OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2003, 2006 Apple Computer, Inc. All rights reserved. | 2 * Copyright (C) 2003, 2006 Apple Computer, Inc. All rights reserved. |
3 * Copyright (C) 2009, 2012 Google Inc. All rights reserved. | 3 * Copyright (C) 2009, 2012 Google Inc. All rights reserved. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
11 * notice, this list of conditions and the following disclaimer in the | 11 * notice, this list of conditions and the following disclaimer in the |
12 * documentation and/or other materials provided with the distribution. | 12 * documentation and/or other materials provided with the distribution. |
13 * | 13 * |
14 * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY | 14 * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY |
15 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 15 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
17 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR | 17 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR |
18 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | 18 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
19 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | 19 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
20 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | 20 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
21 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | 21 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
22 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 22 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
24 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 24 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
25 */ | 25 */ |
26 | 26 |
27 #include "platform/network/ResourceRequest.h" | 27 #include "platform/network/ResourceRequest.h" |
28 | 28 |
29 #include "platform/HTTPNames.h" | 29 #include "platform/HTTPNames.h" |
| 30 #include "platform/RuntimeEnabledFeatures.h" |
30 #include "platform/weborigin/SecurityOrigin.h" | 31 #include "platform/weborigin/SecurityOrigin.h" |
| 32 #include "public/platform/Platform.h" |
31 #include "public/platform/WebURLRequest.h" | 33 #include "public/platform/WebURLRequest.h" |
32 | 34 |
33 namespace blink { | 35 namespace blink { |
34 | 36 |
35 double ResourceRequest::s_defaultTimeoutInterval = INT_MAX; | 37 double ResourceRequest::s_defaultTimeoutInterval = INT_MAX; |
36 | 38 |
37 ResourceRequest::ResourceRequest(CrossThreadResourceRequestData* data) | 39 ResourceRequest::ResourceRequest(CrossThreadResourceRequestData* data) |
38 : ResourceRequest() | 40 : ResourceRequest() |
39 { | 41 { |
40 setURL(data->m_url); | 42 setURL(data->m_url); |
(...skipping 20 matching lines...) Expand all Loading... |
61 setRequestContext(data->m_requestContext); | 63 setRequestContext(data->m_requestContext); |
62 setFrameType(data->m_frameType); | 64 setFrameType(data->m_frameType); |
63 setFetchRequestMode(data->m_fetchRequestMode); | 65 setFetchRequestMode(data->m_fetchRequestMode); |
64 setFetchCredentialsMode(data->m_fetchCredentialsMode); | 66 setFetchCredentialsMode(data->m_fetchCredentialsMode); |
65 setFetchRedirectMode(data->m_fetchRedirectMode); | 67 setFetchRedirectMode(data->m_fetchRedirectMode); |
66 setLoFiState(data->m_loFiState); | 68 setLoFiState(data->m_loFiState); |
67 m_referrerPolicy = data->m_referrerPolicy; | 69 m_referrerPolicy = data->m_referrerPolicy; |
68 m_didSetHTTPReferrer = data->m_didSetHTTPReferrer; | 70 m_didSetHTTPReferrer = data->m_didSetHTTPReferrer; |
69 m_checkForBrowserSideNavigation = data->m_checkForBrowserSideNavigation; | 71 m_checkForBrowserSideNavigation = data->m_checkForBrowserSideNavigation; |
70 m_uiStartTime = data->m_uiStartTime; | 72 m_uiStartTime = data->m_uiStartTime; |
71 m_originatesFromReservedIPRange = data->m_originatesFromReservedIPRange; | 73 m_isExternalRequest = data->m_isExternalRequest; |
72 m_inputPerfMetricReportPolicy = data->m_inputPerfMetricReportPolicy; | 74 m_inputPerfMetricReportPolicy = data->m_inputPerfMetricReportPolicy; |
73 m_followedRedirect = data->m_followedRedirect; | 75 m_followedRedirect = data->m_followedRedirect; |
74 } | 76 } |
75 | 77 |
76 PassOwnPtr<CrossThreadResourceRequestData> ResourceRequest::copyData() const | 78 PassOwnPtr<CrossThreadResourceRequestData> ResourceRequest::copyData() const |
77 { | 79 { |
78 OwnPtr<CrossThreadResourceRequestData> data = adoptPtr(new CrossThreadResour
ceRequestData()); | 80 OwnPtr<CrossThreadResourceRequestData> data = adoptPtr(new CrossThreadResour
ceRequestData()); |
79 data->m_url = url().copy(); | 81 data->m_url = url().copy(); |
80 data->m_cachePolicy = getCachePolicy(); | 82 data->m_cachePolicy = getCachePolicy(); |
81 data->m_timeoutInterval = timeoutInterval(); | 83 data->m_timeoutInterval = timeoutInterval(); |
(...skipping 19 matching lines...) Expand all Loading... |
101 data->m_requestContext = m_requestContext; | 103 data->m_requestContext = m_requestContext; |
102 data->m_frameType = m_frameType; | 104 data->m_frameType = m_frameType; |
103 data->m_fetchRequestMode = m_fetchRequestMode; | 105 data->m_fetchRequestMode = m_fetchRequestMode; |
104 data->m_fetchCredentialsMode = m_fetchCredentialsMode; | 106 data->m_fetchCredentialsMode = m_fetchCredentialsMode; |
105 data->m_fetchRedirectMode = m_fetchRedirectMode; | 107 data->m_fetchRedirectMode = m_fetchRedirectMode; |
106 data->m_loFiState = m_loFiState; | 108 data->m_loFiState = m_loFiState; |
107 data->m_referrerPolicy = m_referrerPolicy; | 109 data->m_referrerPolicy = m_referrerPolicy; |
108 data->m_didSetHTTPReferrer = m_didSetHTTPReferrer; | 110 data->m_didSetHTTPReferrer = m_didSetHTTPReferrer; |
109 data->m_checkForBrowserSideNavigation = m_checkForBrowserSideNavigation; | 111 data->m_checkForBrowserSideNavigation = m_checkForBrowserSideNavigation; |
110 data->m_uiStartTime = m_uiStartTime; | 112 data->m_uiStartTime = m_uiStartTime; |
111 data->m_originatesFromReservedIPRange = m_originatesFromReservedIPRange; | 113 data->m_isExternalRequest = m_isExternalRequest; |
112 data->m_inputPerfMetricReportPolicy = m_inputPerfMetricReportPolicy; | 114 data->m_inputPerfMetricReportPolicy = m_inputPerfMetricReportPolicy; |
113 data->m_followedRedirect = m_followedRedirect; | 115 data->m_followedRedirect = m_followedRedirect; |
114 return data.release(); | 116 return data.release(); |
115 } | 117 } |
116 | 118 |
117 bool ResourceRequest::isEmpty() const | 119 bool ResourceRequest::isEmpty() const |
118 { | 120 { |
119 return m_url.isEmpty(); | 121 return m_url.isEmpty(); |
120 } | 122 } |
121 | 123 |
(...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
364 { | 366 { |
365 if (!equalIgnoringHeaderFields(a, b)) | 367 if (!equalIgnoringHeaderFields(a, b)) |
366 return false; | 368 return false; |
367 | 369 |
368 if (a.httpHeaderFields() != b.httpHeaderFields()) | 370 if (a.httpHeaderFields() != b.httpHeaderFields()) |
369 return false; | 371 return false; |
370 | 372 |
371 return true; | 373 return true; |
372 } | 374 } |
373 | 375 |
| 376 void ResourceRequest::setExternalRequestStateFromRequestorAddressSpace(WebURLReq
uest::AddressSpace requestorSpace) |
| 377 { |
| 378 static_assert(WebURLRequest::AddressSpaceLocal < WebURLRequest::AddressSpace
Private, "Local is inside Private"); |
| 379 static_assert(WebURLRequest::AddressSpaceLocal < WebURLRequest::AddressSpace
Public, "Local is inside Public"); |
| 380 static_assert(WebURLRequest::AddressSpacePrivate < WebURLRequest::AddressSpa
cePublic, "Private is inside Public"); |
| 381 |
| 382 // TODO(mkwst): This only checks explicit IP addresses. We'll have to move a
ll this up to //net and //content in |
| 383 // order to have any real impact on gateway attacks. That turns out to be a
TON of work. https://crbug.com/378566 |
| 384 if (!RuntimeEnabledFeatures::corsRFC1918Enabled()) { |
| 385 m_isExternalRequest = false; |
| 386 return; |
| 387 } |
| 388 |
| 389 WebURLRequest::AddressSpace targetSpace = WebURLRequest::AddressSpacePublic; |
| 390 if (Platform::current()->isReservedIPAddress(m_url.host())) |
| 391 targetSpace = WebURLRequest::AddressSpacePrivate; |
| 392 if (SecurityOrigin::create(m_url)->isLocalhost()) |
| 393 targetSpace = WebURLRequest::AddressSpaceLocal; |
| 394 |
| 395 m_isExternalRequest = requestorSpace > targetSpace; |
| 396 } |
| 397 |
374 bool ResourceRequest::isConditional() const | 398 bool ResourceRequest::isConditional() const |
375 { | 399 { |
376 return (m_httpHeaderFields.contains(HTTPNames::If_Match) | 400 return (m_httpHeaderFields.contains(HTTPNames::If_Match) |
377 || m_httpHeaderFields.contains(HTTPNames::If_Modified_Since) | 401 || m_httpHeaderFields.contains(HTTPNames::If_Modified_Since) |
378 || m_httpHeaderFields.contains(HTTPNames::If_None_Match) | 402 || m_httpHeaderFields.contains(HTTPNames::If_None_Match) |
379 || m_httpHeaderFields.contains(HTTPNames::If_Range) | 403 || m_httpHeaderFields.contains(HTTPNames::If_Range) |
380 || m_httpHeaderFields.contains(HTTPNames::If_Unmodified_Since)); | 404 || m_httpHeaderFields.contains(HTTPNames::If_Unmodified_Since)); |
381 } | 405 } |
382 | 406 |
383 void ResourceRequest::setHasUserGesture(bool hasUserGesture) | 407 void ResourceRequest::setHasUserGesture(bool hasUserGesture) |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
432 // Contrary to the Fetch spec, we default to same-origin mode here, and deal | 456 // Contrary to the Fetch spec, we default to same-origin mode here, and deal |
433 // with CORS modes in updateRequestForAccessControl if we're called in a | 457 // with CORS modes in updateRequestForAccessControl if we're called in a |
434 // context which requires it. | 458 // context which requires it. |
435 m_fetchCredentialsMode = WebURLRequest::FetchCredentialsModeSameOrigin; | 459 m_fetchCredentialsMode = WebURLRequest::FetchCredentialsModeSameOrigin; |
436 m_fetchRedirectMode = WebURLRequest::FetchRedirectModeFollow; | 460 m_fetchRedirectMode = WebURLRequest::FetchRedirectModeFollow; |
437 m_referrerPolicy = ReferrerPolicyDefault; | 461 m_referrerPolicy = ReferrerPolicyDefault; |
438 m_loFiState = WebURLRequest::LoFiUnspecified; | 462 m_loFiState = WebURLRequest::LoFiUnspecified; |
439 m_didSetHTTPReferrer = false; | 463 m_didSetHTTPReferrer = false; |
440 m_checkForBrowserSideNavigation = true; | 464 m_checkForBrowserSideNavigation = true; |
441 m_uiStartTime = 0; | 465 m_uiStartTime = 0; |
442 m_originatesFromReservedIPRange = false; | 466 m_isExternalRequest = false; |
443 m_inputPerfMetricReportPolicy = InputToLoadPerfMetricReportPolicy::NoReport; | 467 m_inputPerfMetricReportPolicy = InputToLoadPerfMetricReportPolicy::NoReport; |
444 m_followedRedirect = false; | 468 m_followedRedirect = false; |
445 m_requestorOrigin = SecurityOrigin::createUnique(); | 469 m_requestorOrigin = SecurityOrigin::createUnique(); |
446 } | 470 } |
447 | 471 |
448 } // namespace blink | 472 } // namespace blink |
OLD | NEW |