Home | History | Annotate | Download | only in loader 
      1 /*
      2  * Copyright (C) 2010 Google Inc. All rights reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions are
      6  * met:
      7  *
      8  *     * Redistributions of source code must retain the above copyright
      9  * notice, this list of conditions and the following disclaimer.
     10  *     * Redistributions in binary form must reproduce the above
     11  * copyright notice, this list of conditions and the following disclaimer
     12  * in the documentation and/or other materials provided with the
     13  * distribution.
     14  *     * Neither the name of Google Inc. nor the names of its
     15  * contributors may be used to endorse or promote products derived from
     16  * this software without specific prior written permission.
     17  *
     18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     29  *
     30  */
     31 
     32 #include "config.h"
     33 #include "core/loader/PingLoader.h"
     34 
     35 #include "core/dom/Document.h"
     36 #include "core/frame/Frame.h"
     37 #include "core/inspector/InspectorInstrumentation.h"
     38 #include "core/loader/FrameLoader.h"
     39 #include "core/loader/FrameLoaderClient.h"
     40 #include "core/loader/UniqueIdentifier.h"
     41 #include "platform/exported/WrappedResourceRequest.h"
     42 #include "platform/network/FormData.h"
     43 #include "platform/network/ResourceRequest.h"
     44 #include "platform/network/ResourceResponse.h"
     45 #include "platform/weborigin/SecurityOrigin.h"
     46 #include "platform/weborigin/SecurityPolicy.h"
     47 #include "public/platform/Platform.h"
     48 #include "public/platform/WebURLLoader.h"
     49 #include "wtf/OwnPtr.h"
     50 
     51 namespace WebCore {
     52 
     53 void PingLoader::loadImage(Frame* frame, const KURL& url)
     54 {
     55     if (!frame->document()->securityOrigin()->canDisplay(url)) {
     56         FrameLoader::reportLocalLoadFailed(frame, url.string());
     57         return;
     58     }
     59 
     60     ResourceRequest request(url);
     61     request.setTargetType(ResourceRequest::TargetIsPing);
     62     request.setHTTPHeaderField("Cache-Control", "max-age=0");
     63     String referrer = SecurityPolicy::generateReferrerHeader(frame->document()->referrerPolicy(), request.url(), frame->document()->outgoingReferrer());
     64     if (!referrer.isEmpty())
     65         request.setHTTPReferrer(referrer);
     66     frame->loader().addExtraFieldsToRequest(request);
     67     OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request));
     68 
     69     // Leak the ping loader, since it will kill itself as soon as it receives a response.
     70     PingLoader* ALLOW_UNUSED leakedPingLoader = pingLoader.leakPtr();
     71 }
     72 
     73 // http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#hyperlink-auditing
     74 void PingLoader::sendPing(Frame* frame, const KURL& pingURL, const KURL& destinationURL)
     75 {
     76     ResourceRequest request(pingURL);
     77     request.setTargetType(ResourceRequest::TargetIsPing);
     78     request.setHTTPMethod("POST");
     79     request.setHTTPContentType("text/ping");
     80     request.setHTTPBody(FormData::create("PING"));
     81     request.setHTTPHeaderField("Cache-Control", "max-age=0");
     82     frame->loader().addExtraFieldsToRequest(request);
     83 
     84     SecurityOrigin* sourceOrigin = frame->document()->securityOrigin();
     85     RefPtr<SecurityOrigin> pingOrigin = SecurityOrigin::create(pingURL);
     86     FrameLoader::addHTTPOriginIfNeeded(request, sourceOrigin->toString());
     87     request.setHTTPHeaderField("Ping-To", destinationURL.string());
     88     if (!SecurityPolicy::shouldHideReferrer(pingURL, frame->document()->outgoingReferrer())) {
     89         request.setHTTPHeaderField("Ping-From", frame->document()->url().string());
     90         if (!sourceOrigin->isSameSchemeHostPort(pingOrigin.get())) {
     91             String referrer = SecurityPolicy::generateReferrerHeader(frame->document()->referrerPolicy(), pingURL, frame->document()->outgoingReferrer());
     92             if (!referrer.isEmpty())
     93                 request.setHTTPReferrer(referrer);
     94         }
     95     }
     96     OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request));
     97 
     98     // Leak the ping loader, since it will kill itself as soon as it receives a response.
     99     PingLoader* ALLOW_UNUSED leakedPingLoader = pingLoader.leakPtr();
    100 }
    101 
    102 void PingLoader::sendViolationReport(Frame* frame, const KURL& reportURL, PassRefPtr<FormData> report, ViolationReportType type)
    103 {
    104     ResourceRequest request(reportURL);
    105     request.setTargetType(ResourceRequest::TargetIsSubresource);
    106     request.setHTTPMethod("POST");
    107     request.setHTTPContentType(type == ContentSecurityPolicyViolationReport ? "application/csp-report" : "application/json");
    108     request.setHTTPBody(report);
    109     frame->loader().addExtraFieldsToRequest(request);
    110 
    111     String referrer = SecurityPolicy::generateReferrerHeader(frame->document()->referrerPolicy(), reportURL, frame->document()->outgoingReferrer());
    112     if (!referrer.isEmpty())
    113         request.setHTTPReferrer(referrer);
    114     OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request, SecurityOrigin::create(reportURL)->isSameSchemeHostPort(frame->document()->securityOrigin()) ? AllowStoredCredentials : DoNotAllowStoredCredentials));
    115 
    116     // Leak the ping loader, since it will kill itself as soon as it receives a response.
    117     PingLoader* ALLOW_UNUSED leakedPingLoader = pingLoader.leakPtr();
    118 }
    119 
    120 PingLoader::PingLoader(Frame* frame, ResourceRequest& request, StoredCredentials credentialsAllowed)
    121     : m_timeout(this, &PingLoader::timeout)
    122 {
    123     frame->loader().client()->didDispatchPingLoader(request.url());
    124 
    125     unsigned long identifier = createUniqueIdentifier();
    126     m_loader = adoptPtr(blink::Platform::current()->createURLLoader());
    127     ASSERT(m_loader);
    128     blink::WrappedResourceRequest wrappedRequest(request);
    129     wrappedRequest.setAllowStoredCredentials(credentialsAllowed == AllowStoredCredentials);
    130     m_loader->loadAsynchronously(wrappedRequest, this);
    131 
    132     InspectorInstrumentation::continueAfterPingLoader(frame, identifier, frame->loader().activeDocumentLoader(), request, ResourceResponse());
    133 
    134     // If the server never responds, FrameLoader won't be able to cancel this load and
    135     // we'll sit here waiting forever. Set a very generous timeout, just in case.
    136     m_timeout.startOneShot(60000);
    137 }
    138 
    139 PingLoader::~PingLoader()
    140 {
    141     if (m_loader)
    142         m_loader->cancel();
    143 }
    144 
    145 }
    146