Home | History | Annotate | Download | only in loader 
      1 /*
      2  * Copyright (C) 2010 Google Inc. All rights reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions are
      6  * met:
      7  *
      8  *     * Redistributions of source code must retain the above copyright
      9  * notice, this list of conditions and the following disclaimer.
     10  *     * Redistributions in binary form must reproduce the above
     11  * copyright notice, this list of conditions and the following disclaimer
     12  * in the documentation and/or other materials provided with the
     13  * distribution.
     14  *     * Neither the name of Google Inc. nor the names of its
     15  * contributors may be used to endorse or promote products derived from
     16  * this software without specific prior written permission.
     17  *
     18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     29  *
     30  */
     31 
     32 #include "config.h"
     33 #include "core/loader/PingLoader.h"
     34 
     35 #include "core/dom/Document.h"
     36 #include "core/inspector/InspectorInstrumentation.h"
     37 #include "core/loader/FrameLoader.h"
     38 #include "core/loader/FrameLoaderClient.h"
     39 #include "core/loader/UniqueIdentifier.h"
     40 #include "core/page/Frame.h"
     41 #include "core/platform/chromium/support/WrappedResourceRequest.h"
     42 #include "core/platform/network/FormData.h"
     43 #include "core/platform/network/ResourceRequest.h"
     44 #include "core/platform/network/ResourceResponse.h"
     45 #include "public/platform/Platform.h"
     46 #include "public/platform/WebURLLoader.h"
     47 #include "weborigin/SecurityOrigin.h"
     48 #include "weborigin/SecurityPolicy.h"
     49 #include "wtf/OwnPtr.h"
     50 #include "wtf/UnusedParam.h"
     51 
     52 namespace WebCore {
     53 
     54 void PingLoader::loadImage(Frame* frame, const KURL& url)
     55 {
     56     if (!frame->document()->securityOrigin()->canDisplay(url)) {
     57         FrameLoader::reportLocalLoadFailed(frame, url.string());
     58         return;
     59     }
     60 
     61     ResourceRequest request(url);
     62     request.setTargetType(ResourceRequest::TargetIsImage);
     63     request.setHTTPHeaderField("Cache-Control", "max-age=0");
     64     String referrer = SecurityPolicy::generateReferrerHeader(frame->document()->referrerPolicy(), request.url(), frame->loader()->outgoingReferrer());
     65     if (!referrer.isEmpty())
     66         request.setHTTPReferrer(referrer);
     67     frame->loader()->addExtraFieldsToRequest(request);
     68     OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request));
     69 
     70     // Leak the ping loader, since it will kill itself as soon as it receives a response.
     71     PingLoader* leakedPingLoader = pingLoader.leakPtr();
     72     UNUSED_PARAM(leakedPingLoader);
     73 }
     74 
     75 // http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#hyperlink-auditing
     76 void PingLoader::sendPing(Frame* frame, const KURL& pingURL, const KURL& destinationURL)
     77 {
     78     ResourceRequest request(pingURL);
     79     request.setTargetType(ResourceRequest::TargetIsSubresource);
     80     request.setHTTPMethod("POST");
     81     request.setHTTPContentType("text/ping");
     82     request.setHTTPBody(FormData::create("PING"));
     83     request.setHTTPHeaderField("Cache-Control", "max-age=0");
     84     frame->loader()->addExtraFieldsToRequest(request);
     85 
     86     SecurityOrigin* sourceOrigin = frame->document()->securityOrigin();
     87     RefPtr<SecurityOrigin> pingOrigin = SecurityOrigin::create(pingURL);
     88     FrameLoader::addHTTPOriginIfNeeded(request, sourceOrigin->toString());
     89     request.setHTTPHeaderField("Ping-To", destinationURL.string());
     90     if (!SecurityPolicy::shouldHideReferrer(pingURL, frame->loader()->outgoingReferrer())) {
     91         request.setHTTPHeaderField("Ping-From", frame->document()->url().string());
     92         if (!sourceOrigin->isSameSchemeHostPort(pingOrigin.get())) {
     93             String referrer = SecurityPolicy::generateReferrerHeader(frame->document()->referrerPolicy(), pingURL, frame->loader()->outgoingReferrer());
     94             if (!referrer.isEmpty())
     95                 request.setHTTPReferrer(referrer);
     96         }
     97     }
     98     OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request));
     99 
    100     // Leak the ping loader, since it will kill itself as soon as it receives a response.
    101     PingLoader* leakedPingLoader = pingLoader.leakPtr();
    102     UNUSED_PARAM(leakedPingLoader);
    103 }
    104 
    105 void PingLoader::sendViolationReport(Frame* frame, const KURL& reportURL, PassRefPtr<FormData> report, ViolationReportType type)
    106 {
    107     ResourceRequest request(reportURL);
    108     request.setTargetType(ResourceRequest::TargetIsSubresource);
    109     request.setHTTPMethod("POST");
    110     request.setHTTPContentType(type == ContentSecurityPolicyViolationReport ? "application/csp-report" : "application/json");
    111     request.setHTTPBody(report);
    112     frame->loader()->addExtraFieldsToRequest(request);
    113 
    114     String referrer = SecurityPolicy::generateReferrerHeader(frame->document()->referrerPolicy(), reportURL, frame->loader()->outgoingReferrer());
    115     if (!referrer.isEmpty())
    116         request.setHTTPReferrer(referrer);
    117     OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request, SecurityOrigin::create(reportURL)->isSameSchemeHostPort(frame->document()->securityOrigin()) ? AllowStoredCredentials : DoNotAllowStoredCredentials));
    118 
    119     // Leak the ping loader, since it will kill itself as soon as it receives a response.
    120     PingLoader* leakedPingLoader = pingLoader.leakPtr();
    121     UNUSED_PARAM(leakedPingLoader);
    122 }
    123 
    124 PingLoader::PingLoader(Frame* frame, ResourceRequest& request, StoredCredentials credentialsAllowed)
    125     : m_timeout(this, &PingLoader::timeout)
    126 {
    127     frame->loader()->client()->didDispatchPingLoader(request.url());
    128 
    129     unsigned long identifier = createUniqueIdentifier();
    130     m_loader = adoptPtr(WebKit::Platform::current()->createURLLoader());
    131     ASSERT(m_loader);
    132     WebKit::WrappedResourceRequest wrappedRequest(request);
    133     wrappedRequest.setAllowStoredCredentials(credentialsAllowed == AllowStoredCredentials);
    134     m_loader->loadAsynchronously(wrappedRequest, this);
    135 
    136     InspectorInstrumentation::continueAfterPingLoader(frame, identifier, frame->loader()->activeDocumentLoader(), request, ResourceResponse());
    137 
    138     // If the server never responds, FrameLoader won't be able to cancel this load and
    139     // we'll sit here waiting forever. Set a very generous timeout, just in case.
    140     m_timeout.startOneShot(60000);
    141 }
    142 
    143 PingLoader::~PingLoader()
    144 {
    145     if (m_loader)
    146         m_loader->cancel();
    147 }
    148 
    149 }
    150