| /* |
| * Copyright (C) 2010, 2011, 2012 Google Inc. All rights reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions are |
| * met: |
| * |
| * * Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * * Redistributions in binary form must reproduce the above |
| * copyright notice, this list of conditions and the following disclaimer |
| * in the documentation and/or other materials provided with the |
| * distribution. |
| * * Neither the name of Google Inc. nor the names of its |
| * contributors may be used to endorse or promote products derived from |
| * this software without specific prior written permission. |
| * |
| * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| */ |
| |
| #include "web/AssociatedURLLoader.h" |
| |
| #include "core/dom/ContextLifecycleObserver.h" |
| #include "core/fetch/CrossOriginAccessControl.h" |
| #include "core/fetch/FetchUtils.h" |
| #include "core/loader/DocumentThreadableLoader.h" |
| #include "core/loader/DocumentThreadableLoaderClient.h" |
| #include "platform/Timer.h" |
| #include "platform/exported/WrappedResourceRequest.h" |
| #include "platform/exported/WrappedResourceResponse.h" |
| #include "platform/network/HTTPParsers.h" |
| #include "platform/network/ResourceError.h" |
| #include "public/platform/WebHTTPHeaderVisitor.h" |
| #include "public/platform/WebString.h" |
| #include "public/platform/WebURLError.h" |
| #include "public/platform/WebURLLoaderClient.h" |
| #include "public/platform/WebURLRequest.h" |
| #include "public/web/WebDataSource.h" |
| #include "web/WebLocalFrameImpl.h" |
| #include "wtf/HashSet.h" |
| #include "wtf/PtrUtil.h" |
| #include "wtf/text/WTFString.h" |
| #include <limits.h> |
| #include <memory> |
| |
| namespace blink { |
| |
| namespace { |
| |
| class HTTPRequestHeaderValidator : public WebHTTPHeaderVisitor { |
| WTF_MAKE_NONCOPYABLE(HTTPRequestHeaderValidator); |
| public: |
| HTTPRequestHeaderValidator() : m_isSafe(true) { } |
| |
| void visitHeader(const WebString& name, const WebString& value); |
| bool isSafe() const { return m_isSafe; } |
| |
| private: |
| bool m_isSafe; |
| }; |
| |
| void HTTPRequestHeaderValidator::visitHeader(const WebString& name, const WebString& value) |
| { |
| m_isSafe = m_isSafe && isValidHTTPToken(name) && !FetchUtils::isForbiddenHeaderName(name) && isValidHTTPHeaderValue(value); |
| } |
| |
| } // namespace |
| |
| // This class bridges the interface differences between WebCore and WebKit loader clients. |
| // It forwards its ThreadableLoaderClient notifications to a WebURLLoaderClient. |
| class AssociatedURLLoader::ClientAdapter final : public DocumentThreadableLoaderClient { |
| WTF_MAKE_NONCOPYABLE(ClientAdapter); |
| public: |
| static std::unique_ptr<ClientAdapter> create(AssociatedURLLoader*, WebURLLoaderClient*, const WebURLLoaderOptions&); |
| |
| // ThreadableLoaderClient |
| void didSendData(unsigned long long /*bytesSent*/, unsigned long long /*totalBytesToBeSent*/) override; |
| void didReceiveResponse(unsigned long, const ResourceResponse&, std::unique_ptr<WebDataConsumerHandle>) override; |
| void didDownloadData(int /*dataLength*/) override; |
| void didReceiveData(const char*, unsigned /*dataLength*/) override; |
| void didReceiveCachedMetadata(const char*, int /*dataLength*/) override; |
| void didFinishLoading(unsigned long /*identifier*/, double /*finishTime*/) override; |
| void didFail(const ResourceError&) override; |
| void didFailRedirectCheck() override; |
| // DocumentThreadableLoaderClient |
| void willFollowRedirect(ResourceRequest& /*newRequest*/, const ResourceResponse& /*redirectResponse*/) override; |
| |
| // Sets an error to be reported back to the client, asychronously. |
| void setDelayedError(const ResourceError&); |
| |
| // Enables forwarding of error notifications to the WebURLLoaderClient. These must be |
| // deferred until after the call to AssociatedURLLoader::loadAsynchronously() completes. |
| void enableErrorNotifications(); |
| |
| // Stops loading and releases the DocumentThreadableLoader as early as possible. |
| WebURLLoaderClient* releaseClient() |
| { |
| WebURLLoaderClient* client = m_client; |
| m_client = nullptr; |
| return client; |
| } |
| |
| private: |
| ClientAdapter(AssociatedURLLoader*, WebURLLoaderClient*, const WebURLLoaderOptions&); |
| |
| void notifyError(TimerBase*); |
| |
| AssociatedURLLoader* m_loader; |
| WebURLLoaderClient* m_client; |
| WebURLLoaderOptions m_options; |
| WebURLError m_error; |
| |
| Timer<ClientAdapter> m_errorTimer; |
| bool m_enableErrorNotifications; |
| bool m_didFail; |
| }; |
| |
| std::unique_ptr<AssociatedURLLoader::ClientAdapter> AssociatedURLLoader::ClientAdapter::create(AssociatedURLLoader* loader, WebURLLoaderClient* client, const WebURLLoaderOptions& options) |
| { |
| return wrapUnique(new ClientAdapter(loader, client, options)); |
| } |
| |
| AssociatedURLLoader::ClientAdapter::ClientAdapter(AssociatedURLLoader* loader, WebURLLoaderClient* client, const WebURLLoaderOptions& options) |
| : m_loader(loader) |
| , m_client(client) |
| , m_options(options) |
| , m_errorTimer(this, &ClientAdapter::notifyError) |
| , m_enableErrorNotifications(false) |
| , m_didFail(false) |
| { |
| DCHECK(m_loader); |
| DCHECK(m_client); |
| } |
| |
| void AssociatedURLLoader::ClientAdapter::willFollowRedirect(ResourceRequest& newRequest, const ResourceResponse& redirectResponse) |
| { |
| if (!m_client) |
| return; |
| |
| WrappedResourceRequest wrappedNewRequest(newRequest); |
| WrappedResourceResponse wrappedRedirectResponse(redirectResponse); |
| // TODO(ricea): Do we need to set encodedDataLength here? |
| m_client->willFollowRedirect(m_loader, wrappedNewRequest, wrappedRedirectResponse, 0); |
| } |
| |
| void AssociatedURLLoader::ClientAdapter::didSendData(unsigned long long bytesSent, unsigned long long totalBytesToBeSent) |
| { |
| if (!m_client) |
| return; |
| |
| m_client->didSendData(m_loader, bytesSent, totalBytesToBeSent); |
| } |
| |
| void AssociatedURLLoader::ClientAdapter::didReceiveResponse(unsigned long, const ResourceResponse& response, std::unique_ptr<WebDataConsumerHandle> handle) |
| { |
| ASSERT_UNUSED(handle, !handle); |
| if (!m_client) |
| return; |
| |
| if (m_options.exposeAllResponseHeaders || m_options.crossOriginRequestPolicy != WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl) { |
| // Use the original ResourceResponse. |
| m_client->didReceiveResponse(m_loader, WrappedResourceResponse(response)); |
| return; |
| } |
| |
| HTTPHeaderSet exposedHeaders; |
| extractCorsExposedHeaderNamesList(response, exposedHeaders); |
| HTTPHeaderSet blockedHeaders; |
| for (const auto& header : response.httpHeaderFields()) { |
| if (FetchUtils::isForbiddenResponseHeaderName(header.key) || (!isOnAccessControlResponseHeaderWhitelist(header.key) && !exposedHeaders.contains(header.key))) |
| blockedHeaders.add(header.key); |
| } |
| |
| if (blockedHeaders.isEmpty()) { |
| // Use the original ResourceResponse. |
| m_client->didReceiveResponse(m_loader, WrappedResourceResponse(response)); |
| return; |
| } |
| |
| // If there are blocked headers, copy the response so we can remove them. |
| WebURLResponse validatedResponse = WrappedResourceResponse(response); |
| for (const auto& header : blockedHeaders) |
| validatedResponse.clearHTTPHeaderField(header); |
| m_client->didReceiveResponse(m_loader, validatedResponse); |
| } |
| |
| void AssociatedURLLoader::ClientAdapter::didDownloadData(int dataLength) |
| { |
| if (!m_client) |
| return; |
| |
| m_client->didDownloadData(m_loader, dataLength, -1); |
| } |
| |
| void AssociatedURLLoader::ClientAdapter::didReceiveData(const char* data, unsigned dataLength) |
| { |
| if (!m_client) |
| return; |
| |
| CHECK_LE(dataLength, static_cast<unsigned>(std::numeric_limits<int>::max())); |
| |
| m_client->didReceiveData(m_loader, data, dataLength, -1, dataLength); |
| } |
| |
| void AssociatedURLLoader::ClientAdapter::didReceiveCachedMetadata(const char* data, int dataLength) |
| { |
| if (!m_client) |
| return; |
| |
| m_client->didReceiveCachedMetadata(m_loader, data, dataLength); |
| } |
| |
| void AssociatedURLLoader::ClientAdapter::didFinishLoading(unsigned long identifier, double finishTime) |
| { |
| if (!m_client) |
| return; |
| |
| m_loader->clientAdapterDone(); |
| |
| releaseClient()->didFinishLoading(m_loader, finishTime, WebURLLoaderClient::kUnknownEncodedDataLength); |
| // |this| may be dead here. |
| } |
| |
| void AssociatedURLLoader::ClientAdapter::didFail(const ResourceError& error) |
| { |
| if (!m_client) |
| return; |
| |
| m_loader->clientAdapterDone(); |
| |
| m_didFail = true; |
| m_error = WebURLError(error); |
| if (m_enableErrorNotifications) |
| notifyError(&m_errorTimer); |
| } |
| |
| void AssociatedURLLoader::ClientAdapter::didFailRedirectCheck() |
| { |
| didFail(ResourceError()); |
| } |
| |
| void AssociatedURLLoader::ClientAdapter::enableErrorNotifications() |
| { |
| m_enableErrorNotifications = true; |
| // If an error has already been received, start a timer to report it to the client |
| // after AssociatedURLLoader::loadAsynchronously has returned to the caller. |
| if (m_didFail) |
| m_errorTimer.startOneShot(0, BLINK_FROM_HERE); |
| } |
| |
| void AssociatedURLLoader::ClientAdapter::notifyError(TimerBase* timer) |
| { |
| ASSERT_UNUSED(timer, timer == &m_errorTimer); |
| |
| if (!m_client) |
| return; |
| |
| releaseClient()->didFail(m_loader, m_error); |
| // |this| may be dead here. |
| } |
| |
| class AssociatedURLLoader::Observer final : public GarbageCollected<Observer>, public ContextLifecycleObserver { |
| USING_GARBAGE_COLLECTED_MIXIN(Observer); |
| public: |
| Observer(AssociatedURLLoader* parent, Document* document) |
| : ContextLifecycleObserver(document) |
| , m_parent(parent) |
| { |
| } |
| |
| void dispose() |
| { |
| m_parent = nullptr; |
| clearContext(); |
| } |
| |
| void contextDestroyed() override |
| { |
| if (m_parent) |
| m_parent->documentDestroyed(); |
| } |
| |
| DEFINE_INLINE_VIRTUAL_TRACE() |
| { |
| ContextLifecycleObserver::trace(visitor); |
| } |
| |
| AssociatedURLLoader* m_parent; |
| }; |
| |
| AssociatedURLLoader::AssociatedURLLoader(WebLocalFrameImpl* frameImpl, const WebURLLoaderOptions& options) |
| : m_client(nullptr) |
| , m_options(options) |
| , m_observer(new Observer(this, frameImpl->frame()->document())) |
| { |
| } |
| |
| AssociatedURLLoader::~AssociatedURLLoader() |
| { |
| cancel(); |
| } |
| |
| #define STATIC_ASSERT_ENUM(a, b) \ |
| static_assert(static_cast<int>(a) == static_cast<int>(b), \ |
| "mismatching enum: " #a) |
| |
| STATIC_ASSERT_ENUM(WebURLLoaderOptions::CrossOriginRequestPolicyDeny, DenyCrossOriginRequests); |
| STATIC_ASSERT_ENUM(WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl, UseAccessControl); |
| STATIC_ASSERT_ENUM(WebURLLoaderOptions::CrossOriginRequestPolicyAllow, AllowCrossOriginRequests); |
| |
| STATIC_ASSERT_ENUM(WebURLLoaderOptions::ConsiderPreflight, ConsiderPreflight); |
| STATIC_ASSERT_ENUM(WebURLLoaderOptions::ForcePreflight, ForcePreflight); |
| STATIC_ASSERT_ENUM(WebURLLoaderOptions::PreventPreflight, PreventPreflight); |
| |
| void AssociatedURLLoader::loadSynchronously(const WebURLRequest& request, WebURLResponse& response, WebURLError& error, WebData& data, int64_t& encodedDataLength) |
| { |
| DCHECK(0); // Synchronous loading is not supported. |
| } |
| |
| void AssociatedURLLoader::loadAsynchronously(const WebURLRequest& request, WebURLLoaderClient* client) |
| { |
| DCHECK(!m_client); |
| DCHECK(!m_loader); |
| DCHECK(!m_clientAdapter); |
| |
| DCHECK(client); |
| |
| bool allowLoad = true; |
| WebURLRequest newRequest(request); |
| if (m_options.untrustedHTTP) { |
| WebString method = newRequest.httpMethod(); |
| allowLoad = m_observer && isValidHTTPToken(method) && FetchUtils::isUsefulMethod(method); |
| if (allowLoad) { |
| newRequest.setHTTPMethod(FetchUtils::normalizeMethod(method)); |
| HTTPRequestHeaderValidator validator; |
| newRequest.visitHTTPHeaderFields(&validator); |
| allowLoad = validator.isSafe(); |
| } |
| } |
| |
| m_client = client; |
| m_clientAdapter = ClientAdapter::create(this, client, m_options); |
| |
| if (allowLoad) { |
| ThreadableLoaderOptions options; |
| options.preflightPolicy = static_cast<PreflightPolicy>(m_options.preflightPolicy); |
| options.crossOriginRequestPolicy = static_cast<CrossOriginRequestPolicy>(m_options.crossOriginRequestPolicy); |
| |
| ResourceLoaderOptions resourceLoaderOptions; |
| resourceLoaderOptions.allowCredentials = m_options.allowCredentials ? AllowStoredCredentials : DoNotAllowStoredCredentials; |
| resourceLoaderOptions.dataBufferingPolicy = DoNotBufferData; |
| |
| const ResourceRequest& webcoreRequest = newRequest.toResourceRequest(); |
| if (webcoreRequest.requestContext() == WebURLRequest::RequestContextUnspecified) { |
| // FIXME: We load URLs without setting a TargetType (and therefore a request context) in several |
| // places in content/ (P2PPortAllocatorSession::AllocateLegacyRelaySession, for example). Remove |
| // this once those places are patched up. |
| newRequest.setRequestContext(WebURLRequest::RequestContextInternal); |
| } |
| |
| Document* document = toDocument(m_observer->lifecycleContext()); |
| DCHECK(document); |
| m_loader = DocumentThreadableLoader::create(*document, m_clientAdapter.get(), options, resourceLoaderOptions); |
| m_loader->start(webcoreRequest); |
| } |
| |
| if (!m_loader) { |
| // FIXME: return meaningful error codes. |
| m_clientAdapter->didFail(ResourceError()); |
| } |
| m_clientAdapter->enableErrorNotifications(); |
| } |
| |
| void AssociatedURLLoader::cancel() |
| { |
| disposeObserver(); |
| cancelLoader(); |
| releaseClient(); |
| } |
| |
| void AssociatedURLLoader::clientAdapterDone() |
| { |
| disposeObserver(); |
| releaseClient(); |
| } |
| |
| void AssociatedURLLoader::cancelLoader() |
| { |
| if (!m_clientAdapter) |
| return; |
| |
| // Prevent invocation of the WebURLLoaderClient methods. |
| m_clientAdapter->releaseClient(); |
| |
| if (m_loader) { |
| m_loader->cancel(); |
| m_loader.reset(); |
| } |
| m_clientAdapter.reset(); |
| } |
| |
| void AssociatedURLLoader::setDefersLoading(bool defersLoading) |
| { |
| if (m_loader) |
| m_loader->setDefersLoading(defersLoading); |
| } |
| |
| void AssociatedURLLoader::setLoadingTaskRunner(blink::WebTaskRunner*) |
| { |
| // TODO(alexclarke): Maybe support this one day if it proves worthwhile. |
| } |
| |
| void AssociatedURLLoader::documentDestroyed() |
| { |
| disposeObserver(); |
| cancelLoader(); |
| |
| if (!m_client) |
| return; |
| |
| releaseClient()->didFail(this, ResourceError()); |
| // |this| may be dead here. |
| } |
| |
| void AssociatedURLLoader::disposeObserver() |
| { |
| if (!m_observer) |
| return; |
| |
| // TODO(tyoshino): Remove this assert once Document is fixed so that |
| // contextDestroyed() is invoked for all kinds of Documents. |
| // |
| // Currently, the method of detecting Document destruction implemented here |
| // doesn't work for all kinds of Documents. In case we reached here after |
| // the Oilpan is destroyed, we just crash the renderer process to prevent |
| // UaF. |
| // |
| // We could consider just skipping the rest of code in case |
| // ThreadState::current() is null. However, the fact we reached here |
| // without cancelling the loader means that it's possible there're some |
| // non-Blink non-on-heap objects still facing on-heap Blink objects. E.g. |
| // there could be a WebURLLoader instance behind the |
| // DocumentThreadableLoader instance. So, for safety, we chose to just |
| // crash here. |
| RELEASE_ASSERT(ThreadState::current()); |
| |
| m_observer->dispose(); |
| m_observer = nullptr; |
| } |
| |
| } // namespace blink |