ResourceResponseBase.cpp [plain text]
#include "config.h"
#include "ResourceResponseBase.h"
#include "CacheValidation.h"
#include "HTTPHeaderNames.h"
#include "HTTPParsers.h"
#include "MIMETypeRegistry.h"
#include "ParsedContentRange.h"
#include "ResourceResponse.h"
#include <wtf/CurrentTime.h>
#include <wtf/MathExtras.h>
#include <wtf/StdLibExtras.h>
#include <wtf/text/StringView.h>
namespace WebCore {
bool isScriptAllowedByNosniff(const ResourceResponse& response)
{
if (parseContentTypeOptionsHeader(response.httpHeaderField(HTTPHeaderName::XContentTypeOptions)) != ContentTypeOptionsNosniff)
return true;
String mimeType = extractMIMETypeFromMediaType(response.httpHeaderField(HTTPHeaderName::ContentType));
return MIMETypeRegistry::isSupportedJavaScriptMIMEType(mimeType);
}
ResourceResponseBase::ResourceResponseBase()
: m_isNull(true)
, m_expectedContentLength(0)
, m_httpStatusCode(0)
{
}
ResourceResponseBase::ResourceResponseBase(const URL& url, const String& mimeType, long long expectedLength, const String& textEncodingName)
: m_isNull(false)
, m_url(url)
, m_mimeType(mimeType)
, m_expectedContentLength(expectedLength)
, m_textEncodingName(textEncodingName)
, m_certificateInfo(CertificateInfo()) , m_httpStatusCode(0)
{
}
ResourceResponseBase::CrossThreadData ResourceResponseBase::crossThreadData() const
{
CrossThreadData data;
data.url = url().isolatedCopy();
data.mimeType = mimeType().isolatedCopy();
data.expectedContentLength = expectedContentLength();
data.textEncodingName = textEncodingName().isolatedCopy();
data.httpStatusCode = httpStatusCode();
data.httpStatusText = httpStatusText().isolatedCopy();
data.httpVersion = httpVersion().isolatedCopy();
data.httpHeaderFields = httpHeaderFields().isolatedCopy();
data.networkLoadMetrics = m_networkLoadMetrics.isolatedCopy();
data.type = m_type;
data.tainting = m_tainting;
data.isRedirected = m_isRedirected;
return data;
}
ResourceResponse ResourceResponseBase::fromCrossThreadData(CrossThreadData&& data)
{
ResourceResponse response;
response.setURL(data.url);
response.setMimeType(data.mimeType);
response.setExpectedContentLength(data.expectedContentLength);
response.setTextEncodingName(data.textEncodingName);
response.setHTTPStatusCode(data.httpStatusCode);
response.setHTTPStatusText(data.httpStatusText);
response.setHTTPVersion(data.httpVersion);
response.m_httpHeaderFields = WTFMove(data.httpHeaderFields);
response.m_networkLoadMetrics = data.networkLoadMetrics;
response.m_type = data.type;
response.m_tainting = data.tainting;
response.m_isRedirected = data.isRedirected;
return response;
}
ResourceResponse ResourceResponseBase::filter(const ResourceResponse& response)
{
if (response.tainting() == Tainting::Opaque) {
ResourceResponse opaqueResponse;
opaqueResponse.setTainting(Tainting::Opaque);
opaqueResponse.setType(Type::Opaque);
return opaqueResponse;
}
if (response.tainting() == Tainting::Opaqueredirect) {
ResourceResponse opaqueResponse;
opaqueResponse.setTainting(Tainting::Opaqueredirect);
opaqueResponse.setType(Type::Opaqueredirect);
opaqueResponse.setURL(response.url());
return opaqueResponse;
}
ResourceResponse filteredResponse = response;
filteredResponse.lazyInit(AllFields);
if (response.tainting() == Tainting::Basic) {
filteredResponse.setType(Type::Basic);
filteredResponse.m_httpHeaderFields.remove(HTTPHeaderName::SetCookie);
filteredResponse.m_httpHeaderFields.remove(HTTPHeaderName::SetCookie2);
return filteredResponse;
}
ASSERT(response.tainting() == Tainting::Cors);
filteredResponse.setType(Type::Cors);
HTTPHeaderSet accessControlExposeHeaderSet;
parseAccessControlExposeHeadersAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders), accessControlExposeHeaderSet);
filteredResponse.m_httpHeaderFields.uncommonHeaders().removeIf([&](auto& entry) {
return !isCrossOriginSafeHeader(entry.key, accessControlExposeHeaderSet);
});
filteredResponse.m_httpHeaderFields.commonHeaders().removeIf([&](auto& entry) {
return !isCrossOriginSafeHeader(entry.key, accessControlExposeHeaderSet);
});
return filteredResponse;
}
bool ResourceResponseBase::isHTTP() const
{
lazyInit(CommonFieldsOnly);
return m_url.protocolIsInHTTPFamily();
}
const URL& ResourceResponseBase::url() const
{
lazyInit(CommonFieldsOnly);
return m_url;
}
void ResourceResponseBase::setURL(const URL& url)
{
lazyInit(CommonFieldsOnly);
m_isNull = false;
m_url = url;
}
const String& ResourceResponseBase::mimeType() const
{
lazyInit(CommonFieldsOnly);
return m_mimeType;
}
void ResourceResponseBase::setMimeType(const String& mimeType)
{
lazyInit(CommonFieldsOnly);
m_isNull = false;
m_mimeType = mimeType;
}
long long ResourceResponseBase::expectedContentLength() const
{
lazyInit(CommonFieldsOnly);
return m_expectedContentLength;
}
void ResourceResponseBase::setExpectedContentLength(long long expectedContentLength)
{
lazyInit(CommonFieldsOnly);
m_isNull = false;
m_expectedContentLength = expectedContentLength;
}
const String& ResourceResponseBase::textEncodingName() const
{
lazyInit(CommonFieldsOnly);
return m_textEncodingName;
}
void ResourceResponseBase::setTextEncodingName(const String& encodingName)
{
lazyInit(CommonFieldsOnly);
m_isNull = false;
m_textEncodingName = encodingName;
}
void ResourceResponseBase::setType(Type type)
{
m_isNull = false;
m_type = type;
}
void ResourceResponseBase::includeCertificateInfo() const
{
if (m_certificateInfo)
return;
m_certificateInfo = static_cast<const ResourceResponse*>(this)->platformCertificateInfo();
}
String ResourceResponseBase::suggestedFilename() const
{
return static_cast<const ResourceResponse*>(this)->platformSuggestedFilename();
}
String ResourceResponseBase::sanitizeSuggestedFilename(const String& suggestedFilename)
{
if (suggestedFilename.isEmpty())
return suggestedFilename;
ResourceResponse response(URL(ParsedURLString, "http://example.com/"), String(), -1, String());
response.setHTTPStatusCode(200);
String escapedSuggestedFilename = String(suggestedFilename).replace('\\', "\\\\").replace('"', "\\\"");
String value = makeString("attachment; filename=\"", escapedSuggestedFilename, '"');
response.setHTTPHeaderField(HTTPHeaderName::ContentDisposition, value);
return response.suggestedFilename();
}
bool ResourceResponseBase::isSuccessful() const
{
int code = httpStatusCode();
return code >= 200 && code < 300;
}
int ResourceResponseBase::httpStatusCode() const
{
lazyInit(CommonFieldsOnly);
return m_httpStatusCode;
}
void ResourceResponseBase::setHTTPStatusCode(int statusCode)
{
lazyInit(CommonFieldsOnly);
m_httpStatusCode = statusCode;
m_isNull = false;
}
const String& ResourceResponseBase::httpStatusText() const
{
lazyInit(AllFields);
return m_httpStatusText;
}
void ResourceResponseBase::setHTTPStatusText(const String& statusText)
{
lazyInit(AllFields);
m_httpStatusText = statusText;
}
const String& ResourceResponseBase::httpVersion() const
{
lazyInit(AllFields);
return m_httpVersion;
}
void ResourceResponseBase::setHTTPVersion(const String& versionText)
{
lazyInit(AllFields);
m_httpVersion = versionText;
}
bool ResourceResponseBase::isHTTP09() const
{
lazyInit(AllFields);
return m_httpVersion.startsWith("HTTP/0.9");
}
String ResourceResponseBase::httpHeaderField(const String& name) const
{
lazyInit(CommonFieldsOnly);
String value = m_httpHeaderFields.get(name);
if (!value.isEmpty())
return value;
lazyInit(AllFields);
return m_httpHeaderFields.get(name);
}
String ResourceResponseBase::httpHeaderField(HTTPHeaderName name) const
{
lazyInit(CommonFieldsOnly);
String value = m_httpHeaderFields.get(name);
if (!value.isEmpty())
return value;
lazyInit(AllFields);
return m_httpHeaderFields.get(name);
}
void ResourceResponseBase::updateHeaderParsedState(HTTPHeaderName name)
{
switch (name) {
case HTTPHeaderName::Age:
m_haveParsedAgeHeader = false;
break;
case HTTPHeaderName::CacheControl:
case HTTPHeaderName::Pragma:
m_haveParsedCacheControlHeader = false;
break;
case HTTPHeaderName::Date:
m_haveParsedDateHeader = false;
break;
case HTTPHeaderName::Expires:
m_haveParsedExpiresHeader = false;
break;
case HTTPHeaderName::LastModified:
m_haveParsedLastModifiedHeader = false;
break;
case HTTPHeaderName::ContentRange:
m_haveParsedContentRangeHeader = false;
break;
default:
break;
}
}
void ResourceResponseBase::setHTTPHeaderField(const String& name, const String& value)
{
lazyInit(AllFields);
HTTPHeaderName headerName;
if (findHTTPHeaderName(name, headerName))
updateHeaderParsedState(headerName);
m_httpHeaderFields.set(name, value);
}
void ResourceResponseBase::setHTTPHeaderFields(HTTPHeaderMap&& headerFields)
{
lazyInit(AllFields);
m_httpHeaderFields = WTFMove(headerFields);
}
void ResourceResponseBase::setHTTPHeaderField(HTTPHeaderName name, const String& value)
{
lazyInit(AllFields);
updateHeaderParsedState(name);
m_httpHeaderFields.set(name, value);
}
void ResourceResponseBase::addHTTPHeaderField(HTTPHeaderName name, const String& value)
{
lazyInit(AllFields);
updateHeaderParsedState(name);
m_httpHeaderFields.add(name, value);
}
void ResourceResponseBase::addHTTPHeaderField(const String& name, const String& value)
{
HTTPHeaderName headerName;
if (findHTTPHeaderName(name, headerName))
addHTTPHeaderField(headerName, value);
else {
lazyInit(AllFields);
m_httpHeaderFields.add(name, value);
}
}
const HTTPHeaderMap& ResourceResponseBase::httpHeaderFields() const
{
lazyInit(AllFields);
return m_httpHeaderFields;
}
void ResourceResponseBase::parseCacheControlDirectives() const
{
ASSERT(!m_haveParsedCacheControlHeader);
lazyInit(CommonFieldsOnly);
m_cacheControlDirectives = WebCore::parseCacheControlDirectives(m_httpHeaderFields);
m_haveParsedCacheControlHeader = true;
}
bool ResourceResponseBase::cacheControlContainsNoCache() const
{
if (!m_haveParsedCacheControlHeader)
parseCacheControlDirectives();
return m_cacheControlDirectives.noCache;
}
bool ResourceResponseBase::cacheControlContainsNoStore() const
{
if (!m_haveParsedCacheControlHeader)
parseCacheControlDirectives();
return m_cacheControlDirectives.noStore;
}
bool ResourceResponseBase::cacheControlContainsMustRevalidate() const
{
if (!m_haveParsedCacheControlHeader)
parseCacheControlDirectives();
return m_cacheControlDirectives.mustRevalidate;
}
bool ResourceResponseBase::cacheControlContainsImmutable() const
{
if (!m_haveParsedCacheControlHeader)
parseCacheControlDirectives();
return m_cacheControlDirectives.immutable;
}
bool ResourceResponseBase::hasCacheValidatorFields() const
{
lazyInit(CommonFieldsOnly);
return !m_httpHeaderFields.get(HTTPHeaderName::LastModified).isEmpty() || !m_httpHeaderFields.get(HTTPHeaderName::ETag).isEmpty();
}
std::optional<Seconds> ResourceResponseBase::cacheControlMaxAge() const
{
if (!m_haveParsedCacheControlHeader)
parseCacheControlDirectives();
return m_cacheControlDirectives.maxAge;
}
static std::optional<WallTime> parseDateValueInHeader(const HTTPHeaderMap& headers, HTTPHeaderName headerName)
{
String headerValue = headers.get(headerName);
if (headerValue.isEmpty())
return std::nullopt;
return parseHTTPDate(headerValue);
}
std::optional<WallTime> ResourceResponseBase::date() const
{
lazyInit(CommonFieldsOnly);
if (!m_haveParsedDateHeader) {
m_date = parseDateValueInHeader(m_httpHeaderFields, HTTPHeaderName::Date);
m_haveParsedDateHeader = true;
}
return m_date;
}
std::optional<Seconds> ResourceResponseBase::age() const
{
lazyInit(CommonFieldsOnly);
if (!m_haveParsedAgeHeader) {
String headerValue = m_httpHeaderFields.get(HTTPHeaderName::Age);
bool ok;
double ageDouble = headerValue.toDouble(&ok);
if (ok)
m_age = Seconds { ageDouble };
m_haveParsedAgeHeader = true;
}
return m_age;
}
std::optional<WallTime> ResourceResponseBase::expires() const
{
lazyInit(CommonFieldsOnly);
if (!m_haveParsedExpiresHeader) {
m_expires = parseDateValueInHeader(m_httpHeaderFields, HTTPHeaderName::Expires);
m_haveParsedExpiresHeader = true;
}
return m_expires;
}
std::optional<WallTime> ResourceResponseBase::lastModified() const
{
lazyInit(CommonFieldsOnly);
if (!m_haveParsedLastModifiedHeader) {
m_lastModified = parseDateValueInHeader(m_httpHeaderFields, HTTPHeaderName::LastModified);
#if PLATFORM(COCOA)
const WallTime epoch = WallTime::fromRawSeconds(0);
if (m_lastModified && m_lastModified.value() == epoch)
m_lastModified = std::nullopt;
#endif
m_haveParsedLastModifiedHeader = true;
}
return m_lastModified;
}
static ParsedContentRange parseContentRangeInHeader(const HTTPHeaderMap& headers)
{
String contentRangeValue = headers.get(HTTPHeaderName::ContentRange);
if (contentRangeValue.isEmpty())
return ParsedContentRange();
return ParsedContentRange(contentRangeValue);
}
ParsedContentRange& ResourceResponseBase::contentRange() const
{
lazyInit(CommonFieldsOnly);
if (!m_haveParsedContentRangeHeader) {
m_contentRange = parseContentRangeInHeader(m_httpHeaderFields);
m_haveParsedContentRangeHeader = true;
}
return m_contentRange;
}
bool ResourceResponseBase::isAttachment() const
{
lazyInit(AllFields);
auto value = m_httpHeaderFields.get(HTTPHeaderName::ContentDisposition);
return equalLettersIgnoringASCIICase(value.left(value.find(';')).stripWhiteSpace(), "attachment");
}
bool ResourceResponseBase::isAttachmentWithFilename() const
{
lazyInit(AllFields);
String contentDisposition = m_httpHeaderFields.get(HTTPHeaderName::ContentDisposition);
if (contentDisposition.isNull())
return false;
if (!equalLettersIgnoringASCIICase(contentDisposition.left(contentDisposition.find(';')).stripWhiteSpace(), "attachment"))
return false;
String filename = filenameFromHTTPContentDisposition(contentDisposition);
return !filename.isNull();
}
ResourceResponseBase::Source ResourceResponseBase::source() const
{
lazyInit(AllFields);
return m_source;
}
void ResourceResponseBase::lazyInit(InitLevel initLevel) const
{
const_cast<ResourceResponse*>(static_cast<const ResourceResponse*>(this))->platformLazyInit(initLevel);
}
bool ResourceResponseBase::compare(const ResourceResponse& a, const ResourceResponse& b)
{
if (a.isNull() != b.isNull())
return false;
if (a.url() != b.url())
return false;
if (a.mimeType() != b.mimeType())
return false;
if (a.expectedContentLength() != b.expectedContentLength())
return false;
if (a.textEncodingName() != b.textEncodingName())
return false;
if (a.suggestedFilename() != b.suggestedFilename())
return false;
if (a.httpStatusCode() != b.httpStatusCode())
return false;
if (a.httpStatusText() != b.httpStatusText())
return false;
if (a.httpHeaderFields() != b.httpHeaderFields())
return false;
if (a.deprecatedNetworkLoadMetrics() != b.deprecatedNetworkLoadMetrics())
return false;
return ResourceResponse::platformCompare(a, b);
}
}