#include "config.h"
#include "PolicyChecker.h"
#include "ContentSecurityPolicy.h"
#include "DOMWindow.h"
#include "DocumentLoader.h"
#include "FormState.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "FrameLoaderClient.h"
#include "HTMLFormElement.h"
#include "HTMLFrameOwnerElement.h"
#include "SecurityOrigin.h"
#if USE(QUICK_LOOK)
#include "QuickLook.h"
#endif
namespace WebCore {
PolicyChecker::PolicyChecker(Frame& frame)
: m_frame(frame)
, m_delegateIsDecidingNavigationPolicy(false)
, m_delegateIsHandlingUnimplementablePolicy(false)
, m_loadType(FrameLoadType::Standard)
{
}
void PolicyChecker::checkNavigationPolicy(const ResourceRequest& newRequest, NavigationPolicyDecisionFunction function)
{
checkNavigationPolicy(newRequest, m_frame.loader().activeDocumentLoader(), nullptr, WTF::move(function));
}
void PolicyChecker::checkNavigationPolicy(const ResourceRequest& request, DocumentLoader* loader, PassRefPtr<FormState> formState, NavigationPolicyDecisionFunction function)
{
NavigationAction action = loader->triggeringAction();
if (action.isEmpty()) {
action = NavigationAction(request, NavigationType::Other, loader->shouldOpenExternalURLsPolicyToPropagate());
loader->setTriggeringAction(action);
}
if (equalIgnoringHeaderFields(request, loader->lastCheckedRequest()) || (!request.isNull() && request.url().isEmpty())) {
function(request, 0, true);
loader->setLastCheckedRequest(request);
return;
}
if (loader->substituteData().isValid() && !loader->substituteData().failingURL().isEmpty()) {
if (isBackForwardLoadType(m_loadType))
m_loadType = FrameLoadType::Reload;
function(request, 0, true);
return;
}
if (m_frame.ownerElement() && !m_frame.ownerElement()->document().contentSecurityPolicy()->allowChildFrameFromSource(request.url(), m_frame.ownerElement()->isInUserAgentShadowTree())) {
function(request, 0, false);
return;
}
loader->setLastCheckedRequest(request);
m_callback.set(request, formState.get(), WTF::move(function));
#if USE(QUICK_LOOK)
if (!request.isNull() && request.url().protocolIs(QLPreviewProtocol())) {
continueAfterNavigationPolicy(PolicyUse);
return;
}
#endif
#if ENABLE(CONTENT_FILTERING)
if (m_contentFilterUnblockHandler.canHandleRequest(request)) {
RefPtr<Frame> frame { &m_frame };
m_contentFilterUnblockHandler.requestUnblockAsync([frame](bool unblocked) {
if (unblocked)
frame->loader().reload();
});
continueAfterNavigationPolicy(PolicyIgnore);
return;
}
m_contentFilterUnblockHandler = { };
#endif
m_delegateIsDecidingNavigationPolicy = true;
m_frame.loader().client().dispatchDecidePolicyForNavigationAction(action, request, formState, [this](PolicyAction action) {
continueAfterNavigationPolicy(action);
});
m_delegateIsDecidingNavigationPolicy = false;
}
void PolicyChecker::checkNewWindowPolicy(const NavigationAction& action, const ResourceRequest& request, PassRefPtr<FormState> formState, const String& frameName, NewWindowPolicyDecisionFunction function)
{
if (m_frame.document() && m_frame.document()->isSandboxed(SandboxPopups))
return continueAfterNavigationPolicy(PolicyIgnore);
if (!DOMWindow::allowPopUp(&m_frame))
return continueAfterNavigationPolicy(PolicyIgnore);
m_callback.set(request, formState, frameName, action, WTF::move(function));
m_frame.loader().client().dispatchDecidePolicyForNewWindowAction(action, request, formState, frameName, [this](PolicyAction action) {
continueAfterNewWindowPolicy(action);
});
}
void PolicyChecker::checkContentPolicy(const ResourceResponse& response, ContentPolicyDecisionFunction function)
{
m_callback.set(WTF::move(function));
m_frame.loader().client().dispatchDecidePolicyForResponse(response, m_frame.loader().activeDocumentLoader()->request(), [this](PolicyAction action) {
continueAfterContentPolicy(action);
});
}
void PolicyChecker::cancelCheck()
{
m_frame.loader().client().cancelPolicyCheck();
m_callback.clear();
}
void PolicyChecker::stopCheck()
{
m_frame.loader().client().cancelPolicyCheck();
PolicyCallback callback = m_callback;
m_callback.clear();
callback.cancel();
}
void PolicyChecker::cannotShowMIMEType(const ResourceResponse& response)
{
handleUnimplementablePolicy(m_frame.loader().client().cannotShowMIMETypeError(response));
}
void PolicyChecker::continueLoadAfterWillSubmitForm(PolicyAction)
{
m_frame.loader().continueLoadAfterWillSubmitForm();
}
void PolicyChecker::continueAfterNavigationPolicy(PolicyAction policy)
{
PolicyCallback callback = m_callback;
m_callback.clear();
bool shouldContinue = policy == PolicyUse;
switch (policy) {
case PolicyIgnore:
callback.clearRequest();
break;
case PolicyDownload: {
ResourceRequest request = callback.request();
m_frame.loader().setOriginalURLForDownloadRequest(request);
m_frame.loader().client().startDownload(request);
callback.clearRequest();
break;
}
case PolicyUse: {
ResourceRequest request(callback.request());
if (!m_frame.loader().client().canHandleRequest(request)) {
handleUnimplementablePolicy(m_frame.loader().client().cannotShowURLError(callback.request()));
callback.clearRequest();
shouldContinue = false;
}
break;
}
}
callback.call(shouldContinue);
}
void PolicyChecker::continueAfterNewWindowPolicy(PolicyAction policy)
{
PolicyCallback callback = m_callback;
m_callback.clear();
switch (policy) {
case PolicyIgnore:
callback.clearRequest();
break;
case PolicyDownload:
m_frame.loader().client().startDownload(callback.request());
callback.clearRequest();
break;
case PolicyUse:
break;
}
callback.call(policy == PolicyUse);
}
void PolicyChecker::continueAfterContentPolicy(PolicyAction policy)
{
PolicyCallback callback = m_callback;
m_callback.clear();
callback.call(policy);
}
void PolicyChecker::handleUnimplementablePolicy(const ResourceError& error)
{
m_delegateIsHandlingUnimplementablePolicy = true;
m_frame.loader().client().dispatchUnableToImplementPolicy(error);
m_delegateIsHandlingUnimplementablePolicy = false;
}
}