From d227fc870c7a697500a3c900c31baf05fb9a8524 Mon Sep 17 00:00:00 2001 From: Ben Murdoch Date: Tue, 18 Aug 2009 15:36:45 +0100 Subject: Merge WebKit r47420 --- WebCore/loader/DocumentThreadableLoader.cpp | 241 ++++++++++++++++++++++------ 1 file changed, 195 insertions(+), 46 deletions(-) (limited to 'WebCore/loader/DocumentThreadableLoader.cpp') diff --git a/WebCore/loader/DocumentThreadableLoader.cpp b/WebCore/loader/DocumentThreadableLoader.cpp index dd5ca76..0d8dc18 100644 --- a/WebCore/loader/DocumentThreadableLoader.cpp +++ b/WebCore/loader/DocumentThreadableLoader.cpp @@ -32,8 +32,9 @@ #include "DocumentThreadableLoader.h" #include "AuthenticationChallenge.h" +#include "CrossOriginAccessControl.h" +#include "CrossOriginPreflightResultCache.h" #include "Document.h" -#include "DocumentThreadableLoader.h" #include "Frame.h" #include "FrameLoader.h" #include "ResourceRequest.h" @@ -43,61 +44,107 @@ namespace WebCore { -void DocumentThreadableLoader::loadResourceSynchronously(Document* document, const ResourceRequest& request, ThreadableLoaderClient& client, StoredCredentials storedCredentials) +void DocumentThreadableLoader::loadResourceSynchronously(Document* document, const ResourceRequest& request, ThreadableLoaderClient& client, const ThreadableLoaderOptions& options) { - bool sameOriginRequest = document->securityOrigin()->canRequest(request.url()); - - Vector data; - ResourceError error; - ResourceResponse response; - unsigned long identifier = std::numeric_limits::max(); - if (document->frame()) - identifier = document->frame()->loader()->loadResourceSynchronously(request, storedCredentials, error, response, data); - - // No exception for file:/// resources, see . - // Also, if we have an HTTP response, then it wasn't a network error in fact. - if (!error.isNull() && !request.url().isLocalFile() && response.httpStatusCode() <= 0) { - client.didFail(error); - return; - } - - // FIXME: This check along with the one in willSendRequest is specific to xhr and - // should be made more generic. - if (sameOriginRequest && !document->securityOrigin()->canRequest(response.url())) { - client.didFailRedirectCheck(); - return; - } - - client.didReceiveResponse(response); - - const char* bytes = static_cast(data.data()); - int len = static_cast(data.size()); - client.didReceiveData(bytes, len); - - client.didFinishLoading(identifier); + // The loader will be deleted as soon as this function exits. + RefPtr loader = adoptRef(new DocumentThreadableLoader(document, &client, LoadSynchronously, request, options)); + ASSERT(loader->hasOneRef()); } -PassRefPtr DocumentThreadableLoader::create(Document* document, ThreadableLoaderClient* client, const ResourceRequest& request, LoadCallbacks callbacksSetting, ContentSniff contentSniff, StoredCredentials storedCredentials, CrossOriginRedirectPolicy crossOriginRedirectPolicy) +PassRefPtr DocumentThreadableLoader::create(Document* document, ThreadableLoaderClient* client, const ResourceRequest& request, const ThreadableLoaderOptions& options) { - ASSERT(document); - RefPtr loader = adoptRef(new DocumentThreadableLoader(document, client, request, callbacksSetting, contentSniff, storedCredentials, crossOriginRedirectPolicy)); + RefPtr loader = adoptRef(new DocumentThreadableLoader(document, client, LoadAsynchronously, request, options)); if (!loader->m_loader) loader = 0; return loader.release(); } -DocumentThreadableLoader::DocumentThreadableLoader(Document* document, ThreadableLoaderClient* client, const ResourceRequest& request, LoadCallbacks callbacksSetting, ContentSniff contentSniff, StoredCredentials storedCredentials, CrossOriginRedirectPolicy crossOriginRedirectPolicy) +DocumentThreadableLoader::DocumentThreadableLoader(Document* document, ThreadableLoaderClient* client, BlockingBehavior blockingBehavior, const ResourceRequest& request, const ThreadableLoaderOptions& options) : m_client(client) , m_document(document) - , m_allowStoredCredentials(storedCredentials == AllowStoredCredentials) + , m_options(options) , m_sameOriginRequest(document->securityOrigin()->canRequest(request.url())) - , m_denyCrossOriginRedirect(crossOriginRedirectPolicy == DenyCrossOriginRedirect) + , m_async(blockingBehavior == LoadAsynchronously) { ASSERT(document); ASSERT(client); - ASSERT(storedCredentials == AllowStoredCredentials || storedCredentials == DoNotAllowStoredCredentials); - ASSERT(crossOriginRedirectPolicy == DenyCrossOriginRedirect || crossOriginRedirectPolicy == AllowCrossOriginRedirect); - m_loader = SubresourceLoader::create(document->frame(), this, request, false, callbacksSetting == SendLoadCallbacks, contentSniff == SniffContent); + + if (m_sameOriginRequest || m_options.crossOriginRequestPolicy == AllowCrossOriginRequests) { + bool skipCanLoadCheck = false; + loadRequest(request, skipCanLoadCheck); + return; + } + + if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests) { + m_client->didFail(ResourceError()); + return; + } + + ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl); + + if (!m_options.forcePreflight && isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields())) + makeSimpleCrossOriginAccessRequest(request); + else { + m_actualRequest.set(new ResourceRequest(request)); + m_actualRequest->setAllowHTTPCookies(m_options.allowCredentials); + + if (CrossOriginPreflightResultCache::shared().canSkipPreflight(document->securityOrigin()->toString(), request.url(), m_options.allowCredentials, request.httpMethod(), request.httpHeaderFields())) + preflightSuccess(); + else + makeCrossOriginAccessRequestWithPreflight(request); + } +} + +void DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest(const ResourceRequest& request) +{ + ASSERT(isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields())); + + // Cross-origin requests are only defined for HTTP. We would catch this when checking response headers later, but there is no reason to send a request that's guaranteed to be denied. + if (!request.url().protocolInHTTPFamily()) { + m_client->didFail(ResourceError()); + return; + } + + // Make a copy of the passed request so that we can modify some details. + ResourceRequest crossOriginRequest(request); + crossOriginRequest.removeCredentials(); + crossOriginRequest.setAllowHTTPCookies(m_options.allowCredentials); + crossOriginRequest.setHTTPOrigin(m_document->securityOrigin()->toString()); + + bool skipCanLoadCheck = false; + loadRequest(crossOriginRequest, skipCanLoadCheck); +} + +void DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight(const ResourceRequest& request) +{ + ResourceRequest preflightRequest(request.url()); + preflightRequest.removeCredentials(); + preflightRequest.setHTTPOrigin(m_document->securityOrigin()->toString()); + preflightRequest.setAllowHTTPCookies(m_options.allowCredentials); + preflightRequest.setHTTPMethod("OPTIONS"); + preflightRequest.setHTTPHeaderField("Access-Control-Request-Method", request.httpMethod()); + + const HTTPHeaderMap& requestHeaderFields = request.httpHeaderFields(); + + if (requestHeaderFields.size() > 0) { + Vector headerBuffer; + HTTPHeaderMap::const_iterator it = requestHeaderFields.begin(); + append(headerBuffer, it->first); + ++it; + + HTTPHeaderMap::const_iterator end = requestHeaderFields.end(); + for (; it != end; ++it) { + headerBuffer.append(','); + headerBuffer.append(' '); + append(headerBuffer, it->first); + } + + preflightRequest.setHTTPHeaderField("Access-Control-Request-Headers", String::adopt(headerBuffer)); + preflightRequest.addHTTPHeaderFields(requestHeaderFields); + } + + bool skipCanLoadCheck = false; + loadRequest(preflightRequest, skipCanLoadCheck); } DocumentThreadableLoader::~DocumentThreadableLoader() @@ -122,8 +169,7 @@ void DocumentThreadableLoader::willSendRequest(SubresourceLoader* loader, Resour ASSERT(m_client); ASSERT_UNUSED(loader, loader == m_loader); - // FIXME: This needs to be fixed to follow the redirect correctly even for cross-domain requests. - if (m_denyCrossOriginRedirect && !m_document->securityOrigin()->canRequest(request.url())) { + if (!isAllowedRedirect(request.url())) { RefPtr protect(this); m_client->didFailRedirectCheck(); request = ResourceRequest(); @@ -143,7 +189,31 @@ void DocumentThreadableLoader::didReceiveResponse(SubresourceLoader* loader, con ASSERT(m_client); ASSERT_UNUSED(loader, loader == m_loader); - m_client->didReceiveResponse(response); + if (m_actualRequest) { + if (!passesAccessControlCheck(response, m_options.allowCredentials, m_document->securityOrigin())) { + preflightFailure(); + return; + } + + OwnPtr preflightResult(new CrossOriginPreflightResultCacheItem(m_options.allowCredentials)); + if (!preflightResult->parse(response) + || !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod()) + || !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields())) { + preflightFailure(); + return; + } + + CrossOriginPreflightResultCache::shared().appendEntry(m_document->securityOrigin()->toString(), m_actualRequest->url(), preflightResult.release()); + } else { + if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) { + if (!passesAccessControlCheck(response, m_options.allowCredentials, m_document->securityOrigin())) { + m_client->didFail(ResourceError()); + return; + } + } + + m_client->didReceiveResponse(response); + } } void DocumentThreadableLoader::didReceiveData(SubresourceLoader* loader, const char* data, int lengthReceived) @@ -158,7 +228,17 @@ void DocumentThreadableLoader::didFinishLoading(SubresourceLoader* loader) { ASSERT(loader == m_loader); ASSERT(m_client); - m_client->didFinishLoading(loader->identifier()); + didFinishLoading(loader->identifier()); +} + +void DocumentThreadableLoader::didFinishLoading(unsigned long identifier) +{ + if (m_actualRequest) { + ASSERT(!m_sameOriginRequest); + ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl); + preflightSuccess(); + } else + m_client->didFinishLoading(identifier); } void DocumentThreadableLoader::didFail(SubresourceLoader* loader, const ResourceError& error) @@ -174,7 +254,7 @@ bool DocumentThreadableLoader::getShouldUseCredentialStorage(SubresourceLoader* { ASSERT_UNUSED(loader, loader == m_loader); - if (!m_allowStoredCredentials) { + if (!m_options.allowCredentials) { shouldUseCredentialStorage = false; return true; } @@ -200,4 +280,73 @@ void DocumentThreadableLoader::receivedCancellation(SubresourceLoader* loader, c m_client->didReceiveAuthenticationCancellation(challenge.failureResponse()); } +void DocumentThreadableLoader::preflightSuccess() +{ + OwnPtr actualRequest; + actualRequest.swap(m_actualRequest); + + bool skipCanLoadCheck = true; // ok to skip load check since we already asked about the preflight request + loadRequest(*actualRequest, skipCanLoadCheck); +} + +void DocumentThreadableLoader::preflightFailure() +{ + m_client->didFail(ResourceError()); +} + +void DocumentThreadableLoader::loadRequest(const ResourceRequest& request, bool skipCanLoadCheck) +{ + if (m_async) { + // Don't sniff content or send load callbacks for the preflight request. + bool sendLoadCallbacks = m_options.sendLoadCallbacks && !m_actualRequest; + bool sniffContent = m_options.sniffContent && !m_actualRequest; + m_loader = SubresourceLoader::create(m_document->frame(), this, request, skipCanLoadCheck, sendLoadCallbacks, sniffContent); + return; + } + + // FIXME: ThreadableLoaderOptions.sniffContent is not supported for synchronous requests. + StoredCredentials storedCredentials = m_options.allowCredentials ? AllowStoredCredentials : DoNotAllowStoredCredentials; + + Vector data; + ResourceError error; + ResourceResponse response; + unsigned long identifier = std::numeric_limits::max(); + if (m_document->frame()) + identifier = m_document->frame()->loader()->loadResourceSynchronously(request, storedCredentials, error, response, data); + + // No exception for file:/// resources, see . + // Also, if we have an HTTP response, then it wasn't a network error in fact. + if (!error.isNull() && !request.url().isLocalFile() && response.httpStatusCode() <= 0) { + m_client->didFail(error); + return; + } + + // FIXME: FrameLoader::loadSynchronously() does not tell us whether a redirect happened or not, so we guess by comparing the + // request and response URLs. This isn't a perfect test though, since a server can serve a redirect to the same URL that was + // requested. + if (request.url() != response.url() && !isAllowedRedirect(response.url())) { + m_client->didFailRedirectCheck(); + return; + } + + didReceiveResponse(0, response); + + const char* bytes = static_cast(data.data()); + int len = static_cast(data.size()); + didReceiveData(0, bytes, len); + + didFinishLoading(identifier); +} + +bool DocumentThreadableLoader::isAllowedRedirect(const KURL& url) +{ + if (m_options.crossOriginRequestPolicy == AllowCrossOriginRequests) + return true; + + // FIXME: We need to implement access control for each redirect. This will require some refactoring though, because the code + // that processes redirects doesn't know about access control and expects a synchronous answer from its client about whether + // a redirect should proceed. + return m_sameOriginRequest && m_document->securityOrigin()->canRequest(url); +} + } // namespace WebCore -- cgit v1.1