
This change allows a top-level empty SiteInstance to become the default SiteInstance if the URL for the top-level frame does not require a dedicated process. This allows the top-level frame and any subframes that do not require a dedicated process to share the same default SiteInstance process. Bug: 958060,78757 Change-Id: I920860b822474157897a0f3e3534cca87984599c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1693778 Commit-Queue: Aaron Colwell <acolwell@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#680472}
236 lines
10 KiB
C++
236 lines
10 KiB
C++
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#ifndef CONTENT_BROWSER_BROWSING_INSTANCE_H_
|
|
#define CONTENT_BROWSER_BROWSING_INSTANCE_H_
|
|
|
|
#include <stddef.h>
|
|
|
|
#include <string>
|
|
#include <unordered_map>
|
|
|
|
#include "base/gtest_prod_util.h"
|
|
#include "base/lazy_instance.h"
|
|
#include "base/logging.h"
|
|
#include "base/macros.h"
|
|
#include "base/memory/ref_counted.h"
|
|
#include "content/browser/isolation_context.h"
|
|
#include "content/common/content_export.h"
|
|
#include "content/public/browser/browser_context.h"
|
|
#include "content/public/browser/render_process_host_observer.h"
|
|
|
|
class GURL;
|
|
|
|
namespace content {
|
|
class RenderProcessHost;
|
|
class SiteInstanceImpl;
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// BrowsingInstance class
|
|
//
|
|
// A browsing instance corresponds to the notion of a "unit of related browsing
|
|
// contexts" in the HTML 5 spec. Intuitively, it represents a collection of
|
|
// tabs and frames that can have script connections to each other. In that
|
|
// sense, it reflects the user interface, and not the contents of the tabs and
|
|
// frames.
|
|
//
|
|
// We further subdivide a BrowsingInstance into SiteInstances, which represent
|
|
// the documents within each BrowsingInstance that are from the same site and
|
|
// thus can have script access to each other. Different SiteInstances can
|
|
// safely run in different processes, because their documents cannot access
|
|
// each other's contents (due to the same origin policy).
|
|
//
|
|
// It is important to only have one SiteInstance per site within a given
|
|
// BrowsingInstance. This is because any two documents from the same site
|
|
// might be able to script each other if they are in the same BrowsingInstance.
|
|
// Thus, they must be rendered in the same process.
|
|
//
|
|
// A BrowsingInstance is live as long as any SiteInstance has a reference to
|
|
// it. A SiteInstance is live as long as any NavigationEntry or RenderViewHost
|
|
// have references to it. Because both classes are RefCounted, they do not
|
|
// need to be manually deleted.
|
|
//
|
|
// BrowsingInstance has no public members, as it is designed to be
|
|
// visible only from the SiteInstance class. To get a new
|
|
// SiteInstance that is part of the same BrowsingInstance, use
|
|
// SiteInstance::GetRelatedSiteInstance. Because of this,
|
|
// BrowsingInstances and SiteInstances are tested together in
|
|
// site_instance_unittest.cc.
|
|
//
|
|
// Note that a browsing instance in the browser is independently tracked in
|
|
// the renderer inside blink::Page::RelatedPages() method (in theory the browser
|
|
// and renderer should always stay in sync).
|
|
//
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
class CONTENT_EXPORT BrowsingInstance final
|
|
: public base::RefCounted<BrowsingInstance>,
|
|
public RenderProcessHostObserver {
|
|
private:
|
|
friend class base::RefCounted<BrowsingInstance>;
|
|
friend class SiteInstanceImpl;
|
|
FRIEND_TEST_ALL_PREFIXES(SiteInstanceTest, OneSiteInstancePerSite);
|
|
FRIEND_TEST_ALL_PREFIXES(SiteInstanceTest,
|
|
OneSiteInstancePerSiteInBrowserContext);
|
|
|
|
// Return an ID of the next BrowsingInstance to be created. This ID is
|
|
// guaranteed to be higher than any ID of an existing BrowsingInstance. This
|
|
// does *not* increment the global counter used for assigning
|
|
// BrowsingInstance IDs: that happens only in the BrowsingInstance
|
|
// constructor.
|
|
static BrowsingInstanceId NextBrowsingInstanceId();
|
|
|
|
// Create a new BrowsingInstance.
|
|
explicit BrowsingInstance(BrowserContext* context);
|
|
|
|
~BrowsingInstance() final;
|
|
|
|
// RenderProcessHostObserver implementation.
|
|
void RenderProcessHostDestroyed(RenderProcessHost* host) final;
|
|
|
|
// Get the browser context to which this BrowsingInstance belongs.
|
|
BrowserContext* GetBrowserContext() const;
|
|
|
|
// Get the IsolationContext associated with this BrowsingInstance. This can
|
|
// be used to track this BrowsingInstance in other areas of the code, along
|
|
// with any other state needed to make isolation decisions.
|
|
const IsolationContext& isolation_context() { return isolation_context_; }
|
|
|
|
// Returns whether this BrowsingInstance has registered a SiteInstance for
|
|
// the site of the given URL.
|
|
bool HasSiteInstance(const GURL& url);
|
|
|
|
// Get the SiteInstance responsible for rendering the given URL. Should
|
|
// create a new one if necessary, but should not create more than one
|
|
// SiteInstance per site.
|
|
//
|
|
// |allow_default_instance| should be set to true in cases where the caller
|
|
// is ok with |url| sharing a process with other sites that do not require
|
|
// a dedicated process. Note that setting this to true means that the
|
|
// SiteInstanceImpl you get back may return "http://unisolated.invalid" for
|
|
// GetSiteURL() and lock_url() calls because the default instance is not
|
|
// bound to a single site.
|
|
scoped_refptr<SiteInstanceImpl> GetSiteInstanceForURL(
|
|
const GURL& url,
|
|
bool allow_default_instance);
|
|
|
|
// Gets site and lock URLs for |url| that are identical with what these
|
|
// values would be if we called GetSiteInstanceForURL() with the same
|
|
// |url| and |allow_default_instance|. This method is used when we need this
|
|
// information, but do not want to create a SiteInstance yet.
|
|
void GetSiteAndLockForURL(const GURL& url,
|
|
bool allow_default_instance,
|
|
GURL* site_url,
|
|
GURL* lock_url);
|
|
|
|
// Helper function used by GetSiteInstanceForURL() and GetSiteAndLockForURL()
|
|
// that returns an existing SiteInstance from |site_instance_map_| or
|
|
// returns |default_site_instance_| if |allow_default_instance| is true and
|
|
// other conditions are met. If there is no existing SiteInstance that is
|
|
// appropriate for |url|, |allow_default_instance| combination, then a nullptr
|
|
// is returned.
|
|
//
|
|
// Note: This method is not intended to be called by code outside this object.
|
|
scoped_refptr<SiteInstanceImpl> GetSiteInstanceForURLHelper(
|
|
const GURL& url,
|
|
bool allow_default_instance);
|
|
|
|
// Adds the given SiteInstance to our map, to ensure that we do not create
|
|
// another SiteInstance for the same site.
|
|
void RegisterSiteInstance(SiteInstanceImpl* site_instance);
|
|
|
|
// Removes the given SiteInstance from our map, after all references to it
|
|
// have been deleted. This means it is safe to create a new SiteInstance
|
|
// if the user later visits a page from this site, within this
|
|
// BrowsingInstance.
|
|
void UnregisterSiteInstance(SiteInstanceImpl* site_instance);
|
|
|
|
// Tracks the number of WebContents currently in this BrowsingInstance.
|
|
size_t active_contents_count() const { return active_contents_count_; }
|
|
void increment_active_contents_count() { active_contents_count_++; }
|
|
void decrement_active_contents_count() {
|
|
DCHECK_LT(0u, active_contents_count_);
|
|
active_contents_count_--;
|
|
}
|
|
|
|
// Stores the process that should be used if a SiteInstance doesn't need
|
|
// a dedicated process.
|
|
void SetDefaultProcess(RenderProcessHost* default_process);
|
|
RenderProcessHost* default_process() const { return default_process_; }
|
|
|
|
bool IsDefaultSiteInstance(const SiteInstanceImpl* site_instance) const;
|
|
|
|
// Returns true if |site_url| has been used to get a SiteInstance from this
|
|
// object and the default SiteInstance was returned. This simply indicates
|
|
// the site may be directed to the default SiteInstance process, but it does
|
|
// not indicate that the site has already been committed to that process.
|
|
// Returns false if no request for |site_url| has resulted in this object
|
|
// returning the default SiteInstance.
|
|
bool IsSiteInDefaultSiteInstance(const GURL& site_url) const;
|
|
|
|
// Attempts to convert |site_instance| into a default SiteInstance,
|
|
// if |url| can be placed inside a default SiteInstance, and the default
|
|
// SiteInstance has not already been set for this object.
|
|
// Returns true if |site_instance| was successfully converted to a default
|
|
// SiteInstance. Otherwise, returns false.
|
|
bool TrySettingDefaultSiteInstance(SiteInstanceImpl* site_instance,
|
|
const GURL& url);
|
|
|
|
// Helper function used by other methods in this class to ensure consistent
|
|
// mapping between |url| and site URL.
|
|
// Note: This should not be used by code outside this class.
|
|
GURL GetSiteForURL(const GURL& url) const;
|
|
|
|
// Map of site to SiteInstance, to ensure we only have one SiteInstance per
|
|
// site.
|
|
typedef std::unordered_map<std::string, SiteInstanceImpl*> SiteInstanceMap;
|
|
|
|
// The next available browser-global BrowsingInstance ID.
|
|
static int next_browsing_instance_id_;
|
|
|
|
// The IsolationContext associated with this BrowsingInstance. This will not
|
|
// change after the BrowsingInstance is constructed.
|
|
//
|
|
// This holds a common BrowserContext to which all SiteInstances in this
|
|
// BrowsingInstance must belong.
|
|
const IsolationContext isolation_context_;
|
|
|
|
// Map of site to SiteInstance, to ensure we only have one SiteInstance per
|
|
// site. The site string should be the possibly_invalid_spec() of a GURL
|
|
// obtained with SiteInstanceImpl::GetSiteForURL. Note that this map may not
|
|
// contain every active SiteInstance, because a race exists where two
|
|
// SiteInstances can be assigned to the same site. This is ok in rare cases.
|
|
// It also does not contain SiteInstances which have not yet been assigned a
|
|
// site, such as about:blank. See NavigatorImpl::ShouldAssignSiteForURL.
|
|
// This map only contains instances that map to a single site. The
|
|
// |default_site_instance_|, which associates multiple sites with a single
|
|
// instance, is not contained in this map.
|
|
SiteInstanceMap site_instance_map_;
|
|
|
|
// Number of WebContentses currently using this BrowsingInstance.
|
|
size_t active_contents_count_;
|
|
|
|
// The process to use for any SiteInstance in this BrowsingInstance that
|
|
// doesn't require a dedicated process.
|
|
RenderProcessHost* default_process_;
|
|
|
|
// SiteInstance to use if a URL does not correspond to an instance in
|
|
// |site_instance_map_| and it does not require a dedicated process.
|
|
// This field and |default_process_| are mutually exclusive and this field
|
|
// should only be set if kProcessSharingWithStrictSiteInstances is not
|
|
// enabled. This is a raw pointer to avoid a reference cycle between the
|
|
// BrowsingInstance and the SiteInstanceImpl.
|
|
SiteInstanceImpl* default_site_instance_;
|
|
|
|
// Keeps track of the site URLs that this object mapped to the
|
|
// |default_site_instance_|.
|
|
std::set<GURL> site_url_set_;
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(BrowsingInstance);
|
|
};
|
|
|
|
} // namespace content
|
|
|
|
#endif // CONTENT_BROWSER_BROWSING_INSTANCE_H_
|