Home | History | Annotate | Download | only in fetch 
      1 /*
      2  * Copyright (C) 2011 Google Inc. All rights reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions are
      6  * met:
      7  *
      8  *     * Redistributions of source code must retain the above copyright
      9  * notice, this list of conditions and the following disclaimer.
     10  *     * Redistributions in binary form must reproduce the above
     11  * copyright notice, this list of conditions and the following disclaimer
     12  * in the documentation and/or other materials provided with the
     13  * distribution.
     14  *     * Neither the name of Google Inc. nor the names of its
     15  * contributors may be used to endorse or promote products derived from
     16  * this software without specific prior written permission.
     17  *
     18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     29  */
     30 
     31 #ifndef ResourceLoaderOptions_h
     32 #define ResourceLoaderOptions_h
     33 
     34 #include "core/fetch/FetchInitiatorInfo.h"
     35 #include "platform/CrossThreadCopier.h"
     36 #include "platform/weborigin/SecurityOrigin.h"
     37 
     38 namespace blink {
     39 
     40 enum DataBufferingPolicy {
     41     BufferData,
     42     DoNotBufferData
     43 };
     44 
     45 enum ContentSecurityPolicyCheck {
     46     CheckContentSecurityPolicy,
     47     DoNotCheckContentSecurityPolicy
     48 };
     49 
     50 enum RequestInitiatorContext {
     51     DocumentContext,
     52     WorkerContext,
     53 };
     54 
     55 enum StoredCredentials {
     56     AllowStoredCredentials,
     57     DoNotAllowStoredCredentials
     58 };
     59 
     60 // APIs like XMLHttpRequest and EventSource let the user decide
     61 // whether to send credentials, but they're always sent for
     62 // same-origin requests. Additional information is needed to handle
     63 // cross-origin redirects correctly.
     64 enum CredentialRequest {
     65     ClientRequestedCredentials,
     66     ClientDidNotRequestCredentials
     67 };
     68 
     69 enum MixedContentBlockingTreatment {
     70     TreatAsDefaultForType,
     71     TreatAsPassiveContent,
     72     TreatAsActiveContent,
     73     TreatAsAlwaysAllowedContent
     74 };
     75 
     76 enum SynchronousPolicy {
     77     RequestSynchronously,
     78     RequestAsynchronously
     79 };
     80 
     81 // A resource fetch can be marked as being CORS enabled. The loader
     82 // must perform an access check upon seeing the response.
     83 enum CORSEnabled {
     84     NotCORSEnabled,
     85     IsCORSEnabled
     86 };
     87 
     88 struct ResourceLoaderOptions {
     89     ResourceLoaderOptions()
     90         : dataBufferingPolicy(BufferData)
     91         , allowCredentials(DoNotAllowStoredCredentials)
     92         , credentialsRequested(ClientDidNotRequestCredentials)
     93         , contentSecurityPolicyOption(CheckContentSecurityPolicy)
     94         , requestInitiatorContext(DocumentContext)
     95         , mixedContentBlockingTreatment(TreatAsDefaultForType)
     96         , synchronousPolicy(RequestAsynchronously)
     97         , corsEnabled(NotCORSEnabled)
     98     {
     99     }
    100 
    101     ResourceLoaderOptions(
    102         DataBufferingPolicy dataBufferingPolicy,
    103         StoredCredentials allowCredentials,
    104         CredentialRequest credentialsRequested,
    105         ContentSecurityPolicyCheck contentSecurityPolicyOption,
    106         RequestInitiatorContext requestInitiatorContext)
    107         : dataBufferingPolicy(dataBufferingPolicy)
    108         , allowCredentials(allowCredentials)
    109         , credentialsRequested(credentialsRequested)
    110         , contentSecurityPolicyOption(contentSecurityPolicyOption)
    111         , requestInitiatorContext(requestInitiatorContext)
    112         , mixedContentBlockingTreatment(TreatAsDefaultForType)
    113         , synchronousPolicy(RequestAsynchronously)
    114         , corsEnabled(NotCORSEnabled)
    115     {
    116     }
    117 
    118     // Answers the question "can a separate request with these
    119     // different options be re-used" (e.g. preload request)
    120     // The safe (but possibly slow) answer is always false.
    121     bool canReuseRequest(const ResourceLoaderOptions& other) const
    122     {
    123         // dataBufferingPolicy differences are believed to be safe for re-use.
    124         // FIXME: check allowCredentials.
    125         // FIXME: check credentialsRequested.
    126         // FIXME: check contentSecurityPolicyOption.
    127         // initiatorInfo is purely informational and should be benign for re-use.
    128         // requestInitiatorContext is benign (indicates document vs. worker)
    129         // FIXME: check mixedContentBlockingTreatment.
    130         // synchronousPolicy (safe to re-use an async XHR response for sync, etc.)
    131         return corsEnabled == other.corsEnabled;
    132         // securityOrigin has more complicated checks which callers are responsible for.
    133     }
    134 
    135     // When adding members, CrossThreadResourceLoaderOptionsData should be
    136     // updated.
    137     DataBufferingPolicy dataBufferingPolicy;
    138     StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request.
    139     CredentialRequest credentialsRequested; // Whether the client (e.g. XHR) wanted credentials in the first place.
    140     ContentSecurityPolicyCheck contentSecurityPolicyOption;
    141     FetchInitiatorInfo initiatorInfo;
    142     RequestInitiatorContext requestInitiatorContext;
    143     MixedContentBlockingTreatment mixedContentBlockingTreatment;
    144     SynchronousPolicy synchronousPolicy;
    145     CORSEnabled corsEnabled; // If the resource is loaded out-of-origin, whether or not to use CORS.
    146     RefPtr<SecurityOrigin> securityOrigin;
    147 };
    148 
    149 // Encode AtomicString (in FetchInitiatorInfo) as String to cross threads.
    150 struct CrossThreadResourceLoaderOptionsData {
    151     explicit CrossThreadResourceLoaderOptionsData(const ResourceLoaderOptions& options)
    152         : dataBufferingPolicy(options.dataBufferingPolicy)
    153         , allowCredentials(options.allowCredentials)
    154         , credentialsRequested(options.credentialsRequested)
    155         , contentSecurityPolicyOption(options.contentSecurityPolicyOption)
    156         , initiatorInfo(options.initiatorInfo)
    157         , requestInitiatorContext(options.requestInitiatorContext)
    158         , mixedContentBlockingTreatment(options.mixedContentBlockingTreatment)
    159         , synchronousPolicy(options.synchronousPolicy)
    160         , corsEnabled(options.corsEnabled)
    161         , securityOrigin(options.securityOrigin) { }
    162 
    163     operator ResourceLoaderOptions() const
    164     {
    165         ResourceLoaderOptions options;
    166         options.dataBufferingPolicy = dataBufferingPolicy;
    167         options.allowCredentials = allowCredentials;
    168         options.credentialsRequested = credentialsRequested;
    169         options.contentSecurityPolicyOption = contentSecurityPolicyOption;
    170         options.initiatorInfo = initiatorInfo;
    171         options.requestInitiatorContext = requestInitiatorContext;
    172         options.mixedContentBlockingTreatment = mixedContentBlockingTreatment;
    173         options.synchronousPolicy = synchronousPolicy;
    174         options.corsEnabled = corsEnabled;
    175         options.securityOrigin = securityOrigin;
    176         return options;
    177     }
    178 
    179     DataBufferingPolicy dataBufferingPolicy;
    180     StoredCredentials allowCredentials;
    181     CredentialRequest credentialsRequested;
    182     ContentSecurityPolicyCheck contentSecurityPolicyOption;
    183     CrossThreadFetchInitiatorInfoData initiatorInfo;
    184     RequestInitiatorContext requestInitiatorContext;
    185     MixedContentBlockingTreatment mixedContentBlockingTreatment;
    186     SynchronousPolicy synchronousPolicy;
    187     CORSEnabled corsEnabled;
    188     RefPtr<SecurityOrigin> securityOrigin;
    189 };
    190 
    191 template<> struct CrossThreadCopierBase<false, false, false, ResourceLoaderOptions> {
    192     typedef CrossThreadResourceLoaderOptionsData Type;
    193     static Type copy(const ResourceLoaderOptions& options)
    194     {
    195         return CrossThreadResourceLoaderOptionsData(options);
    196     }
    197 };
    198 
    199 } // namespace blink
    200 
    201 #endif // ResourceLoaderOptions_h
    202