1 /* 2 * Copyright (C) 2010, 2011, 2012 Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * * Neither the name of Google Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived from 16 * this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include "config.h" 32 #include "AssociatedURLLoader.h" 33 34 #include "WebApplicationCacheHost.h" 35 #include "WebDataSource.h" 36 #include "WebFrameImpl.h" 37 #include "core/fetch/CrossOriginAccessControl.h" 38 #include "core/loader/DocumentThreadableLoader.h" 39 #include "core/loader/DocumentThreadableLoaderClient.h" 40 #include "core/xml/XMLHttpRequest.h" 41 #include "platform/Timer.h" 42 #include "platform/exported/WrappedResourceRequest.h" 43 #include "platform/exported/WrappedResourceResponse.h" 44 #include "platform/network/HTTPParsers.h" 45 #include "platform/network/ResourceError.h" 46 #include "public/platform/WebHTTPHeaderVisitor.h" 47 #include "public/platform/WebString.h" 48 #include "public/platform/WebURLError.h" 49 #include "public/platform/WebURLLoaderClient.h" 50 #include "public/platform/WebURLRequest.h" 51 #include "wtf/HashSet.h" 52 #include "wtf/text/WTFString.h" 53 54 using namespace WebCore; 55 using namespace WTF; 56 57 namespace blink { 58 59 namespace { 60 61 class HTTPRequestHeaderValidator : public WebHTTPHeaderVisitor { 62 WTF_MAKE_NONCOPYABLE(HTTPRequestHeaderValidator); 63 public: 64 HTTPRequestHeaderValidator() : m_isSafe(true) { } 65 66 void visitHeader(const WebString& name, const WebString& value); 67 bool isSafe() const { return m_isSafe; } 68 69 private: 70 bool m_isSafe; 71 }; 72 73 typedef HashSet<String, CaseFoldingHash> HTTPHeaderSet; 74 75 void HTTPRequestHeaderValidator::visitHeader(const WebString& name, const WebString& value) 76 { 77 m_isSafe = m_isSafe && isValidHTTPToken(name) && XMLHttpRequest::isAllowedHTTPHeader(name) && isValidHTTPHeaderValue(value); 78 } 79 80 // FIXME: Remove this and use WebCore code that does the same thing. 81 class HTTPResponseHeaderValidator : public WebHTTPHeaderVisitor { 82 WTF_MAKE_NONCOPYABLE(HTTPResponseHeaderValidator); 83 public: 84 HTTPResponseHeaderValidator(bool usingAccessControl) : m_usingAccessControl(usingAccessControl) { } 85 86 void visitHeader(const WebString& name, const WebString& value); 87 const HTTPHeaderSet& blockedHeaders(); 88 89 private: 90 HTTPHeaderSet m_exposedHeaders; 91 HTTPHeaderSet m_blockedHeaders; 92 bool m_usingAccessControl; 93 }; 94 95 void HTTPResponseHeaderValidator::visitHeader(const WebString& name, const WebString& value) 96 { 97 String headerName(name); 98 if (m_usingAccessControl) { 99 if (equalIgnoringCase(headerName, "access-control-expose-headers")) 100 parseAccessControlExposeHeadersAllowList(value, m_exposedHeaders); 101 else if (!isOnAccessControlResponseHeaderWhitelist(headerName)) 102 m_blockedHeaders.add(name); 103 } 104 } 105 106 const HTTPHeaderSet& HTTPResponseHeaderValidator::blockedHeaders() 107 { 108 // Remove exposed headers from the blocked set. 109 if (!m_exposedHeaders.isEmpty()) { 110 // Don't allow Set-Cookie headers to be exposed. 111 m_exposedHeaders.remove("set-cookie"); 112 m_exposedHeaders.remove("set-cookie2"); 113 // Block Access-Control-Expose-Header itself. It could be exposed later. 114 m_blockedHeaders.add("access-control-expose-headers"); 115 HTTPHeaderSet::const_iterator end = m_exposedHeaders.end(); 116 for (HTTPHeaderSet::const_iterator it = m_exposedHeaders.begin(); it != end; ++it) 117 m_blockedHeaders.remove(*it); 118 } 119 120 return m_blockedHeaders; 121 } 122 123 } 124 125 // This class bridges the interface differences between WebCore and WebKit loader clients. 126 // It forwards its ThreadableLoaderClient notifications to a WebURLLoaderClient. 127 class AssociatedURLLoader::ClientAdapter : public DocumentThreadableLoaderClient { 128 WTF_MAKE_NONCOPYABLE(ClientAdapter); 129 public: 130 static PassOwnPtr<ClientAdapter> create(AssociatedURLLoader*, WebURLLoaderClient*, const WebURLLoaderOptions&); 131 132 virtual void didSendData(unsigned long long /*bytesSent*/, unsigned long long /*totalBytesToBeSent*/); 133 virtual void willSendRequest(ResourceRequest& /*newRequest*/, const ResourceResponse& /*redirectResponse*/); 134 135 virtual void didReceiveResponse(unsigned long, const ResourceResponse&); 136 virtual void didDownloadData(int /*dataLength*/); 137 virtual void didReceiveData(const char*, int /*dataLength*/); 138 virtual void didReceiveCachedMetadata(const char*, int /*dataLength*/); 139 virtual void didFinishLoading(unsigned long /*identifier*/, double /*finishTime*/); 140 virtual void didFail(const ResourceError&); 141 virtual void didFailRedirectCheck(); 142 143 virtual bool isDocumentThreadableLoaderClient() { return true; } 144 145 // Sets an error to be reported back to the client, asychronously. 146 void setDelayedError(const ResourceError&); 147 148 // Enables forwarding of error notifications to the WebURLLoaderClient. These must be 149 // deferred until after the call to AssociatedURLLoader::loadAsynchronously() completes. 150 void enableErrorNotifications(); 151 152 // Stops loading and releases the DocumentThreadableLoader as early as possible. 153 void clearClient() { m_client = 0; } 154 155 private: 156 ClientAdapter(AssociatedURLLoader*, WebURLLoaderClient*, const WebURLLoaderOptions&); 157 158 void notifyError(Timer<ClientAdapter>*); 159 160 AssociatedURLLoader* m_loader; 161 WebURLLoaderClient* m_client; 162 WebURLLoaderOptions m_options; 163 WebURLError m_error; 164 165 Timer<ClientAdapter> m_errorTimer; 166 bool m_enableErrorNotifications; 167 bool m_didFail; 168 }; 169 170 PassOwnPtr<AssociatedURLLoader::ClientAdapter> AssociatedURLLoader::ClientAdapter::create(AssociatedURLLoader* loader, WebURLLoaderClient* client, const WebURLLoaderOptions& options) 171 { 172 return adoptPtr(new ClientAdapter(loader, client, options)); 173 } 174 175 AssociatedURLLoader::ClientAdapter::ClientAdapter(AssociatedURLLoader* loader, WebURLLoaderClient* client, const WebURLLoaderOptions& options) 176 : m_loader(loader) 177 , m_client(client) 178 , m_options(options) 179 , m_errorTimer(this, &ClientAdapter::notifyError) 180 , m_enableErrorNotifications(false) 181 , m_didFail(false) 182 { 183 ASSERT(m_loader); 184 ASSERT(m_client); 185 } 186 187 void AssociatedURLLoader::ClientAdapter::willSendRequest(ResourceRequest& newRequest, const ResourceResponse& redirectResponse) 188 { 189 if (!m_client) 190 return; 191 192 WrappedResourceRequest wrappedNewRequest(newRequest); 193 WrappedResourceResponse wrappedRedirectResponse(redirectResponse); 194 m_client->willSendRequest(m_loader, wrappedNewRequest, wrappedRedirectResponse); 195 } 196 197 void AssociatedURLLoader::ClientAdapter::didSendData(unsigned long long bytesSent, unsigned long long totalBytesToBeSent) 198 { 199 if (!m_client) 200 return; 201 202 m_client->didSendData(m_loader, bytesSent, totalBytesToBeSent); 203 } 204 205 void AssociatedURLLoader::ClientAdapter::didReceiveResponse(unsigned long, const ResourceResponse& response) 206 { 207 // Try to use the original ResourceResponse if possible. 208 WebURLResponse validatedResponse = WrappedResourceResponse(response); 209 HTTPResponseHeaderValidator validator(m_options.crossOriginRequestPolicy == WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl); 210 if (!m_options.exposeAllResponseHeaders) 211 validatedResponse.visitHTTPHeaderFields(&validator); 212 213 // If there are blocked headers, copy the response so we can remove them. 214 const HTTPHeaderSet& blockedHeaders = validator.blockedHeaders(); 215 if (!blockedHeaders.isEmpty()) { 216 validatedResponse = WebURLResponse(validatedResponse); 217 HTTPHeaderSet::const_iterator end = blockedHeaders.end(); 218 for (HTTPHeaderSet::const_iterator it = blockedHeaders.begin(); it != end; ++it) 219 validatedResponse.clearHTTPHeaderField(*it); 220 } 221 m_client->didReceiveResponse(m_loader, validatedResponse); 222 } 223 224 void AssociatedURLLoader::ClientAdapter::didDownloadData(int dataLength) 225 { 226 if (!m_client) 227 return; 228 229 m_client->didDownloadData(m_loader, dataLength, -1); 230 } 231 232 void AssociatedURLLoader::ClientAdapter::didReceiveData(const char* data, int dataLength) 233 { 234 if (!m_client) 235 return; 236 237 m_client->didReceiveData(m_loader, data, dataLength, -1); 238 } 239 240 void AssociatedURLLoader::ClientAdapter::didReceiveCachedMetadata(const char* data, int dataLength) 241 { 242 if (!m_client) 243 return; 244 245 m_client->didReceiveCachedMetadata(m_loader, data, dataLength); 246 } 247 248 void AssociatedURLLoader::ClientAdapter::didFinishLoading(unsigned long identifier, double finishTime) 249 { 250 if (!m_client) 251 return; 252 253 m_client->didFinishLoading(m_loader, finishTime); 254 } 255 256 void AssociatedURLLoader::ClientAdapter::didFail(const ResourceError& error) 257 { 258 if (!m_client) 259 return; 260 261 m_didFail = true; 262 m_error = WebURLError(error); 263 if (m_enableErrorNotifications) 264 notifyError(&m_errorTimer); 265 } 266 267 void AssociatedURLLoader::ClientAdapter::didFailRedirectCheck() 268 { 269 m_loader->cancel(); 270 } 271 272 void AssociatedURLLoader::ClientAdapter::setDelayedError(const ResourceError& error) 273 { 274 didFail(error); 275 } 276 277 void AssociatedURLLoader::ClientAdapter::enableErrorNotifications() 278 { 279 m_enableErrorNotifications = true; 280 // If an error has already been received, start a timer to report it to the client 281 // after AssociatedURLLoader::loadAsynchronously has returned to the caller. 282 if (m_didFail) 283 m_errorTimer.startOneShot(0); 284 } 285 286 void AssociatedURLLoader::ClientAdapter::notifyError(Timer<ClientAdapter>* timer) 287 { 288 ASSERT_UNUSED(timer, timer == &m_errorTimer); 289 290 m_client->didFail(m_loader, m_error); 291 } 292 293 AssociatedURLLoader::AssociatedURLLoader(PassRefPtr<WebFrameImpl> frameImpl, const WebURLLoaderOptions& options) 294 : m_frameImpl(frameImpl) 295 , m_options(options) 296 , m_client(0) 297 { 298 ASSERT(m_frameImpl); 299 } 300 301 AssociatedURLLoader::~AssociatedURLLoader() 302 { 303 cancel(); 304 } 305 306 #define COMPILE_ASSERT_MATCHING_ENUM(webkit_name, webcore_name) \ 307 COMPILE_ASSERT(static_cast<int>(blink::webkit_name) == static_cast<int>(WebCore::webcore_name), mismatching_enums) 308 309 COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::CrossOriginRequestPolicyDeny, DenyCrossOriginRequests); 310 COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl, UseAccessControl); 311 COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::CrossOriginRequestPolicyAllow, AllowCrossOriginRequests); 312 313 COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::ConsiderPreflight, ConsiderPreflight); 314 COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::ForcePreflight, ForcePreflight); 315 COMPILE_ASSERT_MATCHING_ENUM(WebURLLoaderOptions::PreventPreflight, PreventPreflight); 316 317 void AssociatedURLLoader::loadSynchronously(const WebURLRequest& request, WebURLResponse& response, WebURLError& error, WebData& data) 318 { 319 ASSERT(0); // Synchronous loading is not supported. 320 } 321 322 void AssociatedURLLoader::loadAsynchronously(const WebURLRequest& request, WebURLLoaderClient* client) 323 { 324 ASSERT(!m_client); 325 326 m_client = client; 327 ASSERT(m_client); 328 329 bool allowLoad = true; 330 WebURLRequest newRequest(request); 331 if (m_options.untrustedHTTP) { 332 WebString method = newRequest.httpMethod(); 333 allowLoad = isValidHTTPToken(method) && XMLHttpRequest::isAllowedHTTPMethod(method); 334 if (allowLoad) { 335 newRequest.setHTTPMethod(XMLHttpRequest::uppercaseKnownHTTPMethod(method)); 336 HTTPRequestHeaderValidator validator; 337 newRequest.visitHTTPHeaderFields(&validator); 338 allowLoad = validator.isSafe(); 339 } 340 } 341 342 m_clientAdapter = ClientAdapter::create(this, m_client, m_options); 343 344 if (allowLoad) { 345 ThreadableLoaderOptions options; 346 options.sendLoadCallbacks = SendCallbacks; // Always send callbacks. 347 options.sniffContent = m_options.sniffContent ? SniffContent : DoNotSniffContent; 348 options.allowCredentials = m_options.allowCredentials ? AllowStoredCredentials : DoNotAllowStoredCredentials; 349 options.preflightPolicy = static_cast<WebCore::PreflightPolicy>(m_options.preflightPolicy); 350 options.crossOriginRequestPolicy = static_cast<WebCore::CrossOriginRequestPolicy>(m_options.crossOriginRequestPolicy); 351 options.dataBufferingPolicy = DoNotBufferData; 352 353 const ResourceRequest& webcoreRequest = newRequest.toResourceRequest(); 354 Document* webcoreDocument = m_frameImpl->frame()->document(); 355 m_loader = DocumentThreadableLoader::create(webcoreDocument, m_clientAdapter.get(), webcoreRequest, options); 356 } else { 357 // FIXME: return meaningful error codes. 358 m_clientAdapter->setDelayedError(ResourceError()); 359 } 360 m_clientAdapter->enableErrorNotifications(); 361 } 362 363 void AssociatedURLLoader::cancel() 364 { 365 if (m_clientAdapter) 366 m_clientAdapter->clearClient(); 367 if (m_loader) 368 m_loader->cancel(); 369 } 370 371 void AssociatedURLLoader::setDefersLoading(bool defersLoading) 372 { 373 if (m_loader) 374 m_loader->setDefersLoading(defersLoading); 375 } 376 377 } // namespace blink 378
