webkitgtk-2.16.5HEAD webkitgtk-2.16.5 master

author: Lorry Tar Creator <lorry-tar-importer@lorry> 2017-06-27 06:07:23 +0000
committer: Lorry Tar Creator <lorry-tar-importer@lorry> 2017-06-27 06:07:23 +0000
commit: 1bf1084f2b10c3b47fd1a588d85d21ed0eb41d0c (patch)
tree: 46dcd36c86e7fbc6e5df36deb463b33e9967a6f7 /Source/WebCore/loader/DocumentThreadableLoader.cpp
parent: 32761a6cee1d0dee366b885b7b9c777e67885688 (diff)
download: WebKitGtk-tarball-master.tar.gz
1 files changed, 353 insertions, 218 deletions
diff --git a/Source/WebCore/loader/DocumentThreadableLoader.cpp b/Source/WebCore/loader/DocumentThreadableLoader.cpp
index a6013706b..b6b91e627 100644
--- a/Source/WebCore/loader/DocumentThreadableLoader.cpp
+++ b/Source/WebCore/loader/DocumentThreadableLoader.cpp
@@ -34,15 +34,22 @@
 #include "CachedRawResource.h"
 #include "CachedResourceLoader.h"
 #include "CachedResourceRequest.h"
+#include "CachedResourceRequestInitiators.h"
 #include "CrossOriginAccessControl.h"
+#include "CrossOriginPreflightChecker.h"
 #include "CrossOriginPreflightResultCache.h"
+#include "DOMWindow.h"
 #include "Document.h"
-#include "DocumentThreadableLoaderClient.h"
 #include "Frame.h"
 #include "FrameLoader.h"
 #include "InspectorInstrumentation.h"
+#include "LoadTiming.h"
+#include "Performance.h"
+#include "ProgressTracker.h"
 #include "ResourceError.h"
 #include "ResourceRequest.h"
+#include "ResourceTiming.h"
+#include "RuntimeEnabledFeatures.h"
 #include "SchemeRegistry.h"
 #include "SecurityOrigin.h"
 #include "SubresourceLoader.h"
@@ -50,118 +57,153 @@
 #include <wtf/Assertions.h>
 #include <wtf/Ref.h>
 
-#if ENABLE(INSPECTOR)
-#include "ProgressTracker.h"
-#endif
-
 namespace WebCore {
 
-void DocumentThreadableLoader::loadResourceSynchronously(Document* document, const ResourceRequest& request, ThreadableLoaderClient& client, const ThreadableLoaderOptions& options)
+void DocumentThreadableLoader::loadResourceSynchronously(Document& document, ResourceRequest&& request, ThreadableLoaderClient& client, const ThreadableLoaderOptions& options, RefPtr<SecurityOrigin>&& origin, std::unique_ptr<ContentSecurityPolicy>&& contentSecurityPolicy)
 {
     // The loader will be deleted as soon as this function exits.
-    RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, &client, LoadSynchronously, request, options));
+    Ref<DocumentThreadableLoader> loader = adoptRef(*new DocumentThreadableLoader(document, client, LoadSynchronously, WTFMove(request), options, WTFMove(origin), WTFMove(contentSecurityPolicy), String(), ShouldLogError::Yes));
     ASSERT(loader->hasOneRef());
 }
 
-PassRefPtr<DocumentThreadableLoader> DocumentThreadableLoader::create(Document* document, ThreadableLoaderClient* client, const ResourceRequest& request, const ThreadableLoaderOptions& options)
+void DocumentThreadableLoader::loadResourceSynchronously(Document& document, ResourceRequest&& request, ThreadableLoaderClient& client, const ThreadableLoaderOptions& options)
+{
+    loadResourceSynchronously(document, WTFMove(request), client, options, nullptr, nullptr);
+}
+
+RefPtr<DocumentThreadableLoader> DocumentThreadableLoader::create(Document& document, ThreadableLoaderClient& client,
+ResourceRequest&& request, const ThreadableLoaderOptions& options, RefPtr<SecurityOrigin>&& origin,
+std::unique_ptr<ContentSecurityPolicy>&& contentSecurityPolicy, String&& referrer, ShouldLogError shouldLogError)
+{
+    RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, client, LoadAsynchronously, WTFMove(request), options, WTFMove(origin), WTFMove(contentSecurityPolicy), WTFMove(referrer), shouldLogError));
+    if (!loader->isLoading())
+        loader = nullptr;
+    return loader;
+}
+
+RefPtr<DocumentThreadableLoader> DocumentThreadableLoader::create(Document& document, ThreadableLoaderClient& client, ResourceRequest&& request, const ThreadableLoaderOptions& options, String&& referrer)
 {
-    RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, client, LoadAsynchronously, request, options));
-    if (!loader->m_resource)
-        loader = 0;
-    return loader.release();
+    return create(document, client, WTFMove(request), options, nullptr, nullptr, WTFMove(referrer), ShouldLogError::Yes);
 }
 
-DocumentThreadableLoader::DocumentThreadableLoader(Document* document, ThreadableLoaderClient* client, BlockingBehavior blockingBehavior, const ResourceRequest& request, const ThreadableLoaderOptions& options)
-    : m_client(client)
+DocumentThreadableLoader::DocumentThreadableLoader(Document& document, ThreadableLoaderClient& client, BlockingBehavior blockingBehavior, ResourceRequest&& request, const ThreadableLoaderOptions& options, RefPtr<SecurityOrigin>&& origin, std::unique_ptr<ContentSecurityPolicy>&& contentSecurityPolicy, String&& referrer, ShouldLogError shouldLogError)
+    : m_client(&client)
     , m_document(document)
     , m_options(options)
-    , m_sameOriginRequest(securityOrigin()->canRequest(request.url()))
+    , m_origin(WTFMove(origin))
+    , m_referrer(WTFMove(referrer))
+    , m_sameOriginRequest(securityOrigin().canRequest(request.url()))
     , m_simpleRequest(true)
     , m_async(blockingBehavior == LoadAsynchronously)
+    , m_contentSecurityPolicy(WTFMove(contentSecurityPolicy))
+    , m_shouldLogError(shouldLogError)
 {
-    ASSERT(document);
-    ASSERT(client);
-    // Setting an outgoing referer is only supported in the async code path.
-    ASSERT(m_async || request.httpReferrer().isEmpty());
+    relaxAdoptionRequirement();
+
+    // Setting a referrer header is only supported in the async code path.
+    ASSERT(m_async || m_referrer.isEmpty());
+
+    // Referrer and Origin headers should be set after the preflight if any.
+    ASSERT(!request.hasHTTPReferrer() && !request.hasHTTPOrigin());
+
+    ASSERT_WITH_SECURITY_IMPLICATION(isAllowedByContentSecurityPolicy(request.url(), ContentSecurityPolicy::RedirectResponseReceived::No));
+
+    m_options.allowCredentials = (m_options.credentials == FetchOptions::Credentials::Include || (m_options.credentials == FetchOptions::Credentials::SameOrigin && m_sameOriginRequest)) ? AllowStoredCredentials : DoNotAllowStoredCredentials;
+
+    ASSERT(!request.httpHeaderFields().contains(HTTPHeaderName::Origin));
+
+    // Copy headers if we need to replay the request after a redirection.
+    if (m_async && m_options.mode == FetchOptions::Mode::Cors)
+        m_originalHeaders = request.httpHeaderFields();
+
+    if (document.page() && document.page()->isRunningUserScripts() && SchemeRegistry::isUserExtensionScheme(request.url().protocol().toStringWithoutCopying())) {
+        m_options.mode = FetchOptions::Mode::NoCors;
+        m_options.filteringPolicy = ResponseFilteringPolicy::Disable;
+    }
 
-    if (m_sameOriginRequest || m_options.crossOriginRequestPolicy == AllowCrossOriginRequests) {
-        loadRequest(request, DoSecurityCheck);
+    // As per step 11 of https://fetch.spec.whatwg.org/#main-fetch, data scheme (if same-origin data-URL flag is set) and about scheme are considered same-origin.
+    if (request.url().protocolIsData())
+        m_sameOriginRequest = options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set;
+
+    if (m_sameOriginRequest || m_options.mode == FetchOptions::Mode::NoCors) {
+        loadRequest(WTFMove(request), DoSecurityCheck);
         return;
     }
 
-    if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests) {
-        m_client->didFail(ResourceError(errorDomainWebKitInternal, 0, request.url().string(), "Cross origin requests are not supported."));
+    if (m_options.mode == FetchOptions::Mode::SameOrigin) {
+        logErrorAndFail(ResourceError(errorDomainWebKitInternal, 0, request.url(), "Cross origin requests are not allowed when using same-origin fetch mode."));
         return;
     }
 
-    makeCrossOriginAccessRequest(request);
+    makeCrossOriginAccessRequest(WTFMove(request));
 }
 
-void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceRequest& request)
+void DocumentThreadableLoader::makeCrossOriginAccessRequest(ResourceRequest&& request)
 {
-    ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl);
-
-    OwnPtr<ResourceRequest> crossOriginRequest = adoptPtr(new ResourceRequest(request));
-    updateRequestForAccessControl(*crossOriginRequest, securityOrigin(), m_options.allowCredentials);
+    ASSERT(m_options.mode == FetchOptions::Mode::Cors);
 
-    if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAccessRequest(crossOriginRequest->httpMethod(), crossOriginRequest->httpHeaderFields())) || m_options.preflightPolicy == PreventPreflight)
-        makeSimpleCrossOriginAccessRequest(*crossOriginRequest);
+    if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields())) || m_options.preflightPolicy == PreventPreflight)
+        makeSimpleCrossOriginAccessRequest(WTFMove(request));
     else {
         m_simpleRequest = false;
-        m_actualRequest = crossOriginRequest.release();
-
-        if (CrossOriginPreflightResultCache::shared().canSkipPreflight(securityOrigin()->toString(), m_actualRequest->url(), m_options.allowCredentials, m_actualRequest->httpMethod(), m_actualRequest->httpHeaderFields()))
-            preflightSuccess();
+        if (CrossOriginPreflightResultCache::singleton().canSkipPreflight(securityOrigin().toString(), request.url(), m_options.allowCredentials, request.httpMethod(), request.httpHeaderFields()))
+            preflightSuccess(WTFMove(request));
         else
-            makeCrossOriginAccessRequestWithPreflight(*m_actualRequest);
+            makeCrossOriginAccessRequestWithPreflight(WTFMove(request));
     }
 }
 
-void DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest(const ResourceRequest& request)
+void DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest(ResourceRequest&& request)
 {
     ASSERT(m_options.preflightPolicy != ForcePreflight);
     ASSERT(m_options.preflightPolicy == PreventPreflight || isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields()));
 
     // Cross-origin requests are only allowed for HTTP and registered schemes. We would catch this when checking response headers later, but there is no reason to send a request that's guaranteed to be denied.
-    if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())) {
-        m_client->didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, request.url().string(), "Cross origin requests are only supported for HTTP."));
+    if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol().toStringWithoutCopying())) {
+        logErrorAndFail(ResourceError(errorDomainWebKitInternal, 0, request.url(), "Cross origin requests are only supported for HTTP.", ResourceError::Type::AccessControl));
         return;
     }
 
-    loadRequest(request, DoSecurityCheck);
+    updateRequestForAccessControl(request, securityOrigin(), m_options.allowCredentials);
+    loadRequest(WTFMove(request), DoSecurityCheck);
 }
 
-void DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight(const ResourceRequest& request)
+void DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight(ResourceRequest&& request)
 {
-    ResourceRequest preflightRequest = createAccessControlPreflightRequest(request, securityOrigin());
-    loadRequest(preflightRequest, DoSecurityCheck);
+    if (m_async) {
+        m_preflightChecker.emplace(*this, WTFMove(request));
+        m_preflightChecker->startPreflight();
+        return;
+    }
+    CrossOriginPreflightChecker::doPreflight(*this, WTFMove(request));
 }
 
 DocumentThreadableLoader::~DocumentThreadableLoader()
 {
     if (m_resource)
-        m_resource->removeClient(this);
+        m_resource->removeClient(*this);
 }
 
 void DocumentThreadableLoader::cancel()
 {
-    Ref<DocumentThreadableLoader> protect(*this);
+    Ref<DocumentThreadableLoader> protectedThis(*this);
 
     // Cancel can re-enter and m_resource might be null here as a result.
     if (m_client && m_resource) {
         // FIXME: This error is sent to the client in didFail(), so it should not be an internal one. Use FrameLoaderClient::cancelledError() instead.
-        ResourceError error(errorDomainWebKitInternal, 0, m_resource->url(), "Load cancelled");
-        error.setIsCancellation(true);
-        didFail(m_resource->identifier(), error);
+        ResourceError error(errorDomainWebKitInternal, 0, m_resource->url(), "Load cancelled", ResourceError::Type::Cancellation);
+        m_client->didFail(error);
     }
     clearResource();
-    m_client = 0;
+    m_client = nullptr;
 }
 
 void DocumentThreadableLoader::setDefersLoading(bool value)
 {
     if (m_resource)
         m_resource->setDefersLoading(value);
+    if (m_preflightChecker)
+        m_preflightChecker->setDefersLoading(value);
 }
 
 void DocumentThreadableLoader::clearResource()
@@ -171,142 +213,146 @@ void DocumentThreadableLoader::clearResource()
     // this DocumentThreadableLoader. Save off a copy of m_resource and clear it to
     // prevent the reentrancy.
     if (CachedResourceHandle<CachedRawResource> resource = m_resource) {
-        m_resource = 0;
-        resource->removeClient(this);
+        m_resource = nullptr;
+        resource->removeClient(*this);
     }
+    if (m_preflightChecker)
+        m_preflightChecker = std::nullopt;
 }
 
-void DocumentThreadableLoader::redirectReceived(CachedResource* resource, ResourceRequest& request, const ResourceResponse& redirectResponse)
+void DocumentThreadableLoader::redirectReceived(CachedResource& resource, ResourceRequest& request, const ResourceResponse& redirectResponse)
 {
     ASSERT(m_client);
-    ASSERT_UNUSED(resource, resource == m_resource);
+    ASSERT_UNUSED(resource, &resource == m_resource);
 
-    Ref<DocumentThreadableLoader> protect(*this);
-    // Allow same origin requests to continue after allowing clients to audit the redirect.
-    if (isAllowedRedirect(request.url())) {
-        if (m_client->isDocumentThreadableLoaderClient())
-            static_cast<DocumentThreadableLoaderClient*>(m_client)->willSendRequest(request, redirectResponse);
+    Ref<DocumentThreadableLoader> protectedThis(*this);
+    --m_options.maxRedirectCount;
+
+    // FIXME: We restrict this check to Fetch API for the moment, as this might disrupt WorkerScriptLoader.
+    // Reassess this check based on https://github.com/whatwg/fetch/issues/393 discussions.
+    // We should also disable that check in navigation mode.
+    if (!request.url().protocolIsInHTTPFamily() && m_options.initiator == cachedResourceRequestInitiators().fetch) {
+        reportRedirectionWithBadScheme(request.url());
+        clearResource();
         return;
     }
 
-    // When using access control, only simple cross origin requests are allowed to redirect. The new request URL must have a supported
-    // scheme and not contain the userinfo production. In addition, the redirect response must pass the access control check.
-    if (m_options.crossOriginRequestPolicy == UseAccessControl) {
-        bool allowRedirect = false;
-        if (m_simpleRequest) {
-            String accessControlErrorDescription;
-            allowRedirect = SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())
-                            && request.url().user().isEmpty()
-                            && request.url().pass().isEmpty()
-                            && passesAccessControlCheck(redirectResponse, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription);
-        }
-
-        if (allowRedirect) {
-            if (m_resource)
-                clearResource();
-
-            RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::createFromString(redirectResponse.url());
-            RefPtr<SecurityOrigin> requestOrigin = SecurityOrigin::createFromString(request.url());
-            // If the request URL origin is not same origin with the original URL origin, set source origin to a globally unique identifier.
-            if (!originalOrigin->isSameSchemeHostPort(requestOrigin.get()))
-                m_options.securityOrigin = SecurityOrigin::createUnique();
-            // Force any subsequent requests to use these checks.
-            m_sameOriginRequest = false;
-
-            // Remove any headers that may have been added by the network layer that cause access control to fail.
-            request.clearHTTPContentType();
-            request.clearHTTPReferrer();
-            request.clearHTTPOrigin();
-            request.clearHTTPUserAgent();
-            request.clearHTTPAccept();
-            makeCrossOriginAccessRequest(request);
-            return;
-        }
+    if (!isAllowedByContentSecurityPolicy(request.url(), redirectResponse.isNull() ? ContentSecurityPolicy::RedirectResponseReceived::No : ContentSecurityPolicy::RedirectResponseReceived::Yes)) {
+        reportContentSecurityPolicyError(redirectResponse.url());
+        clearResource();
+        return;
     }
 
-    m_client->didFailRedirectCheck();
-    request = ResourceRequest();
+    // Allow same origin requests to continue after allowing clients to audit the redirect.
+    if (isAllowedRedirect(request.url()))
+        return;
+
+    // Force any subsequent request to use these checks.
+    m_sameOriginRequest = false;
+
+    ASSERT(m_resource);
+    ASSERT(m_originalHeaders);
+
+    // Use a unique for subsequent loads if needed.
+    // https://fetch.spec.whatwg.org/#concept-http-redirect-fetch (Step 10).
+    ASSERT(m_options.mode == FetchOptions::Mode::Cors);
+    if (!securityOrigin().canRequest(redirectResponse.url()) && !protocolHostAndPortAreEqual(redirectResponse.url(), request.url()))
+        m_origin = SecurityOrigin::createUnique();
+
+    // Except in case where preflight is needed, loading should be able to continue on its own.
+    // But we also handle credentials here if it is restricted to SameOrigin.
+    if (m_options.credentials != FetchOptions::Credentials::SameOrigin && m_simpleRequest && isSimpleCrossOriginAccessRequest(request.httpMethod(), *m_originalHeaders))
+        return;
+
+    m_options.allowCredentials = DoNotAllowStoredCredentials;
+
+    clearResource();
+
+    // Let's fetch the request with the original headers (equivalent to request cloning specified by fetch algorithm).
+    // Do not copy the Authorization header if removed by the network layer.
+    if (!request.httpHeaderFields().contains(HTTPHeaderName::Authorization))
+        m_originalHeaders->remove(HTTPHeaderName::Authorization);
+    request.setHTTPHeaderFields(*m_originalHeaders);
+
+    makeCrossOriginAccessRequest(ResourceRequest(request));
 }
 
-void DocumentThreadableLoader::dataSent(CachedResource* resource, unsigned long long bytesSent, unsigned long long totalBytesToBeSent)
+void DocumentThreadableLoader::dataSent(CachedResource& resource, unsigned long long bytesSent, unsigned long long totalBytesToBeSent)
 {
     ASSERT(m_client);
-    ASSERT_UNUSED(resource, resource == m_resource);
+    ASSERT_UNUSED(resource, &resource == m_resource);
     m_client->didSendData(bytesSent, totalBytesToBeSent);
 }
 
-void DocumentThreadableLoader::responseReceived(CachedResource* resource, const ResourceResponse& response)
+void DocumentThreadableLoader::responseReceived(CachedResource& resource, const ResourceResponse& response)
 {
-    ASSERT_UNUSED(resource, resource == m_resource);
-    didReceiveResponse(m_resource->identifier(), response);
+    ASSERT_UNUSED(resource, &resource == m_resource);
+    didReceiveResponse(m_resource->identifier(), response, m_resource->responseTainting());
 }
 
-void DocumentThreadableLoader::didReceiveResponse(unsigned long identifier, const ResourceResponse& response)
+void DocumentThreadableLoader::didReceiveResponse(unsigned long identifier, const ResourceResponse& response, ResourceResponse::Tainting tainting)
 {
     ASSERT(m_client);
+    ASSERT(response.type() != ResourceResponse::Type::Error);
 
-    String accessControlErrorDescription;
-    if (m_actualRequest) {
-#if ENABLE(INSPECTOR)
-        DocumentLoader* loader = m_document->frame()->loader().documentLoader();
-        InspectorInstrumentationCookie cookie = InspectorInstrumentation::willReceiveResourceResponse(m_document->frame(), identifier, response);
-        InspectorInstrumentation::didReceiveResourceResponse(cookie, identifier, loader, response, 0);
-#endif
+    InspectorInstrumentation::didReceiveThreadableLoaderResponse(*this, identifier);
 
-        if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) {
-            preflightFailure(identifier, response.url(), accessControlErrorDescription);
-            return;
-        }
+    if (options().filteringPolicy == ResponseFilteringPolicy::Disable) {
+        m_client->didReceiveResponse(identifier, response);
+        return;
+    }
 
-        OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new CrossOriginPreflightResultCacheItem(m_options.allowCredentials));
-        if (!preflightResult->parse(response, accessControlErrorDescription)
-            || !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod(), accessControlErrorDescription)
-            || !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields(), accessControlErrorDescription)) {
-            preflightFailure(identifier, response.url(), accessControlErrorDescription);
-            return;
+    if (response.type() == ResourceResponse::Type::Default) {
+        m_client->didReceiveResponse(identifier, ResourceResponse::filterResponse(response, tainting));
+        if (tainting == ResourceResponse::Tainting::Opaque) {
+            clearResource();
+            if (m_client)
+                m_client->didFinishLoading(identifier, 0.0);
         }
-
-        CrossOriginPreflightResultCache::shared().appendEntry(securityOrigin()->toString(), m_actualRequest->url(), preflightResult.release());
     } else {
-        if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
-            if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) {
-                m_client->didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, response.url().string(), accessControlErrorDescription));
-                return;
-            }
-        }
-
+        ASSERT(response.type() == ResourceResponse::Type::Opaqueredirect);
         m_client->didReceiveResponse(identifier, response);
     }
 }
 
-void DocumentThreadableLoader::dataReceived(CachedResource* resource, const char* data, int dataLength)
+void DocumentThreadableLoader::dataReceived(CachedResource& resource, const char* data, int dataLength)
 {
-    ASSERT_UNUSED(resource, resource == m_resource);
+    ASSERT_UNUSED(resource, &resource == m_resource);
     didReceiveData(m_resource->identifier(), data, dataLength);
 }
 
-void DocumentThreadableLoader::didReceiveData(unsigned long identifier, const char* data, int dataLength)
+void DocumentThreadableLoader::didReceiveData(unsigned long, const char* data, int dataLength)
 {
     ASSERT(m_client);
 
-    // Preflight data should be invisible to clients.
-    if (m_actualRequest) {
-#if ENABLE(INSPECTOR)
-        InspectorInstrumentation::didReceiveData(m_document->frame(), identifier, 0, 0, dataLength);
-#else
-        UNUSED_PARAM(identifier);
+    m_client->didReceiveData(data, dataLength);
+}
+
+void DocumentThreadableLoader::finishedTimingForWorkerLoad(CachedResource& resource, const ResourceTiming& resourceTiming)
+{
+    ASSERT(m_client);
+    ASSERT_UNUSED(resource, &resource == m_resource);
+    UNUSED_PARAM(resourceTiming);
+
+#if ENABLE(WEB_TIMING)
+    finishedTimingForWorkerLoad(resourceTiming);
 #endif
-        return;
-    }
+}
 
-    m_client->didReceiveData(data, dataLength);
+#if ENABLE(WEB_TIMING)
+void DocumentThreadableLoader::finishedTimingForWorkerLoad(const ResourceTiming& resourceTiming)
+{
+    ASSERT(m_options.initiatorContext == InitiatorContext::Worker);
+
+    m_client->didFinishTiming(resourceTiming);
 }
+#endif
 
-void DocumentThreadableLoader::notifyFinished(CachedResource* resource)
+void DocumentThreadableLoader::notifyFinished(CachedResource& resource)
 {
     ASSERT(m_client);
-    ASSERT_UNUSED(resource, resource == m_resource);
-        
+    ASSERT_UNUSED(resource, &resource == m_resource);
+
     if (m_resource->errorOccurred())
         didFail(m_resource->identifier(), m_resource->resourceError());
     else
@@ -315,137 +361,226 @@ void DocumentThreadableLoader::notifyFinished(CachedResource* resource)
 
 void DocumentThreadableLoader::didFinishLoading(unsigned long identifier, double finishTime)
 {
-    if (m_actualRequest) {
-#if ENABLE(INSPECTOR)
-        InspectorInstrumentation::didFinishLoading(m_document->frame(), m_document->frame()->loader().documentLoader(), identifier, finishTime);
-#endif
-        ASSERT(!m_sameOriginRequest);
-        ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl);
-        preflightSuccess();
-    } else
-        m_client->didFinishLoading(identifier, finishTime);
+    ASSERT(m_client);
+    m_client->didFinishLoading(identifier, finishTime);
 }
 
-void DocumentThreadableLoader::didFail(unsigned long identifier, const ResourceError& error)
+void DocumentThreadableLoader::didFail(unsigned long, const ResourceError& error)
 {
-#if ENABLE(INSPECTOR)
-    if (m_actualRequest)
-        InspectorInstrumentation::didFailLoading(m_document->frame(), m_document->frame()->loader().documentLoader(), identifier, error);
-#else
-    UNUSED_PARAM(identifier);
-#endif
-
-    m_client->didFail(error);
+    ASSERT(m_client);
+    logErrorAndFail(error);
 }
 
-void DocumentThreadableLoader::preflightSuccess()
+void DocumentThreadableLoader::preflightSuccess(ResourceRequest&& request)
 {
-    OwnPtr<ResourceRequest> actualRequest;
-    actualRequest.swap(m_actualRequest);
+    ResourceRequest actualRequest(WTFMove(request));
+    updateRequestForAccessControl(actualRequest, securityOrigin(), m_options.allowCredentials);
 
-    actualRequest->setHTTPOrigin(securityOrigin()->toString());
-
-    clearResource();
+    m_preflightChecker = std::nullopt;
 
     // It should be ok to skip the security check since we already asked about the preflight request.
-    loadRequest(*actualRequest, SkipSecurityCheck);
+    loadRequest(WTFMove(actualRequest), SkipSecurityCheck);
 }
 
-void DocumentThreadableLoader::preflightFailure(unsigned long identifier, const String& url, const String& errorDescription)
+void DocumentThreadableLoader::preflightFailure(unsigned long identifier, const ResourceError& error)
 {
-    ResourceError error(errorDomainWebKitInternal, 0, url, errorDescription);
-#if ENABLE(INSPECTOR)
-    if (m_actualRequest)
-        InspectorInstrumentation::didFailLoading(m_document->frame(), m_document->frame()->loader().documentLoader(), identifier, error);
-#else
-    UNUSED_PARAM(identifier);
-#endif
-    m_actualRequest = nullptr; // Prevent didFinishLoading() from bypassing access check.
-    m_client->didFailAccessControlCheck(error);
+    m_preflightChecker = std::nullopt;
+
+    InspectorInstrumentation::didFailLoading(m_document.frame(), m_document.frame()->loader().documentLoader(), identifier, error);
+    ASSERT(m_client);
+    logErrorAndFail(error);
 }
 
-void DocumentThreadableLoader::loadRequest(const ResourceRequest& request, SecurityCheckPolicy securityCheck)
+void DocumentThreadableLoader::loadRequest(ResourceRequest&& request, SecurityCheckPolicy securityCheck)
 {
+    Ref<DocumentThreadableLoader> protectedThis(*this);
+
     // Any credential should have been removed from the cross-site requests.
     const URL& requestURL = request.url();
     m_options.securityCheck = securityCheck;
     ASSERT(m_sameOriginRequest || requestURL.user().isEmpty());
     ASSERT(m_sameOriginRequest || requestURL.pass().isEmpty());
 
+    if (!m_referrer.isNull())
+        request.setHTTPReferrer(m_referrer);
+
     if (m_async) {
-        ThreadableLoaderOptions options = m_options;
-        options.clientCredentialPolicy = DoNotAskClientForCrossOriginCredentials;
-        if (m_actualRequest) {
-            // Don't sniff content or send load callbacks for the preflight request.
-            options.sendLoadCallbacks = DoNotSendCallbacks;
-            options.sniffContent = DoNotSniffContent;
-            // Keep buffering the data for the preflight request.
-            options.dataBufferingPolicy = BufferData;
-        }
+        ResourceLoaderOptions options = m_options;
+        options.clientCredentialPolicy = m_sameOriginRequest ? ClientCredentialPolicy::MayAskClientForCredentials : ClientCredentialPolicy::CannotAskClientForCredentials;
+        options.contentSecurityPolicyImposition = ContentSecurityPolicyImposition::SkipPolicyCheck;
+
+        request.setAllowCookies(m_options.allowCredentials == AllowStoredCredentials);
+        CachedResourceRequest newRequest(WTFMove(request), options);
+        if (RuntimeEnabledFeatures::sharedFeatures().resourceTimingEnabled())
+            newRequest.setInitiator(m_options.initiator);
+        newRequest.setOrigin(securityOrigin());
 
-        CachedResourceRequest newRequest(request, options);
-#if ENABLE(RESOURCE_TIMING)
-        newRequest.setInitiator(m_options.initiator);
-#endif
         ASSERT(!m_resource);
-        m_resource = m_document->cachedResourceLoader()->requestRawResource(newRequest);
         if (m_resource) {
-#if ENABLE(INSPECTOR)
-            if (m_resource->loader()) {
-                unsigned long identifier = m_resource->loader()->identifier();
-                InspectorInstrumentation::documentThreadableLoaderStartedLoadingForClient(m_document, identifier, m_client);
-            }
-#endif
-            m_resource->addClient(this);
+            CachedResourceHandle<CachedRawResource> resource = std::exchange(m_resource, nullptr);
+            resource->removeClient(*this);
+        }
+
+        // We create an URL here as the request will be moved in requestRawResource
+        URL requestUrl = newRequest.resourceRequest().url();
+        m_resource = m_document.cachedResourceLoader().requestRawResource(WTFMove(newRequest));
+        if (m_resource)
+            m_resource->addClient(*this);
+        else {
+            // FIXME: Since we receive a synchronous error, this is probably due to some AccessControl checks. We should try to retrieve the actual error.
+            logErrorAndFail(ResourceError(String(), 0, requestUrl, String(), ResourceError::Type::AccessControl));
         }
         return;
     }
-    
+
+    // If credentials mode is 'Omit', we should disable cookie sending.
+    ASSERT(m_options.credentials != FetchOptions::Credentials::Omit);
+
+#if ENABLE(WEB_TIMING)
+    LoadTiming loadTiming;
+    loadTiming.markStartTimeAndFetchStart();
+#endif
+
     // FIXME: ThreadableLoaderOptions.sniffContent is not supported for synchronous requests.
-    Vector<char> data;
+    RefPtr<SharedBuffer> data;
     ResourceError error;
     ResourceResponse response;
     unsigned long identifier = std::numeric_limits<unsigned long>::max();
-    if (m_document->frame())
-        identifier = m_document->frame()->loader().loadResourceSynchronously(request, m_options.allowCredentials, m_options.clientCredentialPolicy, error, response, data);
+    if (m_document.frame()) {
+        auto& frameLoader = m_document.frame()->loader();
+        if (!frameLoader.mixedContentChecker().canRunInsecureContent(m_document.securityOrigin(), requestURL))
+            return;
+        identifier = frameLoader.loadResourceSynchronously(request, m_options.allowCredentials, m_options.clientCredentialPolicy, error, response, data);
+    }
 
-    InspectorInstrumentation::documentThreadableLoaderStartedLoadingForClient(m_document, identifier, m_client);
+#if ENABLE(WEB_TIMING)
+    loadTiming.setResponseEnd(MonotonicTime::now());
+#endif
 
-    // No exception for file:/// resources, see <rdar://problem/4962298>.
-    // Also, if we have an HTTP response, then it wasn't a network error in fact.
-    if (!error.isNull() && !requestURL.isLocalFile() && response.httpStatusCode() <= 0) {
-        m_client->didFail(error);
+    if (!error.isNull() && response.httpStatusCode() <= 0) {
+        if (requestURL.isLocalFile()) {
+            // We don't want XMLHttpRequest to raise an exception for file:// resources, see <rdar://problem/4962298>.
+            // FIXME: XMLHttpRequest quirks should be in XMLHttpRequest code, not in DocumentThreadableLoader.cpp.
+            didReceiveResponse(identifier, response, ResourceResponse::Tainting::Basic);
+            didFinishLoading(identifier, 0.0);
+            return;
+        }
+        logErrorAndFail(error);
         return;
     }
 
     // FIXME: FrameLoader::loadSynchronously() does not tell us whether a redirect happened or not, so we guess by comparing the
     // request and response URLs. This isn't a perfect test though, since a server can serve a redirect to the same URL that was
     // requested. Also comparing the request and response URLs as strings will fail if the requestURL still has its credentials.
-    if (requestURL != response.url() && !isAllowedRedirect(response.url())) {
-        m_client->didFailRedirectCheck();
-        return;
+    bool didRedirect = requestURL != response.url();
+    if (didRedirect) {
+        if (!isAllowedByContentSecurityPolicy(response.url(), ContentSecurityPolicy::RedirectResponseReceived::Yes)) {
+            reportContentSecurityPolicyError(requestURL);
+            return;
+        }
+        if (!isAllowedRedirect(response.url())) {
+            reportCrossOriginResourceSharingError(requestURL);
+            return;
+        }
     }
 
-    didReceiveResponse(identifier, response);
-
-    const char* bytes = static_cast<const char*>(data.data());
-    int len = static_cast<int>(data.size());
-    didReceiveData(identifier, bytes, len);
+    ResourceResponse::Tainting tainting = ResourceResponse::Tainting::Basic;
+    if (!m_sameOriginRequest) {
+        if (m_options.mode == FetchOptions::Mode::NoCors)
+            tainting = ResourceResponse::Tainting::Opaque;
+        else {
+            ASSERT(m_options.mode == FetchOptions::Mode::Cors);
+            tainting = ResourceResponse::Tainting::Cors;
+            String accessControlErrorDescription;
+            if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) {
+                logErrorAndFail(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription, ResourceError::Type::AccessControl));
+                return;
+            }
+        }
+    }
+    didReceiveResponse(identifier, response, tainting);
+
+    if (data)
+        didReceiveData(identifier, data->data(), data->size());
+
+#if ENABLE(WEB_TIMING)
+    if (RuntimeEnabledFeatures::sharedFeatures().resourceTimingEnabled()) {
+        ResourceTiming resourceTiming = ResourceTiming::fromSynchronousLoad(requestURL, m_options.initiator, loadTiming, response.networkLoadTiming(), response, securityOrigin());
+        if (options().initiatorContext == InitiatorContext::Worker)
+            finishedTimingForWorkerLoad(resourceTiming);
+        else {
+            if (document().domWindow() && document().domWindow()->performance())
+                document().domWindow()->performance()->addResourceTiming(WTFMove(resourceTiming));
+        }        
+    }
+#endif
 
     didFinishLoading(identifier, 0.0);
 }
 
+bool DocumentThreadableLoader::isAllowedByContentSecurityPolicy(const URL& url, ContentSecurityPolicy::RedirectResponseReceived redirectResponseReceived)
+{
+    switch (m_options.contentSecurityPolicyEnforcement) {
+    case ContentSecurityPolicyEnforcement::DoNotEnforce:
+        return true;
+    case ContentSecurityPolicyEnforcement::EnforceChildSrcDirective:
+        return contentSecurityPolicy().allowChildContextFromSource(url, redirectResponseReceived);
+    case ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective:
+        return contentSecurityPolicy().allowConnectToSource(url, redirectResponseReceived);
+    case ContentSecurityPolicyEnforcement::EnforceScriptSrcDirective:
+        return contentSecurityPolicy().allowScriptFromSource(url, redirectResponseReceived);
+    }
+    ASSERT_NOT_REACHED();
+    return false;
+}
+
 bool DocumentThreadableLoader::isAllowedRedirect(const URL& url)
 {
-    if (m_options.crossOriginRequestPolicy == AllowCrossOriginRequests)
+    if (m_options.mode == FetchOptions::Mode::NoCors)
         return true;
 
-    return m_sameOriginRequest && securityOrigin()->canRequest(url);
+    return m_sameOriginRequest && securityOrigin().canRequest(url);
+}
+
+bool DocumentThreadableLoader::isXMLHttpRequest() const
+{
+    return m_options.initiator == cachedResourceRequestInitiators().xmlhttprequest;
 }
 
-SecurityOrigin* DocumentThreadableLoader::securityOrigin() const
+SecurityOrigin& DocumentThreadableLoader::securityOrigin() const
 {
-    return m_options.securityOrigin ? m_options.securityOrigin.get() : m_document->securityOrigin();
+    return m_origin ? *m_origin : m_document.securityOrigin();
+}
+
+const ContentSecurityPolicy& DocumentThreadableLoader::contentSecurityPolicy() const
+{
+    if (m_contentSecurityPolicy)
+        return *m_contentSecurityPolicy.get();
+    ASSERT(m_document.contentSecurityPolicy());
+    return *m_document.contentSecurityPolicy();
+}
+
+void DocumentThreadableLoader::reportRedirectionWithBadScheme(const URL& url)
+{
+    logErrorAndFail(ResourceError(errorDomainWebKitInternal, 0, url, "Redirection to URL with a scheme that is not HTTP(S).", ResourceError::Type::AccessControl));
+}
+
+void DocumentThreadableLoader::reportContentSecurityPolicyError(const URL& url)
+{
+    logErrorAndFail(ResourceError(errorDomainWebKitInternal, 0, url, "Cross-origin redirection denied by Content Security Policy.", ResourceError::Type::AccessControl));
+}
+
+void DocumentThreadableLoader::reportCrossOriginResourceSharingError(const URL& url)
+{
+    logErrorAndFail(ResourceError(errorDomainWebKitInternal, 0, url, "Cross-origin redirection denied by Cross-Origin Resource Sharing policy.", ResourceError::Type::AccessControl));
+}
+
+void DocumentThreadableLoader::logErrorAndFail(const ResourceError& error)
+{
+    if (m_shouldLogError == ShouldLogError::Yes)
+        logError(m_document, error, m_options.initiator);
+    ASSERT(m_client);
+    m_client->didFail(error);
 }
 
 } // namespace WebCore
author	Lorry Tar Creator <lorry-tar-importer@lorry>	2017-06-27 06:07:23 +0000
committer	Lorry Tar Creator <lorry-tar-importer@lorry>	2017-06-27 06:07:23 +0000
commit	1bf1084f2b10c3b47fd1a588d85d21ed0eb41d0c (patch)
tree	46dcd36c86e7fbc6e5df36deb463b33e9967a6f7 /Source/WebCore/loader/DocumentThreadableLoader.cpp
parent	32761a6cee1d0dee366b885b7b9c777e67885688 (diff)
download	WebKitGtk-tarball-master.tar.gz