This source file includes following definitions.
- isSafe
- visitHeader
- visitHeader
- blockedHeaders
- clearClient
- create
- m_didFail
- willSendRequest
- didSendData
- didReceiveResponse
- didDownloadData
- didReceiveData
- didReceiveCachedMetadata
- didFinishLoading
- didFail
- didFailRedirectCheck
- setDelayedError
- enableErrorNotifications
- notifyError
- m_client
- loadSynchronously
- loadAsynchronously
- cancel
- setDefersLoading
#include "config.h"
#include "AssociatedURLLoader.h"
#include "WebDataSource.h"
#include "WebFrameImpl.h"
#include "core/fetch/CrossOriginAccessControl.h"
#include "core/loader/DocumentThreadableLoader.h"
#include "core/loader/DocumentThreadableLoaderClient.h"
#include "core/xml/XMLHttpRequest.h"
#include "platform/Timer.h"
#include "platform/exported/WrappedResourceRequest.h"
#include "platform/exported/WrappedResourceResponse.h"
#include "platform/network/HTTPParsers.h"
#include "platform/network/ResourceError.h"
#include "public/platform/WebHTTPHeaderVisitor.h"
#include "public/platform/WebString.h"
#include "public/platform/WebURLError.h"
#include "public/platform/WebURLLoaderClient.h"
#include "public/platform/WebURLRequest.h"
#include "wtf/HashSet.h"
#include "wtf/text/WTFString.h"
using namespace WebCore;
using namespace WTF;
namespace blink {
namespace {
class HTTPRequestHeaderValidator : public WebHTTPHeaderVisitor {
WTF_MAKE_NONCOPYABLE(HTTPRequestHeaderValidator);
public:
HTTPRequestHeaderValidator() : m_isSafe(true) { }
void visitHeader(const WebString& name, const WebString& value);
bool isSafe() const { return m_isSafe; }
private:
bool m_isSafe;
};
typedef HashSet<String, CaseFoldingHash> HTTPHeaderSet;
void HTTPRequestHeaderValidator::visitHeader(const WebString& name, const WebString& value)
{
m_isSafe = m_isSafe && isValidHTTPToken(name) && XMLHttpRequest::isAllowedHTTPHeader(name) && isValidHTTPHeaderValue(value);
}
class HTTPResponseHeaderValidator : public WebHTTPHeaderVisitor {
WTF_MAKE_NONCOPYABLE(HTTPResponseHeaderValidator);
public:
HTTPResponseHeaderValidator(bool usingAccessControl) : m_usingAccessControl(usingAccessControl) { }
void visitHeader(const WebString& name, const WebString& value);
const HTTPHeaderSet& blockedHeaders();
private:
HTTPHeaderSet m_exposedHeaders;
HTTPHeaderSet m_blockedHeaders;
bool m_usingAccessControl;
};
void HTTPResponseHeaderValidator::visitHeader(const WebString& name, const WebString& value)
{
String headerName(name);
if (m_usingAccessControl) {
if (equalIgnoringCase(headerName, "access-control-expose-headers"))
parseAccessControlExposeHeadersAllowList(value, m_exposedHeaders);
else if (!isOnAccessControlResponseHeaderWhitelist(headerName))
m_blockedHeaders.add(name);
}
}
const HTTPHeaderSet& HTTPResponseHeaderValidator::blockedHeaders()
{
if (!m_exposedHeaders.isEmpty()) {
m_exposedHeaders.remove("set-cookie");
m_exposedHeaders.remove("set-cookie2");
m_blockedHeaders.add("access-control-expose-headers");
HTTPHeaderSet::const_iterator end = m_exposedHeaders.end();
for (HTTPHeaderSet::const_iterator it = m_exposedHeaders.begin(); it != end; ++it)
m_blockedHeaders.remove(*it);
}
return m_blockedHeaders;
}
}
class AssociatedURLLoader::ClientAdapter FINAL : public DocumentThreadableLoaderClient {
WTF_MAKE_NONCOPYABLE(ClientAdapter);
public:
static PassOwnPtr<ClientAdapter> create(AssociatedURLLoader*, WebURLLoaderClient*, const WebURLLoaderOptions&);
virtual void didSendData(unsigned long long , unsigned long long ) OVERRIDE;
virtual void willSendRequest(ResourceRequest& , const ResourceResponse& ) OVERRIDE;
virtual void didReceiveResponse(unsigned long, const ResourceResponse&) OVERRIDE;
virtual void didDownloadData(int ) OVERRIDE;
virtual void didReceiveData(const char*, int ) OVERRIDE;
virtual void didReceiveCachedMetadata(const char*, int ) OVERRIDE;
virtual void didFinishLoading(unsigned long , double ) OVERRIDE;
virtual void didFail(const ResourceError&) OVERRIDE;
virtual void didFailRedirectCheck() OVERRIDE;
void setDelayedError(const ResourceError&);
void enableErrorNotifications();
void clearClient() { m_client = 0; }
private:
ClientAdapter(AssociatedURLLoader*, WebURLLoaderClient*, const WebURLLoaderOptions&);
void notifyError(Timer<ClientAdapter>*);
AssociatedURLLoader* m_loader;
WebURLLoaderClient* m_client;
WebURLLoaderOptions m_options;
WebURLError m_error;
Timer<ClientAdapter> m_errorTimer;
bool m_enableErrorNotifications;
bool m_didFail;
};
PassOwnPtr<AssociatedURLLoader::ClientAdapter> AssociatedURLLoader::ClientAdapter::create(AssociatedURLLoader* loader, WebURLLoaderClient* client, const WebURLLoaderOptions& options)
{
return adoptPtr(new ClientAdapter(loader, client, options));
}
AssociatedURLLoader::ClientAdapter::ClientAdapter(AssociatedURLLoader* loader, WebURLLoaderClient* client, const WebURLLoaderOptions& options)
: m_loader(loader)
, m_client(client)
, m_options(options)
, m_errorTimer(this, &ClientAdapter::notifyError)
, m_enableErrorNotifications(false)
, m_didFail(false)
{
ASSERT(m_loader);
ASSERT(m_client);
}
void AssociatedURLLoader::ClientAdapter::willSendRequest(ResourceRequest& newRequest, const ResourceResponse& redirectResponse)
{
if (!m_client)
return;
WrappedResourceRequest wrappedNewRequest(newRequest);
WrappedResourceResponse wrappedRedirectResponse(redirectResponse);
m_client->willSendRequest(m_loader, wrappedNewRequest, wrappedRedirectResponse);
}
void AssociatedURLLoader::ClientAdapter::didSendData(unsigned long long bytesSent, unsigned long long totalBytesToBeSent)
{
if (!m_client)
return;
m_client->didSendData(m_loader, bytesSent, totalBytesToBeSent);
}
void AssociatedURLLoader::ClientAdapter::didReceiveResponse(unsigned long, const ResourceResponse& response)
{
if (!m_client)
return;
WebURLResponse validatedResponse = WrappedResourceResponse(response);
HTTPResponseHeaderValidator validator(m_options.crossOriginRequestPolicy == WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl);
if (!m_options.exposeAllResponseHeaders)
validatedResponse.visitHTTPHeaderFields(&validator);
const HTTPHeaderSet& blockedHeaders = validator.blockedHeaders();
if (!blockedHeaders.isEmpty()) {
validatedResponse = WebURLResponse(validatedResponse);
HTTPHeaderSet::const_iterator end = blockedHeaders.end();
for (HTTPHeaderSet::const_iterator it = blockedHeaders.begin(); it != end; ++it)
validatedResponse.clearHTTPHeaderField(*it);
}
m_client->didReceiveResponse(m_loader, validatedResponse);
}
void AssociatedURLLoader::ClientAdapter::didDownloadData(int dataLength)
{
if (!m_client)
return;
m_client->didDownloadData(m_loader, dataLength, -1);
}
void AssociatedURLLoader::ClientAdapter::didReceiveData(const char* data, int dataLength)
{
if (!m_client)
return;
m_client->didReceiveData(m_loader, data, dataLength, -1);
}
void AssociatedURLLoader::ClientAdapter::didReceiveCachedMetadata(const char* data, int dataLength)
{
if (!m_client)
return;
m_client->didReceiveCachedMetadata(m_loader, data, dataLength);
}
void AssociatedURLLoader::ClientAdapter::didFinishLoading(unsigned long identifier, double finishTime)
{
if (!m_client)
return;
m_client->didFinishLoading(m_loader, finishTime, WebURLLoaderClient::kUnknownEncodedDataLength);
}
void AssociatedURLLoader::ClientAdapter::didFail(const ResourceError& error)
{
if (!m_client)
return;
m_didFail = true;
m_error = WebURLError(error);
if (m_enableErrorNotifications)
notifyError(&m_errorTimer);
}
void AssociatedURLLoader::ClientAdapter::didFailRedirectCheck()
{
m_loader->cancel();
}
void AssociatedURLLoader::ClientAdapter::setDelayedError(const ResourceError& error)
{
didFail(error);
}
void AssociatedURLLoader::ClientAdapter::enableErrorNotifications()
{
m_enableErrorNotifications = true;
if (m_didFail)
m_errorTimer.startOneShot(0, FROM_HERE);
}
void AssociatedURLLoader::ClientAdapter::notifyError(Timer<ClientAdapter>* timer)
{
ASSERT_UNUSED(timer, timer == &m_errorTimer);
m_client->didFail(m_loader, m_error);
}
AssociatedURLLoader::AssociatedURLLoader(PassRefPtr<WebFrameImpl> frameImpl, const WebURLLoaderOptions& options)
: m_frameImpl(frameImpl)
, m_options(options)
, m_client(0)
{
ASSERT(m_frameImpl);
}
AssociatedURLLoader::~AssociatedURLLoader()
{
cancel();
}
#define COMPILE_ASSERT_MATCHING_ENUM(webkit_name, webcore_name) \
COMPILE_ASSERT(static_cast<int>(blink::webkit_name) == static_cast<int>(WebCore::webcore_name), mismatching_enums)
COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::CrossOriginRequestPolicyDeny, DenyCrossOriginRequests);
COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl, UseAccessControl);
COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::CrossOriginRequestPolicyAllow, AllowCrossOriginRequests);
COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::ConsiderPreflight, ConsiderPreflight);
COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::ForcePreflight, ForcePreflight);
COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::PreventPreflight, PreventPreflight);
void AssociatedURLLoader::loadSynchronously(const WebURLRequest& request, WebURLResponse& response, WebURLError& error, WebData& data)
{
ASSERT(0);
}
void AssociatedURLLoader::loadAsynchronously(const WebURLRequest& request, WebURLLoaderClient* client)
{
ASSERT(!m_client);
m_client = client;
ASSERT(m_client);
bool allowLoad = true;
WebURLRequest newRequest(request);
if (m_options.untrustedHTTP) {
WebString method = newRequest.httpMethod();
allowLoad = isValidHTTPToken(method) && XMLHttpRequest::isAllowedHTTPMethod(method);
if (allowLoad) {
newRequest.setHTTPMethod(XMLHttpRequest::uppercaseKnownHTTPMethod(method));
HTTPRequestHeaderValidator validator;
newRequest.visitHTTPHeaderFields(&validator);
allowLoad = validator.isSafe();
}
}
m_clientAdapter = ClientAdapter::create(this, m_client, m_options);
if (allowLoad) {
ThreadableLoaderOptions options;
options.sniffContent = m_options.sniffContent ? SniffContent : DoNotSniffContent;
options.allowCredentials = m_options.allowCredentials ? AllowStoredCredentials : DoNotAllowStoredCredentials;
options.preflightPolicy = static_cast<WebCore::PreflightPolicy>(m_options.preflightPolicy);
options.crossOriginRequestPolicy = static_cast<WebCore::CrossOriginRequestPolicy>(m_options.crossOriginRequestPolicy);
options.dataBufferingPolicy = DoNotBufferData;
const ResourceRequest& webcoreRequest = newRequest.toResourceRequest();
Document* webcoreDocument = m_frameImpl->frame()->document();
m_loader = DocumentThreadableLoader::create(webcoreDocument, m_clientAdapter.get(), webcoreRequest, options);
} else {
m_clientAdapter->setDelayedError(ResourceError());
}
m_clientAdapter->enableErrorNotifications();
}
void AssociatedURLLoader::cancel()
{
if (m_clientAdapter)
m_clientAdapter->clearClient();
if (m_loader)
m_loader->cancel();
}
void AssociatedURLLoader::setDefersLoading(bool defersLoading)
{
if (m_loader)
m_loader->setDefersLoading(defersLoading);
}
}