2 * Copyright (C) 2010 Google Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following disclaimer
12 * in the documentation and/or other materials provided with the
14 * * Neither the name of Google Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 #include "core/loader/PingLoader.h"
35 #include "FetchInitiatorTypeNames.h"
36 #include "core/dom/Document.h"
37 #include "core/fetch/FetchContext.h"
38 #include "core/frame/LocalFrame.h"
39 #include "core/inspector/InspectorInstrumentation.h"
40 #include "core/loader/FrameLoader.h"
41 #include "core/loader/FrameLoaderClient.h"
42 #include "core/loader/UniqueIdentifier.h"
43 #include "core/page/Page.h"
44 #include "platform/exported/WrappedResourceRequest.h"
45 #include "platform/network/FormData.h"
46 #include "platform/network/ResourceError.h"
47 #include "platform/network/ResourceRequest.h"
48 #include "platform/network/ResourceResponse.h"
49 #include "platform/weborigin/SecurityOrigin.h"
50 #include "platform/weborigin/SecurityPolicy.h"
51 #include "public/platform/Platform.h"
52 #include "public/platform/WebURLLoader.h"
53 #include "public/platform/WebURLResponse.h"
54 #include "wtf/OwnPtr.h"
58 void PingLoader::loadImage(LocalFrame* frame, const KURL& url)
60 if (!frame->document()->securityOrigin()->canDisplay(url)) {
61 FrameLoader::reportLocalLoadFailed(frame, url.string());
65 ResourceRequest request(url);
66 request.setTargetType(ResourceRequest::TargetIsPing);
67 request.setHTTPHeaderField("Cache-Control", "max-age=0");
68 frame->loader().fetchContext().addAdditionalRequestHeaders(frame->document(), request, FetchSubresource);
70 FetchInitiatorInfo initiatorInfo;
71 initiatorInfo.name = FetchInitiatorTypeNames::ping;
72 PingLoader::start(frame, request, initiatorInfo);
75 // http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#hyperlink-auditing
76 void PingLoader::sendPing(LocalFrame* frame, const KURL& pingURL, const KURL& destinationURL)
78 ResourceRequest request(pingURL);
79 request.setTargetType(ResourceRequest::TargetIsPing);
80 request.setHTTPMethod("POST");
81 request.setHTTPContentType("text/ping");
82 request.setHTTPBody(FormData::create("PING"));
83 request.setHTTPHeaderField("Cache-Control", "max-age=0");
84 frame->loader().fetchContext().addAdditionalRequestHeaders(frame->document(), request, FetchSubresource);
86 RefPtr<SecurityOrigin> pingOrigin = SecurityOrigin::create(pingURL);
87 // addAdditionalRequestHeaders() will have added a referrer for same origin requests,
88 // but the spec omits the referrer for same origin.
89 if (frame->document()->securityOrigin()->isSameSchemeHostPort(pingOrigin.get()))
90 request.clearHTTPReferrer();
92 request.setHTTPHeaderField("Ping-To", AtomicString(destinationURL.string()));
94 // Ping-From follows the same rules as the default referrer beahavior for subresource requests.
95 // FIXME: Should Ping-From obey ReferrerPolicy?
96 if (!SecurityPolicy::shouldHideReferrer(pingURL, frame->document()->url().string()))
97 request.setHTTPHeaderField("Ping-From", AtomicString(frame->document()->url().string()));
99 FetchInitiatorInfo initiatorInfo;
100 initiatorInfo.name = FetchInitiatorTypeNames::ping;
101 PingLoader::start(frame, request, initiatorInfo);
104 void PingLoader::sendViolationReport(LocalFrame* frame, const KURL& reportURL, PassRefPtr<FormData> report, ViolationReportType type)
106 ResourceRequest request(reportURL);
107 request.setTargetType(ResourceRequest::TargetIsSubresource);
108 request.setHTTPMethod("POST");
109 request.setHTTPContentType(type == ContentSecurityPolicyViolationReport ? "application/csp-report" : "application/json");
110 request.setHTTPBody(report);
111 frame->loader().fetchContext().addAdditionalRequestHeaders(frame->document(), request, FetchSubresource);
113 FetchInitiatorInfo initiatorInfo;
114 initiatorInfo.name = FetchInitiatorTypeNames::violationreport;
115 PingLoader::start(frame, request, initiatorInfo, SecurityOrigin::create(reportURL)->isSameSchemeHostPort(frame->document()->securityOrigin()) ? AllowStoredCredentials : DoNotAllowStoredCredentials);
118 void PingLoader::start(LocalFrame* frame, ResourceRequest& request, const FetchInitiatorInfo& initiatorInfo, StoredCredentials credentialsAllowed)
120 OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request, initiatorInfo, credentialsAllowed));
122 // Leak the ping loader, since it will kill itself as soon as it receives a response.
123 PingLoader* ALLOW_UNUSED leakedPingLoader = pingLoader.leakPtr();
126 PingLoader::PingLoader(LocalFrame* frame, ResourceRequest& request, const FetchInitiatorInfo& initiatorInfo, StoredCredentials credentialsAllowed)
127 : PageLifecycleObserver(frame->page())
128 , m_timeout(this, &PingLoader::timeout)
129 , m_url(request.url())
130 , m_identifier(createUniqueIdentifier())
132 frame->loader().client()->didDispatchPingLoader(request.url());
134 m_loader = adoptPtr(blink::Platform::current()->createURLLoader());
136 blink::WrappedResourceRequest wrappedRequest(request);
137 wrappedRequest.setAllowStoredCredentials(credentialsAllowed == AllowStoredCredentials);
138 m_loader->loadAsynchronously(wrappedRequest, this);
140 InspectorInstrumentation::willSendRequest(frame, m_identifier, frame->loader().documentLoader(), request, ResourceResponse(), initiatorInfo);
142 // If the server never responds, FrameLoader won't be able to cancel this load and
143 // we'll sit here waiting forever. Set a very generous timeout, just in case.
144 m_timeout.startOneShot(60000, FROM_HERE);
147 PingLoader::~PingLoader()
153 void PingLoader::didReceiveResponse(blink::WebURLLoader*, const blink::WebURLResponse&)
155 if (Page* page = this->page())
156 InspectorInstrumentation::didFailLoading(page->mainFrame(), m_identifier, ResourceError::cancelledError(m_url));
160 void PingLoader::didReceiveData(blink::WebURLLoader*, const char* data, int dataLength, int encodedDataLength)
162 if (Page* page = this->page())
163 InspectorInstrumentation::didFailLoading(page->mainFrame(), m_identifier, ResourceError::cancelledError(m_url));
167 void PingLoader::didFinishLoading(blink::WebURLLoader*, double, int64_t)
169 if (Page* page = this->page())
170 InspectorInstrumentation::didFailLoading(page->mainFrame(), m_identifier, ResourceError::cancelledError(m_url));
174 void PingLoader::didFail(blink::WebURLLoader*, const blink::WebURLError& resourceError)
176 if (Page* page = this->page())
177 InspectorInstrumentation::didFailLoading(page->mainFrame(), m_identifier, ResourceError(resourceError));
181 void PingLoader::timeout(Timer<PingLoader>*)
183 if (Page* page = this->page())
184 InspectorInstrumentation::didFailLoading(page->mainFrame(), m_identifier, ResourceError::cancelledError(m_url));