webkitgtk-2.16.5HEADwebkitgtk-2.16.5master

1 files changed, 36 insertions, 28 deletions

diff --git a/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp b/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp
index 7398d0f95..47cf73650 100644
--- a/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp
+++ b/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp
@@ -10,10 +10,10 @@
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  *
- * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
@@ -28,22 +28,28 @@
 #include "CrossOriginPreflightResultCache.h"
 
 #include "CrossOriginAccessControl.h"
+#include "HTTPHeaderNames.h"
+#include "HTTPParsers.h"
 #include "ResourceResponse.h"
-#include <wtf/CurrentTime.h>
 #include <wtf/MainThread.h>
+#include <wtf/NeverDestroyed.h>
 #include <wtf/StdLibExtras.h>
 
 namespace WebCore {
 
 // These values are at the discretion of the user agent.
-static const unsigned defaultPreflightCacheTimeoutSeconds = 5;
-static const unsigned maxPreflightCacheTimeoutSeconds = 600; // Should be short enough to minimize the risk of using a poisoned cache after switching to a secure network.
+static const auto defaultPreflightCacheTimeout = 5s;
+static const auto maxPreflightCacheTimeout = 600s; // Should be short enough to minimize the risk of using a poisoned cache after switching to a secure network.
 
-static bool parseAccessControlMaxAge(const String& string, unsigned& expiryDelta)
+CrossOriginPreflightResultCache::CrossOriginPreflightResultCache()
+{
+}
+
+static bool parseAccessControlMaxAge(const String& string, std::chrono::seconds& expiryDelta)
 {
     // FIXME: this will not do the correct thing for a number starting with a '+'
     bool ok = false;
-    expiryDelta = string.toUIntStrict(&ok);
+    expiryDelta = std::chrono::seconds(string.toUIntStrict(&ok));
     return ok;
 }
 
@@ -88,25 +94,25 @@ static bool parseAccessControlAllowList(const String& string, HashSet<String, Ha
 bool CrossOriginPreflightResultCacheItem::parse(const ResourceResponse& response, String& errorDescription)
 {
     m_methods.clear();
-    if (!parseAccessControlAllowList(response.httpHeaderField("Access-Control-Allow-Methods"), m_methods)) {
+    if (!parseAccessControlAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlAllowMethods), m_methods)) {
         errorDescription = "Cannot parse Access-Control-Allow-Methods response header field.";
         return false;
     }
 
     m_headers.clear();
-    if (!parseAccessControlAllowList(response.httpHeaderField("Access-Control-Allow-Headers"), m_headers)) {
+    if (!parseAccessControlAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlAllowHeaders), m_headers)) {
         errorDescription = "Cannot parse Access-Control-Allow-Headers response header field.";
         return false;
     }
 
-    unsigned expiryDelta;
-    if (parseAccessControlMaxAge(response.httpHeaderField("Access-Control-Max-Age"), expiryDelta)) {
-        if (expiryDelta > maxPreflightCacheTimeoutSeconds)
-            expiryDelta = maxPreflightCacheTimeoutSeconds;
+    std::chrono::seconds expiryDelta;
+    if (parseAccessControlMaxAge(response.httpHeaderField(HTTPHeaderName::AccessControlMaxAge), expiryDelta)) {
+        if (expiryDelta > maxPreflightCacheTimeout)
+            expiryDelta = maxPreflightCacheTimeout;
     } else
-        expiryDelta = defaultPreflightCacheTimeoutSeconds;
+        expiryDelta = defaultPreflightCacheTimeout;
 
-    m_absoluteExpiryTime = monotonicallyIncreasingTime() + expiryDelta;
+    m_absoluteExpiryTime = std::chrono::steady_clock::now() + expiryDelta;
     return true;
 }
 
@@ -121,10 +127,11 @@ bool CrossOriginPreflightResultCacheItem::allowsCrossOriginMethod(const String&
 
 bool CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders(const HTTPHeaderMap& requestHeaders, String& errorDescription) const
 {
-    HTTPHeaderMap::const_iterator end = requestHeaders.end();
-    for (HTTPHeaderMap::const_iterator it = requestHeaders.begin(); it != end; ++it) {
-        if (!m_headers.contains(it->key) && !isOnAccessControlSimpleRequestHeaderWhitelist(it->key, it->value)) {
-            errorDescription = "Request header field " + it->key.string() + " is not allowed by Access-Control-Allow-Headers.";
+    for (const auto& header : requestHeaders) {
+        if (header.keyAsHTTPHeaderName && isCrossOriginSafeRequestHeader(header.keyAsHTTPHeaderName.value(), header.value))
+            continue;
+        if (!m_headers.contains(header.key)) {
+            errorDescription = "Request header field " + header.key + " is not allowed by Access-Control-Allow-Headers.";
             return false;
         }
     }
@@ -134,7 +141,7 @@ bool CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders(const HTTPHea
 bool CrossOriginPreflightResultCacheItem::allowsRequest(StoredCredentials includeCredentials, const String& method, const HTTPHeaderMap& requestHeaders) const
 {
     String ignoredExplanation;
-    if (m_absoluteExpiryTime < monotonicallyIncreasingTime())
+    if (m_absoluteExpiryTime < std::chrono::steady_clock::now())
         return false;
     if (includeCredentials == AllowStoredCredentials && m_credentials == DoNotAllowStoredCredentials)
         return false;
@@ -145,30 +152,31 @@ bool CrossOriginPreflightResultCacheItem::allowsRequest(StoredCredentials includ
     return true;
 }
 
-CrossOriginPreflightResultCache& CrossOriginPreflightResultCache::shared()
+CrossOriginPreflightResultCache& CrossOriginPreflightResultCache::singleton()
 {
-    DEFINE_STATIC_LOCAL(CrossOriginPreflightResultCache, cache, ());
     ASSERT(isMainThread());
+
+    static NeverDestroyed<CrossOriginPreflightResultCache> cache;
     return cache;
 }
 
-void CrossOriginPreflightResultCache::appendEntry(const String& origin, const URL& url, PassOwnPtr<CrossOriginPreflightResultCacheItem> preflightResult)
+void CrossOriginPreflightResultCache::appendEntry(const String& origin, const URL& url, std::unique_ptr<CrossOriginPreflightResultCacheItem> preflightResult)
 {
     ASSERT(isMainThread());
-    m_preflightHashMap.set(std::make_pair(origin, url), preflightResult);
+    m_preflightHashMap.set(std::make_pair(origin, url), WTFMove(preflightResult));
 }
 
 bool CrossOriginPreflightResultCache::canSkipPreflight(const String& origin, const URL& url, StoredCredentials includeCredentials, const String& method, const HTTPHeaderMap& requestHeaders)
 {
     ASSERT(isMainThread());
-    CrossOriginPreflightResultHashMap::iterator cacheIt = m_preflightHashMap.find(std::make_pair(origin, url));
-    if (cacheIt == m_preflightHashMap.end())
+    auto it = m_preflightHashMap.find(std::make_pair(origin, url));
+    if (it == m_preflightHashMap.end())
         return false;
 
-    if (cacheIt->value->allowsRequest(includeCredentials, method, requestHeaders))
+    if (it->value->allowsRequest(includeCredentials, method, requestHeaders))
         return true;
 
-    m_preflightHashMap.remove(cacheIt);
+    m_preflightHashMap.remove(it);
     return false;
 }