1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CONTENT_PUBLIC_BROWSER_SITE_ISOLATION_POLICY_H_
6 #define CONTENT_PUBLIC_BROWSER_SITE_ISOLATION_POLICY_H_
7 
8 #include <string>
9 #include <vector>
10 
11 #include "base/gtest_prod_util.h"
12 #include "base/macros.h"
13 #include "base/strings/string_piece_forward.h"
14 #include "content/common/content_export.h"
15 #include "url/origin.h"
16 
17 namespace content {
18 
19 // A centralized place for making policy decisions about out-of-process iframes,
20 // site isolation, --site-per-process, and related features.
21 //
22 // This is currently static because all these modes are controlled by command-
23 // line flags or field trials.
24 //
25 // These methods can be called from any thread.
26 class CONTENT_EXPORT SiteIsolationPolicy {
27  public:
28   // Returns true if every site should be placed in a dedicated process.
29   static bool UseDedicatedProcessesForAllSites();
30 
31   // Returns true if isolated origins feature is enabled.
32   static bool AreIsolatedOriginsEnabled();
33 
34   // Returns true if strict origin isolation is enabled. Controls whether site
35   // isolation uses origins instead of scheme and eTLD+1.
36   static bool IsStrictOriginIsolationEnabled();
37 
38   // Returns true if error page isolation is enabled.
39   static bool IsErrorPageIsolationEnabled(bool in_main_frame);
40 
41   // Returns true if the PDF compositor should be enabled to allow out-of-
42   // process iframes (OOPIF's) to print properly.
43   static bool ShouldPdfCompositorBeEnabledForOopifs();
44 
45   // Returns true if isolated origins may be added at runtime in response
46   // to hints such as users typing in a password or (in the future) an origin
47   // opting itself into isolation via a header.
48   static bool AreDynamicIsolatedOriginsEnabled();
49 
50   // Applies isolated origins from all available sources, including the
51   // command-line switch, field trials, enterprise policy, and the embedder.
52   // See also AreIsolatedOriginsEnabled. These origins apply globally to the
53   // whole browser in all profiles.  This should be called once on browser
54   // startup.
55   static void ApplyGlobalIsolatedOrigins();
56 
57  private:
58   SiteIsolationPolicy();  // Not instantiable.
59 
60   // Gets isolated origins from cmdline and/or from field trial param.
61   static std::string GetIsolatedOriginsFromCommandLine();
62   static std::string GetIsolatedOriginsFromFieldTrial();
63 
64   DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicy);
65 };
66 
67 }  // namespace content
68 
69 #endif  // CONTENT_PUBLIC_BROWSER_SITE_ISOLATION_POLICY_H_
70