1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
#ifndef CONTENT_BROWSER_RENDERER_HOST_PRIVATE_NETWORK_ACCESS_UTIL_H_
#define CONTENT_BROWSER_RENDERER_HOST_PRIVATE_NETWORK_ACCESS_UTIL_H_
#include "content/common/content_export.h"
#include "services/network/public/mojom/client_security_state.mojom-forward.h"
#include "services/network/public/mojom/ip_address_space.mojom-forward.h"
#include "services/network/public/mojom/url_response_head.mojom-forward.h"
#include "url/gurl.h"
namespace content {
class ContentBrowserClient;
struct PolicyContainerPolicies;
enum class PrivateNetworkRequestContext {
kSubresource, // Subresource fetches initiated by documents.
kWorker, // Worker script fetches/updates or fetches within worker scripts.
kMainFrameNavigation, // Main frame navigation fetches.
kSubframeNavigation, // Subframe navigation fetches (e.g., iframe).
kFencedFrameNavigation, // Navigation of a fenced frame.
};
// Returns the policy to use for private network requests fetched by a client
// with the given context properties.
//
// `ip_address_space` identifies the IP address space of the request client.
// `is_web_secure_context` specifies whether the request client is a secure
// context or not.
// `allow_on_non_secure_context` specifies whether we allow local network
// requests on non-secure contexts. Note: this only applies to local network
// access requests, not private network access requests, and having this be true
// means that while we still allow the requests, they still need to pass
// permissions checks.
// `private_network_request_context` specifies what this
// request is about. For example, requests made from workers can have different
// policies from normal subresource requests.
network::mojom::PrivateNetworkRequestPolicy CONTENT_EXPORT
DerivePrivateNetworkRequestPolicy(
network::mojom::IPAddressSpace ip_address_space,
bool is_web_secure_context,
bool allow_on_non_secure_context,
PrivateNetworkRequestContext private_network_request_context);
// Convenience overload to directly compute this from the client's `policies`.
network::mojom::PrivateNetworkRequestPolicy CONTENT_EXPORT
DerivePrivateNetworkRequestPolicy(
const PolicyContainerPolicies& policies,
PrivateNetworkRequestContext private_network_request_context);
network::mojom::ClientSecurityStatePtr CONTENT_EXPORT DeriveClientSecurityState(
const PolicyContainerPolicies& policies,
PrivateNetworkRequestContext private_network_request_context);
// Determines the IP address space that should be associated to execution
// contexts instantiated from a resource loaded from this `url` and the given
// response.
//
// This differs from `network::CalculateClientAddressSpace()` in that it takes
// into account special schemes that are only known to the embedder, for which
// the embedder decides the IP address space.
//
// `url` the response URL.
// `response_head` identifies the response headers received which may be
// nullptr. `client` exposes the embedder API which may be nullptr.
network::mojom::IPAddressSpace CalculateIPAddressSpace(
const GURL& url,
network::mojom::URLResponseHead* response_head,
ContentBrowserClient* client);
network::mojom::PrivateNetworkRequestPolicy OverrideBlockWithWarn(
network::mojom::PrivateNetworkRequestPolicy);
} // namespace content
#endif // CONTENT_BROWSER_RENDERER_HOST_PRIVATE_NETWORK_ACCESS_UTIL_H_
|
