content/browser/loader/buffered_resource_handler.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/browser/loader/buffered_resource_handler.h"
   6
   7 #include <vector>
   8
   9 #include "base/bind.h"
  10 #include "base/location.h"
  11 #include "base/logging.h"
  12 #include "base/metrics/histogram.h"
  13 #include "base/single_thread_task_runner.h"
  14 #include "base/strings/string_util.h"
  15 #include "base/thread_task_runner_handle.h"
  16 #include "components/mime_util/mime_util.h"
  17 #include "content/browser/download/download_resource_handler.h"
  18 #include "content/browser/download/download_stats.h"
  19 #include "content/browser/loader/certificate_resource_handler.h"
  20 #include "content/browser/loader/resource_dispatcher_host_impl.h"
  21 #include "content/browser/loader/resource_request_info_impl.h"
  22 #include "content/browser/loader/stream_resource_handler.h"
  23 #include "content/public/browser/content_browser_client.h"
  24 #include "content/public/browser/download_item.h"
  25 #include "content/public/browser/download_save_info.h"
  26 #include "content/public/browser/download_url_parameters.h"
  27 #include "content/public/browser/plugin_service.h"
  28 #include "content/public/browser/resource_context.h"
  29 #include "content/public/browser/resource_dispatcher_host_delegate.h"
  30 #include "content/public/common/resource_response.h"
  31 #include "content/public/common/webplugininfo.h"
  32 #include "net/base/io_buffer.h"
  33 #include "net/base/mime_sniffer.h"
  34 #include "net/base/mime_util.h"
  35 #include "net/base/net_errors.h"
  36 #include "net/http/http_content_disposition.h"
  37 #include "net/http/http_response_headers.h"
  38
  39 namespace content {
  40
  41 namespace {
  42
  43 void RecordSnifferMetrics(bool sniffing_blocked,
  44                           bool we_would_like_to_sniff,
  45                           const std::string& mime_type) {
  46   static base::HistogramBase* nosniff_usage(NULL);
  47   if (!nosniff_usage)
  48     nosniff_usage = base::BooleanHistogram::FactoryGet(
  49         "nosniff.usage", base::HistogramBase::kUmaTargetedHistogramFlag);
  50   nosniff_usage->AddBoolean(sniffing_blocked);
  51
  52   if (sniffing_blocked) {
  53     static base::HistogramBase* nosniff_otherwise(NULL);
  54     if (!nosniff_otherwise)
  55       nosniff_otherwise = base::BooleanHistogram::FactoryGet(
  56           "nosniff.otherwise", base::HistogramBase::kUmaTargetedHistogramFlag);
  57     nosniff_otherwise->AddBoolean(we_would_like_to_sniff);
  58
  59     static base::HistogramBase* nosniff_empty_mime_type(NULL);
  60     if (!nosniff_empty_mime_type)
  61       nosniff_empty_mime_type = base::BooleanHistogram::FactoryGet(
  62           "nosniff.empty_mime_type",
  63           base::HistogramBase::kUmaTargetedHistogramFlag);
  64     nosniff_empty_mime_type->AddBoolean(mime_type.empty());
  65   }
  66 }
  67
  68 // Used to write into an existing IOBuffer at a given offset.
  69 class DependentIOBuffer : public net::WrappedIOBuffer {
  70  public:
  71   DependentIOBuffer(net::IOBuffer* buf, int offset)
  72       : net::WrappedIOBuffer(buf->data() + offset),
  73         buf_(buf) {
  74   }
  75
  76  private:
  77   ~DependentIOBuffer() override {}
  78
  79   scoped_refptr<net::IOBuffer> buf_;
  80 };
  81
  82 }  // namespace
  83
  84 BufferedResourceHandler::BufferedResourceHandler(
  85     scoped_ptr<ResourceHandler> next_handler,
  86     ResourceDispatcherHostImpl* host,
  87     PluginService* plugin_service,
  88     net::URLRequest* request)
  89     : LayeredResourceHandler(request, next_handler.Pass()),
  90       state_(STATE_STARTING),
  91       host_(host),
  92       plugin_service_(plugin_service),
  93       read_buffer_size_(0),
  94       bytes_read_(0),
  95       must_download_(false),
  96       must_download_is_set_(false),
  97       weak_ptr_factory_(this) {
  98 }
  99
 100 BufferedResourceHandler::~BufferedResourceHandler() {
 101 }
 102
 103 void BufferedResourceHandler::SetController(ResourceController* controller) {
 104   ResourceHandler::SetController(controller);
 105
 106   // Downstream handlers see us as their ResourceController, which allows us to
 107   // consume part or all of the resource response, and then later replay it to
 108   // downstream handler.
 109   DCHECK(next_handler_.get());
 110   next_handler_->SetController(this);
 111 }
 112
 113 bool BufferedResourceHandler::OnResponseStarted(ResourceResponse* response,
 114                                                 bool* defer) {
 115   response_ = response;
 116
 117   // A 304 response should not contain a Content-Type header (RFC 7232 section
 118   // 4.1). The following code may incorrectly attempt to add a Content-Type to
 119   // the response, and so must be skipped for 304 responses.
 120   if (!(response_->head.headers.get() &&
 121         response_->head.headers->response_code() == 304)) {
 122     if (ShouldSniffContent()) {
 123       state_ = STATE_BUFFERING;
 124       return true;
 125     }
 126
 127     if (response_->head.mime_type.empty()) {
 128       // Ugg.  The server told us not to sniff the content but didn't give us
 129       // a mime type.  What's a browser to do?  Turns out, we're supposed to
 130       // treat the response as "text/plain".  This is the most secure option.
 131       response_->head.mime_type.assign("text/plain");
 132     }
 133
 134     // Treat feed types as text/plain.
 135     if (response_->head.mime_type == "application/rss+xml" ||
 136         response_->head.mime_type == "application/atom+xml") {
 137       response_->head.mime_type.assign("text/plain");
 138     }
 139   }
 140
 141   state_ = STATE_PROCESSING;
 142   return ProcessResponse(defer);
 143 }
 144
 145 // We'll let the original event handler provide a buffer, and reuse it for
 146 // subsequent reads until we're done buffering.
 147 bool BufferedResourceHandler::OnWillRead(scoped_refptr<net::IOBuffer>* buf,
 148                                          int* buf_size,
 149                                          int min_size) {
 150   if (state_ == STATE_STREAMING)
 151     return next_handler_->OnWillRead(buf, buf_size, min_size);
 152
 153   DCHECK_EQ(-1, min_size);
 154
 155   if (read_buffer_.get()) {
 156     CHECK_LT(bytes_read_, read_buffer_size_);
 157     *buf = new DependentIOBuffer(read_buffer_.get(), bytes_read_);
 158     *buf_size = read_buffer_size_ - bytes_read_;
 159   } else {
 160     if (!next_handler_->OnWillRead(buf, buf_size, min_size))
 161       return false;
 162
 163     read_buffer_ = *buf;
 164     read_buffer_size_ = *buf_size;
 165     DCHECK_GE(read_buffer_size_, net::kMaxBytesToSniff * 2);
 166   }
 167   return true;
 168 }
 169
 170 bool BufferedResourceHandler::OnReadCompleted(int bytes_read, bool* defer) {
 171   if (state_ == STATE_STREAMING)
 172     return next_handler_->OnReadCompleted(bytes_read, defer);
 173
 174   DCHECK_EQ(state_, STATE_BUFFERING);
 175   bytes_read_ += bytes_read;
 176
 177   if (!DetermineMimeType() && (bytes_read > 0))
 178     return true;  // Needs more data, so keep buffering.
 179
 180   state_ = STATE_PROCESSING;
 181   return ProcessResponse(defer);
 182 }
 183
 184 void BufferedResourceHandler::OnResponseCompleted(
 185     const net::URLRequestStatus& status,
 186     const std::string& security_info,
 187     bool* defer) {
 188   // Upon completion, act like a pass-through handler in case the downstream
 189   // handler defers OnResponseCompleted.
 190   state_ = STATE_STREAMING;
 191
 192   next_handler_->OnResponseCompleted(status, security_info, defer);
 193 }
 194
 195 void BufferedResourceHandler::Resume() {
 196   switch (state_) {
 197     case STATE_BUFFERING:
 198     case STATE_PROCESSING:
 199       NOTREACHED();
 200       break;
 201     case STATE_REPLAYING:
 202       base::ThreadTaskRunnerHandle::Get()->PostTask(
 203           FROM_HERE,
 204           base::Bind(&BufferedResourceHandler::CallReplayReadCompleted,
 205                      weak_ptr_factory_.GetWeakPtr()));
 206       break;
 207     case STATE_STARTING:
 208     case STATE_STREAMING:
 209       controller()->Resume();
 210       break;
 211   }
 212 }
 213
 214 void BufferedResourceHandler::Cancel() {
 215   controller()->Cancel();
 216 }
 217
 218 void BufferedResourceHandler::CancelAndIgnore() {
 219   controller()->CancelAndIgnore();
 220 }
 221
 222 void BufferedResourceHandler::CancelWithError(int error_code) {
 223   controller()->CancelWithError(error_code);
 224 }
 225
 226 bool BufferedResourceHandler::ProcessResponse(bool* defer) {
 227   DCHECK_EQ(STATE_PROCESSING, state_);
 228
 229   // TODO(darin): Stop special-casing 304 responses.
 230   if (!(response_->head.headers.get() &&
 231         response_->head.headers->response_code() == 304)) {
 232     if (!SelectNextHandler(defer))
 233       return false;
 234     if (*defer)
 235       return true;
 236   }
 237
 238   state_ = STATE_REPLAYING;
 239
 240   if (!next_handler_->OnResponseStarted(response_.get(), defer))
 241     return false;
 242
 243   if (!read_buffer_.get()) {
 244     state_ = STATE_STREAMING;
 245     return true;
 246   }
 247
 248   if (!*defer)
 249     return ReplayReadCompleted(defer);
 250
 251   return true;
 252 }
 253
 254 bool BufferedResourceHandler::ShouldSniffContent() {
 255   const std::string& mime_type = response_->head.mime_type;
 256
 257   std::string content_type_options;
 258   request()->GetResponseHeaderByName("x-content-type-options",
 259                                      &content_type_options);
 260
 261   bool sniffing_blocked =
 262       base::LowerCaseEqualsASCII(content_type_options, "nosniff");
 263   bool we_would_like_to_sniff =
 264       net::ShouldSniffMimeType(request()->url(), mime_type);
 265
 266   RecordSnifferMetrics(sniffing_blocked, we_would_like_to_sniff, mime_type);
 267
 268   if (!sniffing_blocked && we_would_like_to_sniff) {
 269     // We're going to look at the data before deciding what the content type
 270     // is.  That means we need to delay sending the ResponseStarted message
 271     // over the IPC channel.
 272     VLOG(1) << "To buffer: " << request()->url().spec();
 273     return true;
 274   }
 275
 276   return false;
 277 }
 278
 279 bool BufferedResourceHandler::DetermineMimeType() {
 280   DCHECK_EQ(STATE_BUFFERING, state_);
 281
 282   const std::string& type_hint = response_->head.mime_type;
 283
 284   std::string new_type;
 285   bool made_final_decision =
 286       net::SniffMimeType(read_buffer_->data(), bytes_read_, request()->url(),
 287                          type_hint, &new_type);
 288
 289   // SniffMimeType() returns false if there is not enough data to determine
 290   // the mime type. However, even if it returns false, it returns a new type
 291   // that is probably better than the current one.
 292   response_->head.mime_type.assign(new_type);
 293
 294   return made_final_decision;
 295 }
 296
 297 bool BufferedResourceHandler::SelectNextHandler(bool* defer) {
 298   DCHECK(!response_->head.mime_type.empty());
 299
 300   ResourceRequestInfoImpl* info = GetRequestInfo();
 301   const std::string& mime_type = response_->head.mime_type;
 302
 303   if (mime_util::IsSupportedCertificateMimeType(mime_type)) {
 304     // Install certificate file.
 305     info->set_is_download(true);
 306     scoped_ptr<ResourceHandler> handler(
 307         new CertificateResourceHandler(request()));
 308     return UseAlternateNextHandler(handler.Pass(), std::string());
 309   }
 310
 311   // Allow requests for object/embed tags to be intercepted as streams.
 312   if (info->GetResourceType() == content::RESOURCE_TYPE_OBJECT) {
 313     DCHECK(!info->allow_download());
 314     std::string payload;
 315     scoped_ptr<ResourceHandler> handler(
 316         host_->MaybeInterceptAsStream(request(), response_.get(), &payload));
 317     if (handler) {
 318       DCHECK(!mime_util::IsSupportedMimeType(mime_type));
 319       return UseAlternateNextHandler(handler.Pass(), payload);
 320     }
 321   }
 322
 323   if (!info->allow_download())
 324     return true;
 325
 326   // info->allow_download() == true implies
 327   // info->GetResourceType() == RESOURCE_TYPE_MAIN_FRAME or
 328   // info->GetResourceType() == RESOURCE_TYPE_SUB_FRAME.
 329   DCHECK(info->GetResourceType() == RESOURCE_TYPE_MAIN_FRAME ||
 330          info->GetResourceType() == RESOURCE_TYPE_SUB_FRAME);
 331
 332   bool must_download = MustDownload();
 333   if (!must_download) {
 334     if (mime_util::IsSupportedMimeType(mime_type))
 335       return true;
 336
 337     std::string payload;
 338     scoped_ptr<ResourceHandler> handler(
 339         host_->MaybeInterceptAsStream(request(), response_.get(), &payload));
 340     if (handler) {
 341       return UseAlternateNextHandler(handler.Pass(), payload);
 342     }
 343
 344 #if defined(ENABLE_PLUGINS)
 345     bool stale;
 346     bool has_plugin = HasSupportingPlugin(&stale);
 347     if (stale) {
 348       // Refresh the plugins asynchronously.
 349       plugin_service_->GetPlugins(
 350           base::Bind(&BufferedResourceHandler::OnPluginsLoaded,
 351                      weak_ptr_factory_.GetWeakPtr()));
 352       request()->LogBlockedBy("BufferedResourceHandler");
 353       *defer = true;
 354       return true;
 355     }
 356     if (has_plugin)
 357       return true;
 358 #endif
 359   }
 360
 361   // Install download handler
 362   info->set_is_download(true);
 363   scoped_ptr<ResourceHandler> handler(
 364       host_->CreateResourceHandlerForDownload(
 365           request(),
 366           true,  // is_content_initiated
 367           must_download,
 368           DownloadItem::kInvalidId,
 369           scoped_ptr<DownloadSaveInfo>(new DownloadSaveInfo()),
 370           DownloadUrlParameters::OnStartedCallback()));
 371   return UseAlternateNextHandler(handler.Pass(), std::string());
 372 }
 373
 374 bool BufferedResourceHandler::UseAlternateNextHandler(
 375     scoped_ptr<ResourceHandler> new_handler,
 376     const std::string& payload_for_old_handler) {
 377   if (response_->head.headers.get() &&  // Can be NULL if FTP.
 378       response_->head.headers->response_code() / 100 != 2) {
 379     // The response code indicates that this is an error page, but we don't
 380     // know how to display the content.  We follow Firefox here and show our
 381     // own error page instead of triggering a download.
 382     // TODO(abarth): We should abstract the response_code test, but this kind
 383     //               of check is scattered throughout our codebase.
 384     request()->CancelWithError(net::ERR_INVALID_RESPONSE);
 385     return false;
 386   }
 387
 388   // Inform the original ResourceHandler that this will be handled entirely by
 389   // the new ResourceHandler.
 390   // TODO(darin): We should probably check the return values of these.
 391   bool defer_ignored = false;
 392   next_handler_->OnResponseStarted(response_.get(), &defer_ignored);
 393   // Although deferring OnResponseStarted is legal, the only downstream handler
 394   // which does so is CrossSiteResourceHandler. Cross-site transitions should
 395   // not trigger when switching handlers.
 396   DCHECK(!defer_ignored);
 397   if (payload_for_old_handler.empty()) {
 398     net::URLRequestStatus status(net::URLRequestStatus::CANCELED,
 399                                  net::ERR_ABORTED);
 400     next_handler_->OnResponseCompleted(status, std::string(), &defer_ignored);
 401     DCHECK(!defer_ignored);
 402   } else {
 403     scoped_refptr<net::IOBuffer> buf;
 404     int size = 0;
 405
 406     next_handler_->OnWillRead(&buf, &size, -1);
 407     CHECK_GE(size, static_cast<int>(payload_for_old_handler.length()));
 408
 409     memcpy(buf->data(), payload_for_old_handler.c_str(),
 410            payload_for_old_handler.length());
 411
 412     next_handler_->OnReadCompleted(payload_for_old_handler.length(),
 413                                    &defer_ignored);
 414     DCHECK(!defer_ignored);
 415
 416     net::URLRequestStatus status(net::URLRequestStatus::SUCCESS, 0);
 417     next_handler_->OnResponseCompleted(status, std::string(), &defer_ignored);
 418     DCHECK(!defer_ignored);
 419   }
 420
 421   // This is handled entirely within the new ResourceHandler, so just reset the
 422   // original ResourceHandler.
 423   next_handler_ = new_handler.Pass();
 424   next_handler_->SetController(this);
 425
 426   return CopyReadBufferToNextHandler();
 427 }
 428
 429 bool BufferedResourceHandler::ReplayReadCompleted(bool* defer) {
 430   DCHECK(read_buffer_.get());
 431
 432   bool result = next_handler_->OnReadCompleted(bytes_read_, defer);
 433
 434   read_buffer_ = NULL;
 435   read_buffer_size_ = 0;
 436   bytes_read_ = 0;
 437
 438   state_ = STATE_STREAMING;
 439
 440   return result;
 441 }
 442
 443 void BufferedResourceHandler::CallReplayReadCompleted() {
 444   bool defer = false;
 445   if (!ReplayReadCompleted(&defer)) {
 446     controller()->Cancel();
 447   } else if (!defer) {
 448     state_ = STATE_STREAMING;
 449     controller()->Resume();
 450   }
 451 }
 452
 453 bool BufferedResourceHandler::MustDownload() {
 454   if (must_download_is_set_)
 455     return must_download_;
 456
 457   must_download_is_set_ = true;
 458
 459   std::string disposition;
 460   request()->GetResponseHeaderByName("content-disposition", &disposition);
 461   if (!disposition.empty() &&
 462       net::HttpContentDisposition(disposition, std::string()).is_attachment()) {
 463     must_download_ = true;
 464   } else if (host_->delegate() &&
 465              host_->delegate()->ShouldForceDownloadResource(
 466                  request()->url(), response_->head.mime_type)) {
 467     must_download_ = true;
 468   } else {
 469     must_download_ = false;
 470   }
 471
 472   return must_download_;
 473 }
 474
 475 bool BufferedResourceHandler::HasSupportingPlugin(bool* stale) {
 476 #if defined(ENABLE_PLUGINS)
 477   ResourceRequestInfoImpl* info = GetRequestInfo();
 478
 479   bool allow_wildcard = false;
 480   WebPluginInfo plugin;
 481   return plugin_service_->GetPluginInfo(
 482       info->GetChildID(), info->GetRenderFrameID(), info->GetContext(),
 483       request()->url(), GURL(), response_->head.mime_type, allow_wildcard,
 484       stale, &plugin, NULL);
 485 #else
 486   if (stale)
 487     *stale = false;
 488   return false;
 489 #endif
 490 }
 491
 492 bool BufferedResourceHandler::CopyReadBufferToNextHandler() {
 493   if (!read_buffer_.get())
 494     return true;
 495
 496   scoped_refptr<net::IOBuffer> buf;
 497   int buf_len = 0;
 498   if (!next_handler_->OnWillRead(&buf, &buf_len, bytes_read_))
 499     return false;
 500
 501   CHECK((buf_len >= bytes_read_) && (bytes_read_ >= 0));
 502   memcpy(buf->data(), read_buffer_->data(), bytes_read_);
 503   return true;
 504 }
 505
 506 void BufferedResourceHandler::OnPluginsLoaded(
 507     const std::vector<WebPluginInfo>& plugins) {
 508   request()->LogUnblocked();
 509   bool defer = false;
 510   if (!ProcessResponse(&defer)) {
 511     controller()->Cancel();
 512   } else if (!defer) {
 513     controller()->Resume();
 514   }
 515 }
 516
 517 }  // namespace content