src/third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.h

   1 /*
   2  * Copyright (C) 2011 Google Inc. All rights reserved.
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that the following conditions are
   6  * met:
   7  *
   8  *     * Redistributions of source code must retain the above copyright
   9  * notice, this list of conditions and the following disclaimer.
  10  *     * Redistributions in binary form must reproduce the above
  11  * copyright notice, this list of conditions and the following disclaimer
  12  * in the documentation and/or other materials provided with the
  13  * distribution.
  14  *     * Neither the name of Google Inc. nor the names of its
  15  * contributors may be used to endorse or promote products derived from
  16  * this software without specific prior written permission.
  17  *
  18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29  */
  30
  31 #ifndef ResourceLoaderOptions_h
  32 #define ResourceLoaderOptions_h
  33
  34 #include "core/fetch/FetchInitiatorInfo.h"
  35 #include "platform/CrossThreadCopier.h"
  36 #include "platform/weborigin/SecurityOrigin.h"
  37
  38 namespace blink {
  39
  40 enum DataBufferingPolicy {
  41     BufferData,
  42     DoNotBufferData
  43 };
  44
  45 enum ContentSecurityPolicyCheck {
  46     CheckContentSecurityPolicy,
  47     DoNotCheckContentSecurityPolicy
  48 };
  49
  50 enum RequestInitiatorContext {
  51     DocumentContext,
  52     WorkerContext,
  53 };
  54
  55 enum StoredCredentials {
  56     AllowStoredCredentials,
  57     DoNotAllowStoredCredentials
  58 };
  59
  60 // APIs like XMLHttpRequest and EventSource let the user decide
  61 // whether to send credentials, but they're always sent for
  62 // same-origin requests. Additional information is needed to handle
  63 // cross-origin redirects correctly.
  64 enum CredentialRequest {
  65     ClientRequestedCredentials,
  66     ClientDidNotRequestCredentials
  67 };
  68
  69 enum MixedContentBlockingTreatment {
  70     TreatAsDefaultForType,
  71     TreatAsPassiveContent,
  72     TreatAsActiveContent,
  73     TreatAsAlwaysAllowedContent
  74 };
  75
  76 enum SynchronousPolicy {
  77     RequestSynchronously,
  78     RequestAsynchronously
  79 };
  80
  81 // A resource fetch can be marked as being CORS enabled. The loader
  82 // must perform an access check upon seeing the response.
  83 enum CORSEnabled {
  84     NotCORSEnabled,
  85     IsCORSEnabled
  86 };
  87
  88 struct ResourceLoaderOptions {
  89     ResourceLoaderOptions()
  90         : dataBufferingPolicy(BufferData)
  91         , allowCredentials(DoNotAllowStoredCredentials)
  92         , credentialsRequested(ClientDidNotRequestCredentials)
  93         , contentSecurityPolicyOption(CheckContentSecurityPolicy)
  94         , requestInitiatorContext(DocumentContext)
  95         , mixedContentBlockingTreatment(TreatAsDefaultForType)
  96         , synchronousPolicy(RequestAsynchronously)
  97         , corsEnabled(NotCORSEnabled)
  98     {
  99     }
 100
 101     ResourceLoaderOptions(
 102         DataBufferingPolicy dataBufferingPolicy,
 103         StoredCredentials allowCredentials,
 104         CredentialRequest credentialsRequested,
 105         ContentSecurityPolicyCheck contentSecurityPolicyOption,
 106         RequestInitiatorContext requestInitiatorContext)
 107         : dataBufferingPolicy(dataBufferingPolicy)
 108         , allowCredentials(allowCredentials)
 109         , credentialsRequested(credentialsRequested)
 110         , contentSecurityPolicyOption(contentSecurityPolicyOption)
 111         , requestInitiatorContext(requestInitiatorContext)
 112         , mixedContentBlockingTreatment(TreatAsDefaultForType)
 113         , synchronousPolicy(RequestAsynchronously)
 114         , corsEnabled(NotCORSEnabled)
 115     {
 116     }
 117
 118     // Answers the question "can a separate request with these
 119     // different options be re-used" (e.g. preload request)
 120     // The safe (but possibly slow) answer is always false.
 121     bool canReuseRequest(const ResourceLoaderOptions& other) const
 122     {
 123         // dataBufferingPolicy differences are believed to be safe for re-use.
 124         // FIXME: check allowCredentials.
 125         // FIXME: check credentialsRequested.
 126         // FIXME: check contentSecurityPolicyOption.
 127         // initiatorInfo is purely informational and should be benign for re-use.
 128         // requestInitiatorContext is benign (indicates document vs. worker)
 129         // FIXME: check mixedContentBlockingTreatment.
 130         // synchronousPolicy (safe to re-use an async XHR response for sync, etc.)
 131         return corsEnabled == other.corsEnabled;
 132         // securityOrigin has more complicated checks which callers are responsible for.
 133     }
 134
 135     // When adding members, CrossThreadResourceLoaderOptionsData should be
 136     // updated.
 137     DataBufferingPolicy dataBufferingPolicy;
 138     StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request.
 139     CredentialRequest credentialsRequested; // Whether the client (e.g. XHR) wanted credentials in the first place.
 140     ContentSecurityPolicyCheck contentSecurityPolicyOption;
 141     FetchInitiatorInfo initiatorInfo;
 142     RequestInitiatorContext requestInitiatorContext;
 143     MixedContentBlockingTreatment mixedContentBlockingTreatment;
 144     SynchronousPolicy synchronousPolicy;
 145     CORSEnabled corsEnabled; // If the resource is loaded out-of-origin, whether or not to use CORS.
 146     RefPtr<SecurityOrigin> securityOrigin;
 147 };
 148
 149 // Encode AtomicString (in FetchInitiatorInfo) as String to cross threads.
 150 struct CrossThreadResourceLoaderOptionsData {
 151     explicit CrossThreadResourceLoaderOptionsData(const ResourceLoaderOptions& options)
 152         : dataBufferingPolicy(options.dataBufferingPolicy)
 153         , allowCredentials(options.allowCredentials)
 154         , credentialsRequested(options.credentialsRequested)
 155         , contentSecurityPolicyOption(options.contentSecurityPolicyOption)
 156         , initiatorInfo(options.initiatorInfo)
 157         , requestInitiatorContext(options.requestInitiatorContext)
 158         , mixedContentBlockingTreatment(options.mixedContentBlockingTreatment)
 159         , synchronousPolicy(options.synchronousPolicy)
 160         , corsEnabled(options.corsEnabled)
 161         , securityOrigin(options.securityOrigin) { }
 162
 163     operator ResourceLoaderOptions() const
 164     {
 165         ResourceLoaderOptions options;
 166         options.dataBufferingPolicy = dataBufferingPolicy;
 167         options.allowCredentials = allowCredentials;
 168         options.credentialsRequested = credentialsRequested;
 169         options.contentSecurityPolicyOption = contentSecurityPolicyOption;
 170         options.initiatorInfo = initiatorInfo;
 171         options.requestInitiatorContext = requestInitiatorContext;
 172         options.mixedContentBlockingTreatment = mixedContentBlockingTreatment;
 173         options.synchronousPolicy = synchronousPolicy;
 174         options.corsEnabled = corsEnabled;
 175         options.securityOrigin = securityOrigin;
 176         return options;
 177     }
 178
 179     DataBufferingPolicy dataBufferingPolicy;
 180     StoredCredentials allowCredentials;
 181     CredentialRequest credentialsRequested;
 182     ContentSecurityPolicyCheck contentSecurityPolicyOption;
 183     CrossThreadFetchInitiatorInfoData initiatorInfo;
 184     RequestInitiatorContext requestInitiatorContext;
 185     MixedContentBlockingTreatment mixedContentBlockingTreatment;
 186     SynchronousPolicy synchronousPolicy;
 187     CORSEnabled corsEnabled;
 188     RefPtr<SecurityOrigin> securityOrigin;
 189 };
 190
 191 template<> struct CrossThreadCopierBase<false, false, false, ResourceLoaderOptions> {
 192     typedef CrossThreadResourceLoaderOptionsData Type;
 193     static Type copy(const ResourceLoaderOptions& options)
 194     {
 195         return CrossThreadResourceLoaderOptionsData(options);
 196     }
 197 };
 198
 199 } // namespace blink
 200
 201 #endif // ResourceLoaderOptions_h