diff options
Diffstat (limited to 'image/imgRequest.cpp')
-rw-r--r-- | image/imgRequest.cpp | 1305 |
1 files changed, 1305 insertions, 0 deletions
diff --git a/image/imgRequest.cpp b/image/imgRequest.cpp new file mode 100644 index 000000000..ba99779d3 --- /dev/null +++ b/image/imgRequest.cpp @@ -0,0 +1,1305 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "imgRequest.h" +#include "ImageLogging.h" + +#include "imgLoader.h" +#include "imgRequestProxy.h" +#include "DecodePool.h" +#include "ProgressTracker.h" +#include "ImageFactory.h" +#include "Image.h" +#include "MultipartImage.h" +#include "RasterImage.h" + +#include "nsIChannel.h" +#include "nsICacheInfoChannel.h" +#include "nsIDocument.h" +#include "nsIThreadRetargetableRequest.h" +#include "nsIInputStream.h" +#include "nsIMultiPartChannel.h" +#include "nsIHttpChannel.h" +#include "nsIApplicationCache.h" +#include "nsIApplicationCacheChannel.h" +#include "nsMimeTypes.h" + +#include "nsIInterfaceRequestorUtils.h" +#include "nsISupportsPrimitives.h" +#include "nsIScriptSecurityManager.h" +#include "nsContentUtils.h" + +#include "plstr.h" // PL_strcasestr(...) +#include "nsNetUtil.h" +#include "nsIProtocolHandler.h" +#include "imgIRequest.h" + +using namespace mozilla; +using namespace mozilla::image; + +#define LOG_TEST(level) (MOZ_LOG_TEST(gImgLog, (level))) + +NS_IMPL_ISUPPORTS(imgRequest, + nsIStreamListener, nsIRequestObserver, + nsIThreadRetargetableStreamListener, + nsIChannelEventSink, + nsIInterfaceRequestor, + nsIAsyncVerifyRedirectCallback) + +imgRequest::imgRequest(imgLoader* aLoader, const ImageCacheKey& aCacheKey) + : mLoader(aLoader) + , mCacheKey(aCacheKey) + , mLoadId(nullptr) + , mFirstProxy(nullptr) + , mValidator(nullptr) + , mInnerWindowId(0) + , mCORSMode(imgIRequest::CORS_NONE) + , mReferrerPolicy(mozilla::net::RP_Default) + , mImageErrorCode(NS_OK) + , mMutex("imgRequest") + , mProgressTracker(new ProgressTracker()) + , mIsMultiPartChannel(false) + , mGotData(false) + , mIsInCache(false) + , mDecodeRequested(false) + , mNewPartPending(false) + , mHadInsecureRedirect(false) +{ } + +imgRequest::~imgRequest() +{ + if (mLoader) { + mLoader->RemoveFromUncachedImages(this); + } + if (mURI) { + nsAutoCString spec; + mURI->GetSpec(spec); + LOG_FUNC_WITH_PARAM(gImgLog, "imgRequest::~imgRequest()", + "keyuri", spec.get()); + } else + LOG_FUNC(gImgLog, "imgRequest::~imgRequest()"); +} + +nsresult +imgRequest::Init(nsIURI *aURI, + nsIURI *aCurrentURI, + bool aHadInsecureRedirect, + nsIRequest *aRequest, + nsIChannel *aChannel, + imgCacheEntry *aCacheEntry, + nsISupports* aCX, + nsIPrincipal* aLoadingPrincipal, + int32_t aCORSMode, + ReferrerPolicy aReferrerPolicy) +{ + MOZ_ASSERT(NS_IsMainThread(), "Cannot use nsIURI off main thread!"); + + LOG_FUNC(gImgLog, "imgRequest::Init"); + + MOZ_ASSERT(!mImage, "Multiple calls to init"); + MOZ_ASSERT(aURI, "No uri"); + MOZ_ASSERT(aCurrentURI, "No current uri"); + MOZ_ASSERT(aRequest, "No request"); + MOZ_ASSERT(aChannel, "No channel"); + + mProperties = do_CreateInstance("@mozilla.org/properties;1"); + + // Use ImageURL to ensure access to URI data off main thread. + nsresult rv; + mURI = new ImageURL(aURI, rv); + NS_ENSURE_SUCCESS(rv, rv); + + mCurrentURI = aCurrentURI; + mRequest = aRequest; + mChannel = aChannel; + mTimedChannel = do_QueryInterface(mChannel); + + mLoadingPrincipal = aLoadingPrincipal; + mCORSMode = aCORSMode; + mReferrerPolicy = aReferrerPolicy; + + // If the original URI and the current URI are different, check whether the + // original URI is secure. We deliberately don't take the current URI into + // account, as it needs to be handled using more complicated rules than + // earlier elements of the redirect chain. + if (aURI != aCurrentURI) { + bool isHttps = false; + bool isChrome = false; + bool schemeLocal = false; + if (NS_FAILED(aURI->SchemeIs("https", &isHttps)) || + NS_FAILED(aURI->SchemeIs("chrome", &isChrome)) || + NS_FAILED(NS_URIChainHasFlags( + aURI, + nsIProtocolHandler::URI_IS_LOCAL_RESOURCE , &schemeLocal)) || + (!isHttps && !isChrome && !schemeLocal)) { + mHadInsecureRedirect = true; + } + } + + // imgCacheValidator may have handled redirects before we were created, so we + // allow the caller to let us know if any redirects were insecure. + mHadInsecureRedirect = mHadInsecureRedirect || aHadInsecureRedirect; + + mChannel->GetNotificationCallbacks(getter_AddRefs(mPrevChannelSink)); + + NS_ASSERTION(mPrevChannelSink != this, + "Initializing with a channel that already calls back to us!"); + + mChannel->SetNotificationCallbacks(this); + + mCacheEntry = aCacheEntry; + mCacheEntry->UpdateLoadTime(); + + SetLoadId(aCX); + + // Grab the inner window ID of the loading document, if possible. + nsCOMPtr<nsIDocument> doc = do_QueryInterface(aCX); + if (doc) { + mInnerWindowId = doc->InnerWindowID(); + } + + return NS_OK; +} + +void +imgRequest::ClearLoader() { + mLoader = nullptr; +} + +already_AddRefed<ProgressTracker> +imgRequest::GetProgressTracker() const +{ + MutexAutoLock lock(mMutex); + + if (mImage) { + MOZ_ASSERT(!mProgressTracker, + "Should have given mProgressTracker to mImage"); + return mImage->GetProgressTracker(); + } else { + MOZ_ASSERT(mProgressTracker, + "Should have mProgressTracker until we create mImage"); + RefPtr<ProgressTracker> progressTracker = mProgressTracker; + MOZ_ASSERT(progressTracker); + return progressTracker.forget(); + } +} + +void imgRequest::SetCacheEntry(imgCacheEntry* entry) +{ + mCacheEntry = entry; +} + +bool +imgRequest::HasCacheEntry() const +{ + return mCacheEntry != nullptr; +} + +void +imgRequest::ResetCacheEntry() +{ + if (HasCacheEntry()) { + mCacheEntry->SetDataSize(0); + } +} + +void +imgRequest::AddProxy(imgRequestProxy* proxy) +{ + NS_PRECONDITION(proxy, "null imgRequestProxy passed in"); + LOG_SCOPE_WITH_PARAM(gImgLog, "imgRequest::AddProxy", "proxy", proxy); + + if (!mFirstProxy) { + // Save a raw pointer to the first proxy we see, for use in the network + // priority logic. + mFirstProxy = proxy; + } + + // If we're empty before adding, we have to tell the loader we now have + // proxies. + RefPtr<ProgressTracker> progressTracker = GetProgressTracker(); + if (progressTracker->ObserverCount() == 0) { + MOZ_ASSERT(mURI, "Trying to SetHasProxies without key uri."); + if (mLoader) { + mLoader->SetHasProxies(this); + } + } + + progressTracker->AddObserver(proxy); +} + +nsresult +imgRequest::RemoveProxy(imgRequestProxy* proxy, nsresult aStatus) +{ + LOG_SCOPE_WITH_PARAM(gImgLog, "imgRequest::RemoveProxy", "proxy", proxy); + + // This will remove our animation consumers, so after removing + // this proxy, we don't end up without proxies with observers, but still + // have animation consumers. + proxy->ClearAnimationConsumers(); + + // Let the status tracker do its thing before we potentially call Cancel() + // below, because Cancel() may result in OnStopRequest being called back + // before Cancel() returns, leaving the image in a different state then the + // one it was in at this point. + RefPtr<ProgressTracker> progressTracker = GetProgressTracker(); + if (!progressTracker->RemoveObserver(proxy)) { + return NS_OK; + } + + if (progressTracker->ObserverCount() == 0) { + // If we have no observers, there's nothing holding us alive. If we haven't + // been cancelled and thus removed from the cache, tell the image loader so + // we can be evicted from the cache. + if (mCacheEntry) { + MOZ_ASSERT(mURI, "Removing last observer without key uri."); + + if (mLoader) { + mLoader->SetHasNoProxies(this, mCacheEntry); + } + } else if (MOZ_LOG_TEST(gImgLog, LogLevel::Debug)) { + nsAutoCString spec; + mURI->GetSpec(spec); + LOG_MSG_WITH_PARAM(gImgLog, + "imgRequest::RemoveProxy no cache entry", + "uri", spec.get()); + } + + /* If |aStatus| is a failure code, then cancel the load if it is still in + progress. Otherwise, let the load continue, keeping 'this' in the cache + with no observers. This way, if a proxy is destroyed without calling + cancel on it, it won't leak and won't leave a bad pointer in the observer + list. + */ + if (!(progressTracker->GetProgress() & FLAG_LAST_PART_COMPLETE) && + NS_FAILED(aStatus)) { + LOG_MSG(gImgLog, "imgRequest::RemoveProxy", + "load in progress. canceling"); + + this->Cancel(NS_BINDING_ABORTED); + } + + /* break the cycle from the cache entry. */ + mCacheEntry = nullptr; + } + + // If a proxy is removed for a reason other than its owner being + // changed, remove the proxy from the loadgroup. + if (aStatus != NS_IMAGELIB_CHANGING_OWNER) { + proxy->RemoveFromLoadGroup(true); + } + + return NS_OK; +} + +void +imgRequest::CancelAndAbort(nsresult aStatus) +{ + LOG_SCOPE(gImgLog, "imgRequest::CancelAndAbort"); + + Cancel(aStatus); + + // It's possible for the channel to fail to open after we've set our + // notification callbacks. In that case, make sure to break the cycle between + // the channel and us, because it won't. + if (mChannel) { + mChannel->SetNotificationCallbacks(mPrevChannelSink); + mPrevChannelSink = nullptr; + } +} + +class imgRequestMainThreadCancel : public Runnable +{ +public: + imgRequestMainThreadCancel(imgRequest* aImgRequest, nsresult aStatus) + : mImgRequest(aImgRequest) + , mStatus(aStatus) + { + MOZ_ASSERT(!NS_IsMainThread(), "Create me off main thread only!"); + MOZ_ASSERT(aImgRequest); + } + + NS_IMETHOD Run() override + { + MOZ_ASSERT(NS_IsMainThread(), "I should be running on the main thread!"); + mImgRequest->ContinueCancel(mStatus); + return NS_OK; + } +private: + RefPtr<imgRequest> mImgRequest; + nsresult mStatus; +}; + +void +imgRequest::Cancel(nsresult aStatus) +{ + /* The Cancel() method here should only be called by this class. */ + LOG_SCOPE(gImgLog, "imgRequest::Cancel"); + + if (NS_IsMainThread()) { + ContinueCancel(aStatus); + } else { + NS_DispatchToMainThread(new imgRequestMainThreadCancel(this, aStatus)); + } +} + +void +imgRequest::ContinueCancel(nsresult aStatus) +{ + MOZ_ASSERT(NS_IsMainThread()); + + RefPtr<ProgressTracker> progressTracker = GetProgressTracker(); + progressTracker->SyncNotifyProgress(FLAG_HAS_ERROR | FLAG_ONLOAD_UNBLOCKED); + + RemoveFromCache(); + + if (mRequest && !(progressTracker->GetProgress() & FLAG_LAST_PART_COMPLETE)) { + mRequest->Cancel(aStatus); + } +} + +class imgRequestMainThreadEvict : public Runnable +{ +public: + explicit imgRequestMainThreadEvict(imgRequest* aImgRequest) + : mImgRequest(aImgRequest) + { + MOZ_ASSERT(!NS_IsMainThread(), "Create me off main thread only!"); + MOZ_ASSERT(aImgRequest); + } + + NS_IMETHOD Run() override + { + MOZ_ASSERT(NS_IsMainThread(), "I should be running on the main thread!"); + mImgRequest->ContinueEvict(); + return NS_OK; + } +private: + RefPtr<imgRequest> mImgRequest; +}; + +// EvictFromCache() is written to allowed to get called from any thread +void +imgRequest::EvictFromCache() +{ + /* The EvictFromCache() method here should only be called by this class. */ + LOG_SCOPE(gImgLog, "imgRequest::EvictFromCache"); + + if (NS_IsMainThread()) { + ContinueEvict(); + } else { + NS_DispatchToMainThread(new imgRequestMainThreadEvict(this)); + } +} + +// Helper-method used by EvictFromCache() +void +imgRequest::ContinueEvict() +{ + MOZ_ASSERT(NS_IsMainThread()); + + RemoveFromCache(); +} + +void +imgRequest::StartDecoding() +{ + MutexAutoLock lock(mMutex); + mDecodeRequested = true; +} + +bool +imgRequest::IsDecodeRequested() const +{ + MutexAutoLock lock(mMutex); + return mDecodeRequested; +} + +nsresult imgRequest::GetURI(ImageURL** aURI) +{ + MOZ_ASSERT(aURI); + + LOG_FUNC(gImgLog, "imgRequest::GetURI"); + + if (mURI) { + *aURI = mURI; + NS_ADDREF(*aURI); + return NS_OK; + } + + return NS_ERROR_FAILURE; +} + +nsresult +imgRequest::GetCurrentURI(nsIURI** aURI) +{ + MOZ_ASSERT(aURI); + + LOG_FUNC(gImgLog, "imgRequest::GetCurrentURI"); + + if (mCurrentURI) { + *aURI = mCurrentURI; + NS_ADDREF(*aURI); + return NS_OK; + } + + return NS_ERROR_FAILURE; +} + +bool +imgRequest::IsChrome() const +{ + bool isChrome = false; + if (NS_WARN_IF(NS_FAILED(mURI->SchemeIs("chrome", &isChrome)))) { + return false; + } + return isChrome; +} + +nsresult +imgRequest::GetImageErrorCode() +{ + return mImageErrorCode; +} + +nsresult +imgRequest::GetSecurityInfo(nsISupports** aSecurityInfo) +{ + LOG_FUNC(gImgLog, "imgRequest::GetSecurityInfo"); + + // Missing security info means this is not a security load + // i.e. it is not an error when security info is missing + NS_IF_ADDREF(*aSecurityInfo = mSecurityInfo); + return NS_OK; +} + +void +imgRequest::RemoveFromCache() +{ + LOG_SCOPE(gImgLog, "imgRequest::RemoveFromCache"); + + bool isInCache = false; + + { + MutexAutoLock lock(mMutex); + isInCache = mIsInCache; + } + + if (isInCache && mLoader) { + // mCacheEntry is nulled out when we have no more observers. + if (mCacheEntry) { + mLoader->RemoveFromCache(mCacheEntry); + } else { + mLoader->RemoveFromCache(mCacheKey); + } + } + + mCacheEntry = nullptr; +} + +bool +imgRequest::HasConsumers() const +{ + RefPtr<ProgressTracker> progressTracker = GetProgressTracker(); + return progressTracker && progressTracker->ObserverCount() > 0; +} + +already_AddRefed<Image> +imgRequest::GetImage() const +{ + MutexAutoLock lock(mMutex); + RefPtr<Image> image = mImage; + return image.forget(); +} + +int32_t imgRequest::Priority() const +{ + int32_t priority = nsISupportsPriority::PRIORITY_NORMAL; + nsCOMPtr<nsISupportsPriority> p = do_QueryInterface(mRequest); + if (p) { + p->GetPriority(&priority); + } + return priority; +} + +void +imgRequest::AdjustPriority(imgRequestProxy* proxy, int32_t delta) +{ + // only the first proxy is allowed to modify the priority of this image load. + // + // XXX(darin): this is probably not the most optimal algorithm as we may want + // to increase the priority of requests that have a lot of proxies. the key + // concern though is that image loads remain lower priority than other pieces + // of content such as link clicks, CSS, and JS. + // + if (!mFirstProxy || proxy != mFirstProxy) { + return; + } + + nsCOMPtr<nsISupportsPriority> p = do_QueryInterface(mChannel); + if (p) { + p->AdjustPriority(delta); + } +} + +bool +imgRequest::HasTransferredData() const +{ + MutexAutoLock lock(mMutex); + return mGotData; +} + +void +imgRequest::SetIsInCache(bool aInCache) +{ + LOG_FUNC_WITH_PARAM(gImgLog, + "imgRequest::SetIsCacheable", "aInCache", aInCache); + MutexAutoLock lock(mMutex); + mIsInCache = aInCache; +} + +void +imgRequest::UpdateCacheEntrySize() +{ + if (!mCacheEntry) { + return; + } + + RefPtr<Image> image = GetImage(); + size_t size = image->SizeOfSourceWithComputedFallback(moz_malloc_size_of); + mCacheEntry->SetDataSize(size); +} + +void +imgRequest::SetCacheValidation(imgCacheEntry* aCacheEntry, nsIRequest* aRequest) +{ + /* get the expires info */ + if (aCacheEntry) { + nsCOMPtr<nsICacheInfoChannel> cacheChannel(do_QueryInterface(aRequest)); + if (cacheChannel) { + uint32_t expiration = 0; + /* get the expiration time from the caching channel's token */ + if (NS_SUCCEEDED(cacheChannel->GetCacheTokenExpirationTime(&expiration))) { + // Expiration time defaults to 0. We set the expiration time on our + // entry if it hasn't been set yet. + if (aCacheEntry->GetExpiryTime() == 0) { + aCacheEntry->SetExpiryTime(expiration); + } + } + } + + // Determine whether the cache entry must be revalidated when we try to use + // it. Currently, only HTTP specifies this information... + nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aRequest)); + if (httpChannel) { + bool bMustRevalidate = false; + + httpChannel->IsNoStoreResponse(&bMustRevalidate); + + if (!bMustRevalidate) { + httpChannel->IsNoCacheResponse(&bMustRevalidate); + } + + if (!bMustRevalidate) { + nsAutoCString cacheHeader; + + httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("Cache-Control"), + cacheHeader); + if (PL_strcasestr(cacheHeader.get(), "must-revalidate")) { + bMustRevalidate = true; + } + } + + // Cache entries default to not needing to validate. We ensure that + // multiple calls to this function don't override an earlier decision to + // validate by making validation a one-way decision. + if (bMustRevalidate) { + aCacheEntry->SetMustValidate(bMustRevalidate); + } + } + } +} + +namespace { + +already_AddRefed<nsIApplicationCache> +GetApplicationCache(nsIRequest* aRequest) +{ + nsresult rv; + + nsCOMPtr<nsIApplicationCacheChannel> appCacheChan = + do_QueryInterface(aRequest); + if (!appCacheChan) { + return nullptr; + } + + bool fromAppCache; + rv = appCacheChan->GetLoadedFromApplicationCache(&fromAppCache); + NS_ENSURE_SUCCESS(rv, nullptr); + + if (!fromAppCache) { + return nullptr; + } + + nsCOMPtr<nsIApplicationCache> appCache; + rv = appCacheChan->GetApplicationCache(getter_AddRefs(appCache)); + NS_ENSURE_SUCCESS(rv, nullptr); + + return appCache.forget(); +} + +} // namespace + +bool +imgRequest::CacheChanged(nsIRequest* aNewRequest) +{ + nsCOMPtr<nsIApplicationCache> newAppCache = GetApplicationCache(aNewRequest); + + // Application cache not involved at all or the same app cache involved + // in both of the loads (original and new). + if (newAppCache == mApplicationCache) { + return false; + } + + // In a rare case it may happen that two objects still refer + // the same application cache version. + if (newAppCache && mApplicationCache) { + nsresult rv; + + nsAutoCString oldAppCacheClientId, newAppCacheClientId; + rv = mApplicationCache->GetClientID(oldAppCacheClientId); + NS_ENSURE_SUCCESS(rv, true); + rv = newAppCache->GetClientID(newAppCacheClientId); + NS_ENSURE_SUCCESS(rv, true); + + if (oldAppCacheClientId == newAppCacheClientId) { + return false; + } + } + + // When we get here, app caches differ or app cache is involved + // just in one of the loads what we also consider as a change + // in a loading cache. + return true; +} + +bool +imgRequest::GetMultipart() const +{ + MutexAutoLock lock(mMutex); + return mIsMultiPartChannel; +} + +bool +imgRequest::HadInsecureRedirect() const +{ + MutexAutoLock lock(mMutex); + return mHadInsecureRedirect; +} + +/** nsIRequestObserver methods **/ + +NS_IMETHODIMP +imgRequest::OnStartRequest(nsIRequest* aRequest, nsISupports* ctxt) +{ + LOG_SCOPE(gImgLog, "imgRequest::OnStartRequest"); + + RefPtr<Image> image; + + // Figure out if we're multipart. + nsCOMPtr<nsIMultiPartChannel> multiPartChannel = do_QueryInterface(aRequest); + MOZ_ASSERT(multiPartChannel || !mIsMultiPartChannel, + "Stopped being multipart?"); { + MutexAutoLock lock(mMutex); + mNewPartPending = true; + image = mImage; + mIsMultiPartChannel = bool(multiPartChannel); + } + + // If we're not multipart, we shouldn't have an image yet. + if (image && !multiPartChannel) { + MOZ_ASSERT_UNREACHABLE("Already have an image for a non-multipart request"); + Cancel(NS_IMAGELIB_ERROR_FAILURE); + return NS_ERROR_FAILURE; + } + + /* + * If mRequest is null here, then we need to set it so that we'll be able to + * cancel it if our Cancel() method is called. Note that this can only + * happen for multipart channels. We could simply not null out mRequest for + * non-last parts, if GetIsLastPart() were reliable, but it's not. See + * https://bugzilla.mozilla.org/show_bug.cgi?id=339610 + */ + if (!mRequest) { + MOZ_ASSERT(multiPartChannel, "Should have mRequest unless we're multipart"); + nsCOMPtr<nsIChannel> baseChannel; + multiPartChannel->GetBaseChannel(getter_AddRefs(baseChannel)); + mRequest = baseChannel; + } + + nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest)); + if (channel) { + channel->GetSecurityInfo(getter_AddRefs(mSecurityInfo)); + + /* Get our principal */ + nsCOMPtr<nsIScriptSecurityManager> + secMan = nsContentUtils::GetSecurityManager(); + if (secMan) { + nsresult rv = + secMan->GetChannelResultPrincipal(channel, getter_AddRefs(mPrincipal)); + if (NS_FAILED(rv)) { + return rv; + } + } + } + + SetCacheValidation(mCacheEntry, aRequest); + + mApplicationCache = GetApplicationCache(aRequest); + + // Shouldn't we be dead already if this gets hit? + // Probably multipart/x-mixed-replace... + RefPtr<ProgressTracker> progressTracker = GetProgressTracker(); + if (progressTracker->ObserverCount() == 0) { + this->Cancel(NS_IMAGELIB_ERROR_FAILURE); + } + + // Try to retarget OnDataAvailable to a decode thread. + nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aRequest); + nsCOMPtr<nsIThreadRetargetableRequest> retargetable = + do_QueryInterface(aRequest); + if (httpChannel && retargetable) { + nsAutoCString mimeType; + nsresult rv = httpChannel->GetContentType(mimeType); + if (NS_SUCCEEDED(rv) && !mimeType.EqualsLiteral(IMAGE_SVG_XML)) { + // Retarget OnDataAvailable to the DecodePool's IO thread. + nsCOMPtr<nsIEventTarget> target = + DecodePool::Singleton()->GetIOEventTarget(); + rv = retargetable->RetargetDeliveryTo(target); + } + MOZ_LOG(gImgLog, LogLevel::Warning, + ("[this=%p] imgRequest::OnStartRequest -- " + "RetargetDeliveryTo rv %d=%s\n", + this, rv, NS_SUCCEEDED(rv) ? "succeeded" : "failed")); + } + + return NS_OK; +} + +NS_IMETHODIMP +imgRequest::OnStopRequest(nsIRequest* aRequest, + nsISupports* ctxt, nsresult status) +{ + LOG_FUNC(gImgLog, "imgRequest::OnStopRequest"); + MOZ_ASSERT(NS_IsMainThread(), "Can't send notifications off-main-thread"); + + RefPtr<Image> image = GetImage(); + + RefPtr<imgRequest> strongThis = this; + + if (mIsMultiPartChannel && mNewPartPending) { + OnDataAvailable(aRequest, ctxt, nullptr, 0, 0); + } + + // XXXldb What if this is a non-last part of a multipart request? + // xxx before we release our reference to mRequest, lets + // save the last status that we saw so that the + // imgRequestProxy will have access to it. + if (mRequest) { + mRequest = nullptr; // we no longer need the request + } + + // stop holding a ref to the channel, since we don't need it anymore + if (mChannel) { + mChannel->SetNotificationCallbacks(mPrevChannelSink); + mPrevChannelSink = nullptr; + mChannel = nullptr; + } + + bool lastPart = true; + nsCOMPtr<nsIMultiPartChannel> mpchan(do_QueryInterface(aRequest)); + if (mpchan) { + mpchan->GetIsLastPart(&lastPart); + } + + bool isPartial = false; + if (image && (status == NS_ERROR_NET_PARTIAL_TRANSFER)) { + isPartial = true; + status = NS_OK; // fake happy face + } + + // Tell the image that it has all of the source data. Note that this can + // trigger a failure, since the image might be waiting for more non-optional + // data and this is the point where we break the news that it's not coming. + if (image) { + nsresult rv = image->OnImageDataComplete(aRequest, ctxt, status, lastPart); + + // If we got an error in the OnImageDataComplete() call, we don't want to + // proceed as if nothing bad happened. However, we also want to give + // precedence to failure status codes from necko, since presumably they're + // more meaningful. + if (NS_FAILED(rv) && NS_SUCCEEDED(status)) { + status = rv; + } + } + + // If the request went through, update the cache entry size. Otherwise, + // cancel the request, which removes us from the cache. + if (image && NS_SUCCEEDED(status) && !isPartial) { + // We update the cache entry size here because this is where we finish + // loading compressed source data, which is part of our size calculus. + UpdateCacheEntrySize(); + + } else if (isPartial) { + // Remove the partial image from the cache. + this->EvictFromCache(); + + } else { + mImageErrorCode = status; + + // if the error isn't "just" a partial transfer + // stops animations, removes from cache + this->Cancel(status); + } + + if (!image) { + // We have to fire the OnStopRequest notifications ourselves because there's + // no image capable of doing so. + Progress progress = + LoadCompleteProgress(lastPart, /* aError = */ false, status); + + RefPtr<ProgressTracker> progressTracker = GetProgressTracker(); + progressTracker->SyncNotifyProgress(progress); + } + + mTimedChannel = nullptr; + return NS_OK; +} + +struct mimetype_closure +{ + nsACString* newType; +}; + +/* prototype for these defined below */ +static nsresult +sniff_mimetype_callback(nsIInputStream* in, void* closure, + const char* fromRawSegment, uint32_t toOffset, + uint32_t count, uint32_t* writeCount); + +/** nsThreadRetargetableStreamListener methods **/ +NS_IMETHODIMP +imgRequest::CheckListenerChain() +{ + // TODO Might need more checking here. + NS_ASSERTION(NS_IsMainThread(), "Should be on the main thread!"); + return NS_OK; +} + +/** nsIStreamListener methods **/ + +struct NewPartResult final +{ + explicit NewPartResult(Image* aExistingImage) + : mImage(aExistingImage) + , mIsFirstPart(!aExistingImage) + , mSucceeded(false) + , mShouldResetCacheEntry(false) + { } + + nsAutoCString mContentType; + nsAutoCString mContentDisposition; + RefPtr<Image> mImage; + const bool mIsFirstPart; + bool mSucceeded; + bool mShouldResetCacheEntry; +}; + +static NewPartResult +PrepareForNewPart(nsIRequest* aRequest, nsIInputStream* aInStr, uint32_t aCount, + ImageURL* aURI, bool aIsMultipart, Image* aExistingImage, + ProgressTracker* aProgressTracker, uint32_t aInnerWindowId) +{ + NewPartResult result(aExistingImage); + + if (aInStr) { + mimetype_closure closure; + closure.newType = &result.mContentType; + + // Look at the first few bytes and see if we can tell what the data is from + // that since servers tend to lie. :( + uint32_t out; + aInStr->ReadSegments(sniff_mimetype_callback, &closure, aCount, &out); + } + + nsCOMPtr<nsIChannel> chan(do_QueryInterface(aRequest)); + if (result.mContentType.IsEmpty()) { + nsresult rv = chan ? chan->GetContentType(result.mContentType) + : NS_ERROR_FAILURE; + if (NS_FAILED(rv)) { + MOZ_LOG(gImgLog, + LogLevel::Error, ("imgRequest::PrepareForNewPart -- " + "Content type unavailable from the channel\n")); + if (!aIsMultipart) { + return result; + } + } + } + + if (chan) { + chan->GetContentDispositionHeader(result.mContentDisposition); + } + + MOZ_LOG(gImgLog, LogLevel::Debug, + ("imgRequest::PrepareForNewPart -- Got content type %s\n", + result.mContentType.get())); + + // XXX If server lied about mimetype and it's SVG, we may need to copy + // the data and dispatch back to the main thread, AND tell the channel to + // dispatch there in the future. + + // Create the new image and give it ownership of our ProgressTracker. + if (aIsMultipart) { + // Create the ProgressTracker and image for this part. + RefPtr<ProgressTracker> progressTracker = new ProgressTracker(); + RefPtr<Image> partImage = + ImageFactory::CreateImage(aRequest, progressTracker, result.mContentType, + aURI, /* aIsMultipart = */ true, + aInnerWindowId); + + if (result.mIsFirstPart) { + // First part for a multipart channel. Create the MultipartImage wrapper. + MOZ_ASSERT(aProgressTracker, "Shouldn't have given away tracker yet"); + result.mImage = + ImageFactory::CreateMultipartImage(partImage, aProgressTracker); + } else { + // Transition to the new part. + auto multipartImage = static_cast<MultipartImage*>(aExistingImage); + multipartImage->BeginTransitionToPart(partImage); + + // Reset our cache entry size so it doesn't keep growing without bound. + result.mShouldResetCacheEntry = true; + } + } else { + MOZ_ASSERT(!aExistingImage, "New part for non-multipart channel?"); + MOZ_ASSERT(aProgressTracker, "Shouldn't have given away tracker yet"); + + // Create an image using our progress tracker. + result.mImage = + ImageFactory::CreateImage(aRequest, aProgressTracker, result.mContentType, + aURI, /* aIsMultipart = */ false, + aInnerWindowId); + } + + MOZ_ASSERT(result.mImage); + if (!result.mImage->HasError() || aIsMultipart) { + // We allow multipart images to fail to initialize (which generally + // indicates a bad content type) without cancelling the load, because + // subsequent parts might be fine. + result.mSucceeded = true; + } + + return result; +} + +class FinishPreparingForNewPartRunnable final : public Runnable +{ +public: + FinishPreparingForNewPartRunnable(imgRequest* aImgRequest, + NewPartResult&& aResult) + : mImgRequest(aImgRequest) + , mResult(aResult) + { + MOZ_ASSERT(aImgRequest); + } + + NS_IMETHOD Run() override + { + mImgRequest->FinishPreparingForNewPart(mResult); + return NS_OK; + } + +private: + RefPtr<imgRequest> mImgRequest; + NewPartResult mResult; +}; + +void +imgRequest::FinishPreparingForNewPart(const NewPartResult& aResult) +{ + MOZ_ASSERT(NS_IsMainThread()); + + mContentType = aResult.mContentType; + + SetProperties(aResult.mContentType, aResult.mContentDisposition); + + if (aResult.mIsFirstPart) { + // Notify listeners that we have an image. + RefPtr<ProgressTracker> progressTracker = GetProgressTracker(); + progressTracker->OnImageAvailable(); + MOZ_ASSERT(progressTracker->HasImage()); + } + + if (aResult.mShouldResetCacheEntry) { + ResetCacheEntry(); + } + + if (IsDecodeRequested()) { + aResult.mImage->StartDecoding(); + } +} + +NS_IMETHODIMP +imgRequest::OnDataAvailable(nsIRequest* aRequest, nsISupports* aContext, + nsIInputStream* aInStr, uint64_t aOffset, + uint32_t aCount) +{ + LOG_SCOPE_WITH_PARAM(gImgLog, "imgRequest::OnDataAvailable", + "count", aCount); + + NS_ASSERTION(aRequest, "imgRequest::OnDataAvailable -- no request!"); + + RefPtr<Image> image; + RefPtr<ProgressTracker> progressTracker; + bool isMultipart = false; + bool newPartPending = false; + + // Retrieve and update our state. + { + MutexAutoLock lock(mMutex); + mGotData = true; + image = mImage; + progressTracker = mProgressTracker; + isMultipart = mIsMultiPartChannel; + newPartPending = mNewPartPending; + mNewPartPending = false; + } + + // If this is a new part, we need to sniff its content type and create an + // appropriate image. + if (newPartPending) { + NewPartResult result = PrepareForNewPart(aRequest, aInStr, aCount, mURI, + isMultipart, image, + progressTracker, mInnerWindowId); + bool succeeded = result.mSucceeded; + + if (result.mImage) { + image = result.mImage; + + // Update our state to reflect this new part. + { + MutexAutoLock lock(mMutex); + mImage = image; + mProgressTracker = nullptr; + } + + // Some property objects are not threadsafe, and we need to send + // OnImageAvailable on the main thread, so finish on the main thread. + if (NS_IsMainThread()) { + FinishPreparingForNewPart(result); + } else { + nsCOMPtr<nsIRunnable> runnable = + new FinishPreparingForNewPartRunnable(this, Move(result)); + NS_DispatchToMainThread(runnable); + } + } + + if (!succeeded) { + // Something went wrong; probably a content type issue. + Cancel(NS_IMAGELIB_ERROR_FAILURE); + return NS_BINDING_ABORTED; + } + } + + // Notify the image that it has new data. + if (aInStr) { + nsresult rv = + image->OnImageDataAvailable(aRequest, aContext, aInStr, aOffset, aCount); + + if (NS_FAILED(rv)) { + MOZ_LOG(gImgLog, LogLevel::Warning, + ("[this=%p] imgRequest::OnDataAvailable -- " + "copy to RasterImage failed\n", this)); + Cancel(NS_IMAGELIB_ERROR_FAILURE); + return NS_BINDING_ABORTED; + } + } + + return NS_OK; +} + +void +imgRequest::SetProperties(const nsACString& aContentType, + const nsACString& aContentDisposition) +{ + /* set our mimetype as a property */ + nsCOMPtr<nsISupportsCString> contentType = + do_CreateInstance("@mozilla.org/supports-cstring;1"); + if (contentType) { + contentType->SetData(aContentType); + mProperties->Set("type", contentType); + } + + /* set our content disposition as a property */ + if (!aContentDisposition.IsEmpty()) { + nsCOMPtr<nsISupportsCString> contentDisposition = + do_CreateInstance("@mozilla.org/supports-cstring;1"); + if (contentDisposition) { + contentDisposition->SetData(aContentDisposition); + mProperties->Set("content-disposition", contentDisposition); + } + } +} + +static nsresult +sniff_mimetype_callback(nsIInputStream* in, + void* data, + const char* fromRawSegment, + uint32_t toOffset, + uint32_t count, + uint32_t* writeCount) +{ + mimetype_closure* closure = static_cast<mimetype_closure*>(data); + + NS_ASSERTION(closure, "closure is null!"); + + if (count > 0) { + imgLoader::GetMimeTypeFromContent(fromRawSegment, count, *closure->newType); + } + + *writeCount = 0; + return NS_ERROR_FAILURE; +} + + +/** nsIInterfaceRequestor methods **/ + +NS_IMETHODIMP +imgRequest::GetInterface(const nsIID & aIID, void** aResult) +{ + if (!mPrevChannelSink || aIID.Equals(NS_GET_IID(nsIChannelEventSink))) { + return QueryInterface(aIID, aResult); + } + + NS_ASSERTION(mPrevChannelSink != this, + "Infinite recursion - don't keep track of channel sinks that are us!"); + return mPrevChannelSink->GetInterface(aIID, aResult); +} + +/** nsIChannelEventSink methods **/ +NS_IMETHODIMP +imgRequest::AsyncOnChannelRedirect(nsIChannel* oldChannel, + nsIChannel* newChannel, uint32_t flags, + nsIAsyncVerifyRedirectCallback* callback) +{ + NS_ASSERTION(mRequest && mChannel, + "Got a channel redirect after we nulled out mRequest!"); + NS_ASSERTION(mChannel == oldChannel, + "Got a channel redirect for an unknown channel!"); + NS_ASSERTION(newChannel, "Got a redirect to a NULL channel!"); + + SetCacheValidation(mCacheEntry, oldChannel); + + // Prepare for callback + mRedirectCallback = callback; + mNewRedirectChannel = newChannel; + + nsCOMPtr<nsIChannelEventSink> sink(do_GetInterface(mPrevChannelSink)); + if (sink) { + nsresult rv = sink->AsyncOnChannelRedirect(oldChannel, newChannel, flags, + this); + if (NS_FAILED(rv)) { + mRedirectCallback = nullptr; + mNewRedirectChannel = nullptr; + } + return rv; + } + + (void) OnRedirectVerifyCallback(NS_OK); + return NS_OK; +} + +NS_IMETHODIMP +imgRequest::OnRedirectVerifyCallback(nsresult result) +{ + NS_ASSERTION(mRedirectCallback, "mRedirectCallback not set in callback"); + NS_ASSERTION(mNewRedirectChannel, "mNewRedirectChannel not set in callback"); + + if (NS_FAILED(result)) { + mRedirectCallback->OnRedirectVerifyCallback(result); + mRedirectCallback = nullptr; + mNewRedirectChannel = nullptr; + return NS_OK; + } + + mChannel = mNewRedirectChannel; + mTimedChannel = do_QueryInterface(mChannel); + mNewRedirectChannel = nullptr; + + if (LOG_TEST(LogLevel::Debug)) { + LOG_MSG_WITH_PARAM(gImgLog, + "imgRequest::OnChannelRedirect", "old", + mCurrentURI ? mCurrentURI->GetSpecOrDefault().get() + : ""); + } + + // If the previous URI is a non-HTTPS URI, record that fact for later use by + // security code, which needs to know whether there is an insecure load at any + // point in the redirect chain. + bool isHttps = false; + bool isChrome = false; + bool schemeLocal = false; + if (NS_FAILED(mCurrentURI->SchemeIs("https", &isHttps)) || + NS_FAILED(mCurrentURI->SchemeIs("chrome", &isChrome)) || + NS_FAILED(NS_URIChainHasFlags(mCurrentURI, + nsIProtocolHandler::URI_IS_LOCAL_RESOURCE, + &schemeLocal)) || + (!isHttps && !isChrome && !schemeLocal)) { + MutexAutoLock lock(mMutex); + + // The csp directive upgrade-insecure-requests performs an internal redirect + // to upgrade all requests from http to https before any data is fetched from + // the network. Do not pollute mHadInsecureRedirect in case of such an internal + // redirect. + nsCOMPtr<nsILoadInfo> loadInfo = mChannel->GetLoadInfo(); + bool upgradeInsecureRequests = loadInfo ? loadInfo->GetUpgradeInsecureRequests() + : false; + if (!upgradeInsecureRequests) { + mHadInsecureRedirect = true; + } + } + + // Update the current URI. + mChannel->GetURI(getter_AddRefs(mCurrentURI)); + + if (LOG_TEST(LogLevel::Debug)) { + LOG_MSG_WITH_PARAM(gImgLog, "imgRequest::OnChannelRedirect", "new", + mCurrentURI ? mCurrentURI->GetSpecOrDefault().get() + : ""); + } + + // Make sure we have a protocol that returns data rather than opens an + // external application, e.g. 'mailto:'. + bool doesNotReturnData = false; + nsresult rv = + NS_URIChainHasFlags(mCurrentURI, + nsIProtocolHandler::URI_DOES_NOT_RETURN_DATA, + &doesNotReturnData); + + if (NS_SUCCEEDED(rv) && doesNotReturnData) { + rv = NS_ERROR_ABORT; + } + + if (NS_FAILED(rv)) { + mRedirectCallback->OnRedirectVerifyCallback(rv); + mRedirectCallback = nullptr; + return NS_OK; + } + + mRedirectCallback->OnRedirectVerifyCallback(NS_OK); + mRedirectCallback = nullptr; + return NS_OK; +} |