diff options
Diffstat (limited to 'dom/fetch/Request.cpp')
-rw-r--r-- | dom/fetch/Request.cpp | 627 |
1 files changed, 627 insertions, 0 deletions
diff --git a/dom/fetch/Request.cpp b/dom/fetch/Request.cpp new file mode 100644 index 000000000..bc17afae3 --- /dev/null +++ b/dom/fetch/Request.cpp @@ -0,0 +1,627 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "Request.h" + +#include "nsIURI.h" +#include "nsPIDOMWindow.h" + +#include "mozilla/ErrorResult.h" +#include "mozilla/dom/Headers.h" +#include "mozilla/dom/Fetch.h" +#include "mozilla/dom/FetchUtil.h" +#include "mozilla/dom/Promise.h" +#include "mozilla/dom/URL.h" +#include "mozilla/dom/WorkerPrivate.h" +#include "mozilla/Unused.h" + +#include "WorkerPrivate.h" + +namespace mozilla { +namespace dom { + +NS_IMPL_CYCLE_COLLECTING_ADDREF(Request) +NS_IMPL_CYCLE_COLLECTING_RELEASE(Request) +NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(Request, mOwner, mHeaders) + +NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(Request) + NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY + NS_INTERFACE_MAP_ENTRY(nsISupports) +NS_INTERFACE_MAP_END + +Request::Request(nsIGlobalObject* aOwner, InternalRequest* aRequest) + : FetchBody<Request>() + , mOwner(aOwner) + , mRequest(aRequest) +{ + MOZ_ASSERT(aRequest->Headers()->Guard() == HeadersGuardEnum::Immutable || + aRequest->Headers()->Guard() == HeadersGuardEnum::Request || + aRequest->Headers()->Guard() == HeadersGuardEnum::Request_no_cors); + SetMimeType(); +} + +Request::~Request() +{ +} + +// static +bool +Request::RequestContextEnabled(JSContext* aCx, JSObject* aObj) +{ + if (NS_IsMainThread()) { + return Preferences::GetBool("dom.requestcontext.enabled", false); + } + + using namespace workers; + + // Otherwise, check the pref via the WorkerPrivate + WorkerPrivate* workerPrivate = GetWorkerPrivateFromContext(aCx); + if (!workerPrivate) { + return false; + } + + return workerPrivate->RequestContextEnabled(); +} + +already_AddRefed<InternalRequest> +Request::GetInternalRequest() +{ + RefPtr<InternalRequest> r = mRequest; + return r.forget(); +} + +namespace { +already_AddRefed<nsIURI> +ParseURLFromDocument(nsIDocument* aDocument, const nsAString& aInput, + ErrorResult& aRv) +{ + MOZ_ASSERT(aDocument); + MOZ_ASSERT(NS_IsMainThread()); + + nsCOMPtr<nsIURI> baseURI = aDocument->GetBaseURI(); + nsCOMPtr<nsIURI> resolvedURI; + aRv = NS_NewURI(getter_AddRefs(resolvedURI), aInput, nullptr, baseURI); + if (NS_WARN_IF(aRv.Failed())) { + aRv.ThrowTypeError<MSG_INVALID_URL>(aInput); + } + return resolvedURI.forget(); +} +void +GetRequestURLFromDocument(nsIDocument* aDocument, const nsAString& aInput, + nsAString& aRequestURL, nsACString& aURLfragment, + ErrorResult& aRv) +{ + nsCOMPtr<nsIURI> resolvedURI = ParseURLFromDocument(aDocument, aInput, aRv); + if (aRv.Failed()) { + return; + } + // This fails with URIs with weird protocols, even when they are valid, + // so we ignore the failure + nsAutoCString credentials; + Unused << resolvedURI->GetUserPass(credentials); + if (!credentials.IsEmpty()) { + aRv.ThrowTypeError<MSG_URL_HAS_CREDENTIALS>(aInput); + return; + } + + nsCOMPtr<nsIURI> resolvedURIClone; + // We use CloneIgnoringRef to strip away the fragment even if the original URI + // is immutable. + aRv = resolvedURI->CloneIgnoringRef(getter_AddRefs(resolvedURIClone)); + if (NS_WARN_IF(aRv.Failed())) { + return; + } + nsAutoCString spec; + aRv = resolvedURIClone->GetSpec(spec); + if (NS_WARN_IF(aRv.Failed())) { + return; + } + CopyUTF8toUTF16(spec, aRequestURL); + + // Get the fragment from nsIURI. + aRv = resolvedURI->GetRef(aURLfragment); + if (NS_WARN_IF(aRv.Failed())) { + return; + } +} +already_AddRefed<nsIURI> +ParseURLFromChrome(const nsAString& aInput, ErrorResult& aRv) +{ + MOZ_ASSERT(NS_IsMainThread()); + nsCOMPtr<nsIURI> uri; + aRv = NS_NewURI(getter_AddRefs(uri), aInput, nullptr, nullptr); + if (NS_WARN_IF(aRv.Failed())) { + aRv.ThrowTypeError<MSG_INVALID_URL>(aInput); + } + return uri.forget(); +} +void +GetRequestURLFromChrome(const nsAString& aInput, nsAString& aRequestURL, + nsACString& aURLfragment, ErrorResult& aRv) +{ + nsCOMPtr<nsIURI> uri = ParseURLFromChrome(aInput, aRv); + if (aRv.Failed()) { + return; + } + // This fails with URIs with weird protocols, even when they are valid, + // so we ignore the failure + nsAutoCString credentials; + Unused << uri->GetUserPass(credentials); + if (!credentials.IsEmpty()) { + aRv.ThrowTypeError<MSG_URL_HAS_CREDENTIALS>(aInput); + return; + } + + nsCOMPtr<nsIURI> uriClone; + // We use CloneIgnoringRef to strip away the fragment even if the original URI + // is immutable. + aRv = uri->CloneIgnoringRef(getter_AddRefs(uriClone)); + if (NS_WARN_IF(aRv.Failed())) { + return; + } + nsAutoCString spec; + aRv = uriClone->GetSpec(spec); + if (NS_WARN_IF(aRv.Failed())) { + return; + } + CopyUTF8toUTF16(spec, aRequestURL); + + // Get the fragment from nsIURI. + aRv = uri->GetRef(aURLfragment); + if (NS_WARN_IF(aRv.Failed())) { + return; + } +} +already_AddRefed<URL> +ParseURLFromWorker(const GlobalObject& aGlobal, const nsAString& aInput, + ErrorResult& aRv) +{ + workers::WorkerPrivate* worker = workers::GetCurrentThreadWorkerPrivate(); + MOZ_ASSERT(worker); + worker->AssertIsOnWorkerThread(); + + NS_ConvertUTF8toUTF16 baseURL(worker->GetLocationInfo().mHref); + RefPtr<URL> url = URL::WorkerConstructor(aGlobal, aInput, baseURL, aRv); + if (NS_WARN_IF(aRv.Failed())) { + aRv.ThrowTypeError<MSG_INVALID_URL>(aInput); + } + return url.forget(); +} +void +GetRequestURLFromWorker(const GlobalObject& aGlobal, const nsAString& aInput, + nsAString& aRequestURL, nsACString& aURLfragment, + ErrorResult& aRv) +{ + RefPtr<URL> url = ParseURLFromWorker(aGlobal, aInput, aRv); + if (aRv.Failed()) { + return; + } + nsString username; + url->GetUsername(username, aRv); + if (NS_WARN_IF(aRv.Failed())) { + return; + } + + nsString password; + url->GetPassword(password, aRv); + if (NS_WARN_IF(aRv.Failed())) { + return; + } + if (!username.IsEmpty() || !password.IsEmpty()) { + aRv.ThrowTypeError<MSG_URL_HAS_CREDENTIALS>(aInput); + return; + } + // Get the fragment from URL. + nsAutoString fragment; + url->GetHash(fragment, aRv); + if (NS_WARN_IF(aRv.Failed())) { + return; + } + + // Note: URL::GetHash() includes the "#" and we want the fragment with out + // the hash symbol. + if (!fragment.IsEmpty()) { + CopyUTF16toUTF8(Substring(fragment, 1), aURLfragment); + } + + url->SetHash(EmptyString(), aRv); + if (NS_WARN_IF(aRv.Failed())) { + return; + } + url->Stringify(aRequestURL, aRv); + if (NS_WARN_IF(aRv.Failed())) { + return; + } +} + +class ReferrerSameOriginChecker final : public workers::WorkerMainThreadRunnable +{ +public: + ReferrerSameOriginChecker(workers::WorkerPrivate* aWorkerPrivate, + const nsAString& aReferrerURL, + nsresult& aResult) + : workers::WorkerMainThreadRunnable(aWorkerPrivate, + NS_LITERAL_CSTRING("Fetch :: Referrer same origin check")), + mReferrerURL(aReferrerURL), + mResult(aResult) + { + mWorkerPrivate->AssertIsOnWorkerThread(); + } + + bool + MainThreadRun() override + { + nsCOMPtr<nsIURI> uri; + if (NS_SUCCEEDED(NS_NewURI(getter_AddRefs(uri), mReferrerURL))) { + nsCOMPtr<nsIPrincipal> principal = mWorkerPrivate->GetPrincipal(); + if (principal) { + mResult = principal->CheckMayLoad(uri, /* report */ false, + /* allowIfInheritsPrincipal */ false); + } + } + return true; + } + +private: + const nsString mReferrerURL; + nsresult& mResult; +}; + +} // namespace + +/*static*/ already_AddRefed<Request> +Request::Constructor(const GlobalObject& aGlobal, + const RequestOrUSVString& aInput, + const RequestInit& aInit, ErrorResult& aRv) +{ + nsCOMPtr<nsIInputStream> temporaryBody; + RefPtr<InternalRequest> request; + + nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(aGlobal.GetAsSupports()); + + if (aInput.IsRequest()) { + RefPtr<Request> inputReq = &aInput.GetAsRequest(); + nsCOMPtr<nsIInputStream> body; + inputReq->GetBody(getter_AddRefs(body)); + if (inputReq->BodyUsed()) { + aRv.ThrowTypeError<MSG_FETCH_BODY_CONSUMED_ERROR>(); + return nullptr; + } + if (body) { + temporaryBody = body; + } + + request = inputReq->GetInternalRequest(); + } else { + // aInput is USVString. + // We need to get url before we create a InternalRequest. + nsAutoString input; + input.Assign(aInput.GetAsUSVString()); + nsAutoString requestURL; + nsCString fragment; + if (NS_IsMainThread()) { + nsIDocument* doc = GetEntryDocument(); + if (doc) { + GetRequestURLFromDocument(doc, input, requestURL, fragment, aRv); + } else { + // If we don't have a document, we must assume that this is a full URL. + GetRequestURLFromChrome(input, requestURL, fragment, aRv); + } + } else { + GetRequestURLFromWorker(aGlobal, input, requestURL, fragment, aRv); + } + if (NS_WARN_IF(aRv.Failed())) { + return nullptr; + } + request = new InternalRequest(NS_ConvertUTF16toUTF8(requestURL), fragment); + } + request = request->GetRequestConstructorCopy(global, aRv); + if (NS_WARN_IF(aRv.Failed())) { + return nullptr; + } + RequestMode fallbackMode = RequestMode::EndGuard_; + RequestCredentials fallbackCredentials = RequestCredentials::EndGuard_; + RequestCache fallbackCache = RequestCache::EndGuard_; + if (aInput.IsUSVString()) { + fallbackMode = RequestMode::Cors; + fallbackCredentials = RequestCredentials::Omit; + fallbackCache = RequestCache::Default; + } + + RequestMode mode = aInit.mMode.WasPassed() ? aInit.mMode.Value() : fallbackMode; + RequestCredentials credentials = + aInit.mCredentials.WasPassed() ? aInit.mCredentials.Value() + : fallbackCredentials; + + if (mode == RequestMode::Navigate || + (aInit.IsAnyMemberPresent() && request->Mode() == RequestMode::Navigate)) { + aRv.ThrowTypeError<MSG_INVALID_REQUEST_MODE>(NS_LITERAL_STRING("navigate")); + return nullptr; + } + + if (aInit.IsAnyMemberPresent()) { + request->SetReferrer(NS_LITERAL_STRING(kFETCH_CLIENT_REFERRER_STR)); + request->SetReferrerPolicy(ReferrerPolicy::_empty); + } + if (aInit.mReferrer.WasPassed()) { + const nsString& referrer = aInit.mReferrer.Value(); + if (referrer.IsEmpty()) { + request->SetReferrer(NS_LITERAL_STRING("")); + } else { + nsAutoString referrerURL; + if (NS_IsMainThread()) { + nsIDocument* doc = GetEntryDocument(); + nsCOMPtr<nsIURI> uri; + if (doc) { + uri = ParseURLFromDocument(doc, referrer, aRv); + } else { + // If we don't have a document, we must assume that this is a full URL. + uri = ParseURLFromChrome(referrer, aRv); + } + if (NS_WARN_IF(aRv.Failed())) { + aRv.ThrowTypeError<MSG_INVALID_REFERRER_URL>(referrer); + return nullptr; + } + nsAutoCString spec; + uri->GetSpec(spec); + CopyUTF8toUTF16(spec, referrerURL); + if (!referrerURL.EqualsLiteral(kFETCH_CLIENT_REFERRER_STR)) { + nsCOMPtr<nsIPrincipal> principal = global->PrincipalOrNull(); + if (principal) { + nsresult rv = principal->CheckMayLoad(uri, /* report */ false, + /* allowIfInheritsPrincipal */ false); + if (NS_FAILED(rv)) { + nsAutoCString globalOrigin; + principal->GetOrigin(globalOrigin); + aRv.ThrowTypeError<MSG_CROSS_ORIGIN_REFERRER_URL>(referrer, + NS_ConvertUTF8toUTF16(globalOrigin)); + return nullptr; + } + } + } + } else { + RefPtr<URL> url = ParseURLFromWorker(aGlobal, referrer, aRv); + if (NS_WARN_IF(aRv.Failed())) { + aRv.ThrowTypeError<MSG_INVALID_REFERRER_URL>(referrer); + return nullptr; + } + url->Stringify(referrerURL, aRv); + if (NS_WARN_IF(aRv.Failed())) { + aRv.ThrowTypeError<MSG_INVALID_REFERRER_URL>(referrer); + return nullptr; + } + if (!referrerURL.EqualsLiteral(kFETCH_CLIENT_REFERRER_STR)) { + workers::WorkerPrivate* worker = workers::GetCurrentThreadWorkerPrivate(); + nsresult rv = NS_OK; + // ReferrerSameOriginChecker uses a sync loop to get the main thread + // to perform the same-origin check. Overall, on Workers this method + // can create 3 sync loops (two for constructing URLs and one here) so + // in the future we may want to optimize it all by off-loading all of + // this work in a single sync loop. + RefPtr<ReferrerSameOriginChecker> checker = + new ReferrerSameOriginChecker(worker, referrerURL, rv); + checker->Dispatch(aRv); + if (aRv.Failed() || NS_FAILED(rv)) { + aRv.ThrowTypeError<MSG_CROSS_ORIGIN_REFERRER_URL>(referrer, + worker->GetLocationInfo().mOrigin); + return nullptr; + } + } + } + request->SetReferrer(referrerURL); + } + } + + if (aInit.mReferrerPolicy.WasPassed()) { + request->SetReferrerPolicy(aInit.mReferrerPolicy.Value()); + } + + if (NS_IsMainThread()) { + nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(global); + if (window) { + nsCOMPtr<nsIDocument> doc; + doc = window->GetExtantDoc(); + if (doc) { + request->SetEnvironmentReferrerPolicy(doc->GetReferrerPolicy()); + } + } + } else { + workers::WorkerPrivate* worker = workers::GetCurrentThreadWorkerPrivate(); + if (worker) { + worker->AssertIsOnWorkerThread(); + request->SetEnvironmentReferrerPolicy(worker->GetReferrerPolicy()); + } + } + + if (mode != RequestMode::EndGuard_) { + request->ClearCreatedByFetchEvent(); + request->SetMode(mode); + } + + if (credentials != RequestCredentials::EndGuard_) { + request->ClearCreatedByFetchEvent(); + request->SetCredentialsMode(credentials); + } + + RequestCache cache = aInit.mCache.WasPassed() ? + aInit.mCache.Value() : fallbackCache; + if (cache != RequestCache::EndGuard_) { + if (cache == RequestCache::Only_if_cached && + request->Mode() != RequestMode::Same_origin) { + uint32_t t = static_cast<uint32_t>(request->Mode()); + NS_ConvertASCIItoUTF16 modeString(RequestModeValues::strings[t].value, + RequestModeValues::strings[t].length); + aRv.ThrowTypeError<MSG_ONLY_IF_CACHED_WITHOUT_SAME_ORIGIN>(modeString); + return nullptr; + } + request->ClearCreatedByFetchEvent(); + request->SetCacheMode(cache); + } + + if (aInit.mRedirect.WasPassed()) { + request->SetRedirectMode(aInit.mRedirect.Value()); + } + + if (aInit.mIntegrity.WasPassed()) { + request->SetIntegrity(aInit.mIntegrity.Value()); + } + + // Request constructor step 14. + if (aInit.mMethod.WasPassed()) { + nsAutoCString method(aInit.mMethod.Value()); + + // Step 14.1. Disallow forbidden methods, and anything that is not a HTTP + // token, since HTTP states that Method may be any of the defined values or + // a token (extension method). + nsAutoCString outMethod; + nsresult rv = FetchUtil::GetValidRequestMethod(method, outMethod); + if (NS_FAILED(rv)) { + NS_ConvertUTF8toUTF16 label(method); + aRv.ThrowTypeError<MSG_INVALID_REQUEST_METHOD>(label); + return nullptr; + } + + // Step 14.2 + request->ClearCreatedByFetchEvent(); + request->SetMethod(outMethod); + } + + RefPtr<InternalHeaders> requestHeaders = request->Headers(); + + RefPtr<InternalHeaders> headers; + if (aInit.mHeaders.WasPassed()) { + RefPtr<Headers> h = Headers::Constructor(aGlobal, aInit.mHeaders.Value(), aRv); + if (aRv.Failed()) { + return nullptr; + } + request->ClearCreatedByFetchEvent(); + headers = h->GetInternalHeaders(); + } else { + headers = new InternalHeaders(*requestHeaders); + } + + requestHeaders->Clear(); + // From "Let r be a new Request object associated with request and a new + // Headers object whose guard is "request"." + requestHeaders->SetGuard(HeadersGuardEnum::Request, aRv); + MOZ_ASSERT(!aRv.Failed()); + + if (request->Mode() == RequestMode::No_cors) { + if (!request->HasSimpleMethod()) { + nsAutoCString method; + request->GetMethod(method); + NS_ConvertUTF8toUTF16 label(method); + aRv.ThrowTypeError<MSG_INVALID_REQUEST_METHOD>(label); + return nullptr; + } + + if (!request->GetIntegrity().IsEmpty()) { + aRv.ThrowTypeError<MSG_REQUEST_INTEGRITY_METADATA_NOT_EMPTY>(); + return nullptr; + } + + requestHeaders->SetGuard(HeadersGuardEnum::Request_no_cors, aRv); + if (aRv.Failed()) { + return nullptr; + } + } + + requestHeaders->Fill(*headers, aRv); + if (aRv.Failed()) { + return nullptr; + } + + if ((aInit.mBody.WasPassed() && !aInit.mBody.Value().IsNull()) || + temporaryBody) { + // HEAD and GET are not allowed to have a body. + nsAutoCString method; + request->GetMethod(method); + // method is guaranteed to be uppercase due to step 14.2 above. + if (method.EqualsLiteral("HEAD") || method.EqualsLiteral("GET")) { + aRv.ThrowTypeError<MSG_NO_BODY_ALLOWED_FOR_GET_AND_HEAD>(); + return nullptr; + } + } + + if (aInit.mBody.WasPassed()) { + const Nullable<OwningArrayBufferOrArrayBufferViewOrBlobOrFormDataOrUSVStringOrURLSearchParams>& bodyInitNullable = + aInit.mBody.Value(); + if (!bodyInitNullable.IsNull()) { + const OwningArrayBufferOrArrayBufferViewOrBlobOrFormDataOrUSVStringOrURLSearchParams& bodyInit = + bodyInitNullable.Value(); + nsCOMPtr<nsIInputStream> stream; + nsAutoCString contentType; + uint64_t contentLengthUnused; + aRv = ExtractByteStreamFromBody(bodyInit, + getter_AddRefs(stream), + contentType, + contentLengthUnused); + if (NS_WARN_IF(aRv.Failed())) { + return nullptr; + } + + temporaryBody = stream; + + if (!contentType.IsVoid() && + !requestHeaders->Has(NS_LITERAL_CSTRING("Content-Type"), aRv)) { + requestHeaders->Append(NS_LITERAL_CSTRING("Content-Type"), + contentType, aRv); + } + + if (NS_WARN_IF(aRv.Failed())) { + return nullptr; + } + + request->ClearCreatedByFetchEvent(); + request->SetBody(temporaryBody); + } + } + + RefPtr<Request> domRequest = new Request(global, request); + domRequest->SetMimeType(); + + if (aInput.IsRequest()) { + RefPtr<Request> inputReq = &aInput.GetAsRequest(); + nsCOMPtr<nsIInputStream> body; + inputReq->GetBody(getter_AddRefs(body)); + if (body) { + inputReq->SetBody(nullptr); + inputReq->SetBodyUsed(); + } + } + return domRequest.forget(); +} + +already_AddRefed<Request> +Request::Clone(ErrorResult& aRv) const +{ + if (BodyUsed()) { + aRv.ThrowTypeError<MSG_FETCH_BODY_CONSUMED_ERROR>(); + return nullptr; + } + + RefPtr<InternalRequest> ir = mRequest->Clone(); + if (!ir) { + aRv.Throw(NS_ERROR_FAILURE); + return nullptr; + } + + RefPtr<Request> request = new Request(mOwner, ir); + return request.forget(); +} + +Headers* +Request::Headers_() +{ + if (!mHeaders) { + mHeaders = new Headers(mOwner, mRequest->Headers()); + } + + return mHeaders; +} + +} // namespace dom +} // namespace mozilla |