2 * Copyright (C) 2011 Google Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following disclaimer
12 * in the documentation and/or other materials provided with the
14 * * Neither the name of Google Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 #ifndef ResourceLoaderOptions_h
32 #define ResourceLoaderOptions_h
34 #include "core/fetch/FetchInitiatorInfo.h"
35 #include "platform/CrossThreadCopier.h"
36 #include "platform/weborigin/SecurityOrigin.h"
40 enum DataBufferingPolicy {
45 enum ContentSecurityPolicyCheck {
46 CheckContentSecurityPolicy,
47 DoNotCheckContentSecurityPolicy
50 enum RequestInitiatorContext {
55 enum StoredCredentials {
56 AllowStoredCredentials,
57 DoNotAllowStoredCredentials
60 // APIs like XMLHttpRequest and EventSource let the user decide
61 // whether to send credentials, but they're always sent for
62 // same-origin requests. Additional information is needed to handle
63 // cross-origin redirects correctly.
64 enum CredentialRequest {
65 ClientRequestedCredentials,
66 ClientDidNotRequestCredentials
69 enum MixedContentBlockingTreatment {
70 TreatAsDefaultForType,
71 TreatAsPassiveContent,
73 TreatAsAlwaysAllowedContent
76 enum SynchronousPolicy {
81 // A resource fetch can be marked as being CORS enabled. The loader
82 // must perform an access check upon seeing the response.
88 struct ResourceLoaderOptions {
89 ResourceLoaderOptions()
90 : dataBufferingPolicy(BufferData)
91 , allowCredentials(DoNotAllowStoredCredentials)
92 , credentialsRequested(ClientDidNotRequestCredentials)
93 , contentSecurityPolicyOption(CheckContentSecurityPolicy)
94 , requestInitiatorContext(DocumentContext)
95 , mixedContentBlockingTreatment(TreatAsDefaultForType)
96 , synchronousPolicy(RequestAsynchronously)
97 , corsEnabled(NotCORSEnabled)
101 ResourceLoaderOptions(
102 DataBufferingPolicy dataBufferingPolicy,
103 StoredCredentials allowCredentials,
104 CredentialRequest credentialsRequested,
105 ContentSecurityPolicyCheck contentSecurityPolicyOption,
106 RequestInitiatorContext requestInitiatorContext)
107 : dataBufferingPolicy(dataBufferingPolicy)
108 , allowCredentials(allowCredentials)
109 , credentialsRequested(credentialsRequested)
110 , contentSecurityPolicyOption(contentSecurityPolicyOption)
111 , requestInitiatorContext(requestInitiatorContext)
112 , mixedContentBlockingTreatment(TreatAsDefaultForType)
113 , synchronousPolicy(RequestAsynchronously)
114 , corsEnabled(NotCORSEnabled)
118 // Answers the question "can a separate request with these
119 // different options be re-used" (e.g. preload request)
120 // The safe (but possibly slow) answer is always false.
121 bool canReuseRequest(const ResourceLoaderOptions& other) const
123 // dataBufferingPolicy differences are believed to be safe for re-use.
124 // FIXME: check allowCredentials.
125 // FIXME: check credentialsRequested.
126 // FIXME: check contentSecurityPolicyOption.
127 // initiatorInfo is purely informational and should be benign for re-use.
128 // requestInitiatorContext is benign (indicates document vs. worker)
129 // FIXME: check mixedContentBlockingTreatment.
130 // synchronousPolicy (safe to re-use an async XHR response for sync, etc.)
131 return corsEnabled == other.corsEnabled;
132 // securityOrigin has more complicated checks which callers are responsible for.
135 // When adding members, CrossThreadResourceLoaderOptionsData should be
137 DataBufferingPolicy dataBufferingPolicy;
138 StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request.
139 CredentialRequest credentialsRequested; // Whether the client (e.g. XHR) wanted credentials in the first place.
140 ContentSecurityPolicyCheck contentSecurityPolicyOption;
141 FetchInitiatorInfo initiatorInfo;
142 RequestInitiatorContext requestInitiatorContext;
143 MixedContentBlockingTreatment mixedContentBlockingTreatment;
144 SynchronousPolicy synchronousPolicy;
145 CORSEnabled corsEnabled; // If the resource is loaded out-of-origin, whether or not to use CORS.
146 RefPtr<SecurityOrigin> securityOrigin;
149 // Encode AtomicString (in FetchInitiatorInfo) as String to cross threads.
150 struct CrossThreadResourceLoaderOptionsData {
151 explicit CrossThreadResourceLoaderOptionsData(const ResourceLoaderOptions& options)
152 : dataBufferingPolicy(options.dataBufferingPolicy)
153 , allowCredentials(options.allowCredentials)
154 , credentialsRequested(options.credentialsRequested)
155 , contentSecurityPolicyOption(options.contentSecurityPolicyOption)
156 , initiatorInfo(options.initiatorInfo)
157 , requestInitiatorContext(options.requestInitiatorContext)
158 , mixedContentBlockingTreatment(options.mixedContentBlockingTreatment)
159 , synchronousPolicy(options.synchronousPolicy)
160 , corsEnabled(options.corsEnabled)
161 , securityOrigin(options.securityOrigin) { }
163 operator ResourceLoaderOptions() const
165 ResourceLoaderOptions options;
166 options.dataBufferingPolicy = dataBufferingPolicy;
167 options.allowCredentials = allowCredentials;
168 options.credentialsRequested = credentialsRequested;
169 options.contentSecurityPolicyOption = contentSecurityPolicyOption;
170 options.initiatorInfo = initiatorInfo;
171 options.requestInitiatorContext = requestInitiatorContext;
172 options.mixedContentBlockingTreatment = mixedContentBlockingTreatment;
173 options.synchronousPolicy = synchronousPolicy;
174 options.corsEnabled = corsEnabled;
175 options.securityOrigin = securityOrigin;
179 DataBufferingPolicy dataBufferingPolicy;
180 StoredCredentials allowCredentials;
181 CredentialRequest credentialsRequested;
182 ContentSecurityPolicyCheck contentSecurityPolicyOption;
183 CrossThreadFetchInitiatorInfoData initiatorInfo;
184 RequestInitiatorContext requestInitiatorContext;
185 MixedContentBlockingTreatment mixedContentBlockingTreatment;
186 SynchronousPolicy synchronousPolicy;
187 CORSEnabled corsEnabled;
188 RefPtr<SecurityOrigin> securityOrigin;
191 template<> struct CrossThreadCopierBase<false, false, false, ResourceLoaderOptions> {
192 typedef CrossThreadResourceLoaderOptionsData Type;
193 static Type copy(const ResourceLoaderOptions& options)
195 return CrossThreadResourceLoaderOptionsData(options);
201 #endif // ResourceLoaderOptions_h