Add "sandboxed" option to "webPreferences".
When "sandboxed" is passed as a web preference for `BrowserWindow`, the newly created renderer won't run any node.js code/integration, only communicating with the system via the IPC API of the content module. This is a requirement for running the renderer under chrome OS-level sandbox. Beyond that, certain behaviors of AtomBrowserClient are modified when dealing with sandboxed renderers: - `OverrideSiteInstanceNavigation` no longer create a new `SiteInstance` for every navigation. Instead, it reuses the source `SiteInstance` when not navigating to a different site. - `CanCreateWindow` will return true and allow javascript access.
This commit is contained in:
parent
90c5972fce
commit
c783ec72bc
7 changed files with 104 additions and 8 deletions
|
@ -6,6 +6,7 @@
|
|||
#define ATOM_BROWSER_ATOM_BROWSER_CLIENT_H_
|
||||
|
||||
#include <map>
|
||||
#include <set>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
|
@ -108,8 +109,19 @@ class AtomBrowserClient : public brightray::BrowserClient,
|
|||
void RenderProcessHostDestroyed(content::RenderProcessHost* host) override;
|
||||
|
||||
private:
|
||||
bool ShouldCreateNewSiteInstance(content::BrowserContext* browser_context,
|
||||
content::SiteInstance* current_instance,
|
||||
const GURL& dest_url);
|
||||
// Add/remove a process id to `sandboxed_renderers_`.
|
||||
void AddSandboxedRendererId(int process_id);
|
||||
void RemoveSandboxedRendererId(int process_id);
|
||||
bool IsRendererSandboxed(int process_id);
|
||||
|
||||
// pending_render_process => current_render_process.
|
||||
std::map<int, int> pending_processes_;
|
||||
// Set that contains the process ids of all sandboxed renderers
|
||||
std::set<int> sandboxed_renderers_;
|
||||
base::Lock sandboxed_renderers_lock_;
|
||||
|
||||
std::unique_ptr<AtomResourceDispatcherHostDelegate>
|
||||
resource_dispatcher_host_delegate_;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue