1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
|
// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/enterprise/platform_auth/platform_auth_navigation_throttle.h"
#include "chrome/browser/enterprise/platform_auth/platform_auth_provider_manager.h"
#include "content/public/browser/navigation_handle.h"
#include "content/public/browser/navigation_throttle.h"
#include "net/cookies/cookie_util.h"
#include "net/http/http_request_headers.h"
namespace enterprise_auth {
// static
void PlatformAuthNavigationThrottle::MaybeCreateAndAdd(
content::NavigationThrottleRegistry& registry) {
// The manager is enabled when both the feature and policy are enabled.
// If the manager is not enabled, there is no point in creating a throttle
// since no auth data can be fetched.
if (!PlatformAuthProviderManager::GetInstance().IsEnabled()) {
return;
}
// To ensure that auth data is attached to both requests and redirects, the
// navigation throttle is created for all requests.
registry.AddThrottle(
std::make_unique<PlatformAuthNavigationThrottle>(registry));
}
PlatformAuthNavigationThrottle::PlatformAuthNavigationThrottle(
content::NavigationThrottleRegistry& registry)
: content::NavigationThrottle(registry) {}
PlatformAuthNavigationThrottle::~PlatformAuthNavigationThrottle() = default;
content::NavigationThrottle::ThrottleCheckResult
PlatformAuthNavigationThrottle::WillStartRequest() {
// The manager is enabled when both the feature and policy are enabled. This
// value is set in `ResourceRequest::TrustedParams`, which can only be
// modified at the start of a request (not during redirects).
navigation_handle()->SetAllowCookiesFromBrowser(
PlatformAuthProviderManager::GetInstance().IsEnabled());
return FetchHeaders();
}
content::NavigationThrottle::ThrottleCheckResult
PlatformAuthNavigationThrottle::WillRedirectRequest() {
for (auto header : attached_headers_) {
navigation_handle()->RemoveRequestHeader(header);
}
attached_headers_.clear();
return FetchHeaders();
}
const char* PlatformAuthNavigationThrottle::GetNameForLogging() {
return "PlatformAuthNavigationThrottle";
}
content::NavigationThrottle::ThrottleCheckResult
PlatformAuthNavigationThrottle::FetchHeaders() {
fetch_headers_callback_ran_ = false;
// `PlatformAuthProviderManager` may be in the middle of an asynchronous state
// change, such as becoming disabled or updating its supported IdP origins, in
// which case the auth data fetch may still succeed.
if (!PlatformAuthProviderManager::GetInstance().IsEnabledFor(
navigation_handle()->GetURL())) {
return content::NavigationThrottle::PROCEED;
}
PlatformAuthProviderManager::GetInstance().GetData(
navigation_handle()->GetURL(),
base::BindOnce(&PlatformAuthNavigationThrottle::FetchHeadersCallback,
weak_ptr_factory_.GetWeakPtr()));
// If the header fetch callback already ran it likely means that headers could
// not be fetched and `PlatformAuthProviderManager::GetData()` returned
// synchronously, so no need to defer.
if (fetch_headers_callback_ran_) {
return content::NavigationThrottle::PROCEED;
}
is_deferred_ = true;
return content::NavigationThrottle::DEFER;
}
void PlatformAuthNavigationThrottle::FetchHeadersCallback(
net::HttpRequestHeaders auth_headers) {
net::HttpRequestHeaders::Iterator it(auth_headers);
while (it.GetNext()) {
attached_headers_.push_back(it.name());
navigation_handle()->SetRequestHeader(it.name(), it.value());
}
fetch_headers_callback_ran_ = true;
// Resume the deferred request.
if (is_deferred_) {
is_deferred_ = false;
// `Resume()` can synchronously delete this navigation throttle, so no code
// after it should reference a throttle instance.
Resume();
}
}
} // namespace enterprise_auth
|