potter <rbpotter@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1222665}
Introduces a RenderProcessHostImpl::GetProcessCount to make it possible
to show both the actual process count and the count used for the limit.
Also moves Site Isolation info to another tab on the page.
Bug: 850087
Change-Id: I43d3f0d622b94f429df576147df672109282cefd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4292643
Commit-Queue: Charlie Reis <creis@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Auto-Submit: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1111335}
Also fixing a minor issue in the TS enum template, where enums with
parents were named without including the parent's name in the type
(this type of enum was not used by any prior WebUI bindings).
Bug: 1002798
Change-Id: Idb8cfc394f6c599309219668622a4f19259660ab
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4195379
Reviewed-by: Bo Liu <boliu@chromium.org>
Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org>
Commit-Queue: Rebekah Potter <rbpotter@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1097627}
Using base::FunctionRef as the callable param for a visitor function
can significantly reduce the boilerplate required to use the visitor
function. It also avoids the heap allocation required to support
base::RepeatingCallback's strong ownership semantics.
The most common transformation in this CL is converting something
like:
rfh->ForEachRenderFrameHost(base::BindRepeating(
&MyClass::HandleRFH, base::Unretained(this)));
to simply using a lambda that captures `this`:
rfh->ForEachRenderFrameHost([this] (content::RenderFrameHost* rfh) {
HandleRFH(rfh);
});
An astute reader will note that the latter is one line longer; however,
many of these callbacks currently bind other arguments as additional
input parameters or as out parameters. Using lambda captures
significantly reduces the boilerplate, improving readability, and makes
it much easier to avoid unnecessary copies.
Bug: 1303103
Change-Id: I3aeb74a0988dbddb645faef2239e9541c9adac52
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3767487
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Owners-Override: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1039508}
Context:
Currently WebUI properties, e.g. CSPs, requesting schemes, host, mojo,
etc. are stored in WebUIControllers themselves or in separate lists
like IsWebUIAllowedToMakeNetworkRequests. The lifetime of a
WebUIController is bound to the frame, which makes it hard to use for
some use cases where the WebUIController hasn't been created yet. A
non-dynamically allocated class where clients could query a WebUI's
properties would be easier to use and audit.
WebUIConfig is a class that stores properties of WebUIs. For now the
properties are 1. the WebUI's origin, 2. if the WebUI is enabled,
and 3. GetURLDataSource() method for service worker initialization.
In the future this class could include information like CSPs, if we
should enable Mojo, if we should enable chrome.send(), if we should
allow network requests, URLDataSource, etc.
Bug: 1317510
Change-Id: Ic9d4481e12be16f120a65437c06c15f541ac0ee1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3657709
Reviewed-by: Stephen Nusko <nuskos@chromium.org>
Commit-Queue: Giovanni Ortuno Urquidi <ortuno@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: Ayu Ishii <ayui@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1007223}
Prior to <webview> site isolation, guests looked like this on
chrome://process-internals:
SI:8, site:chrome-guest://edggnmnajhcbhlnpjnogkjpghaikidaa/?foo#ondiskfallback | url: https://www.google.com/?gws_rd=ssl
With <webview> site isolation, guests became indistinguishable from
regular frames:
SI:8, locked, site:https://google.com/ | url: https://www.google.com/?gws_rd=ssl
This CL restores the guest information that was previously conveyed
through the site URL, including whether the SiteInstance is for a
guest and a string representation of its StoragePartition:
SI:8, locked, site:https://google.com/, guest, partition:edggnmnajhcbhlnpjnogkjpghaikidaa/foo | url: https://www.google.com/?gws_rd=ssl
Bug: 1267977
Change-Id: I467ec38cf983127fade665d02ffc58fe43f0c1f9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3643024
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1002914}
This CL refactors previously added MojoJSFileSystemAccess Web IDL
feature to into a ContextEnabled feature, and add methods to WebUI
infrastructure to enable it.
This is more aligned with WebUI's design expectation that WebUI is a
per-frame concept (hence their feature should be ContextEnabled),
instead of a per-process concept (previously used RuntimeEnabled
feature).
WebUIs wishing to enable these extra features should call
EnableMojoJsBindings with the extra features they need.
Bug: 1288174
Change-Id: I94d7445ef62dfd5afb9c0ef204f3b57d96c892bf
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3546210
Reviewed-by: Giovanni Ortuno Urquidi <ortuno@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Auto-Submit: Jiewei Qian <qjw@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#987764}
Previously the iteration was based on children of a RenderFrameHost.
This did not traverse FencedFrame trees so convert this to
ForEachRenderFrameHost. Avoid traversing into inner WebContents since
that is already covered in the GetAllWebContents.
BUG=1263574
Change-Id: Iab54fa243d49cdc8ecb4ded2d491880dd0b29860
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3511087
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Kevin McNee <mcnee@chromium.org>
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/main@{#979297}
Almost all WebUIDataSource::Create() users do no try to take ownership
of the WebUIDataSource. The returned pointer always be passed to
WebUIDataSource::Add() and it eventually passes the pointer down to
URLDataManagerBackend. Inside WebUIDataSource::CreateAndAdd(), it calls
WebUIDataSource::Add() to internalize its ownership. It provides right
ownership semantics, and abstracts away the URLDataSourceImpl is
refcounted details.
Bug: 1206140
Change-Id: I89fd2e03b2a782b5c8ff00d1912d1adf78ef2218
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3406435
Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#968119}
As a followup to introducing RenderProcessHost::GetProcessLock, update
call sites that use ChildProcessSecurityPolicy.
There are also some sites that update SiteInstanceImpl::GetProcessLock
to RenderProcessHost::GetProcessLock, where it is more accurate to get
the ProcessLock for the process.
Bug: 1261963
Test: Updated browsertests
Change-Id: I27823e5c584cde9dcd03e661d4f6f272d483cbd0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3307505
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: Sharon Yang <yangsharon@chromium.org>
Cr-Commit-Position: refs/heads/main@{#946768}
This CL refactors the code that tracks OAC (OriginAgentCluster)
isolation opt-ins to allow for having both origin-keyed OAC processes
and non-origin-keyed OAC processes present at the same time.
The map in ChildProcessSecurityPolicyImpl that tracks OAC opt-ins is
|origin_isolation_by_browsing_instance_|. Prior to this CL it just
tracks a list of origins, with the assumption being that any origin
in the list is opted in for whatever OAC mechanism is currently being
used.
The two mechanisms are origin_keyed, in which each origin is assigned
its own process, and non-origin_keyed, in which each origin is logically
isolated in the renderer process, but may share a renderer process with
other origins. At present, only one of these mechanisms is active for
a given browser session.
In this CL we modify |origin_isolation_by_browsing_instance_| to track
which mechanism to use for each origin, thus allowing both mechanisms
to be active at once.
This CL also enhances the UrlInfo::OriginIsolationRequest flags to
allow us (in some future CL) to control which mechanism to register at
opt-in time.
Bug: 1259920
Change-Id: Id6a9c396f2cf94264aab171b80d72c7f4917a2f4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3244802
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: W. James MacLean <wjmaclean@chromium.org>
Cr-Commit-Position: refs/heads/main@{#941698}
This replaces DISALLOW_COPY_AND_ASSIGN with explicit constructor deletes
where a local script is able to detect its insertion place (~Foo() is
public => insert before this line).
This is incomplete as not all classes have a public ~Foo() declared, so
not all DISALLOW_COPY_AND_ASSIGN occurrences are replaced.
IWYU cleanup is left as a separate pass that is easier when these macros
go away.
Bug: 1010217
Change-Id: Iea478401b7580682c7b9f195f7af9cbbdb6ce315
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3167292
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Owners-Override: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#923194}
This CL refactors BackForwardCacheImpl::Entry so that it is bfcache
specific. Now prerendering uses BackForwardCacheImpl::StoredPage.
BackForwardCacheImpl::Entry now owns StoredPage.
Bug: 1181263,1228611, 1183523
Change-Id: Ie51f79913177dcf2d144a734f292c0c7b3646121
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3034509
Commit-Queue: Yuzu Saijo <yuzus@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Alexander Timin <altimin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#905599}
There are classes that extend both WebUIController and
WebContentsObserver, but both interfaces have a function called
RenderFrameCreated, which is confusing and risky as a result.
* Rename WebUIController::RenderFrameCreated to WebUIRenderFrameCreated
* Clean up macros
Bug: 1225704
Change-Id: I8d1b6333c3a2d937558ea7488a721a321aa2687e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2999042
Commit-Queue: Sharon Yang <yangsharon@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Owners-Override: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#897882}
This CL implements support for saving COOP-isolated sites to user
prefs. This allows them to survive restarts. Persistent isolation is
triggered by visiting a COOP site and then interacting with it (i.e.,
via user activation). Persistence is used when
kSiteIsolationForCrossOriginOpenerPolicy is enabled (intended for
Android, since desktop already has full site isolation), and it may
also be turned off by a field trial param.
The implementation is similar to how we save/restore
password-triggered isolated sites, with additional restrictions on the
saved COOP site list. Namely, we limit the list to at most 100
entries (controllable via a field trial param) and evict older sites
when this limit is exceeded. To do the latter, we store a last-access
timestamp along with each isolated site. A followup CL will further
restrict the stored isolated sites to not be loaded if they're more
than a week old.
A new user pref is added for web-triggered isolated origins and used
for storing COOP-isolated sites (and possibly other kinds of sites
that trigger site isolation with site-specified mechanisms
in the future). This complements the user-triggered isolated origins
pref (used for password sites) and is managed in
//components/site_isolation, allowing this whole mechanism to also
work in weblayer.
As before, persistence is not supported in incognito, and a browser
test is added to verify this.
The saved COOP sites are cleared via the same clear-browsing-data
triggers as password-isolated sites (namely, either history or cookies
and other site settings). The existing unit test we had for that is
updated to also employ the COOP pref.
For more details, see
https://docs.google.com/document/d/122niZuMrub8vu4PJRGQrU_bG02tPPcjqWpsj3GJ1Uq0/edit#
Bug: 1018656
Change-Id: Iea4fe0b41a2521a92ab267c44bf615ca420609cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2898148
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Clark DuVall <cduvall@chromium.org>
Reviewed-by: Caitlin Fischer <caitlinfischer@google.com>
Reviewed-by: Joshua Bell <jsbell@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#884196}
This CL makes two tweaks to chrome://process-internals for the new
Android site isolation modes:
- add ability to show COOP and OAuth isolation in the list of site
isolation modes.
- display currently isolated COOP sites. Currently, these are active
for the remainder of the browser session and cleared after a restart.
Once we add persistence, we'll want to come back and update the
description here.
Bug: 1018656, 960888
Change-Id: Ie97df36b7d5b30fe90e73ca240bb900e0458b026
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2872254
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#879193}
This change removes calls to base::ASCIIToUTF16 in //content and //ui
with a single-line string literal and replaces them with a u"..."
literal instead. Files where this change would cause compilation errors
were not changed.
This is a mechanical change:
$ git grep -lw ASCIIToUTF16 content ui | xargs \
sed -i 's/\(base::\)\?ASCIIToUTF16(\("\(\\.\|[^\\"]\)*"\))/u\2/g'
$ git cl format
Bug: 1189439
Change-Id: I0d5601dc15324c43012b8d26260405f1efdca07e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780265
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Auto-Submit: Jan Wilken Dörrie <jdoerrie@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Owners-Override: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#865766}
The style guide indicates that only inline methods should be named using
snake_case, and since an earlier CL made
RenderFrameHostImpl::agent_scheduling_group() virtual, the body was
moved to the implementation file, but I think per a strict reading of
the style guide, the method should have been renamed.
(This was originally caught by talp@ by an earlier nit, and I mistakenly
did not address it before landing the earlier CL).
R=kouhei@chromium.org, nasko@chromium.org, talp@chromium.org
Bug: N/A
Change-Id: I04c608c71325dfd9dd95adc5b728747724afb40e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2681117
Commit-Queue: Dominic Farolino <dom@chromium.org>
Reviewed-by: Tal Pressman <talp@google.com>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#852983}
ConversionInternalsUI and ProcessInternalsUI don't need to be
WebContentsObservers at all, since WebUIController already provides a
RenderFrameCreated() override that is scoped WebUI-specific
RenderFrameHosts.
Bug: 1148682, 1149125
Change-Id: Iebef544d7fb7c8938d273c84279ce7e8b19f90a5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2566889
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#832563}
After https://crrev.com/c/2304537, the site URL will no longer contain
the process lock URL in the hash, so the lock URL won't be visible on
chrome://process-internals. This CL adds the plumbing to show the
lock URL independently from site URL, but only if the two URLs are
different. This way, we'll be able to view the lock URL
in cases where it matters (e.g., for hosted apps), and it won't
pollute the UI in the common case where it matches the site URL.
For completeness, this CL also plumbs the is-origin-keyed bit, so that
all current parts of SiteInfo (foundation of a future
SecurityPrincipal abstraction) are shown. The origin-keyed bit is
currently only shown when opt-in origin isolation is in effect.
Bug: 1105994, 1067389
Change-Id: Ife20bcefc57aecee96e24a436ae89902e0837d20
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2364816
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#799787}
This change makes Trusted Type policy enforcement to Perfect types
(i.e. `require-trusted-types-for 'script'; trusted-types;`) by
default for WebUI (while still keeping report-only).
This means WebUI will not be able to use unsafe APIs by default (e.g.
innerHTML, document.write, etc). However, I have removed Trusted
Types CSP from a pages where it does not support Trusted Types yet
(e.g. Polymer 3).
This change will not make any observable changes, as report-only CSP
would only log console error when it detects Trusted Types violation.
Bug: 41905
Change-Id: Ib9d6eae53b600123c1837d2cdc56269c14a8d00f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2234238
Commit-Queue: Jun Kokatsu <Jun.Kokatsu@microsoft.com>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: dpapad <dpapad@chromium.org>
Reviewed-by: Matthew Jones <mdjones@chromium.org>
Reviewed-by: Tommy Steimel <steimel@chromium.org>
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Reviewed-by: enne <enne@chromium.org>
Reviewed-by: oysteine <oysteine@chromium.org>
Reviewed-by: Kyle Horimoto <khorimoto@chromium.org>
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Charlie Harrison <csharrison@chromium.org>
Reviewed-by: Tommy Li <tommycli@chromium.org>
Cr-Commit-Position: refs/heads/master@{#795173}
Before this CL, the test would look for "Process Model Internals"
substring in page contents. This substring is present, but is populated
dynamically in the "Frame Trees" pane:
- WebContents: Process Model Internals, 1 frame.
To make the test less dependent on when the dynamic text is added, this
CL starts looking instead for "Process Internals" substring which is
statically present in
//content/browser/resources/process/process_internals.html
Additionally, after this CL the test inspects page contents via gMock,
rather than via innerHTML.search API. Hopefully, the change in this CL
will make test failures easier to diagnose in the future (i.e. gMock
should display mismatched |page_contents|). Before this CL, the test
failure would just say that |innerHTML.search| API returned -1.
Bug: 1107995
Change-Id: I83e5f45563a780b5dc8919e36ad71b2e171ac2ff
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2317852
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#791956}
The second CL in implementing origin-/site-keying of SiteInstances.
https://crbug.com/1085275/#c2 lists the sequence of CLs and what each
will accomplish.
This CL is a refactor to introduce the ProcessLock class to replace
the GURLs returned by GetOriginLock() and related functions.
It also combines some argument lists that take both a SiteURL and a
LockURL and instead uses SiteInfo or ProcessLock. One notable example
is RenderProcessHostImpl::IsSuitableHost().
Bug: 1067389, 846155
Change-Id: I3c6f67f2bf6f1ce3ed2bc394dbd92827ebd8a50a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2246923
Commit-Queue: James MacLean <wjmaclean@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Aaron Colwell <acolwell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#788226}
