projects / platform / framework / web / crosswalk.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Update To 11.40.268.0
[platform/framework/web/crosswalk.git] / src / third_party / WebKit / Source / web / AssociatedURLLoader.cpp
1 /*
2  * Copyright (C) 2010, 2011, 2012 Google Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are
6  * met:
7  *
8  *     * Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  *     * Redistributions in binary form must reproduce the above
11  * copyright notice, this list of conditions and the following disclaimer
12  * in the documentation and/or other materials provided with the
13  * distribution.
14  *     * Neither the name of Google Inc. nor the names of its
15  * contributors may be used to endorse or promote products derived from
16  * this software without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  */
30
31 #include "config.h"
32 #include "web/AssociatedURLLoader.h"
33
34 #include "core/fetch/CrossOriginAccessControl.h"
35 #include "core/fetch/FetchUtils.h"
36 #include "core/loader/DocumentThreadableLoader.h"
37 #include "core/loader/DocumentThreadableLoaderClient.h"
38 #include "platform/Timer.h"
39 #include "platform/exported/WrappedResourceRequest.h"
40 #include "platform/exported/WrappedResourceResponse.h"
41 #include "platform/network/HTTPParsers.h"
42 #include "platform/network/ResourceError.h"
43 #include "public/platform/WebHTTPHeaderVisitor.h"
44 #include "public/platform/WebString.h"
45 #include "public/platform/WebURLError.h"
46 #include "public/platform/WebURLLoaderClient.h"
47 #include "public/platform/WebURLRequest.h"
48 #include "public/web/WebDataSource.h"
49 #include "web/WebLocalFrameImpl.h"
50 #include "wtf/HashSet.h"
51 #include "wtf/text/WTFString.h"
52 #include <limits.h>
53
54 namespace blink {
55
56 namespace {
57
58 class HTTPRequestHeaderValidator : public WebHTTPHeaderVisitor {
59     WTF_MAKE_NONCOPYABLE(HTTPRequestHeaderValidator);
60 public:
61     HTTPRequestHeaderValidator() : m_isSafe(true) { }
62
63     void visitHeader(const WebString& name, const WebString& value);
64     bool isSafe() const { return m_isSafe; }
65
66 private:
67     bool m_isSafe;
68 };
69
70 void HTTPRequestHeaderValidator::visitHeader(const WebString& name, const WebString& value)
71 {
72     m_isSafe = m_isSafe && isValidHTTPToken(name) && !FetchUtils::isForbiddenHeaderName(name) && isValidHTTPHeaderValue(value);
73 }
74
75 // FIXME: Remove this and use WebCore code that does the same thing.
76 class HTTPResponseHeaderValidator : public WebHTTPHeaderVisitor {
77     WTF_MAKE_NONCOPYABLE(HTTPResponseHeaderValidator);
78 public:
79     HTTPResponseHeaderValidator(bool usingAccessControl) : m_usingAccessControl(usingAccessControl) { }
80
81     void visitHeader(const WebString& name, const WebString& value);
82     const HTTPHeaderSet& blockedHeaders();
83
84 private:
85     HTTPHeaderSet m_exposedHeaders;
86     HTTPHeaderSet m_blockedHeaders;
87     bool m_usingAccessControl;
88 };
89
90 void HTTPResponseHeaderValidator::visitHeader(const WebString& name, const WebString& value)
91 {
92     String headerName(name);
93     if (m_usingAccessControl) {
94         if (equalIgnoringCase(headerName, "access-control-expose-headers"))
95             parseAccessControlExposeHeadersAllowList(value, m_exposedHeaders);
96         else if (!isOnAccessControlResponseHeaderWhitelist(headerName))
97             m_blockedHeaders.add(name);
98     }
99 }
100
101 const HTTPHeaderSet& HTTPResponseHeaderValidator::blockedHeaders()
102 {
103     // Remove exposed headers from the blocked set.
104     if (!m_exposedHeaders.isEmpty()) {
105         // Don't allow Set-Cookie headers to be exposed.
106         m_exposedHeaders.remove("set-cookie");
107         m_exposedHeaders.remove("set-cookie2");
108         // Block Access-Control-Expose-Header itself. It could be exposed later.
109         m_blockedHeaders.add("access-control-expose-headers");
110         m_blockedHeaders.removeAll(m_exposedHeaders);
111     }
112
113     return m_blockedHeaders;
114 }
115
116 }
117
118 // This class bridges the interface differences between WebCore and WebKit loader clients.
119 // It forwards its ThreadableLoaderClient notifications to a WebURLLoaderClient.
120 class AssociatedURLLoader::ClientAdapter final : public DocumentThreadableLoaderClient {
121     WTF_MAKE_NONCOPYABLE(ClientAdapter);
122 public:
123     static PassOwnPtr<ClientAdapter> create(AssociatedURLLoader*, WebURLLoaderClient*, const WebURLLoaderOptions&);
124
125     // ThreadableLoaderClient
126     void didSendData(unsigned long long /*bytesSent*/, unsigned long long /*totalBytesToBeSent*/) override;
127     void didReceiveResponse(unsigned long, const ResourceResponse&, PassOwnPtr<WebDataConsumerHandle>) override;
128     void didDownloadData(int /*dataLength*/) override;
129     void didReceiveData(const char*, unsigned /*dataLength*/) override;
130     void didReceiveCachedMetadata(const char*, int /*dataLength*/) override;
131     void didFinishLoading(unsigned long /*identifier*/, double /*finishTime*/) override;
132     void didFail(const ResourceError&) override;
133     void didFailRedirectCheck() override;
134     // DocumentThreadableLoaderClient
135     void willFollowRedirect(ResourceRequest& /*newRequest*/, const ResourceResponse& /*redirectResponse*/) override;
136
137     // Sets an error to be reported back to the client, asychronously.
138     void setDelayedError(const ResourceError&);
139
140     // Enables forwarding of error notifications to the WebURLLoaderClient. These must be
141     // deferred until after the call to AssociatedURLLoader::loadAsynchronously() completes.
142     void enableErrorNotifications();
143
144     // Stops loading and releases the DocumentThreadableLoader as early as possible.
145     void clearClient() { m_client = 0; }
146
147 private:
148     ClientAdapter(AssociatedURLLoader*, WebURLLoaderClient*, const WebURLLoaderOptions&);
149
150     void notifyError(Timer<ClientAdapter>*);
151
152     AssociatedURLLoader* m_loader;
153     WebURLLoaderClient* m_client;
154     WebURLLoaderOptions m_options;
155     WebURLError m_error;
156
157     Timer<ClientAdapter> m_errorTimer;
158     bool m_enableErrorNotifications;
159     bool m_didFail;
160 };
161
162 PassOwnPtr<AssociatedURLLoader::ClientAdapter> AssociatedURLLoader::ClientAdapter::create(AssociatedURLLoader* loader, WebURLLoaderClient* client, const WebURLLoaderOptions& options)
163 {
164     return adoptPtr(new ClientAdapter(loader, client, options));
165 }
166
167 AssociatedURLLoader::ClientAdapter::ClientAdapter(AssociatedURLLoader* loader, WebURLLoaderClient* client, const WebURLLoaderOptions& options)
168     : m_loader(loader)
169     , m_client(client)
170     , m_options(options)
171     , m_errorTimer(this, &ClientAdapter::notifyError)
172     , m_enableErrorNotifications(false)
173     , m_didFail(false)
174 {
175     ASSERT(m_loader);
176     ASSERT(m_client);
177 }
178
179 void AssociatedURLLoader::ClientAdapter::willFollowRedirect(ResourceRequest& newRequest, const ResourceResponse& redirectResponse)
180 {
181     if (!m_client)
182         return;
183
184     WrappedResourceRequest wrappedNewRequest(newRequest);
185     WrappedResourceResponse wrappedRedirectResponse(redirectResponse);
186     m_client->willSendRequest(m_loader, wrappedNewRequest, wrappedRedirectResponse);
187 }
188
189 void AssociatedURLLoader::ClientAdapter::didSendData(unsigned long long bytesSent, unsigned long long totalBytesToBeSent)
190 {
191     if (!m_client)
192         return;
193
194     m_client->didSendData(m_loader, bytesSent, totalBytesToBeSent);
195 }
196
197 void AssociatedURLLoader::ClientAdapter::didReceiveResponse(unsigned long, const ResourceResponse& response, PassOwnPtr<WebDataConsumerHandle> handle)
198 {
199     ASSERT_UNUSED(handle, !handle);
200     if (!m_client)
201         return;
202
203     // Try to use the original ResourceResponse if possible.
204     WebURLResponse validatedResponse = WrappedResourceResponse(response);
205     HTTPResponseHeaderValidator validator(m_options.crossOriginRequestPolicy == WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl);
206     if (!m_options.exposeAllResponseHeaders)
207         validatedResponse.visitHTTPHeaderFields(&validator);
208
209     // If there are blocked headers, copy the response so we can remove them.
210     const HTTPHeaderSet& blockedHeaders = validator.blockedHeaders();
211     if (!blockedHeaders.isEmpty()) {
212         validatedResponse = WebURLResponse(validatedResponse);
213         HTTPHeaderSet::const_iterator end = blockedHeaders.end();
214         for (HTTPHeaderSet::const_iterator it = blockedHeaders.begin(); it != end; ++it)
215             validatedResponse.clearHTTPHeaderField(*it);
216     }
217     m_client->didReceiveResponse(m_loader, validatedResponse);
218 }
219
220 void AssociatedURLLoader::ClientAdapter::didDownloadData(int dataLength)
221 {
222     if (!m_client)
223         return;
224
225     m_client->didDownloadData(m_loader, dataLength, -1);
226 }
227
228 void AssociatedURLLoader::ClientAdapter::didReceiveData(const char* data, unsigned dataLength)
229 {
230     if (!m_client)
231         return;
232
233     RELEASE_ASSERT(dataLength <= static_cast<unsigned>(std::numeric_limits<int>::max()));
234
235     m_client->didReceiveData(m_loader, data, dataLength, -1);
236 }
237
238 void AssociatedURLLoader::ClientAdapter::didReceiveCachedMetadata(const char* data, int dataLength)
239 {
240     if (!m_client)
241         return;
242
243     m_client->didReceiveCachedMetadata(m_loader, data, dataLength);
244 }
245
246 void AssociatedURLLoader::ClientAdapter::didFinishLoading(unsigned long identifier, double finishTime)
247 {
248     if (!m_client)
249         return;
250
251     m_client->didFinishLoading(m_loader, finishTime, WebURLLoaderClient::kUnknownEncodedDataLength);
252 }
253
254 void AssociatedURLLoader::ClientAdapter::didFail(const ResourceError& error)
255 {
256     if (!m_client)
257         return;
258
259     m_didFail = true;
260     m_error = WebURLError(error);
261     if (m_enableErrorNotifications)
262         notifyError(&m_errorTimer);
263 }
264
265 void AssociatedURLLoader::ClientAdapter::didFailRedirectCheck()
266 {
267     didFail(ResourceError());
268 }
269
270 void AssociatedURLLoader::ClientAdapter::setDelayedError(const ResourceError& error)
271 {
272     didFail(error);
273 }
274
275 void AssociatedURLLoader::ClientAdapter::enableErrorNotifications()
276 {
277     m_enableErrorNotifications = true;
278     // If an error has already been received, start a timer to report it to the client
279     // after AssociatedURLLoader::loadAsynchronously has returned to the caller.
280     if (m_didFail)
281         m_errorTimer.startOneShot(0, FROM_HERE);
282 }
283
284 void AssociatedURLLoader::ClientAdapter::notifyError(Timer<ClientAdapter>* timer)
285 {
286     ASSERT_UNUSED(timer, timer == &m_errorTimer);
287
288     m_client->didFail(m_loader, m_error);
289 }
290
291 AssociatedURLLoader::AssociatedURLLoader(PassRefPtrWillBeRawPtr<WebLocalFrameImpl> frameImpl, const WebURLLoaderOptions& options)
292     : m_frameImpl(frameImpl)
293     , m_options(options)
294     , m_client(0)
295 {
296     ASSERT(m_frameImpl);
297 }
298
299 AssociatedURLLoader::~AssociatedURLLoader()
300 {
301     cancel();
302 }
303
304 #define COMPILE_ASSERT_MATCHING_ENUM(webkit_name, webcore_name) \
305     COMPILE_ASSERT(static_cast<int>(webkit_name) == static_cast<int>(webcore_name), mismatching_enums)
306
307 COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::CrossOriginRequestPolicyDeny, DenyCrossOriginRequests);
308 COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl, UseAccessControl);
309 COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::CrossOriginRequestPolicyAllow, AllowCrossOriginRequests);
310
311 COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::ConsiderPreflight, ConsiderPreflight);
312 COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::ForcePreflight, ForcePreflight);
313 COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::PreventPreflight, PreventPreflight);
314
315 void AssociatedURLLoader::loadSynchronously(const WebURLRequest& request, WebURLResponse& response, WebURLError& error, WebData& data)
316 {
317     ASSERT(0); // Synchronous loading is not supported.
318 }
319
320 void AssociatedURLLoader::loadAsynchronously(const WebURLRequest& request, WebURLLoaderClient* client)
321 {
322     ASSERT(!m_loader);
323     ASSERT(!m_client);
324
325     m_client = client;
326     ASSERT(m_client);
327
328     bool allowLoad = true;
329     WebURLRequest newRequest(request);
330     if (m_options.untrustedHTTP) {
331         WebString method = newRequest.httpMethod();
332         allowLoad = isValidHTTPToken(method) && FetchUtils::isUsefulMethod(method);
333         if (allowLoad) {
334             newRequest.setHTTPMethod(FetchUtils::normalizeMethod(method));
335             HTTPRequestHeaderValidator validator;
336             newRequest.visitHTTPHeaderFields(&validator);
337             allowLoad = validator.isSafe();
338         }
339     }
340
341     m_clientAdapter = ClientAdapter::create(this, m_client, m_options);
342
343     if (allowLoad) {
344         ThreadableLoaderOptions options;
345         options.preflightPolicy = static_cast<PreflightPolicy>(m_options.preflightPolicy);
346         options.crossOriginRequestPolicy = static_cast<CrossOriginRequestPolicy>(m_options.crossOriginRequestPolicy);
347
348         ResourceLoaderOptions resourceLoaderOptions;
349         resourceLoaderOptions.allowCredentials = m_options.allowCredentials ? AllowStoredCredentials : DoNotAllowStoredCredentials;
350         resourceLoaderOptions.dataBufferingPolicy = DoNotBufferData;
351
352         const ResourceRequest& webcoreRequest = newRequest.toResourceRequest();
353         if (webcoreRequest.requestContext() == WebURLRequest::RequestContextUnspecified) {
354             // FIXME: We load URLs without setting a TargetType (and therefore a request context) in several
355             // places in content/ (P2PPortAllocatorSession::AllocateLegacyRelaySession, for example). Remove
356             // this once those places are patched up.
357             newRequest.setRequestContext(WebURLRequest::RequestContextInternal);
358         }
359
360         Document* webcoreDocument = m_frameImpl->frame()->document();
361         ASSERT(webcoreDocument);
362         m_loader = DocumentThreadableLoader::create(*webcoreDocument, m_clientAdapter.get(), webcoreRequest, options, resourceLoaderOptions);
363     }
364
365     if (!m_loader) {
366         // FIXME: return meaningful error codes.
367         m_clientAdapter->setDelayedError(ResourceError());
368     }
369     m_clientAdapter->enableErrorNotifications();
370 }
371
372 void AssociatedURLLoader::cancel()
373 {
374     if (m_clientAdapter)
375         m_clientAdapter->clearClient();
376     if (m_loader)
377         m_loader->cancel();
378 }
379
380 void AssociatedURLLoader::setDefersLoading(bool defersLoading)
381 {
382     if (m_loader)
383         m_loader->setDefersLoading(defersLoading);
384 }
385
386 } // namespace blink
Domain: Web Framework / Uncategorized;