2 * Copyright (C) 2011 Google Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following disclaimer
12 * in the documentation and/or other materials provided with the
14 * * Neither the name of Google Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 #ifndef ResourceLoaderOptions_h
32 #define ResourceLoaderOptions_h
34 #include "core/fetch/FetchInitiatorInfo.h"
35 #include "platform/CrossThreadCopier.h"
36 #include "platform/weborigin/SecurityOrigin.h"
40 enum ContentSniffingPolicy {
45 enum DataBufferingPolicy {
50 enum ContentSecurityPolicyCheck {
51 CheckContentSecurityPolicy,
52 DoNotCheckContentSecurityPolicy
55 enum RequestInitiatorContext {
60 enum StoredCredentials {
61 AllowStoredCredentials,
62 DoNotAllowStoredCredentials
65 // APIs like XMLHttpRequest and EventSource let the user decide
66 // whether to send credentials, but they're always sent for
67 // same-origin requests. Additional information is needed to handle
68 // cross-origin redirects correctly.
69 enum CredentialRequest {
70 ClientRequestedCredentials,
71 ClientDidNotRequestCredentials
74 enum MixedContentBlockingTreatment {
75 TreatAsDefaultForType,
76 TreatAsPassiveContent,
78 TreatAsAlwaysAllowedContent
81 enum SynchronousPolicy {
86 // A resource fetch can be marked as being CORS enabled. The loader
87 // must perform an access check upon seeing the response.
93 struct ResourceLoaderOptions {
94 ResourceLoaderOptions()
95 : sniffContent(DoNotSniffContent)
96 , dataBufferingPolicy(BufferData)
97 , allowCredentials(DoNotAllowStoredCredentials)
98 , credentialsRequested(ClientDidNotRequestCredentials)
99 , contentSecurityPolicyOption(CheckContentSecurityPolicy)
100 , requestInitiatorContext(DocumentContext)
101 , mixedContentBlockingTreatment(TreatAsDefaultForType)
102 , synchronousPolicy(RequestAsynchronously)
103 , corsEnabled(NotCORSEnabled)
107 ResourceLoaderOptions(
108 ContentSniffingPolicy sniffContent,
109 DataBufferingPolicy dataBufferingPolicy,
110 StoredCredentials allowCredentials,
111 CredentialRequest credentialsRequested,
112 ContentSecurityPolicyCheck contentSecurityPolicyOption,
113 RequestInitiatorContext requestInitiatorContext)
114 : sniffContent(sniffContent)
115 , dataBufferingPolicy(dataBufferingPolicy)
116 , allowCredentials(allowCredentials)
117 , credentialsRequested(credentialsRequested)
118 , contentSecurityPolicyOption(contentSecurityPolicyOption)
119 , requestInitiatorContext(requestInitiatorContext)
120 , mixedContentBlockingTreatment(TreatAsDefaultForType)
121 , synchronousPolicy(RequestAsynchronously)
122 , corsEnabled(NotCORSEnabled)
126 // Answers the question "can a separate request with these
127 // different options be re-used" (e.g. preload request)
128 // The safe (but possibly slow) answer is always false.
129 bool canReuseRequest(const ResourceLoaderOptions& other) const
131 // sniffContent is dead code.
132 // dataBufferingPolicy differences are believed to be safe for re-use.
133 // FIXME: check allowCredentials.
134 // FIXME: check credentialsRequested.
135 // FIXME: check contentSecurityPolicyOption.
136 // initiatorInfo is purely informational and should be benign for re-use.
137 // requestInitiatorContext is benign (indicates document vs. worker)
138 // FIXME: check mixedContentBlockingTreatment.
139 // synchronousPolicy (safe to re-use an async XHR response for sync, etc.)
140 return corsEnabled == other.corsEnabled;
141 // securityOrigin has more complicated checks which callers are responsible for.
144 // When adding members, CrossThreadResourceLoaderOptionsData should be
146 ContentSniffingPolicy sniffContent; // FIXME: Dead code, please remove.
147 DataBufferingPolicy dataBufferingPolicy;
148 StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request.
149 CredentialRequest credentialsRequested; // Whether the client (e.g. XHR) wanted credentials in the first place.
150 ContentSecurityPolicyCheck contentSecurityPolicyOption;
151 FetchInitiatorInfo initiatorInfo;
152 RequestInitiatorContext requestInitiatorContext;
153 MixedContentBlockingTreatment mixedContentBlockingTreatment;
154 SynchronousPolicy synchronousPolicy;
155 CORSEnabled corsEnabled; // If the resource is loaded out-of-origin, whether or not to use CORS.
156 RefPtr<SecurityOrigin> securityOrigin;
159 // Encode AtomicString (in FetchInitiatorInfo) as String to cross threads.
160 struct CrossThreadResourceLoaderOptionsData {
161 explicit CrossThreadResourceLoaderOptionsData(const ResourceLoaderOptions& options)
162 : sniffContent(options.sniffContent)
163 , dataBufferingPolicy(options.dataBufferingPolicy)
164 , allowCredentials(options.allowCredentials)
165 , credentialsRequested(options.credentialsRequested)
166 , contentSecurityPolicyOption(options.contentSecurityPolicyOption)
167 , initiatorInfo(options.initiatorInfo)
168 , requestInitiatorContext(options.requestInitiatorContext)
169 , mixedContentBlockingTreatment(options.mixedContentBlockingTreatment)
170 , synchronousPolicy(options.synchronousPolicy)
171 , corsEnabled(options.corsEnabled)
172 , securityOrigin(options.securityOrigin) { }
174 operator ResourceLoaderOptions() const
176 ResourceLoaderOptions options;
177 options.sniffContent = sniffContent;
178 options.dataBufferingPolicy = dataBufferingPolicy;
179 options.allowCredentials = allowCredentials;
180 options.credentialsRequested = credentialsRequested;
181 options.contentSecurityPolicyOption = contentSecurityPolicyOption;
182 options.initiatorInfo = initiatorInfo;
183 options.requestInitiatorContext = requestInitiatorContext;
184 options.mixedContentBlockingTreatment = mixedContentBlockingTreatment;
185 options.synchronousPolicy = synchronousPolicy;
186 options.corsEnabled = corsEnabled;
187 options.securityOrigin = securityOrigin;
191 ContentSniffingPolicy sniffContent;
192 DataBufferingPolicy dataBufferingPolicy;
193 StoredCredentials allowCredentials;
194 CredentialRequest credentialsRequested;
195 ContentSecurityPolicyCheck contentSecurityPolicyOption;
196 CrossThreadFetchInitiatorInfoData initiatorInfo;
197 RequestInitiatorContext requestInitiatorContext;
198 MixedContentBlockingTreatment mixedContentBlockingTreatment;
199 SynchronousPolicy synchronousPolicy;
200 CORSEnabled corsEnabled;
201 RefPtr<SecurityOrigin> securityOrigin;
204 template<> struct CrossThreadCopierBase<false, false, false, ResourceLoaderOptions> {
205 typedef CrossThreadResourceLoaderOptionsData Type;
206 static Type copy(const ResourceLoaderOptions& options)
208 return CrossThreadResourceLoaderOptionsData(options);
214 #endif // ResourceLoaderOptions_h