| blob | 3e985b4db5641f6800d4e2b23dea2673abf356dd |
1 /*
2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
3 * Copyright (C) 2011 Google Inc. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
15 * its contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
81 {
83 }
85 DocumentLoader::DocumentLoader(LocalFrame* frame, const ResourceRequest& req, const SubstituteData& substituteData)
100 {
101 }
104 {
108 }
111 {
113 }
116 {
120 }
123 {
126 // TODO(sof): start tracing ResourcePtr<>s (and m_mainResource.)
132 }
135 {
137 }
140 {
144 }
147 {
149 }
152 {
154 }
157 {
159 }
162 {
163 ASSERT(type == Resource::Script || type == Resource::CSSStyleSheet || type == Resource::Image || type == Resource::ImportResource);
178 }
182 }
185 {
188 }
190 void DocumentLoader::updateForSameDocumentNavigation(const KURL& newURL, SameDocumentNavigationSource sameDocumentNavigationSource)
191 {
198 }
203 }
206 {
208 }
211 {
213 ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading() || InspectorInstrumentation::isDebuggerPaused(m_frame));
222 }
224 // Cancels the data source's pending loads. Conceptually, a data source only loads
225 // one document at a time, but one document may have many related resources.
226 // stopLoading will stop all loads initiated by the data source,
227 // but not loads initiated by child frames' data sources -- that's the WebFrame's job.
229 {
236 }
239 {
243 }
244 }
247 {
252 }
255 {
264 }
267 }
270 {
271 ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading() || InspectorInstrumentation::isDebuggerPaused(m_frame));
287 // If this is an empty document, it will not have actually been created yet. Commit dummy data so that
288 // DocumentWriter::begin() gets called and creates the Document.
291 }
299 // If the document specified an application cache manifest, it violates the author's intent if we store it in the memory cache
300 // and deny the appcache the chance to intercept it in the future, so remove from the memory cache.
304 }
307 }
309 bool DocumentLoader::isRedirectAfterPost(const ResourceRequest& newRequest, const ResourceResponse& redirectResponse)
310 {
317 }
319 bool DocumentLoader::shouldContinueForNavigationPolicy(const ResourceRequest& request, ContentSecurityPolicyDisposition shouldCheckMainWorldContentSecurityPolicy, NavigationPolicy policy)
320 {
321 // Don't ask if we are loading an empty URL.
325 // If we're loading content into a subframe, check against the parent's Content Security Policy
326 // and kill the load if that check fails, unless we should bypass the main world's CSP.
327 // FIXME: CSP checks are broken for OOPI. For now, this policy always allows frames with a remote parent...
328 if ((shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy) && (m_frame->deprecatedLocalOwner() && !m_frame->deprecatedLocalOwner()->document().contentSecurityPolicy()->allowChildFrameFromSource(request.url(), request.followedRedirect() ? ContentSecurityPolicy::DidRedirect : ContentSecurityPolicy::DidNotRedirect))) {
329 // Fire a load event, as timing attacks would otherwise reveal that the
330 // frame was blocked. This way, it looks like every other cross-origin
331 // page load.
335 }
346 }
348 void DocumentLoader::redirectReceived(Resource* resource, ResourceRequest& request, const ResourceResponse& redirectResponse)
349 {
352 }
355 {
358 }
361 {
363 }
365 void DocumentLoader::willSendRequest(ResourceRequest& newRequest, const ResourceResponse& redirectResponse)
366 {
367 // Note that there are no asserts here as there are for the other callbacks. This is due to the
368 // fact that this "callback" is sent when starting every load, and the state of callback
369 // deferrals plays less of a part in this function in preventing the bad behavior deferring
370 // callbacks is meant to prevent.
372 if (isFormSubmission(m_navigationType) && !m_frame->document()->contentSecurityPolicy()->allowFormAction(newRequest.url())) {
375 }
379 // If the redirecting url is not allowed to display content from the target origin,
380 // then block the redirect.
386 }
388 }
390 // If we're fielding a redirect in response to a POST, force a load from origin, since
391 // this is a common site technique to return to a page viewing some data that the POST
392 // just modified.
393 if (newRequest.cachePolicy() == UseProtocolCachePolicy && isRedirectAfterPost(newRequest, redirectResponse))
405 }
408 {
409 if (Platform::current()->mimeRegistry()->supportsMIMEType(mimeType) == WebMimeRegistry::IsSupported)
413 }
416 {
422 // The server does not want us to replace the page contents.
424 }
426 if (contentDispositionType(m_response.httpHeaderField("Content-Disposition")) == ContentDispositionAttachment) {
427 // The server wants us to download instead of replacing the page contents.
428 // Downloading is handled by the embedder, but we still get the initial
429 // response so that we can ignore it and clean up properly.
431 }
436 // Prevent remote web archives from loading because they can claim to be from any domain and thus avoid cross-domain security checks.
437 if (isArchiveMIMEType(m_response.mimeType()) && !SchemeRegistry::shouldTreatURLSchemeAsLocal(m_request.url().protocol()))
441 }
444 {
445 InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame, this, mainResourceIdentifier(), response);
451 // The load event might have detached this frame. In that case, the load will already have been cancelled during detach.
455 }
457 void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse& response, PassOwnPtr<WebDataConsumerHandle> handle)
458 {
466 // The memory cache doesn't understand the application cache or its caching rules. So if a main resource is served
467 // from the application cache, ensure we don't save the result for future use. All responses loaded
468 // from appcache will have a non-zero appCacheID().
478 }
480 DEFINE_STATIC_LOCAL(AtomicString, xFrameOptionHeader, ("x-frame-options", AtomicString::ConstructFromLiteral));
482 // 'frame-ancestors' obviates 'x-frame-options': https://w3c.github.io/webappsec/specs/content-security-policy/#frame-ancestors-and-frame-options
487 if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), mainResourceIdentifier())) {
488 String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
489 RefPtrWillBeRawPtr<ConsoleMessage> consoleMessage = ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message);
495 }
496 }
497 }
503 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->dataBufferingPolicy() != BufferData)
507 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_mainResource->identifier(), m_response);
510 }
516 }
517 }
520 {
524 const AtomicString& encoding = m_frame->host()->overrideEncoding().isNull() ? response().textEncodingName() : m_frame->host()->overrideEncoding();
526 // Prepare a DocumentInit before clearing the frame, because it may need to
527 // inherit an aliased security context.
534 if ((m_substituteData.isValid() && m_substituteData.forceSynchronousLoad()) || !Document::threadedParsingEnabledForTesting())
540 // This should be set before receivedFirstData().
544 // Call receivedFirstData() exactly once per load.
546 m_frame->document()->maybeHandleHttpRefresh(m_response.httpHeaderField("Refresh"), Document::HttpRefreshFromHeader);
547 }
550 {
554 // This can happen if document.close() is called by an event handler while
555 // there's still pending incoming data.
559 }
565 }
568 {
576 // If this function is reentered, defer processing of the additional
577 // data to the top-level invocation. Reentrant calls can occur because
578 // of web platform (mis-)features that require running a nested message
579 // loop:
580 // - alert(), confirm(), prompt()
581 // - Detach of plugin elements.
582 // - Synchronous XMLHTTPRequest
585 }
587 // Both unloading the old page and parsing the new page may execute JavaScript which destroys the datasource
588 // by starting a new load, so retain temporarily.
595 // Process data received in reentrant invocations. Note that the
596 // invocations of processData() may queue more data in reentrant
597 // invocations, so iterate until it's empty.
603 }
604 // All data has been consumed, so flush the buffer.
606 }
609 {
620 // If we are sending data to MediaDocument, we should stop here
621 // and cancel the request.
624 }
627 {
629 }
632 {
634 }
637 {
639 }
642 {
647 // It never makes sense to have a document loader that is detached from its
648 // frame have any loads active, so go ahead and kill all the loads.
651 // If that load cancellation triggered another detach, leave.
652 // (fast/frames/detach-frame-nested-no-crash.html is an example of this.)
663 }
666 {
671 }
674 {
675 // Only the top-frame can load MHTML.
679 // Give the archive machinery a crack at this document. If the MIME type is not an archive type, it will return 0.
685 // Invalid MHTML.
689 }
694 // The origin is the MHTML file, we need to set the base URL to the document encoded in the MHTML so
695 // relative URLs are resolved properly.
698 // The Document has now been created.
703 }
706 {
710 ArchiveResourceCollection* parentCollection = toLocalFrame(m_frame->tree().parent())->loader().documentLoader()->fetcher()->archiveResourceCollection();
714 m_archive = parentCollection->popSubframeArchive(m_frame->tree().uniqueName(), m_request.url());
721 m_substituteData = SubstituteData(mainResource->data(), mainResource->mimeType(), mainResource->textEncoding(), KURL());
722 }
725 {
727 }
730 {
732 }
735 {
736 // Multiple frames may be loading the same main resource simultaneously. If deferral state changes,
737 // each frame's DocumentLoader will try to send a setDefersLoading() to the same underlying ResourceLoader. Ensure only
738 // the "owning" DocumentLoader does so, as setDefersLoading() is not resilient to setting the same value repeatedly.
743 }
746 {
747 bool shouldLoadEmpty = !m_substituteData.isValid() && (m_request.url().isEmpty() || SchemeRegistry::shouldLoadURLSchemeAsEmptyDocument(m_request.url().protocol()));
751 if (m_request.url().isEmpty() && !frameLoader()->stateMachine()->creatingInitialEmptyDocument())
756 }
759 {
775 // willSendRequest() may lead to our LocalFrame being detached or cancelling the load via nulling the ResourceRequest.
784 (DoNotBufferData, AllowStoredCredentials, ClientRequestedCredentials, CheckContentSecurityPolicy, DocumentContext));
785 FetchRequest cachedResourceRequest(request, FetchInitiatorTypeNames::document, mainResourceLoadOptions);
786 m_mainResource = RawResource::fetchMainResource(cachedResourceRequest, fetcher(), m_substituteData);
789 // If the load was aborted by clearing m_request, it's possible the ApplicationCacheHost
790 // is now in a state where starting an empty load will be inconsistent. Replace it with
791 // a new ApplicationCacheHost.
797 }
800 // A bunch of headers are set when the underlying ResourceLoader is created, and m_request needs to include those.
803 // If there was a fragment identifier on m_request, the cache will have stripped it. m_request should include
804 // the fragment identifier, so add that back in.
808 }
811 {
813 ResourceError error = resourceError.isNull() ? ResourceError::cancelledError(m_request.url()) : resourceError;
819 }
821 void DocumentLoader::attachThreadedDataReceiver(PassRefPtrWillBeRawPtr<ThreadedDataReceiver> threadedDataReceiver)
822 {
825 }
827 void DocumentLoader::acceptDataFromThreadedReceiver(const char* data, int dataLength, int encodedDataLength)
828 {
829 m_fetcher->acceptDataFromThreadedReceiver(mainResourceIdentifier(), data, dataLength, encodedDataLength);
830 }
833 {
837 }
839 PassRefPtrWillBeRawPtr<DocumentWriter> DocumentLoader::createWriterFor(const Document* ownerDocument, const DocumentInit& init, const AtomicString& mimeType, const AtomicString& encoding, bool dispatch, ParserSynchronizationPolicy parsingPolicy)
840 {
849 RefPtrWillBeRawPtr<Document> document = frame->localDOMWindow()->installNewDocument(mimeType, init);
853 }
858 }
861 {
865 }
867 // This is only called by FrameLoader::replaceDocumentWhileExecutingJavaScriptURL()
868 void DocumentLoader::replaceDocumentWhileExecutingJavaScriptURL(const DocumentInit& init, const String& source, Document* ownerDocument)
869 {
870 m_writer = createWriterFor(ownerDocument, init, mimeType(), m_writer ? m_writer->encoding() : emptyAtom, true, ForceSynchronousParsing);
874 }