#include "config.h"
#include "PolicyChecker.h"
#include "BlobRegistry.h"
#include "BlobURL.h"
#include "ContentFilter.h"
#include "ContentSecurityPolicy.h"
#include "DOMWindow.h"
#include "DocumentLoader.h"
#include "Event.h"
#include "EventNames.h"
#include "FormState.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "FrameLoaderClient.h"
#include "HTMLFormElement.h"
#include "HTMLFrameOwnerElement.h"
#include "HTMLPlugInElement.h"
#include "Logging.h"
#include <wtf/CompletionHandler.h>
#if USE(QUICK_LOOK)
#include "QuickLook.h"
#endif
namespace WebCore {
static bool isAllowedByContentSecurityPolicy(const URL& url, const Element* ownerElement, bool didReceiveRedirectResponse)
{
if (!ownerElement)
return true;
if (ownerElement->isInUserAgentShadowTree())
return true;
auto redirectResponseReceived = didReceiveRedirectResponse ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No;
ASSERT(ownerElement->document().contentSecurityPolicy());
if (is<HTMLPlugInElement>(ownerElement))
return ownerElement->document().contentSecurityPolicy()->allowObjectFromSource(url, redirectResponseReceived);
return ownerElement->document().contentSecurityPolicy()->allowChildFrameFromSource(url, redirectResponseReceived);
}
PolicyChecker::PolicyChecker(Frame& frame)
: m_frame(frame)
, m_delegateIsDecidingNavigationPolicy(false)
, m_delegateIsHandlingUnimplementablePolicy(false)
, m_loadType(FrameLoadType::Standard)
{
}
void PolicyChecker::checkNavigationPolicy(ResourceRequest&& newRequest, const ResourceResponse& redirectResponse, NavigationPolicyDecisionFunction&& function)
{
checkNavigationPolicy(WTFMove(newRequest), redirectResponse, m_frame.loader().activeDocumentLoader(), { }, WTFMove(function));
}
CompletionHandlerCallingScope PolicyChecker::extendBlobURLLifetimeIfNecessary(ResourceRequest& request) const
{
if (!request.url().protocolIsBlob())
return { };
URL temporaryBlobURL = BlobURL::createPublicURL(&m_frame.document()->securityOrigin());
blobRegistry().registerBlobURL(temporaryBlobURL, request.url());
request.setURL(temporaryBlobURL);
return CompletionHandler<void()>([temporaryBlobURL = WTFMove(temporaryBlobURL)] {
blobRegistry().unregisterBlobURL(temporaryBlobURL);
});
}
void PolicyChecker::checkNavigationPolicy(ResourceRequest&& request, const ResourceResponse& redirectResponse, DocumentLoader* loader, RefPtr<FormState>&& formState, NavigationPolicyDecisionFunction&& function, PolicyDecisionMode policyDecisionMode)
{
NavigationAction action = loader->triggeringAction();
if (action.isEmpty()) {
action = NavigationAction { *m_frame.document(), request, InitiatedByMainFrame::Unknown, NavigationType::Other, loader->shouldOpenExternalURLsPolicyToPropagate() };
loader->setTriggeringAction(action);
}
if (equalIgnoringHeaderFields(request, loader->lastCheckedRequest()) || (!request.isNull() && request.url().isEmpty())) {
function(ResourceRequest(request), { }, ShouldContinue::Yes);
loader->setLastCheckedRequest(WTFMove(request));
return;
}
auto& substituteData = loader->substituteData();
if (substituteData.isValid() && !substituteData.failingURL().isEmpty()) {
bool shouldContinue = true;
#if ENABLE(CONTENT_FILTERING)
shouldContinue = ContentFilter::continueAfterSubstituteDataRequest(*m_frame.loader().activeDocumentLoader(), substituteData);
#endif
if (isBackForwardLoadType(m_loadType))
m_loadType = FrameLoadType::Reload;
function(WTFMove(request), { }, shouldContinue ? ShouldContinue::Yes : ShouldContinue::No);
return;
}
if (!isAllowedByContentSecurityPolicy(request.url(), m_frame.ownerElement(), !redirectResponse.isNull())) {
if (m_frame.ownerElement()) {
m_frame.ownerElement()->dispatchEvent(Event::create(eventNames().loadEvent, false, false));
}
function(WTFMove(request), { }, ShouldContinue::No);
return;
}
loader->setLastCheckedRequest(ResourceRequest(request));
if (!m_frame.loader().stateMachine().committedFirstRealDocumentLoad() && request.url().isBlankURL() && !substituteData.isValid())
policyDecisionMode = PolicyDecisionMode::Synchronous;
#if USE(QUICK_LOOK)
if (!request.isNull() && isQuickLookPreviewURL(request.url()))
return function(WTFMove(request), makeWeakPtr(formState.get()), ShouldContinue::Yes);
#endif
#if ENABLE(CONTENT_FILTERING)
if (m_contentFilterUnblockHandler.canHandleRequest(request)) {
RefPtr<Frame> frame { &m_frame };
m_contentFilterUnblockHandler.requestUnblockAsync([frame](bool unblocked) {
if (unblocked)
frame->loader().reload();
});
return function({ }, nullptr, ShouldContinue::No);
}
m_contentFilterUnblockHandler = { };
#endif
m_frame.loader().clearProvisionalLoadForPolicyCheck();
auto blobURLLifetimeExtension = policyDecisionMode == PolicyDecisionMode::Asynchronous ? extendBlobURLLifetimeIfNecessary(request) : CompletionHandlerCallingScope { };
m_delegateIsDecidingNavigationPolicy = true;
String suggestedFilename = action.downloadAttribute().isEmpty() ? nullAtom() : action.downloadAttribute();
m_frame.loader().client().dispatchDecidePolicyForNavigationAction(action, request, redirectResponse, formState.get(), policyDecisionMode, [this, function = WTFMove(function), request = ResourceRequest(request), formState = WTFMove(formState), suggestedFilename = WTFMove(suggestedFilename), blobURLLifetimeExtension = WTFMove(blobURLLifetimeExtension)](PolicyAction policyAction) mutable {
m_delegateIsDecidingNavigationPolicy = false;
switch (policyAction) {
case PolicyAction::Download:
m_frame.loader().setOriginalURLForDownloadRequest(request);
m_frame.loader().client().startDownload(request, suggestedFilename);
FALLTHROUGH;
case PolicyAction::Ignore:
return function({ }, nullptr, ShouldContinue::No);
case PolicyAction::Suspend:
return function({ }, nullptr, ShouldContinue::ForSuspension);
case PolicyAction::Use:
if (!m_frame.loader().client().canHandleRequest(request)) {
handleUnimplementablePolicy(m_frame.loader().client().cannotShowURLError(request));
return function({ }, { }, ShouldContinue::No);
}
return function(WTFMove(request), makeWeakPtr(formState.get()), ShouldContinue::Yes);
}
ASSERT_NOT_REACHED();
});
}
void PolicyChecker::checkNewWindowPolicy(NavigationAction&& navigationAction, ResourceRequest&& request, RefPtr<FormState>&& formState, const String& frameName, NewWindowPolicyDecisionFunction&& function)
{
if (m_frame.document() && m_frame.document()->isSandboxed(SandboxPopups))
return function({ }, nullptr, { }, { }, ShouldContinue::No);
if (!DOMWindow::allowPopUp(m_frame))
return function({ }, nullptr, { }, { }, ShouldContinue::No);
auto blobURLLifetimeExtension = extendBlobURLLifetimeIfNecessary(request);
m_frame.loader().client().dispatchDecidePolicyForNewWindowAction(navigationAction, request, formState.get(), frameName, [frame = makeRef(m_frame), request, formState = WTFMove(formState), frameName, navigationAction, function = WTFMove(function), blobURLLifetimeExtension = WTFMove(blobURLLifetimeExtension)](PolicyAction policyAction) mutable {
switch (policyAction) {
case PolicyAction::Download:
frame->loader().client().startDownload(request);
FALLTHROUGH;
case PolicyAction::Ignore:
function({ }, nullptr, { }, { }, ShouldContinue::No);
return;
case PolicyAction::Suspend:
RELEASE_ASSERT_NOT_REACHED();
case PolicyAction::Use:
function(request, makeWeakPtr(formState.get()), frameName, navigationAction, ShouldContinue::Yes);
return;
}
ASSERT_NOT_REACHED();
});
}
void PolicyChecker::stopCheck()
{
m_frame.loader().client().cancelPolicyCheck();
}
void PolicyChecker::cannotShowMIMEType(const ResourceResponse& response)
{
handleUnimplementablePolicy(m_frame.loader().client().cannotShowMIMETypeError(response));
}
void PolicyChecker::handleUnimplementablePolicy(const ResourceError& error)
{
m_delegateIsHandlingUnimplementablePolicy = true;
m_frame.loader().client().dispatchUnableToImplementPolicy(error);
m_delegateIsHandlingUnimplementablePolicy = false;
}
}