1 // Copyright 2015 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CONTENT_PUBLIC_BROWSER_SITE_ISOLATION_POLICY_H_ 6 #define CONTENT_PUBLIC_BROWSER_SITE_ISOLATION_POLICY_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/gtest_prod_util.h" 12 #include "base/macros.h" 13 #include "base/strings/string_piece_forward.h" 14 #include "content/common/content_export.h" 15 #include "url/origin.h" 16 17 namespace content { 18 19 // A centralized place for making policy decisions about out-of-process iframes, 20 // site isolation, --site-per-process, and related features. 21 // 22 // This is currently static because all these modes are controlled by command- 23 // line flags or field trials. 24 // 25 // These methods can be called from any thread. 26 class CONTENT_EXPORT SiteIsolationPolicy { 27 public: 28 // Returns true if every site should be placed in a dedicated process. 29 static bool UseDedicatedProcessesForAllSites(); 30 31 // Returns true if isolated origins feature is enabled. 32 static bool AreIsolatedOriginsEnabled(); 33 34 // Returns true if strict origin isolation is enabled. Controls whether site 35 // isolation uses origins instead of scheme and eTLD+1. 36 static bool IsStrictOriginIsolationEnabled(); 37 38 // Returns true if error page isolation is enabled. 39 static bool IsErrorPageIsolationEnabled(bool in_main_frame); 40 41 // Returns true if the PDF compositor should be enabled to allow out-of- 42 // process iframes (OOPIF's) to print properly. 43 static bool ShouldPdfCompositorBeEnabledForOopifs(); 44 45 // Returns true if isolated origins may be added at runtime in response 46 // to hints such as users typing in a password or (in the future) an origin 47 // opting itself into isolation via a header. 48 static bool AreDynamicIsolatedOriginsEnabled(); 49 50 // Applies isolated origins from all available sources, including the 51 // command-line switch, field trials, enterprise policy, and the embedder. 52 // See also AreIsolatedOriginsEnabled. These origins apply globally to the 53 // whole browser in all profiles. This should be called once on browser 54 // startup. 55 static void ApplyGlobalIsolatedOrigins(); 56 57 private: 58 SiteIsolationPolicy(); // Not instantiable. 59 60 // Gets isolated origins from cmdline and/or from field trial param. 61 static std::string GetIsolatedOriginsFromCommandLine(); 62 static std::string GetIsolatedOriginsFromFieldTrial(); 63 64 DISALLOW_COPY_AND_ASSIGN(SiteIsolationPolicy); 65 }; 66 67 } // namespace content 68 69 #endif // CONTENT_PUBLIC_BROWSER_SITE_ISOLATION_POLICY_H_ 70