1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
ash / webui / focus_mode / focus_mode_untrusted_ui.cc [blame]
// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/40285824): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
#endif
#include "ash/webui/focus_mode/focus_mode_untrusted_ui.h"
#include "ash/constants/ash_features.h"
#include "ash/constants/url_constants.h"
#include "ash/webui/grit/ash_focus_mode_player_resources.h"
#include "ash/webui/grit/ash_focus_mode_player_resources_map.h"
#include "content/public/browser/browser_context.h"
#include "content/public/browser/web_contents.h"
#include "content/public/browser/web_ui.h"
#include "content/public/browser/web_ui_data_source.h"
#include "content/public/common/bindings_policy.h"
#include "content/public/common/url_constants.h"
#include "ui/webui/webui_allowlist.h"
namespace ash {
FocusModeUntrustedUI::FocusModeUntrustedUI(content::WebUI* web_ui)
: ui::UntrustedWebUIController(web_ui) {
// Set up the chrome://focus-mode-media source. Note that for the untrusted
// page, we need to pass the *URL* as second parameter, and it must include a
// terminating slash, otherwise the data source won't be found.
content::WebUIDataSource* source = content::WebUIDataSource::CreateAndAdd(
web_ui->GetWebContents()->GetBrowserContext(),
chrome::kChromeUIFocusModePlayerURL);
// Add the content. We don't need to set up a default ("") path since the
// trusted page will refer directly to player.html.
source->AddResourcePaths(kAshFocusModePlayerResources);
source->OverrideContentSecurityPolicy(
network::mojom::CSPDirectiveName::DefaultSrc, "default-src 'self';");
// Enables the page to actually load media.
source->OverrideContentSecurityPolicy(
network::mojom::CSPDirectiveName::MediaSrc, "media-src *;");
// Enables the page to load images. The page is restricted to only loading
// images from data URLs passed to the page.
source->OverrideContentSecurityPolicy(
network::mojom::CSPDirectiveName::ImgSrc, "img-src data:;");
// Enables the page to be loaded as an iframe by the trusted page.
source->AddFrameAncestor(GURL(chrome::kChromeUIFocusModeMediaURL));
}
FocusModeUntrustedUI::~FocusModeUntrustedUI() = default;
WEB_UI_CONTROLLER_TYPE_IMPL(FocusModeUntrustedUI)
FocusModeUntrustedUIConfig::FocusModeUntrustedUIConfig()
: DefaultWebUIConfig(content::kChromeUIUntrustedScheme,
chrome::kChromeUIFocusModePlayerHost) {}
bool FocusModeUntrustedUIConfig::IsWebUIEnabled(
content::BrowserContext* browser_context) {
return ash::features::IsFocusModeEnabled();
}
} // namespace ash