2 * Copyright (C) 2009, 2012 Ericsson AB. All rights reserved.
3 * Copyright (C) 2010 Apple Inc. All rights reserved.
4 * Copyright (C) 2011, Code Aurora Forum. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer
14 * in the documentation and/or other materials provided with the
16 * 3. Neither the name of Ericsson nor the names of its contributors
17 * may be used to endorse or promote products derived from this
18 * software without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #include "core/page/EventSource.h"
36 #include "bindings/core/v8/Dictionary.h"
37 #include "bindings/core/v8/ExceptionState.h"
38 #include "bindings/core/v8/ScriptController.h"
39 #include "bindings/core/v8/SerializedScriptValue.h"
40 #include "core/dom/Document.h"
41 #include "core/dom/ExceptionCode.h"
42 #include "core/dom/ExecutionContext.h"
43 #include "core/events/Event.h"
44 #include "core/events/MessageEvent.h"
45 #include "core/frame/LocalDOMWindow.h"
46 #include "core/frame/LocalFrame.h"
47 #include "core/frame/csp/ContentSecurityPolicy.h"
48 #include "core/html/parser/TextResourceDecoder.h"
49 #include "core/inspector/ConsoleMessage.h"
50 #include "core/loader/ThreadableLoader.h"
51 #include "platform/network/ResourceError.h"
52 #include "platform/network/ResourceRequest.h"
53 #include "platform/network/ResourceResponse.h"
54 #include "platform/weborigin/SecurityOrigin.h"
55 #include "public/platform/WebURLRequest.h"
56 #include "wtf/text/StringBuilder.h"
60 const unsigned long long EventSource::defaultReconnectDelay = 3000;
62 inline EventSource::EventSource(ExecutionContext* context, const KURL& url, const Dictionary& eventSourceInit)
63 : ActiveDOMObject(context)
65 , m_withCredentials(false)
67 , m_decoder(TextResourceDecoder::create("text/plain", "UTF-8"))
68 , m_connectTimer(this, &EventSource::connectTimerFired)
69 , m_discardTrailingNewline(false)
70 , m_requestInFlight(false)
71 , m_reconnectDelay(defaultReconnectDelay)
73 ScriptWrappable::init(this);
74 DictionaryHelper::get(eventSourceInit, "withCredentials", m_withCredentials);
77 PassRefPtrWillBeRawPtr<EventSource> EventSource::create(ExecutionContext* context, const String& url, const Dictionary& eventSourceInit, ExceptionState& exceptionState)
80 exceptionState.throwDOMException(SyntaxError, "Cannot open an EventSource to an empty URL.");
84 KURL fullURL = context->completeURL(url);
85 if (!fullURL.isValid()) {
86 exceptionState.throwDOMException(SyntaxError, "Cannot open an EventSource to '" + url + "'. The URL is invalid.");
90 // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
91 bool shouldBypassMainWorldCSP = false;
92 if (context->isDocument()) {
93 Document* document = toDocument(context);
94 shouldBypassMainWorldCSP = document->frame()->script().shouldBypassMainWorldCSP();
96 if (!shouldBypassMainWorldCSP && !context->contentSecurityPolicy()->allowConnectToSource(fullURL)) {
97 // We can safely expose the URL to JavaScript, as this exception is generate synchronously before any redirects take place.
98 exceptionState.throwSecurityError("Refused to connect to '" + fullURL.elidedString() + "' because it violates the document's Content Security Policy.");
102 RefPtrWillBeRawPtr<EventSource> source = adoptRefWillBeRefCountedGarbageCollected(new EventSource(context, fullURL, eventSourceInit));
104 source->scheduleInitialConnect();
105 source->suspendIfNeeded();
107 return source.release();
110 EventSource::~EventSource()
112 ASSERT(m_state == CLOSED);
113 ASSERT(!m_requestInFlight);
116 void EventSource::scheduleInitialConnect()
118 ASSERT(m_state == CONNECTING);
119 ASSERT(!m_requestInFlight);
121 m_connectTimer.startOneShot(0, FROM_HERE);
124 void EventSource::connect()
126 ASSERT(m_state == CONNECTING);
127 ASSERT(!m_requestInFlight);
128 ASSERT(executionContext());
130 ExecutionContext& executionContext = *this->executionContext();
131 ResourceRequest request(m_url);
132 request.setHTTPMethod("GET");
133 request.setHTTPHeaderField("Accept", "text/event-stream");
134 request.setHTTPHeaderField("Cache-Control", "no-cache");
135 request.setRequestContext(blink::WebURLRequest::RequestContextEventSource);
136 if (!m_lastEventId.isEmpty())
137 request.setHTTPHeaderField("Last-Event-ID", m_lastEventId);
139 SecurityOrigin* origin = executionContext.securityOrigin();
141 ThreadableLoaderOptions options;
142 options.preflightPolicy = PreventPreflight;
143 options.crossOriginRequestPolicy = UseAccessControl;
144 options.contentSecurityPolicyEnforcement = ContentSecurityPolicy::shouldBypassMainWorld(&executionContext) ? DoNotEnforceContentSecurityPolicy : EnforceConnectSrcDirective;
146 ResourceLoaderOptions resourceLoaderOptions;
147 resourceLoaderOptions.allowCredentials = (origin->canRequest(m_url) || m_withCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials;
148 resourceLoaderOptions.credentialsRequested = m_withCredentials ? ClientRequestedCredentials : ClientDidNotRequestCredentials;
149 resourceLoaderOptions.dataBufferingPolicy = DoNotBufferData;
150 resourceLoaderOptions.securityOrigin = origin;
151 resourceLoaderOptions.mixedContentBlockingTreatment = TreatAsActiveContent;
153 m_loader = ThreadableLoader::create(executionContext, this, request, options, resourceLoaderOptions);
156 m_requestInFlight = true;
159 void EventSource::networkRequestEnded()
161 if (!m_requestInFlight)
164 m_requestInFlight = false;
166 if (m_state != CLOSED)
170 void EventSource::scheduleReconnect()
172 m_state = CONNECTING;
173 m_connectTimer.startOneShot(m_reconnectDelay / 1000.0, FROM_HERE);
174 dispatchEvent(Event::create(EventTypeNames::error));
177 void EventSource::connectTimerFired(Timer<EventSource>*)
182 String EventSource::url() const
184 return m_url.string();
187 bool EventSource::withCredentials() const
189 return m_withCredentials;
192 EventSource::State EventSource::readyState() const
197 void EventSource::close()
199 if (m_state == CLOSED) {
200 ASSERT(!m_requestInFlight);
204 // Stop trying to reconnect if EventSource was explicitly closed or if ActiveDOMObject::stop() was called.
205 if (m_connectTimer.isActive()) {
206 m_connectTimer.stop();
209 if (m_requestInFlight)
215 const AtomicString& EventSource::interfaceName() const
217 return EventTargetNames::EventSource;
220 ExecutionContext* EventSource::executionContext() const
222 return ActiveDOMObject::executionContext();
225 void EventSource::didReceiveResponse(unsigned long, const ResourceResponse& response)
227 ASSERT(m_state == CONNECTING);
228 ASSERT(m_requestInFlight);
230 m_eventStreamOrigin = SecurityOrigin::create(response.url())->toString();
231 int statusCode = response.httpStatusCode();
232 bool mimeTypeIsValid = response.mimeType() == "text/event-stream";
233 bool responseIsValid = statusCode == 200 && mimeTypeIsValid;
234 if (responseIsValid) {
235 const String& charset = response.textEncodingName();
236 // If we have a charset, the only allowed value is UTF-8 (case-insensitive).
237 responseIsValid = charset.isEmpty() || equalIgnoringCase(charset, "UTF-8");
238 if (!responseIsValid) {
239 StringBuilder message;
240 message.appendLiteral("EventSource's response has a charset (\"");
241 message.append(charset);
242 message.appendLiteral("\") that is not UTF-8. Aborting the connection.");
243 // FIXME: We are missing the source line.
244 executionContext()->addConsoleMessage(ConsoleMessage::create(JSMessageSource, ErrorMessageLevel, message.toString()));
247 // To keep the signal-to-noise ratio low, we only log 200-response with an invalid MIME type.
248 if (statusCode == 200 && !mimeTypeIsValid) {
249 StringBuilder message;
250 message.appendLiteral("EventSource's response has a MIME type (\"");
251 message.append(response.mimeType());
252 message.appendLiteral("\") that is not \"text/event-stream\". Aborting the connection.");
253 // FIXME: We are missing the source line.
254 executionContext()->addConsoleMessage(ConsoleMessage::create(JSMessageSource, ErrorMessageLevel, message.toString()));
258 if (responseIsValid) {
260 dispatchEvent(Event::create(EventTypeNames::open));
263 dispatchEvent(Event::create(EventTypeNames::error));
267 void EventSource::didReceiveData(const char* data, int length)
269 ASSERT(m_state == OPEN);
270 ASSERT(m_requestInFlight);
272 append(m_receiveBuf, m_decoder->decode(data, length));
276 void EventSource::didFinishLoading(unsigned long, double)
278 ASSERT(m_state == OPEN);
279 ASSERT(m_requestInFlight);
281 if (m_receiveBuf.size() > 0 || m_data.size() > 0) {
284 // Discard everything that has not been dispatched by now.
285 m_receiveBuf.clear();
287 m_eventName = emptyAtom;
288 m_currentlyParsedEventId = nullAtom;
290 networkRequestEnded();
293 void EventSource::didFail(const ResourceError& error)
295 ASSERT(m_state != CLOSED);
296 ASSERT(m_requestInFlight);
298 if (error.isCancellation())
300 networkRequestEnded();
303 void EventSource::didFailAccessControlCheck(const ResourceError& error)
305 String message = "EventSource cannot load " + error.failingURL() + ". " + error.localizedDescription();
306 executionContext()->addConsoleMessage(ConsoleMessage::create(JSMessageSource, ErrorMessageLevel, message));
308 abortConnectionAttempt();
311 void EventSource::didFailRedirectCheck()
313 abortConnectionAttempt();
316 void EventSource::abortConnectionAttempt()
318 ASSERT(m_state == CONNECTING);
320 if (m_requestInFlight) {
326 ASSERT(m_state == CLOSED);
327 dispatchEvent(Event::create(EventTypeNames::error));
330 void EventSource::parseEventStream()
333 unsigned bufSize = m_receiveBuf.size();
334 while (bufPos < bufSize) {
335 if (m_discardTrailingNewline) {
336 if (m_receiveBuf[bufPos] == '\n')
338 m_discardTrailingNewline = false;
342 int fieldLength = -1;
343 for (unsigned i = bufPos; lineLength < 0 && i < bufSize; i++) {
344 switch (m_receiveBuf[i]) {
347 fieldLength = i - bufPos;
350 m_discardTrailingNewline = true;
352 lineLength = i - bufPos;
360 parseEventStreamLine(bufPos, fieldLength, lineLength);
361 bufPos += lineLength + 1;
363 // EventSource.close() might've been called by one of the message event handlers.
364 // Per spec, no further messages should be fired after that.
365 if (m_state == CLOSED)
369 if (bufPos == bufSize)
370 m_receiveBuf.clear();
372 m_receiveBuf.remove(0, bufPos);
375 void EventSource::parseEventStreamLine(unsigned bufPos, int fieldLength, int lineLength)
378 if (!m_data.isEmpty()) {
380 if (!m_currentlyParsedEventId.isNull()) {
381 m_lastEventId = m_currentlyParsedEventId;
382 m_currentlyParsedEventId = nullAtom;
384 dispatchEvent(createMessageEvent());
386 if (!m_eventName.isEmpty())
387 m_eventName = emptyAtom;
388 } else if (fieldLength) {
389 bool noValue = fieldLength < 0;
391 String field(&m_receiveBuf[bufPos], noValue ? lineLength : fieldLength);
395 else if (m_receiveBuf[bufPos + fieldLength + 1] != ' ')
396 step = fieldLength + 1;
398 step = fieldLength + 2;
400 int valueLength = lineLength - step;
402 if (field == "data") {
404 m_data.append(&m_receiveBuf[bufPos], valueLength);
406 } else if (field == "event") {
407 m_eventName = valueLength ? AtomicString(&m_receiveBuf[bufPos], valueLength) : "";
408 } else if (field == "id") {
409 m_currentlyParsedEventId = valueLength ? AtomicString(&m_receiveBuf[bufPos], valueLength) : "";
410 } else if (field == "retry") {
412 m_reconnectDelay = defaultReconnectDelay;
414 String value(&m_receiveBuf[bufPos], valueLength);
416 unsigned long long retry = value.toUInt64(&ok);
418 m_reconnectDelay = retry;
424 void EventSource::stop()
429 bool EventSource::hasPendingActivity() const
431 return m_state != CLOSED;
434 PassRefPtrWillBeRawPtr<MessageEvent> EventSource::createMessageEvent()
436 RefPtrWillBeRawPtr<MessageEvent> event = MessageEvent::create();
437 event->initMessageEvent(m_eventName.isEmpty() ? EventTypeNames::message : m_eventName, false, false, SerializedScriptValue::create(String(m_data)), m_eventStreamOrigin, m_lastEventId, 0, nullptr);
439 return event.release();