src/third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.h

   1 /*
   2  * Copyright (C) 2011 Google Inc. All rights reserved.
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that the following conditions are
   6  * met:
   7  *
   8  *     * Redistributions of source code must retain the above copyright
   9  * notice, this list of conditions and the following disclaimer.
  10  *     * Redistributions in binary form must reproduce the above
  11  * copyright notice, this list of conditions and the following disclaimer
  12  * in the documentation and/or other materials provided with the
  13  * distribution.
  14  *     * Neither the name of Google Inc. nor the names of its
  15  * contributors may be used to endorse or promote products derived from
  16  * this software without specific prior written permission.
  17  *
  18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29  */
  30
  31 #ifndef ResourceLoaderOptions_h
  32 #define ResourceLoaderOptions_h
  33
  34 #include "core/fetch/FetchInitiatorInfo.h"
  35 #include "platform/CrossThreadCopier.h"
  36 #include "platform/weborigin/SecurityOrigin.h"
  37
  38 namespace blink {
  39
  40 enum ContentSniffingPolicy {
  41     SniffContent,
  42     DoNotSniffContent
  43 };
  44
  45 enum DataBufferingPolicy {
  46     BufferData,
  47     DoNotBufferData
  48 };
  49
  50 enum ContentSecurityPolicyCheck {
  51     CheckContentSecurityPolicy,
  52     DoNotCheckContentSecurityPolicy
  53 };
  54
  55 enum RequestInitiatorContext {
  56     DocumentContext,
  57     WorkerContext,
  58 };
  59
  60 enum StoredCredentials {
  61     AllowStoredCredentials,
  62     DoNotAllowStoredCredentials
  63 };
  64
  65 // APIs like XMLHttpRequest and EventSource let the user decide
  66 // whether to send credentials, but they're always sent for
  67 // same-origin requests. Additional information is needed to handle
  68 // cross-origin redirects correctly.
  69 enum CredentialRequest {
  70     ClientRequestedCredentials,
  71     ClientDidNotRequestCredentials
  72 };
  73
  74 enum MixedContentBlockingTreatment {
  75     TreatAsDefaultForType,
  76     TreatAsPassiveContent,
  77     TreatAsActiveContent,
  78     TreatAsAlwaysAllowedContent
  79 };
  80
  81 enum SynchronousPolicy {
  82     RequestSynchronously,
  83     RequestAsynchronously
  84 };
  85
  86 // A resource fetch can be marked as being CORS enabled. The loader
  87 // must perform an access check upon seeing the response.
  88 enum CORSEnabled {
  89     NotCORSEnabled,
  90     IsCORSEnabled
  91 };
  92
  93 struct ResourceLoaderOptions {
  94     ResourceLoaderOptions()
  95         : sniffContent(DoNotSniffContent)
  96         , dataBufferingPolicy(BufferData)
  97         , allowCredentials(DoNotAllowStoredCredentials)
  98         , credentialsRequested(ClientDidNotRequestCredentials)
  99         , contentSecurityPolicyOption(CheckContentSecurityPolicy)
 100         , requestInitiatorContext(DocumentContext)
 101         , mixedContentBlockingTreatment(TreatAsDefaultForType)
 102         , synchronousPolicy(RequestAsynchronously)
 103         , corsEnabled(NotCORSEnabled)
 104     {
 105     }
 106
 107     ResourceLoaderOptions(
 108         ContentSniffingPolicy sniffContent,
 109         DataBufferingPolicy dataBufferingPolicy,
 110         StoredCredentials allowCredentials,
 111         CredentialRequest credentialsRequested,
 112         ContentSecurityPolicyCheck contentSecurityPolicyOption,
 113         RequestInitiatorContext requestInitiatorContext)
 114         : sniffContent(sniffContent)
 115         , dataBufferingPolicy(dataBufferingPolicy)
 116         , allowCredentials(allowCredentials)
 117         , credentialsRequested(credentialsRequested)
 118         , contentSecurityPolicyOption(contentSecurityPolicyOption)
 119         , requestInitiatorContext(requestInitiatorContext)
 120         , mixedContentBlockingTreatment(TreatAsDefaultForType)
 121         , synchronousPolicy(RequestAsynchronously)
 122         , corsEnabled(NotCORSEnabled)
 123     {
 124     }
 125
 126     // Answers the question "can a separate request with these
 127     // different options be re-used" (e.g. preload request)
 128     // The safe (but possibly slow) answer is always false.
 129     bool canReuseRequest(const ResourceLoaderOptions& other) const
 130     {
 131         // sniffContent is dead code.
 132         // dataBufferingPolicy differences are believed to be safe for re-use.
 133         // FIXME: check allowCredentials.
 134         // FIXME: check credentialsRequested.
 135         // FIXME: check contentSecurityPolicyOption.
 136         // initiatorInfo is purely informational and should be benign for re-use.
 137         // requestInitiatorContext is benign (indicates document vs. worker)
 138         // FIXME: check mixedContentBlockingTreatment.
 139         // synchronousPolicy (safe to re-use an async XHR response for sync, etc.)
 140         return corsEnabled == other.corsEnabled;
 141         // securityOrigin has more complicated checks which callers are responsible for.
 142     }
 143
 144     // When adding members, CrossThreadResourceLoaderOptionsData should be
 145     // updated.
 146     ContentSniffingPolicy sniffContent; // FIXME: Dead code, please remove.
 147     DataBufferingPolicy dataBufferingPolicy;
 148     StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request.
 149     CredentialRequest credentialsRequested; // Whether the client (e.g. XHR) wanted credentials in the first place.
 150     ContentSecurityPolicyCheck contentSecurityPolicyOption;
 151     FetchInitiatorInfo initiatorInfo;
 152     RequestInitiatorContext requestInitiatorContext;
 153     MixedContentBlockingTreatment mixedContentBlockingTreatment;
 154     SynchronousPolicy synchronousPolicy;
 155     CORSEnabled corsEnabled; // If the resource is loaded out-of-origin, whether or not to use CORS.
 156     RefPtr<SecurityOrigin> securityOrigin;
 157 };
 158
 159 // Encode AtomicString (in FetchInitiatorInfo) as String to cross threads.
 160 struct CrossThreadResourceLoaderOptionsData {
 161     explicit CrossThreadResourceLoaderOptionsData(const ResourceLoaderOptions& options)
 162         : sniffContent(options.sniffContent)
 163         , dataBufferingPolicy(options.dataBufferingPolicy)
 164         , allowCredentials(options.allowCredentials)
 165         , credentialsRequested(options.credentialsRequested)
 166         , contentSecurityPolicyOption(options.contentSecurityPolicyOption)
 167         , initiatorInfo(options.initiatorInfo)
 168         , requestInitiatorContext(options.requestInitiatorContext)
 169         , mixedContentBlockingTreatment(options.mixedContentBlockingTreatment)
 170         , synchronousPolicy(options.synchronousPolicy)
 171         , corsEnabled(options.corsEnabled)
 172         , securityOrigin(options.securityOrigin) { }
 173
 174     operator ResourceLoaderOptions() const
 175     {
 176         ResourceLoaderOptions options;
 177         options.sniffContent = sniffContent;
 178         options.dataBufferingPolicy = dataBufferingPolicy;
 179         options.allowCredentials = allowCredentials;
 180         options.credentialsRequested = credentialsRequested;
 181         options.contentSecurityPolicyOption = contentSecurityPolicyOption;
 182         options.initiatorInfo = initiatorInfo;
 183         options.requestInitiatorContext = requestInitiatorContext;
 184         options.mixedContentBlockingTreatment = mixedContentBlockingTreatment;
 185         options.synchronousPolicy = synchronousPolicy;
 186         options.corsEnabled = corsEnabled;
 187         options.securityOrigin = securityOrigin;
 188         return options;
 189     }
 190
 191     ContentSniffingPolicy sniffContent;
 192     DataBufferingPolicy dataBufferingPolicy;
 193     StoredCredentials allowCredentials;
 194     CredentialRequest credentialsRequested;
 195     ContentSecurityPolicyCheck contentSecurityPolicyOption;
 196     CrossThreadFetchInitiatorInfoData initiatorInfo;
 197     RequestInitiatorContext requestInitiatorContext;
 198     MixedContentBlockingTreatment mixedContentBlockingTreatment;
 199     SynchronousPolicy synchronousPolicy;
 200     CORSEnabled corsEnabled;
 201     RefPtr<SecurityOrigin> securityOrigin;
 202 };
 203
 204 template<> struct CrossThreadCopierBase<false, false, false, ResourceLoaderOptions> {
 205     typedef CrossThreadResourceLoaderOptionsData Type;
 206     static Type copy(const ResourceLoaderOptions& options)
 207     {
 208         return CrossThreadResourceLoaderOptionsData(options);
 209     }
 210 };
 211
 212 } // namespace blink
 213
 214 #endif // ResourceLoaderOptions_h