danakj | c492bf8 | 2020-09-09 20:02:44 | [diff] [blame] | 1 | // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef CONTENT_BROWSER_RENDERER_HOST_FRAME_TREE_NODE_H_ |
| 6 | #define CONTENT_BROWSER_RENDERER_HOST_FRAME_TREE_NODE_H_ |
| 7 | |
| 8 | #include <stddef.h> |
| 9 | |
| 10 | #include <memory> |
| 11 | #include <string> |
| 12 | #include <vector> |
| 13 | |
| 14 | #include "base/gtest_prod_util.h" |
| 15 | #include "base/macros.h" |
| 16 | #include "base/memory/ref_counted.h" |
| 17 | #include "content/browser/renderer_host/frame_tree.h" |
| 18 | #include "content/browser/renderer_host/frame_tree_node_blame_context.h" |
| 19 | #include "content/browser/renderer_host/navigator.h" |
| 20 | #include "content/browser/renderer_host/render_frame_host_impl.h" |
| 21 | #include "content/browser/renderer_host/render_frame_host_manager.h" |
| 22 | #include "content/common/content_export.h" |
| 23 | #include "content/common/frame_replication_state.h" |
| 24 | #include "services/network/public/mojom/content_security_policy.mojom-forward.h" |
| 25 | #include "third_party/blink/public/common/frame/frame_policy.h" |
| 26 | #include "third_party/blink/public/common/frame/user_activation_state.h" |
| 27 | #include "third_party/blink/public/mojom/frame/frame_owner_element_type.mojom.h" |
| 28 | #include "third_party/blink/public/mojom/frame/frame_owner_properties.mojom.h" |
| 29 | #include "third_party/blink/public/mojom/frame/user_activation_update_types.mojom.h" |
| 30 | #include "third_party/blink/public/mojom/security_context/insecure_request_policy.mojom-forward.h" |
| 31 | |
| 32 | #include "url/gurl.h" |
| 33 | #include "url/origin.h" |
| 34 | |
| 35 | namespace content { |
| 36 | |
| 37 | class NavigationRequest; |
| 38 | class RenderFrameHostImpl; |
| 39 | class NavigationEntryImpl; |
| 40 | |
| 41 | // When a page contains iframes, its renderer process maintains a tree structure |
| 42 | // of those frames. We are mirroring this tree in the browser process. This |
| 43 | // class represents a node in this tree and is a wrapper for all objects that |
| 44 | // are frame-specific (as opposed to page-specific). |
| 45 | // |
| 46 | // Each FrameTreeNode has a current RenderFrameHost, which can change over |
| 47 | // time as the frame is navigated. Any immediate subframes of the current |
| 48 | // document are tracked using FrameTreeNodes owned by the current |
| 49 | // RenderFrameHost, rather than as children of FrameTreeNode itself. This |
| 50 | // allows subframe FrameTreeNodes to stay alive while a RenderFrameHost is |
| 51 | // still alive - for example while pending deletion, after a new current |
| 52 | // RenderFrameHost has replaced it. |
| 53 | class CONTENT_EXPORT FrameTreeNode { |
| 54 | public: |
| 55 | class Observer { |
| 56 | public: |
| 57 | // Invoked when a FrameTreeNode is being destroyed. |
| 58 | virtual void OnFrameTreeNodeDestroyed(FrameTreeNode* node) {} |
| 59 | |
| 60 | // Invoked when a FrameTreeNode becomes focused. |
| 61 | virtual void OnFrameTreeNodeFocused(FrameTreeNode* node) {} |
| 62 | |
| 63 | virtual ~Observer() {} |
| 64 | }; |
| 65 | |
| 66 | static const int kFrameTreeNodeInvalidId; |
| 67 | |
| 68 | // Returns the FrameTreeNode with the given global |frame_tree_node_id|, |
| 69 | // regardless of which FrameTree it is in. |
| 70 | static FrameTreeNode* GloballyFindByID(int frame_tree_node_id); |
| 71 | |
| 72 | // Returns the FrameTreeNode for the given |rfh|. Same as |
| 73 | // rfh->frame_tree_node(), but also supports nullptrs. |
| 74 | static FrameTreeNode* From(RenderFrameHost* rfh); |
| 75 | |
| 76 | // Callers are are expected to initialize sandbox flags separately after |
| 77 | // calling the constructor. |
| 78 | FrameTreeNode( |
| 79 | FrameTree* frame_tree, |
| 80 | RenderFrameHostImpl* parent, |
| 81 | blink::mojom::TreeScopeType scope, |
| 82 | const std::string& name, |
| 83 | const std::string& unique_name, |
| 84 | bool is_created_by_script, |
| 85 | const base::UnguessableToken& devtools_frame_token, |
| 86 | const blink::mojom::FrameOwnerProperties& frame_owner_properties, |
| 87 | blink::mojom::FrameOwnerElementType owner_type); |
| 88 | |
| 89 | ~FrameTreeNode(); |
| 90 | |
| 91 | void AddObserver(Observer* observer); |
| 92 | void RemoveObserver(Observer* observer); |
| 93 | |
| 94 | bool IsMainFrame() const; |
| 95 | |
Alexander Timin | 45b716c | 2020-11-06 01:40:31 | [diff] [blame^] | 96 | struct ResetForNavigationResult { |
| 97 | bool changed_frame_policy = false; |
| 98 | }; |
| 99 | |
danakj | c492bf8 | 2020-09-09 20:02:44 | [diff] [blame] | 100 | // Clears any state in this node which was set by the document itself (CSP |
| 101 | // Headers, Feature Policy Headers, and CSP-set sandbox flags), and notifies |
| 102 | // proxies as appropriate. Invoked after committing navigation to a new |
| 103 | // document (since the new document comes with a fresh set of CSP and |
| 104 | // Feature-Policy HTTP headers). |
Alexander Timin | 45b716c | 2020-11-06 01:40:31 | [diff] [blame^] | 105 | // Returns the details of the reset result — whether any important state (e.g. |
| 106 | // frame policy headers) was lost during the update. |
| 107 | ResetForNavigationResult ResetForNavigation( |
| 108 | bool was_served_from_back_forward_cache); |
danakj | c492bf8 | 2020-09-09 20:02:44 | [diff] [blame] | 109 | |
| 110 | FrameTree* frame_tree() const { return frame_tree_; } |
| 111 | Navigator& navigator() { return frame_tree()->navigator(); } |
| 112 | |
| 113 | RenderFrameHostManager* render_manager() { return &render_manager_; } |
| 114 | int frame_tree_node_id() const { return frame_tree_node_id_; } |
| 115 | const std::string& frame_name() const { return replication_state_.name; } |
| 116 | |
| 117 | const std::string& unique_name() const { |
| 118 | return replication_state_.unique_name; |
| 119 | } |
| 120 | |
| 121 | // See comment on the member declaration. |
| 122 | const base::UnguessableToken& devtools_frame_token() const { |
| 123 | return devtools_frame_token_; |
| 124 | } |
| 125 | |
| 126 | size_t child_count() const { return current_frame_host()->child_count(); } |
| 127 | |
| 128 | unsigned int depth() const { return depth_; } |
| 129 | |
| 130 | RenderFrameHostImpl* parent() const { return parent_; } |
| 131 | |
| 132 | FrameTreeNode* opener() const { return opener_; } |
| 133 | |
| 134 | FrameTreeNode* original_opener() const { return original_opener_; } |
| 135 | |
Wolfgang Beyer | d8809db | 2020-09-30 15:29:39 | [diff] [blame] | 136 | const base::Optional<base::UnguessableToken>& opener_devtools_frame_token() { |
| 137 | return opener_devtools_frame_token_; |
| 138 | } |
| 139 | |
danakj | c492bf8 | 2020-09-09 20:02:44 | [diff] [blame] | 140 | // Gets the total number of descendants to this FrameTreeNode in addition to |
| 141 | // this node. |
| 142 | size_t GetFrameTreeSize() const; |
| 143 | |
| 144 | // Assigns a new opener for this node and, if |opener| is non-null, registers |
| 145 | // an observer that will clear this node's opener if |opener| is ever |
| 146 | // destroyed. |
| 147 | void SetOpener(FrameTreeNode* opener); |
| 148 | |
| 149 | // Assigns the initial opener for this node, and if |opener| is non-null, |
| 150 | // registers an observer that will clear this node's opener if |opener| is |
| 151 | // ever destroyed. The value set here is the root of the tree. |
| 152 | // |
| 153 | // It is not possible to change the opener once it was set. |
| 154 | void SetOriginalOpener(FrameTreeNode* opener); |
| 155 | |
Wolfgang Beyer | d8809db | 2020-09-30 15:29:39 | [diff] [blame] | 156 | // Assigns an opener frame id for this node. This string id is only set once |
| 157 | // and cannot be changed. It persists, even if the |opener| is destroyed. It |
| 158 | // is used for attribution in the DevTools frontend. |
| 159 | void SetOpenerDevtoolsFrameToken( |
| 160 | base::UnguessableToken opener_devtools_frame_token); |
| 161 | |
danakj | c492bf8 | 2020-09-09 20:02:44 | [diff] [blame] | 162 | FrameTreeNode* child_at(size_t index) const { |
| 163 | return current_frame_host()->child_at(index); |
| 164 | } |
| 165 | |
| 166 | // Returns the URL of the last committed page in the current frame. |
| 167 | const GURL& current_url() const { |
| 168 | return current_frame_host()->GetLastCommittedURL(); |
| 169 | } |
| 170 | |
| 171 | // Sets the last committed URL for this frame and updates |
| 172 | // has_committed_real_load accordingly. |
| 173 | void SetCurrentURL(const GURL& url); |
| 174 | |
| 175 | // Returns true iff SetCurrentURL has been called with a non-blank URL. |
| 176 | bool has_committed_real_load() const { return has_committed_real_load_; } |
| 177 | |
| 178 | // Returns whether the frame's owner element in the parent document is |
| 179 | // collapsed, that is, removed from the layout as if it did not exist, as per |
| 180 | // request by the embedder (of the content/ layer). |
| 181 | bool is_collapsed() const { return is_collapsed_; } |
| 182 | |
| 183 | // Sets whether to collapse the frame's owner element in the parent document, |
| 184 | // that is, to remove it from the layout as if it did not exist, as per |
| 185 | // request by the embedder (of the content/ layer). Cannot be called for main |
| 186 | // frames. |
| 187 | // |
| 188 | // This only has an effect for <iframe> owner elements, and is a no-op when |
| 189 | // called on sub-frames hosted in <frame>, <object>, and <embed> elements. |
| 190 | void SetCollapsed(bool collapsed); |
| 191 | |
| 192 | // Returns the origin of the last committed page in this frame. |
| 193 | // WARNING: To get the last committed origin for a particular |
| 194 | // RenderFrameHost, use RenderFrameHost::GetLastCommittedOrigin() instead, |
| 195 | // which will behave correctly even when the RenderFrameHost is not the |
| 196 | // current one for this frame (such as when it's pending deletion). |
| 197 | const url::Origin& current_origin() const { |
| 198 | return replication_state_.origin; |
| 199 | } |
| 200 | |
| 201 | // Set the current origin and notify proxies about the update. |
| 202 | void SetCurrentOrigin(const url::Origin& origin, |
| 203 | bool is_potentially_trustworthy_unique_origin); |
| 204 | |
| 205 | // Set the current name and notify proxies about the update. |
| 206 | void SetFrameName(const std::string& name, const std::string& unique_name); |
| 207 | |
| 208 | // Add CSP headers to replication state, notify proxies about the update. |
| 209 | void AddContentSecurityPolicies( |
| 210 | std::vector<network::mojom::ContentSecurityPolicyHeaderPtr> headers); |
| 211 | |
| 212 | // Sets the current insecure request policy, and notifies proxies about the |
| 213 | // update. |
| 214 | void SetInsecureRequestPolicy(blink::mojom::InsecureRequestPolicy policy); |
| 215 | |
| 216 | // Sets the current set of insecure urls to upgrade, and notifies proxies |
| 217 | // about the update. |
| 218 | void SetInsecureNavigationsSet( |
| 219 | const std::vector<uint32_t>& insecure_navigations_set); |
| 220 | |
| 221 | // Returns the latest frame policy (sandbox flags and container policy) for |
| 222 | // this frame. This includes flags inherited from parent frames and the latest |
| 223 | // flags from the <iframe> element hosting this frame. The returned policies |
| 224 | // may not yet have taken effect, since "sandbox" and "allow" attribute |
| 225 | // updates in an <iframe> element take effect on next navigation. To retrieve |
| 226 | // the currently active policy for this frame, use effective_frame_policy(). |
| 227 | const blink::FramePolicy& pending_frame_policy() const { |
| 228 | return pending_frame_policy_; |
| 229 | } |
| 230 | |
| 231 | // Update this frame's sandbox flags and container policy. This is called |
| 232 | // when a parent frame updates the "sandbox" attribute in the <iframe> element |
| 233 | // for this frame, or any of the attributes which affect the container policy |
| 234 | // ("allowfullscreen", "allowpaymentrequest", "allow", and "src".) |
| 235 | // These policies won't take effect until next navigation. If this frame's |
| 236 | // parent is itself sandboxed, the parent's sandbox flags are combined with |
| 237 | // those in |frame_policy|. |
| 238 | // Attempting to change the container policy on the main frame will have no |
| 239 | // effect. |
| 240 | void SetPendingFramePolicy(blink::FramePolicy frame_policy); |
| 241 | |
| 242 | // Returns the currently active frame policy for this frame, including the |
| 243 | // sandbox flags which were present at the time the document was loaded, and |
| 244 | // the feature policy container policy, which is set by the iframe's |
| 245 | // allowfullscreen, allowpaymentrequest, and allow attributes, along with the |
| 246 | // origin of the iframe's src attribute (which may be different from the URL |
| 247 | // of the document currently loaded into the frame). This does not include |
| 248 | // policy changes that have been made by updating the containing iframe |
| 249 | // element attributes since the frame was last navigated; use |
| 250 | // pending_frame_policy() for those. |
| 251 | const blink::FramePolicy& effective_frame_policy() const { |
| 252 | return replication_state_.frame_policy; |
| 253 | } |
| 254 | |
| 255 | // Set the frame_policy provided in function parameter as active frame policy, |
| 256 | // while leaving pending_frame_policy_ untouched. |
| 257 | bool CommitFramePolicy(const blink::FramePolicy& frame_policy); |
| 258 | |
| 259 | const blink::mojom::FrameOwnerProperties& frame_owner_properties() { |
| 260 | return frame_owner_properties_; |
| 261 | } |
| 262 | |
| 263 | void set_frame_owner_properties( |
| 264 | const blink::mojom::FrameOwnerProperties& frame_owner_properties) { |
| 265 | frame_owner_properties_ = frame_owner_properties; |
| 266 | } |
| 267 | |
| 268 | const network::mojom::ContentSecurityPolicy* csp_attribute() { |
| 269 | return csp_attribute_.get(); |
| 270 | } |
| 271 | |
| 272 | void set_csp_attribute( |
| 273 | network::mojom::ContentSecurityPolicyPtr parsed_csp_attribute) { |
| 274 | csp_attribute_ = std::move(parsed_csp_attribute); |
| 275 | } |
| 276 | |
| 277 | bool HasSameOrigin(const FrameTreeNode& node) const { |
| 278 | return replication_state_.origin.IsSameOriginWith( |
| 279 | node.replication_state_.origin); |
| 280 | } |
| 281 | |
| 282 | const FrameReplicationState& current_replication_state() const { |
| 283 | return replication_state_; |
| 284 | } |
| 285 | |
| 286 | RenderFrameHostImpl* current_frame_host() const { |
| 287 | return render_manager_.current_frame_host(); |
| 288 | } |
| 289 | |
| 290 | // Return the node immediately preceding this node in its parent's children, |
| 291 | // or nullptr if there is no such node. |
| 292 | FrameTreeNode* PreviousSibling() const; |
| 293 | |
| 294 | // Return the node immediately following this node in its parent's children, |
| 295 | // or nullptr if there is no such node. |
| 296 | FrameTreeNode* NextSibling() const; |
| 297 | |
| 298 | // Returns true if this node is in a loading state. |
| 299 | bool IsLoading() const; |
| 300 | |
Alex Moshchuk | 9b0fd82 | 2020-10-26 23:08:15 | [diff] [blame] | 301 | // Returns true if this node has a cross-document navigation in progress. |
| 302 | bool HasPendingCrossDocumentNavigation() const; |
| 303 | |
danakj | c492bf8 | 2020-09-09 20:02:44 | [diff] [blame] | 304 | NavigationRequest* navigation_request() { return navigation_request_.get(); } |
| 305 | |
| 306 | // Transfers the ownership of the NavigationRequest to |render_frame_host|. |
| 307 | // From ReadyToCommit to DidCommit, the NavigationRequest is owned by the |
| 308 | // RenderFrameHost that is committing the navigation. |
| 309 | void TransferNavigationRequestOwnership( |
| 310 | RenderFrameHostImpl* render_frame_host); |
| 311 | |
| 312 | // Takes ownership of |navigation_request| and makes it the current |
| 313 | // NavigationRequest of this frame. This corresponds to the start of a new |
| 314 | // navigation. If there was an ongoing navigation request before calling this |
| 315 | // function, it is canceled. |navigation_request| should not be null. |
| 316 | void CreatedNavigationRequest( |
| 317 | std::unique_ptr<NavigationRequest> navigation_request); |
| 318 | |
| 319 | // Resets the current navigation request. If |keep_state| is true, any state |
| 320 | // created by the NavigationRequest (e.g. speculative RenderFrameHost, |
| 321 | // loading state) will not be reset by the function. |
| 322 | void ResetNavigationRequest(bool keep_state); |
| 323 | |
| 324 | // A RenderFrameHost in this node started loading. |
| 325 | // |to_different_document| will be true unless the load is a fragment |
| 326 | // navigation, or triggered by history.pushState/replaceState. |
| 327 | // |was_previously_loading| is false if the FrameTree was not loading before. |
| 328 | // The caller is required to provide this boolean as the delegate should only |
| 329 | // be notified if the FrameTree went from non-loading to loading state. |
| 330 | // However, when it is called, the FrameTree should be in a loading state. |
| 331 | void DidStartLoading(bool to_different_document, bool was_previously_loading); |
| 332 | |
| 333 | // A RenderFrameHost in this node stopped loading. |
| 334 | void DidStopLoading(); |
| 335 | |
| 336 | // The load progress for a RenderFrameHost in this node was updated to |
| 337 | // |load_progress|. This will notify the FrameTree which will in turn notify |
| 338 | // the WebContents. |
| 339 | void DidChangeLoadProgress(double load_progress); |
| 340 | |
| 341 | // Called when the user directed the page to stop loading. Stops all loads |
| 342 | // happening in the FrameTreeNode. This method should be used with |
| 343 | // FrameTree::ForEach to stop all loads in the entire FrameTree. |
| 344 | bool StopLoading(); |
| 345 | |
| 346 | // Returns the time this frame was last focused. |
| 347 | base::TimeTicks last_focus_time() const { return last_focus_time_; } |
| 348 | |
| 349 | // Called when this node becomes focused. Updates the node's last focused |
| 350 | // time and notifies observers. |
| 351 | void DidFocus(); |
| 352 | |
| 353 | // Called when the user closed the modal dialogue for BeforeUnload and |
| 354 | // cancelled the navigation. This should stop any load happening in the |
| 355 | // FrameTreeNode. |
| 356 | void BeforeUnloadCanceled(); |
| 357 | |
| 358 | // Returns the BlameContext associated with this node. |
| 359 | FrameTreeNodeBlameContext& blame_context() { return blame_context_; } |
| 360 | |
| 361 | // Updates the user activation state in the browser frame tree and in the |
| 362 | // frame trees in all renderer processes except the renderer for this node |
| 363 | // (which initiated the update). Returns |false| if the update tries to |
| 364 | // consume an already consumed/expired transient state, |true| otherwise. See |
| 365 | // the comment on user_activation_state_ below. |
| 366 | // |
| 367 | // The |notification_type| parameter is used for histograms, only for the case |
| 368 | // |update_state == kNotifyActivation|. |
| 369 | bool UpdateUserActivationState( |
| 370 | blink::mojom::UserActivationUpdateType update_type, |
| 371 | blink::mojom::UserActivationNotificationType notification_type); |
| 372 | |
| 373 | void OnSetHadStickyUserActivationBeforeNavigation(bool value); |
| 374 | |
| 375 | // Returns the sandbox flags currently in effect for this frame. This includes |
| 376 | // flags inherited from parent frames, the currently active flags from the |
| 377 | // <iframe> element hosting this frame, as well as any flags set from a |
| 378 | // Content-Security-Policy HTTP header. This does not include flags that have |
| 379 | // have been updated in an <iframe> element but have not taken effect yet; use |
| 380 | // pending_frame_policy() for those. To see the flags which will take effect |
| 381 | // on navigation (which does not include the CSP-set flags), use |
| 382 | // effective_frame_policy(). |
| 383 | network::mojom::WebSandboxFlags active_sandbox_flags() const { |
| 384 | return replication_state_.active_sandbox_flags; |
| 385 | } |
| 386 | |
| 387 | // Updates the active sandbox flags in this frame, in response to a |
| 388 | // Content-Security-Policy header adding additional flags, in addition to |
| 389 | // those given to this frame by its parent, or in response to the |
| 390 | // Feature-Policy header being set. Note that on navigation, these updates |
| 391 | // will be cleared, and the flags in the pending frame policy will be applied |
| 392 | // to the frame. |
Alexander Timin | 45b716c | 2020-11-06 01:40:31 | [diff] [blame^] | 393 | // Returns true iff this operation has changed state of either sandbox flags |
| 394 | // or feature policy. |
| 395 | bool UpdateFramePolicyHeaders( |
danakj | c492bf8 | 2020-09-09 20:02:44 | [diff] [blame] | 396 | network::mojom::WebSandboxFlags sandbox_flags, |
| 397 | const blink::ParsedFeaturePolicy& parsed_header); |
| 398 | |
| 399 | // Returns whether the frame received a user gesture on a previous navigation |
| 400 | // on the same eTLD+1. |
| 401 | bool has_received_user_gesture_before_nav() const { |
| 402 | return replication_state_.has_received_user_gesture_before_nav; |
| 403 | } |
| 404 | |
| 405 | // When a tab is discarded, WebContents sets was_discarded on its |
| 406 | // root FrameTreeNode. |
| 407 | // In addition, when a child frame is created, this bit is passed on from |
| 408 | // parent to child. |
| 409 | // When a navigation request is created, was_discarded is passed on to the |
| 410 | // request and reset to false in FrameTreeNode. |
| 411 | void set_was_discarded() { was_discarded_ = true; } |
| 412 | bool was_discarded() const { return was_discarded_; } |
| 413 | |
| 414 | // Returns the sticky bit of the User Activation v2 state of the |
| 415 | // |FrameTreeNode|. |
| 416 | bool HasStickyUserActivation() const { |
| 417 | return user_activation_state_.HasBeenActive(); |
| 418 | } |
| 419 | |
| 420 | // Returns the transient bit of the User Activation v2 state of the |
| 421 | // |FrameTreeNode|. |
| 422 | bool HasTransientUserActivation() { |
| 423 | return user_activation_state_.IsActive(); |
| 424 | } |
| 425 | |
| 426 | // Remove history entries for all frames created by script in this frame's |
| 427 | // subtree. If a frame created by a script is removed, then its history entry |
| 428 | // will never be reused - this saves memory. |
| 429 | void PruneChildFrameNavigationEntries(NavigationEntryImpl* entry); |
| 430 | |
| 431 | blink::mojom::FrameOwnerElementType frame_owner_element_type() const { |
| 432 | return replication_state_.frame_owner_element_type; |
| 433 | } |
| 434 | // Only meaningful to call on a root frame. The value of |feature_state| will |
| 435 | // be nontrivial if there is an opener which is restricted in some of the |
| 436 | // feature policies. |
| 437 | void SetOpenerFeaturePolicyState( |
| 438 | const blink::FeaturePolicyFeatureState& feature_state); |
| 439 | |
| 440 | void SetAdFrameType(blink::mojom::AdFrameType ad_frame_type); |
| 441 | |
arthursonzogni | 034bb9c | 2020-10-01 08:29:56 | [diff] [blame] | 442 | // The initial popup URL for new window opened using: |
| 443 | // `window.open(initial_popup_url)`. |
| 444 | // An empty GURL otherwise. |
| 445 | // |
| 446 | // [WARNING] There is no guarantee the FrameTreeNode will ever host a |
| 447 | // document served from this URL. The FrameTreeNode always starts hosting the |
| 448 | // initial empty document and attempts a navigation toward this URL. However |
| 449 | // the navigation might be delayed, redirected and even cancelled. |
| 450 | void SetInitialPopupURL(const GURL& initial_popup_url); |
| 451 | const GURL& initial_popup_url() const { return initial_popup_url_; } |
| 452 | |
| 453 | // The origin of the document that used window.open() to create this frame. |
| 454 | // Otherwise, an opaque Origin with a nonce different from all previously |
| 455 | // existing Origins. |
| 456 | void SetPopupCreatorOrigin(const url::Origin& popup_creator_origin); |
| 457 | const url::Origin& popup_creator_origin() const { |
| 458 | return popup_creator_origin_; |
| 459 | } |
| 460 | |
danakj | c492bf8 | 2020-09-09 20:02:44 | [diff] [blame] | 461 | private: |
| 462 | FRIEND_TEST_ALL_PREFIXES(SitePerProcessFeaturePolicyBrowserTest, |
| 463 | ContainerPolicyDynamic); |
| 464 | FRIEND_TEST_ALL_PREFIXES(SitePerProcessFeaturePolicyBrowserTest, |
| 465 | ContainerPolicySandboxDynamic); |
| 466 | |
| 467 | class OpenerDestroyedObserver; |
| 468 | |
| 469 | FrameTreeNode* GetSibling(int relative_offset) const; |
| 470 | |
| 471 | // The |notification_type| parameter is used for histograms only. |
| 472 | bool NotifyUserActivation( |
| 473 | blink::mojom::UserActivationNotificationType notification_type); |
| 474 | |
| 475 | bool ConsumeTransientUserActivation(); |
| 476 | |
| 477 | bool ClearUserActivation(); |
| 478 | |
| 479 | // Verify that the renderer process is allowed to set user activation on this |
| 480 | // frame by checking whether this frame's RenderWidgetHost had previously seen |
| 481 | // an input event that might lead to user activation. If user activation |
| 482 | // should be allowed, this returns true and also clears corresponding pending |
| 483 | // user activation state in the widget. Otherwise, this returns false. |
| 484 | bool VerifyUserActivation(); |
| 485 | |
| 486 | // The next available browser-global FrameTreeNode ID. |
| 487 | static int next_frame_tree_node_id_; |
| 488 | |
| 489 | // The FrameTree that owns us. |
| 490 | FrameTree* frame_tree_; // not owned. |
| 491 | |
| 492 | // Manages creation and swapping of RenderFrameHosts for this frame. |
| 493 | RenderFrameHostManager render_manager_; |
| 494 | |
| 495 | // A browser-global identifier for the frame in the page, which stays stable |
| 496 | // even if the frame does a cross-process navigation. |
| 497 | const int frame_tree_node_id_; |
| 498 | |
| 499 | // The RenderFrameHost owning this FrameTreeNode, which cannot change for the |
| 500 | // life of this FrameTreeNode. |nullptr| if this node is the root. |
| 501 | RenderFrameHostImpl* const parent_; |
| 502 | |
| 503 | // Number of edges from this node to the root. 0 if this is the root. |
| 504 | const unsigned int depth_; |
| 505 | |
| 506 | // The frame that opened this frame, if any. Will be set to null if the |
| 507 | // opener is closed, or if this frame disowns its opener by setting its |
| 508 | // window.opener to null. |
| 509 | FrameTreeNode* opener_; |
| 510 | |
| 511 | // An observer that clears this node's |opener_| if the opener is destroyed. |
| 512 | // This observer is added to the |opener_|'s observer list when the |opener_| |
| 513 | // is set to a non-null node, and it is removed from that list when |opener_| |
| 514 | // changes or when this node is destroyed. It is also cleared if |opener_| |
| 515 | // is disowned. |
| 516 | std::unique_ptr<OpenerDestroyedObserver> opener_observer_; |
| 517 | |
| 518 | // The frame that opened this frame, if any. Contrary to opener_, this |
| 519 | // cannot be changed unless the original opener is destroyed. |
| 520 | FrameTreeNode* original_opener_; |
| 521 | |
Wolfgang Beyer | d8809db | 2020-09-30 15:29:39 | [diff] [blame] | 522 | // The devtools frame token of the frame which opened this frame. This is |
| 523 | // not cleared even if the opener is destroyed or disowns the frame. |
| 524 | base::Optional<base::UnguessableToken> opener_devtools_frame_token_; |
| 525 | |
danakj | c492bf8 | 2020-09-09 20:02:44 | [diff] [blame] | 526 | // An observer that clears this node's |original_opener_| if the opener is |
| 527 | // destroyed. |
| 528 | std::unique_ptr<OpenerDestroyedObserver> original_opener_observer_; |
| 529 | |
arthursonzogni | 034bb9c | 2020-10-01 08:29:56 | [diff] [blame] | 530 | // When created by an opener, the URL specified in window.open(url) |
| 531 | // Please refer to {Get,Set}InitialPopupURL() documentation. |
| 532 | GURL initial_popup_url_; |
| 533 | |
| 534 | // When created using window.open, the origin of the creator. |
| 535 | // Please refer to {Get,Set}PopupCreatorOrigin() documentation. |
| 536 | url::Origin popup_creator_origin_; |
| 537 | |
danakj | c492bf8 | 2020-09-09 20:02:44 | [diff] [blame] | 538 | // Whether this frame has committed any real load, replacing its initial |
| 539 | // about:blank page. |
| 540 | bool has_committed_real_load_; |
| 541 | |
| 542 | // Whether the frame's owner element in the parent document is collapsed. |
| 543 | bool is_collapsed_; |
| 544 | |
| 545 | // Track information that needs to be replicated to processes that have |
| 546 | // proxies for this frame. |
| 547 | FrameReplicationState replication_state_; |
| 548 | |
| 549 | // Track the pending sandbox flags and container policy for this frame. When a |
| 550 | // parent frame dynamically updates 'sandbox', 'allow', 'allowfullscreen', |
| 551 | // 'allowpaymentrequest' or 'src' attributes, the updated policy for the frame |
| 552 | // is stored here, and transferred into replication_state_.frame_policy when |
| 553 | // they take effect on the next frame navigation. |
| 554 | blink::FramePolicy pending_frame_policy_; |
| 555 | |
| 556 | // Whether the frame was created by javascript. This is useful to prune |
| 557 | // history entries when the frame is removed (because frames created by |
| 558 | // scripts are never recreated with the same unique name - see |
| 559 | // https://crbug.com/500260). |
| 560 | bool is_created_by_script_; |
| 561 | |
| 562 | // Used for devtools instrumentation and trace-ability. The token is |
| 563 | // propagated to Blink's LocalFrame and both Blink and content/ |
| 564 | // can tag calls and requests with this token in order to attribute them |
| 565 | // to the context frame. |
| 566 | // |devtools_frame_token_| is only defined by the browser process and is never |
| 567 | // sent back from the renderer in the control calls. It should be never used |
| 568 | // to look up the FrameTreeNode instance. |
| 569 | base::UnguessableToken devtools_frame_token_; |
| 570 | |
| 571 | // Tracks the scrolling and margin properties for this frame. These |
| 572 | // properties affect the child renderer but are stored on its parent's |
| 573 | // frame element. When this frame's parent dynamically updates these |
| 574 | // properties, we update them here too. |
| 575 | // |
| 576 | // Note that dynamic updates only take effect on the next frame navigation. |
| 577 | blink::mojom::FrameOwnerProperties frame_owner_properties_; |
| 578 | |
| 579 | // Contains the current parsed value of the 'csp' attribute of this frame. |
| 580 | network::mojom::ContentSecurityPolicyPtr csp_attribute_; |
| 581 | |
| 582 | // Owns an ongoing NavigationRequest until it is ready to commit. It will then |
| 583 | // be reset and a RenderFrameHost will be responsible for the navigation. |
| 584 | std::unique_ptr<NavigationRequest> navigation_request_; |
| 585 | |
| 586 | // List of objects observing this FrameTreeNode. |
| 587 | base::ObserverList<Observer>::Unchecked observers_; |
| 588 | |
| 589 | base::TimeTicks last_focus_time_; |
| 590 | |
| 591 | bool was_discarded_; |
| 592 | |
| 593 | // The user activation state of the current frame. See |UserActivationState| |
| 594 | // for details on how this state is maintained. |
| 595 | blink::UserActivationState user_activation_state_; |
| 596 | |
| 597 | // A helper for tracing the snapshots of this FrameTreeNode and attributing |
| 598 | // browser process activities to this node (when possible). It is unrelated |
| 599 | // to the core logic of FrameTreeNode. |
| 600 | FrameTreeNodeBlameContext blame_context_; |
| 601 | |
| 602 | DISALLOW_COPY_AND_ASSIGN(FrameTreeNode); |
| 603 | }; |
| 604 | |
| 605 | } // namespace content |
| 606 | |
| 607 | #endif // CONTENT_BROWSER_RENDERER_HOST_FRAME_TREE_NODE_H_ |