1 /* 2 * Copyright (C) 2011 Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * * Neither the name of Google Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived from 16 * this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #ifndef ResourceLoaderOptions_h 32 #define ResourceLoaderOptions_h 33 34 #include "core/fetch/FetchInitiatorInfo.h" 35 #include "platform/CrossThreadCopier.h" 36 #include "platform/weborigin/SecurityOrigin.h" 37 38 namespace blink { 39 40 enum DataBufferingPolicy { 41 BufferData, 42 DoNotBufferData 43 }; 44 45 enum ContentSecurityPolicyCheck { 46 CheckContentSecurityPolicy, 47 DoNotCheckContentSecurityPolicy 48 }; 49 50 enum RequestInitiatorContext { 51 DocumentContext, 52 WorkerContext, 53 }; 54 55 enum StoredCredentials { 56 AllowStoredCredentials, 57 DoNotAllowStoredCredentials 58 }; 59 60 // APIs like XMLHttpRequest and EventSource let the user decide 61 // whether to send credentials, but they're always sent for 62 // same-origin requests. Additional information is needed to handle 63 // cross-origin redirects correctly. 64 enum CredentialRequest { 65 ClientRequestedCredentials, 66 ClientDidNotRequestCredentials 67 }; 68 69 enum MixedContentBlockingTreatment { 70 TreatAsDefaultForType, 71 TreatAsPassiveContent, 72 TreatAsActiveContent, 73 TreatAsAlwaysAllowedContent 74 }; 75 76 enum SynchronousPolicy { 77 RequestSynchronously, 78 RequestAsynchronously 79 }; 80 81 // A resource fetch can be marked as being CORS enabled. The loader 82 // must perform an access check upon seeing the response. 83 enum CORSEnabled { 84 NotCORSEnabled, 85 IsCORSEnabled 86 }; 87 88 struct ResourceLoaderOptions { ResourceLoaderOptionsResourceLoaderOptions89 ResourceLoaderOptions() 90 : dataBufferingPolicy(BufferData) 91 , allowCredentials(DoNotAllowStoredCredentials) 92 , credentialsRequested(ClientDidNotRequestCredentials) 93 , contentSecurityPolicyOption(CheckContentSecurityPolicy) 94 , requestInitiatorContext(DocumentContext) 95 , mixedContentBlockingTreatment(TreatAsDefaultForType) 96 , synchronousPolicy(RequestAsynchronously) 97 , corsEnabled(NotCORSEnabled) 98 { 99 } 100 ResourceLoaderOptionsResourceLoaderOptions101 ResourceLoaderOptions( 102 DataBufferingPolicy dataBufferingPolicy, 103 StoredCredentials allowCredentials, 104 CredentialRequest credentialsRequested, 105 ContentSecurityPolicyCheck contentSecurityPolicyOption, 106 RequestInitiatorContext requestInitiatorContext) 107 : dataBufferingPolicy(dataBufferingPolicy) 108 , allowCredentials(allowCredentials) 109 , credentialsRequested(credentialsRequested) 110 , contentSecurityPolicyOption(contentSecurityPolicyOption) 111 , requestInitiatorContext(requestInitiatorContext) 112 , mixedContentBlockingTreatment(TreatAsDefaultForType) 113 , synchronousPolicy(RequestAsynchronously) 114 , corsEnabled(NotCORSEnabled) 115 { 116 } 117 118 // Answers the question "can a separate request with these 119 // different options be re-used" (e.g. preload request) 120 // The safe (but possibly slow) answer is always false. canReuseRequestResourceLoaderOptions121 bool canReuseRequest(const ResourceLoaderOptions& other) const 122 { 123 // dataBufferingPolicy differences are believed to be safe for re-use. 124 // FIXME: check allowCredentials. 125 // FIXME: check credentialsRequested. 126 // FIXME: check contentSecurityPolicyOption. 127 // initiatorInfo is purely informational and should be benign for re-use. 128 // requestInitiatorContext is benign (indicates document vs. worker) 129 // FIXME: check mixedContentBlockingTreatment. 130 // synchronousPolicy (safe to re-use an async XHR response for sync, etc.) 131 return corsEnabled == other.corsEnabled; 132 // securityOrigin has more complicated checks which callers are responsible for. 133 } 134 135 // When adding members, CrossThreadResourceLoaderOptionsData should be 136 // updated. 137 DataBufferingPolicy dataBufferingPolicy; 138 StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request. 139 CredentialRequest credentialsRequested; // Whether the client (e.g. XHR) wanted credentials in the first place. 140 ContentSecurityPolicyCheck contentSecurityPolicyOption; 141 FetchInitiatorInfo initiatorInfo; 142 RequestInitiatorContext requestInitiatorContext; 143 MixedContentBlockingTreatment mixedContentBlockingTreatment; 144 SynchronousPolicy synchronousPolicy; 145 CORSEnabled corsEnabled; // If the resource is loaded out-of-origin, whether or not to use CORS. 146 RefPtr<SecurityOrigin> securityOrigin; 147 }; 148 149 // Encode AtomicString (in FetchInitiatorInfo) as String to cross threads. 150 struct CrossThreadResourceLoaderOptionsData { CrossThreadResourceLoaderOptionsDataCrossThreadResourceLoaderOptionsData151 explicit CrossThreadResourceLoaderOptionsData(const ResourceLoaderOptions& options) 152 : dataBufferingPolicy(options.dataBufferingPolicy) 153 , allowCredentials(options.allowCredentials) 154 , credentialsRequested(options.credentialsRequested) 155 , contentSecurityPolicyOption(options.contentSecurityPolicyOption) 156 , initiatorInfo(options.initiatorInfo) 157 , requestInitiatorContext(options.requestInitiatorContext) 158 , mixedContentBlockingTreatment(options.mixedContentBlockingTreatment) 159 , synchronousPolicy(options.synchronousPolicy) 160 , corsEnabled(options.corsEnabled) 161 , securityOrigin(options.securityOrigin) { } 162 ResourceLoaderOptionsCrossThreadResourceLoaderOptionsData163 operator ResourceLoaderOptions() const 164 { 165 ResourceLoaderOptions options; 166 options.dataBufferingPolicy = dataBufferingPolicy; 167 options.allowCredentials = allowCredentials; 168 options.credentialsRequested = credentialsRequested; 169 options.contentSecurityPolicyOption = contentSecurityPolicyOption; 170 options.initiatorInfo = initiatorInfo; 171 options.requestInitiatorContext = requestInitiatorContext; 172 options.mixedContentBlockingTreatment = mixedContentBlockingTreatment; 173 options.synchronousPolicy = synchronousPolicy; 174 options.corsEnabled = corsEnabled; 175 options.securityOrigin = securityOrigin; 176 return options; 177 } 178 179 DataBufferingPolicy dataBufferingPolicy; 180 StoredCredentials allowCredentials; 181 CredentialRequest credentialsRequested; 182 ContentSecurityPolicyCheck contentSecurityPolicyOption; 183 CrossThreadFetchInitiatorInfoData initiatorInfo; 184 RequestInitiatorContext requestInitiatorContext; 185 MixedContentBlockingTreatment mixedContentBlockingTreatment; 186 SynchronousPolicy synchronousPolicy; 187 CORSEnabled corsEnabled; 188 RefPtr<SecurityOrigin> securityOrigin; 189 }; 190 191 template<> struct CrossThreadCopierBase<false, false, false, ResourceLoaderOptions> { 192 typedef CrossThreadResourceLoaderOptionsData Type; 193 static Type copy(const ResourceLoaderOptions& options) 194 { 195 return CrossThreadResourceLoaderOptionsData(options); 196 } 197 }; 198 199 } // namespace blink 200 201 #endif // ResourceLoaderOptions_h 202