1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
6 * met:
7 *
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following disclaimer
12 * in the documentation and/or other materials provided with the
13 * distribution.
14 * * Neither the name of Google Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 #include "config.h"
32 #include "DocumentThreadableLoader.h"
33
34 #include "AuthenticationChallenge.h"
35 #include "Document.h"
36 #include "DocumentThreadableLoader.h"
37 #include "Frame.h"
38 #include "FrameLoader.h"
39 #include "ResourceRequest.h"
40 #include "SecurityOrigin.h"
41 #include "SubresourceLoader.h"
42 #include "ThreadableLoaderClient.h"
43
44 namespace WebCore {
45
loadResourceSynchronously(Document * document,const ResourceRequest & request,ThreadableLoaderClient & client,StoredCredentials storedCredentials)46 void DocumentThreadableLoader::loadResourceSynchronously(Document* document, const ResourceRequest& request, ThreadableLoaderClient& client, StoredCredentials storedCredentials)
47 {
48 bool sameOriginRequest = document->securityOrigin()->canRequest(request.url());
49
50 Vector<char> data;
51 ResourceError error;
52 ResourceResponse response;
53 unsigned long identifier = std::numeric_limits<unsigned long>::max();
54 if (document->frame())
55 identifier = document->frame()->loader()->loadResourceSynchronously(request, storedCredentials, error, response, data);
56
57 // No exception for file:/// resources, see <rdar://problem/4962298>.
58 // Also, if we have an HTTP response, then it wasn't a network error in fact.
59 if (!error.isNull() && !request.url().isLocalFile() && response.httpStatusCode() <= 0) {
60 client.didFail(error);
61 return;
62 }
63
64 // FIXME: This check along with the one in willSendRequest is specific to xhr and
65 // should be made more generic.
66 if (sameOriginRequest && !document->securityOrigin()->canRequest(response.url())) {
67 client.didFailRedirectCheck();
68 return;
69 }
70
71 client.didReceiveResponse(response);
72
73 const char* bytes = static_cast<const char*>(data.data());
74 int len = static_cast<int>(data.size());
75 client.didReceiveData(bytes, len);
76
77 client.didFinishLoading(identifier);
78 }
79
create(Document * document,ThreadableLoaderClient * client,const ResourceRequest & request,LoadCallbacks callbacksSetting,ContentSniff contentSniff,StoredCredentials storedCredentials,CrossOriginRedirectPolicy crossOriginRedirectPolicy)80 PassRefPtr<DocumentThreadableLoader> DocumentThreadableLoader::create(Document* document, ThreadableLoaderClient* client, const ResourceRequest& request, LoadCallbacks callbacksSetting, ContentSniff contentSniff, StoredCredentials storedCredentials, CrossOriginRedirectPolicy crossOriginRedirectPolicy)
81 {
82 ASSERT(document);
83 RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, client, request, callbacksSetting, contentSniff, storedCredentials, crossOriginRedirectPolicy));
84 if (!loader->m_loader)
85 loader = 0;
86 return loader.release();
87 }
88
DocumentThreadableLoader(Document * document,ThreadableLoaderClient * client,const ResourceRequest & request,LoadCallbacks callbacksSetting,ContentSniff contentSniff,StoredCredentials storedCredentials,CrossOriginRedirectPolicy crossOriginRedirectPolicy)89 DocumentThreadableLoader::DocumentThreadableLoader(Document* document, ThreadableLoaderClient* client, const ResourceRequest& request, LoadCallbacks callbacksSetting, ContentSniff contentSniff, StoredCredentials storedCredentials, CrossOriginRedirectPolicy crossOriginRedirectPolicy)
90 : m_client(client)
91 , m_document(document)
92 , m_allowStoredCredentials(storedCredentials == AllowStoredCredentials)
93 , m_sameOriginRequest(document->securityOrigin()->canRequest(request.url()))
94 , m_denyCrossOriginRedirect(crossOriginRedirectPolicy == DenyCrossOriginRedirect)
95 {
96 ASSERT(document);
97 ASSERT(client);
98 ASSERT(storedCredentials == AllowStoredCredentials || storedCredentials == DoNotAllowStoredCredentials);
99 ASSERT(crossOriginRedirectPolicy == DenyCrossOriginRedirect || crossOriginRedirectPolicy == AllowCrossOriginRedirect);
100 m_loader = SubresourceLoader::create(document->frame(), this, request, false, callbacksSetting == SendLoadCallbacks, contentSniff == SniffContent);
101 }
102
~DocumentThreadableLoader()103 DocumentThreadableLoader::~DocumentThreadableLoader()
104 {
105 if (m_loader)
106 m_loader->clearClient();
107 }
108
cancel()109 void DocumentThreadableLoader::cancel()
110 {
111 if (!m_loader)
112 return;
113
114 m_loader->cancel();
115 m_loader->clearClient();
116 m_loader = 0;
117 m_client = 0;
118 }
119
willSendRequest(SubresourceLoader * loader,ResourceRequest & request,const ResourceResponse &)120 void DocumentThreadableLoader::willSendRequest(SubresourceLoader* loader, ResourceRequest& request, const ResourceResponse&)
121 {
122 ASSERT(m_client);
123 ASSERT_UNUSED(loader, loader == m_loader);
124
125 // FIXME: This needs to be fixed to follow the redirect correctly even for cross-domain requests.
126 if (m_denyCrossOriginRedirect && !m_document->securityOrigin()->canRequest(request.url())) {
127 RefPtr<DocumentThreadableLoader> protect(this);
128 m_client->didFailRedirectCheck();
129 request = ResourceRequest();
130 }
131 }
132
didSendData(SubresourceLoader * loader,unsigned long long bytesSent,unsigned long long totalBytesToBeSent)133 void DocumentThreadableLoader::didSendData(SubresourceLoader* loader, unsigned long long bytesSent, unsigned long long totalBytesToBeSent)
134 {
135 ASSERT(m_client);
136 ASSERT_UNUSED(loader, loader == m_loader);
137
138 m_client->didSendData(bytesSent, totalBytesToBeSent);
139 }
140
didReceiveResponse(SubresourceLoader * loader,const ResourceResponse & response)141 void DocumentThreadableLoader::didReceiveResponse(SubresourceLoader* loader, const ResourceResponse& response)
142 {
143 ASSERT(m_client);
144 ASSERT_UNUSED(loader, loader == m_loader);
145
146 m_client->didReceiveResponse(response);
147 }
148
didReceiveData(SubresourceLoader * loader,const char * data,int lengthReceived)149 void DocumentThreadableLoader::didReceiveData(SubresourceLoader* loader, const char* data, int lengthReceived)
150 {
151 ASSERT(m_client);
152 ASSERT_UNUSED(loader, loader == m_loader);
153
154 m_client->didReceiveData(data, lengthReceived);
155 }
156
didFinishLoading(SubresourceLoader * loader)157 void DocumentThreadableLoader::didFinishLoading(SubresourceLoader* loader)
158 {
159 ASSERT(loader == m_loader);
160 ASSERT(m_client);
161 m_client->didFinishLoading(loader->identifier());
162 }
163
didFail(SubresourceLoader * loader,const ResourceError & error)164 void DocumentThreadableLoader::didFail(SubresourceLoader* loader, const ResourceError& error)
165 {
166 ASSERT(m_client);
167 // m_loader may be null if we arrive here via SubresourceLoader::create in the ctor
168 ASSERT_UNUSED(loader, loader == m_loader || !m_loader);
169
170 m_client->didFail(error);
171 }
172
getShouldUseCredentialStorage(SubresourceLoader * loader,bool & shouldUseCredentialStorage)173 bool DocumentThreadableLoader::getShouldUseCredentialStorage(SubresourceLoader* loader, bool& shouldUseCredentialStorage)
174 {
175 ASSERT_UNUSED(loader, loader == m_loader);
176
177 if (!m_allowStoredCredentials) {
178 shouldUseCredentialStorage = false;
179 return true;
180 }
181
182 return false; // Only FrameLoaderClient can ultimately permit credential use.
183 }
184
didReceiveAuthenticationChallenge(SubresourceLoader * loader,const AuthenticationChallenge &)185 void DocumentThreadableLoader::didReceiveAuthenticationChallenge(SubresourceLoader* loader, const AuthenticationChallenge&)
186 {
187 ASSERT(loader == m_loader);
188 // Users are not prompted for credentials for cross-origin requests.
189 if (!m_sameOriginRequest) {
190 RefPtr<DocumentThreadableLoader> protect(this);
191 m_client->didFail(loader->blockedError());
192 cancel();
193 }
194 }
195
receivedCancellation(SubresourceLoader * loader,const AuthenticationChallenge & challenge)196 void DocumentThreadableLoader::receivedCancellation(SubresourceLoader* loader, const AuthenticationChallenge& challenge)
197 {
198 ASSERT(m_client);
199 ASSERT_UNUSED(loader, loader == m_loader);
200 m_client->didReceiveAuthenticationCancellation(challenge.failureResponse());
201 }
202
203 } // namespace WebCore
204