-- Frédéric Wang
--
You received this message because you are subscribed to the Google Groups "net-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to net-dev+u...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/net-dev/16df3e7f-db23-b7f4-60b5-20f33e1c825e%40igalia.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/net-dev/1e981814-b206-76d0-e082-b05c31f532c9%40igalia.com.
Hi Dominik,
Thanks for the feedback.
I've been analyzing Ryan's suggestion and I believe I have a better understanding of how embedders should proceed to support new schemes. It seems that implementing the ContentClient and ContentBrowserClient is the right approach, as Ryan mentioned.
However, if I've understood it correctly, embedders should be responsible of implementing their own protocol handlers logic, including registration and URLThroattle. I wonder whether it'd make sense to apply some refactoring to the current Chrome custom handler codebase and move it to the content layer, so that the embedders' implementation could benefit from it; as a matter of fact, I think there is already a bug to do this work, https://crbug.com/1139176. I'd like to get some opinions about this idea and, if possible, suggestions and/or ideas of possible approaches to do it as smoothly as possible.
Reg: the specific issue you cited, it's about navigator.registerProtocolHandler(), which is entirely implemented by embedders today via WebContentsDelegate::RegisterProtocolHandler.
I think the issue lacks clear description, but as I mentioned on the other email the whole implementation of "registerProtocolHandler" spans //blink //content and //chrome.
So for example, I'm not sure embedders relying exclusively on
WebContentsDelegate::RegisterProtocolHandler would perform the
full validations checks on the browser process? For example in CL
2287304 I only tested same-origin validation in
web_contents_impl_unittest.cc (mock WebContentsDelegate) ; the whole test coverage
had to be done via InProcessBrowserTest (from //chrome).
Similarly, IIRC the substitution of the "%" sign is performed in
//chrome's ProtocolHandler::TranslateUrl. So how can it even work
for embedders ?
This needs to be called by web pages (from the renderer) and I'm not sure if that's the hook you're looking for.
-- Frédéric Wang
Hi Dominik,
Thanks for the feedback.
I've been analyzing Ryan's suggestion and I believe I have a better understanding of how embedders should proceed to support new schemes. It seems that implementing the ContentClient and ContentBrowserClient is the right approach, as Ryan mentioned.
However, if I've understood it correctly, embedders should be responsible of implementing their own protocol handlers logic, including registration and URLThroattle. I wonder whether it'd make sense to apply some refactoring to the current Chrome custom handler codebase and move it to the content layer, so that the embedders' implementation could benefit from it; as a matter of fact, I think there is already a bug to do this work, https://crbug.com/1139176. I'd like to get some opinions about this idea and, if possible, suggestions and/or ideas of possible approaches to do it as smoothly as possible.
There are things that can live in //content but are currently implemented outside //content for some historical reasons, and I agree that custom protocol handler hooks can be one of these. Do you have some rough idea about how the //content API for embedders would look? It'd probably make this discussion easier.
Reg: the specific issue you cited, it's about navigator.registerProtocolHandler(), which is entirely implemented by embedders today via WebContentsDelegate::RegisterProtocolHandler. This needs to be called by web pages (from the renderer) and I'm not sure if that's the hook you're looking for.
Hi,
Thanks for the doc, opinions from the custom_handlers owners (like Dominick) would be important here, but at a quick look it looks like at least some core parts can likely reasonably live in //content to me.
Could you maybe also open up comments permission on the doc for some of us?