1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/renderer/pepper/pepper_url_loader_host.h"
7 #include "content/renderer/pepper/pepper_plugin_instance_impl.h"
8 #include "content/renderer/pepper/renderer_ppapi_host_impl.h"
9 #include "content/renderer/pepper/url_request_info_util.h"
10 #include "content/renderer/pepper/url_response_info_util.h"
11 #include "net/base/net_errors.h"
12 #include "ppapi/c/pp_errors.h"
13 #include "ppapi/host/dispatch_host_message.h"
14 #include "ppapi/host/host_message_context.h"
15 #include "ppapi/host/ppapi_host.h"
16 #include "ppapi/proxy/ppapi_messages.h"
17 #include "ppapi/shared_impl/ppapi_globals.h"
18 #include "third_party/WebKit/public/platform/WebURLError.h"
19 #include "third_party/WebKit/public/platform/WebURLLoader.h"
20 #include "third_party/WebKit/public/platform/WebURLRequest.h"
21 #include "third_party/WebKit/public/platform/WebURLResponse.h"
22 #include "third_party/WebKit/public/web/WebDocument.h"
23 #include "third_party/WebKit/public/web/WebElement.h"
24 #include "third_party/WebKit/public/web/WebFrame.h"
25 #include "third_party/WebKit/public/web/WebKit.h"
26 #include "third_party/WebKit/public/web/WebPluginContainer.h"
27 #include "third_party/WebKit/public/web/WebSecurityOrigin.h"
28 #include "third_party/WebKit/public/web/WebURLLoaderOptions.h"
30 using blink::WebFrame;
31 using blink::WebString;
33 using blink::WebURLError;
34 using blink::WebURLLoader;
35 using blink::WebURLLoaderOptions;
36 using blink::WebURLRequest;
37 using blink::WebURLResponse;
40 // Do not warn about use of std::copy with raw pointers.
41 #pragma warning(disable : 4996)
46 PepperURLLoaderHost::PepperURLLoaderHost(RendererPpapiHostImpl* host,
47 bool main_document_loader,
50 : ResourceHost(host->GetPpapiHost(), instance, resource),
51 renderer_ppapi_host_(host),
52 main_document_loader_(main_document_loader),
53 has_universal_access_(false),
55 total_bytes_to_be_sent_(-1),
57 total_bytes_to_be_received_(-1),
58 pending_response_(false),
60 DCHECK((main_document_loader && !resource) ||
61 (!main_document_loader && resource));
64 PepperURLLoaderHost::~PepperURLLoaderHost() {
65 // Normally deleting this object will delete the loader which will implicitly
66 // cancel the load. But this won't happen for the main document loader. So it
67 // would be nice to issue a Close() here.
69 // However, the PDF plugin will cancel the document load and then close the
70 // resource (which is reasonable). It then makes a second request to load the
71 // document so it can set the "want progress" flags (which is unreasonable --
72 // we should probably provide download progress on document loads).
74 // But a Close() on the main document (even if the request is already
75 // canceled) will cancel all pending subresources, of which the second
76 // request is one, and the load will fail. Even if we fixed the PDF reader to
77 // change the timing or to send progress events to avoid the second request,
78 // we don't want to cancel other loads when the main one is closed.
80 // "Leaking" the main document load here by not closing it will only affect
81 // plugins handling main document loads (which are very few, mostly only PDF)
82 // that dereference without explicitly closing the main document load (which
83 // PDF doesn't do -- it explicitly closes it before issuing the second
84 // request). And the worst thing that will happen is that any remaining data
85 // will get queued inside WebKit.
86 if (main_document_loader_) {
87 // The PluginInstance has a non-owning pointer to us.
88 PepperPluginInstanceImpl* instance_object =
89 renderer_ppapi_host_->GetPluginInstanceImpl(pp_instance());
90 if (instance_object) {
91 DCHECK(instance_object->document_loader() == this);
92 instance_object->set_document_loader(NULL);
96 // There is a path whereby the destructor for the loader_ member can
97 // invoke InstanceWasDeleted() upon this URLLoaderResource, thereby
98 // re-entering the scoped_ptr destructor with the same scoped_ptr object
99 // via loader_.reset(). Be sure that loader_ is first NULL then destroy
100 // the scoped_ptr. See http://crbug.com/159429.
101 scoped_ptr<blink::WebURLLoader> for_destruction_only(loader_.release());
104 int32_t PepperURLLoaderHost::OnResourceMessageReceived(
105 const IPC::Message& msg,
106 ppapi::host::HostMessageContext* context) {
107 IPC_BEGIN_MESSAGE_MAP(PepperURLLoaderHost, msg)
108 PPAPI_DISPATCH_HOST_RESOURCE_CALL(
109 PpapiHostMsg_URLLoader_Open,
111 PPAPI_DISPATCH_HOST_RESOURCE_CALL(
112 PpapiHostMsg_URLLoader_SetDeferLoading,
113 OnHostMsgSetDeferLoading)
114 PPAPI_DISPATCH_HOST_RESOURCE_CALL_0(
115 PpapiHostMsg_URLLoader_Close,
117 PPAPI_DISPATCH_HOST_RESOURCE_CALL_0(
118 PpapiHostMsg_URLLoader_GrantUniversalAccess,
119 OnHostMsgGrantUniversalAccess)
120 IPC_END_MESSAGE_MAP()
121 return PP_ERROR_FAILED;
124 void PepperURLLoaderHost::willSendRequest(
125 WebURLLoader* loader,
126 WebURLRequest& new_request,
127 const WebURLResponse& redirect_response) {
128 DCHECK(out_of_order_replies_.empty());
129 if (!request_data_.follow_redirects) {
130 SaveResponse(redirect_response);
131 SetDefersLoading(true);
135 void PepperURLLoaderHost::didSendData(
136 WebURLLoader* loader,
137 unsigned long long bytes_sent,
138 unsigned long long total_bytes_to_be_sent) {
139 // TODO(darin): Bounds check input?
140 bytes_sent_ = static_cast<int64_t>(bytes_sent);
141 total_bytes_to_be_sent_ = static_cast<int64_t>(total_bytes_to_be_sent);
145 void PepperURLLoaderHost::didReceiveResponse(WebURLLoader* loader,
146 const WebURLResponse& response) {
147 // Sets -1 if the content length is unknown. Send before issuing callback.
148 total_bytes_to_be_received_ = response.expectedContentLength();
151 SaveResponse(response);
154 void PepperURLLoaderHost::didDownloadData(WebURLLoader* loader,
156 int encoded_data_length) {
157 bytes_received_ += data_length;
161 void PepperURLLoaderHost::didReceiveData(WebURLLoader* loader,
164 int encoded_data_length) {
165 // Note that |loader| will be NULL for document loads.
166 bytes_received_ += data_length;
169 PpapiPluginMsg_URLLoader_SendData* message =
170 new PpapiPluginMsg_URLLoader_SendData;
171 message->WriteData(data, data_length);
172 SendUpdateToPlugin(message);
175 void PepperURLLoaderHost::didFinishLoading(WebURLLoader* loader,
177 int64_t total_encoded_data_length) {
178 // Note that |loader| will be NULL for document loads.
179 SendUpdateToPlugin(new PpapiPluginMsg_URLLoader_FinishedLoading(PP_OK));
182 void PepperURLLoaderHost::didFail(WebURLLoader* loader,
183 const WebURLError& error) {
184 // Note that |loader| will be NULL for document loads.
185 int32_t pp_error = PP_ERROR_FAILED;
186 if (error.domain.equals(WebString::fromUTF8(net::kErrorDomain))) {
187 // TODO(bbudge): Extend pp_errors.h to cover interesting network errors
188 // from the net error domain.
189 switch (error.reason) {
190 case net::ERR_ACCESS_DENIED:
191 case net::ERR_NETWORK_ACCESS_DENIED:
192 pp_error = PP_ERROR_NOACCESS;
196 // It's a WebKit error.
197 pp_error = PP_ERROR_NOACCESS;
199 SendUpdateToPlugin(new PpapiPluginMsg_URLLoader_FinishedLoading(pp_error));
202 void PepperURLLoaderHost::DidConnectPendingHostToResource() {
203 for (size_t i = 0; i < pending_replies_.size(); i++)
204 host()->SendUnsolicitedReply(pp_resource(), *pending_replies_[i]);
205 pending_replies_.clear();
208 int32_t PepperURLLoaderHost::OnHostMsgOpen(
209 ppapi::host::HostMessageContext* context,
210 const ppapi::URLRequestInfoData& request_data) {
211 // An "Open" isn't a resource Call so has no reply, but failure to open
212 // implies a load failure. To make it harder to forget to send the load
213 // failed reply from the open handler, we instead catch errors and convert
214 // them to load failed messages.
215 int32_t ret = InternalOnHostMsgOpen(context, request_data);
216 DCHECK(ret != PP_OK_COMPLETIONPENDING);
219 SendUpdateToPlugin(new PpapiPluginMsg_URLLoader_FinishedLoading(ret));
223 // Since this is wrapped by OnHostMsgOpen, we can return errors here and they
224 // will be translated into a FinishedLoading call automatically.
225 int32_t PepperURLLoaderHost::InternalOnHostMsgOpen(
226 ppapi::host::HostMessageContext* context,
227 const ppapi::URLRequestInfoData& request_data) {
228 // Main document loads are already open, so don't allow people to open them
230 if (main_document_loader_)
231 return PP_ERROR_INPROGRESS;
233 // Create a copy of the request data since CreateWebURLRequest will populate
235 ppapi::URLRequestInfoData filled_in_request_data = request_data;
237 if (URLRequestRequiresUniversalAccess(filled_in_request_data) &&
238 !has_universal_access_) {
239 ppapi::PpapiGlobals::Get()->LogWithSource(
240 pp_instance(), PP_LOGLEVEL_ERROR, std::string(),
241 "PPB_URLLoader.Open: The URL you're requesting is "
242 " on a different security origin than your plugin. To request "
243 " cross-origin resources, see "
244 " PP_URLREQUESTPROPERTY_ALLOWCROSSORIGINREQUESTS.");
245 return PP_ERROR_NOACCESS;
249 return PP_ERROR_INPROGRESS;
251 WebFrame* frame = GetFrame();
253 return PP_ERROR_FAILED;
255 WebURLRequest web_request;
256 if (!CreateWebURLRequest(pp_instance(),
257 &filled_in_request_data,
260 return PP_ERROR_FAILED;
263 web_request.setTargetType(WebURLRequest::TargetIsObject);
264 web_request.setRequestorProcessID(renderer_ppapi_host_->GetPluginPID());
266 WebURLLoaderOptions options;
267 if (has_universal_access_) {
268 options.allowCredentials = true;
269 options.crossOriginRequestPolicy =
270 WebURLLoaderOptions::CrossOriginRequestPolicyAllow;
272 // All other HTTP requests are untrusted.
273 options.untrustedHTTP = true;
274 if (filled_in_request_data.allow_cross_origin_requests) {
275 // Allow cross-origin requests with access control. The request specifies
276 // if credentials are to be sent.
277 options.allowCredentials = filled_in_request_data.allow_credentials;
278 options.crossOriginRequestPolicy =
279 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl;
281 // Same-origin requests can always send credentials.
282 options.allowCredentials = true;
286 loader_.reset(frame->createAssociatedURLLoader(options));
288 return PP_ERROR_FAILED;
290 // Don't actually save the request until we know we're going to load.
291 request_data_ = filled_in_request_data;
292 loader_->loadAsynchronously(web_request, this);
294 // Although the request is technically pending, this is not a "Call" message
295 // so we don't return COMPLETIONPENDING.
299 int32_t PepperURLLoaderHost::OnHostMsgSetDeferLoading(
300 ppapi::host::HostMessageContext* context,
301 bool defers_loading) {
302 SetDefersLoading(defers_loading);
306 int32_t PepperURLLoaderHost::OnHostMsgClose(
307 ppapi::host::HostMessageContext* context) {
312 int32_t PepperURLLoaderHost::OnHostMsgGrantUniversalAccess(
313 ppapi::host::HostMessageContext* context) {
314 // Only plugins with private permission can bypass same origin.
315 if (!host()->permissions().HasPermission(ppapi::PERMISSION_PRIVATE))
316 return PP_ERROR_FAILED;
317 has_universal_access_ = true;
321 void PepperURLLoaderHost::SendUpdateToPlugin(IPC::Message* message) {
322 // We must send messages to the plugin in the order that the responses are
323 // received from webkit, even when the host isn't ready to send messages or
324 // when the host performs an asynchronous operation.
326 // Only {FinishedLoading, ReceivedResponse, SendData} have ordering
327 // contraints; all other messages are immediately added to pending_replies_.
329 // Accepted orderings for {FinishedLoading, ReceivedResponse, SendData} are:
330 // - {ReceivedResponse, SendData (zero or more times), FinishedLoading}
331 // - {FinishedLoading (when status != PP_OK)}
332 if (message->type() == PpapiPluginMsg_URLLoader_SendData::ID ||
333 message->type() == PpapiPluginMsg_URLLoader_FinishedLoading::ID) {
334 // Messages that must be sent after ReceivedResponse.
335 if (pending_response_) {
336 out_of_order_replies_.push_back(message);
338 SendOrderedUpdateToPlugin(message);
340 } else if (message->type() == PpapiPluginMsg_URLLoader_ReceivedResponse::ID) {
341 // Allow SendData and FinishedLoading into the ordered queue.
342 DCHECK(pending_response_);
343 SendOrderedUpdateToPlugin(message);
344 for (size_t i = 0; i < out_of_order_replies_.size(); i++)
345 SendOrderedUpdateToPlugin(out_of_order_replies_[i]);
346 // SendOrderedUpdateToPlugin destroys the messages for us.
347 out_of_order_replies_.weak_clear();
348 pending_response_ = false;
350 // Messages without ordering constraints.
351 SendOrderedUpdateToPlugin(message);
355 void PepperURLLoaderHost::SendOrderedUpdateToPlugin(IPC::Message* message) {
356 if (pp_resource() == 0) {
357 pending_replies_.push_back(message);
359 host()->SendUnsolicitedReply(pp_resource(), *message);
364 void PepperURLLoaderHost::Close() {
367 else if (main_document_loader_)
368 GetFrame()->stopLoading();
371 blink::WebFrame* PepperURLLoaderHost::GetFrame() {
372 PepperPluginInstance* instance_object =
373 renderer_ppapi_host_->GetPluginInstance(pp_instance());
374 if (!instance_object)
376 return instance_object->GetContainer()->element().document().frame();
379 void PepperURLLoaderHost::SetDefersLoading(bool defers_loading) {
381 loader_->setDefersLoading(defers_loading);
383 // TODO(brettw) bug 96770: We need a way to set the defers loading flag on
384 // main document loads (when the loader_ is null).
387 void PepperURLLoaderHost::SaveResponse(const WebURLResponse& response) {
388 // When we're the main document loader, we send the response data up front,
389 // so we don't want to trigger any callbacks in the plugin which aren't
390 // expected. We should not be getting redirects so the response sent
391 // up-front should be valid (plugin document loads happen after all
392 // redirects are processed since WebKit has to know the MIME type).
393 if (!main_document_loader_) {
394 // We note when there's a callback in flight for a response to ensure that
395 // messages we send to the plugin are not sent out of order. See
396 // SendUpdateToPlugin() for more details.
397 DCHECK(!pending_response_);
398 pending_response_ = true;
400 DataFromWebURLResponse(
401 renderer_ppapi_host_,
404 base::Bind(&PepperURLLoaderHost::DidDataFromWebURLResponse,
405 weak_factory_.GetWeakPtr()));
409 void PepperURLLoaderHost::DidDataFromWebURLResponse(
410 const ppapi::URLResponseInfoData& data) {
411 SendUpdateToPlugin(new PpapiPluginMsg_URLLoader_ReceivedResponse(data));
414 void PepperURLLoaderHost::UpdateProgress() {
415 bool record_download = request_data_.record_download_progress;
416 bool record_upload = request_data_.record_upload_progress;
417 if (record_download || record_upload) {
418 // Here we go through some effort to only send the exact information that
419 // the requestor wanted in the request flags. It would be just as
420 // efficient to send all of it, but we don't want people to rely on
421 // getting download progress when they happen to set the upload progress
423 ppapi::proxy::ResourceMessageReplyParams params;
424 SendUpdateToPlugin(new PpapiPluginMsg_URLLoader_UpdateProgress(
425 record_upload ? bytes_sent_ : -1,
426 record_upload ? total_bytes_to_be_sent_ : -1,
427 record_download ? bytes_received_ : -1,
428 record_download ? total_bytes_to_be_received_ : -1));
432 } // namespace content