1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/renderer/pepper/url_request_info_util.h"
6
7 #include "base/logging.h"
8 #include "base/strings/string_util.h"
9 #include "content/common/fileapi/file_system_messages.h"
10 #include "content/renderer/pepper/common.h"
11 #include "content/renderer/pepper/host_globals.h"
12 #include "content/renderer/pepper/pepper_file_ref_renderer_host.h"
13 #include "content/renderer/pepper/pepper_plugin_instance_impl.h"
14 #include "content/renderer/pepper/plugin_module.h"
15 #include "content/renderer/pepper/renderer_ppapi_host_impl.h"
16 #include "content/renderer/render_thread_impl.h"
17 #include "net/http/http_util.h"
18 #include "ppapi/proxy/ppapi_messages.h"
19 #include "ppapi/shared_impl/url_request_info_data.h"
20 #include "ppapi/shared_impl/var.h"
21 #include "ppapi/thunk/enter.h"
22 #include "third_party/WebKit/public/platform/WebData.h"
23 #include "third_party/WebKit/public/platform/WebHTTPBody.h"
24 #include "third_party/WebKit/public/platform/WebURL.h"
25 #include "third_party/WebKit/public/platform/WebURLRequest.h"
26 #include "third_party/WebKit/public/web/WebDocument.h"
27 #include "third_party/WebKit/public/web/WebFrame.h"
28 #include "url/gurl.h"
29 #include "url/url_util.h"
30 #include "webkit/child/weburlrequest_extradata_impl.h"
31
32 using ppapi::Resource;
33 using ppapi::URLRequestInfoData;
34 using ppapi::thunk::EnterResourceNoLock;
35 using blink::WebData;
36 using blink::WebHTTPBody;
37 using blink::WebString;
38 using blink::WebFrame;
39 using blink::WebURL;
40 using blink::WebURLRequest;
41
42 namespace content {
43
44 namespace {
45
46 // Appends the file ref given the Resource pointer associated with it to the
47 // given HTTP body, returning true on success.
AppendFileRefToBody(PP_Instance instance,PP_Resource resource,int64_t start_offset,int64_t number_of_bytes,PP_Time expected_last_modified_time,WebHTTPBody * http_body)48 bool AppendFileRefToBody(
49 PP_Instance instance,
50 PP_Resource resource,
51 int64_t start_offset,
52 int64_t number_of_bytes,
53 PP_Time expected_last_modified_time,
54 WebHTTPBody *http_body) {
55 base::FilePath platform_path;
56 PepperPluginInstanceImpl* instance_impl =
57 HostGlobals::Get()->GetInstance(instance);
58 if (!instance_impl)
59 return false;
60
61 RendererPpapiHost* renderer_ppapi_host =
62 instance_impl->module()->renderer_ppapi_host();
63 if (!renderer_ppapi_host)
64 return false;
65 ppapi::host::ResourceHost* resource_host =
66 renderer_ppapi_host->GetPpapiHost()->GetResourceHost(resource);
67 if (!resource_host || !resource_host->IsFileRefHost())
68 return false;
69 PepperFileRefRendererHost* file_ref_host =
70 static_cast<PepperFileRefRendererHost*>(resource_host);
71 switch (file_ref_host->GetFileSystemType()) {
72 case PP_FILESYSTEMTYPE_LOCALTEMPORARY:
73 case PP_FILESYSTEMTYPE_LOCALPERSISTENT:
74 // TODO(kinuko): remove this sync IPC when we fully support
75 // AppendURLRange for FileSystem URL.
76 RenderThreadImpl::current()->Send(
77 new FileSystemHostMsg_SyncGetPlatformPath(
78 file_ref_host->GetFileSystemURL(), &platform_path));
79 break;
80 case PP_FILESYSTEMTYPE_EXTERNAL:
81 platform_path = file_ref_host->GetExternalFilePath();
82 break;
83 default:
84 NOTREACHED();
85 }
86 http_body->appendFileRange(
87 platform_path.AsUTF16Unsafe(),
88 start_offset,
89 number_of_bytes,
90 expected_last_modified_time);
91 return true;
92 }
93
94 // Checks that the request data is valid. Returns false on failure. Note that
95 // method and header validation is done by the URL loader when the request is
96 // opened, and any access errors are returned asynchronously.
ValidateURLRequestData(const URLRequestInfoData & data)97 bool ValidateURLRequestData(const URLRequestInfoData& data) {
98 if (data.prefetch_buffer_lower_threshold < 0 ||
99 data.prefetch_buffer_upper_threshold < 0 ||
100 data.prefetch_buffer_upper_threshold <=
101 data.prefetch_buffer_lower_threshold) {
102 return false;
103 }
104 return true;
105 }
106
107 } // namespace
108
CreateWebURLRequest(PP_Instance instance,URLRequestInfoData * data,WebFrame * frame,WebURLRequest * dest)109 bool CreateWebURLRequest(PP_Instance instance,
110 URLRequestInfoData* data,
111 WebFrame* frame,
112 WebURLRequest* dest) {
113 // In the out-of-process case, we've received the URLRequestInfoData
114 // from the untrusted plugin and done no validation on it. We need to be
115 // sure it's not being malicious by checking everything for consistency.
116 if (!ValidateURLRequestData(*data))
117 return false;
118
119 dest->initialize();
120 dest->setURL(frame->document().completeURL(WebString::fromUTF8(
121 data->url)));
122 dest->setDownloadToFile(data->stream_to_file);
123 dest->setReportUploadProgress(data->record_upload_progress);
124
125 if (!data->method.empty())
126 dest->setHTTPMethod(WebString::fromUTF8(data->method));
127
128 dest->setFirstPartyForCookies(frame->document().firstPartyForCookies());
129
130 const std::string& headers = data->headers;
131 if (!headers.empty()) {
132 net::HttpUtil::HeadersIterator it(headers.begin(), headers.end(), "\n\r");
133 while (it.GetNext()) {
134 dest->addHTTPHeaderField(
135 WebString::fromUTF8(it.name()),
136 WebString::fromUTF8(it.values()));
137 }
138 }
139
140 // Append the upload data.
141 if (!data->body.empty()) {
142 WebHTTPBody http_body;
143 http_body.initialize();
144 int file_index = 0;
145 for (size_t i = 0; i < data->body.size(); ++i) {
146 const URLRequestInfoData::BodyItem& item = data->body[i];
147 if (item.is_file) {
148 if (!AppendFileRefToBody(instance,
149 item.file_ref_pp_resource,
150 item.start_offset,
151 item.number_of_bytes,
152 item.expected_last_modified_time,
153 &http_body))
154 return false;
155 file_index++;
156 } else {
157 DCHECK(!item.data.empty());
158 http_body.appendData(WebData(item.data));
159 }
160 }
161 dest->setHTTPBody(http_body);
162 }
163
164 // Add the "Referer" header if there is a custom referrer. Such requests
165 // require universal access. For all other requests, "Referer" will be set
166 // after header security checks are done in AssociatedURLLoader.
167 if (data->has_custom_referrer_url && !data->custom_referrer_url.empty())
168 frame->setReferrerForRequest(*dest, GURL(data->custom_referrer_url));
169
170 if (data->has_custom_content_transfer_encoding &&
171 !data->custom_content_transfer_encoding.empty()) {
172 dest->addHTTPHeaderField(
173 WebString::fromUTF8("Content-Transfer-Encoding"),
174 WebString::fromUTF8(data->custom_content_transfer_encoding));
175 }
176
177 if (data->has_custom_user_agent) {
178 bool was_after_preconnect_request = false;
179 dest->setExtraData(new webkit_glue::WebURLRequestExtraDataImpl(
180 blink::WebReferrerPolicyDefault, // Ignored.
181 WebString::fromUTF8(data->custom_user_agent),
182 was_after_preconnect_request));
183 }
184
185 return true;
186 }
187
URLRequestRequiresUniversalAccess(const URLRequestInfoData & data)188 bool URLRequestRequiresUniversalAccess(const URLRequestInfoData& data) {
189 return
190 data.has_custom_referrer_url ||
191 data.has_custom_content_transfer_encoding ||
192 data.has_custom_user_agent ||
193 url_util::FindAndCompareScheme(data.url, "javascript", NULL);
194 }
195
196 } // namespace content
197