Enable the CORS preflight for sendBeacon()

third_party/WebKit/Source/core/loader/PingLoader.cpp

 /*
  * Copyright (C) 2010 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 21 matching lines @@
 #include "core/loader/PingLoader.h"
 
 #include "core/dom/DOMArrayBufferView.h"
 #include "core/dom/Document.h"
 #include "core/dom/SecurityContext.h"
 #include "core/fetch/CrossOriginAccessControl.h"
 #include "core/fetch/FetchContext.h"
 #include "core/fetch/FetchInitiatorTypeNames.h"
 #include "core/fetch/FetchUtils.h"
 #include "core/fetch/ResourceFetcher.h"
+#include "core/fetch/ResourceLoaderOptions.h"
 #include "core/fetch/UniqueIdentifier.h"
 #include "core/fileapi/File.h"
 #include "core/frame/FrameConsole.h"
 #include "core/frame/LocalFrame.h"
 #include "core/frame/csp/ContentSecurityPolicy.h"
 #include "core/html/FormData.h"
 #include "core/inspector/ConsoleMessage.h"
 #include "core/inspector/InspectorInstrumentation.h"
 #include "core/inspector/InspectorTraceEvents.h"
 #include "core/loader/FrameLoader.h"
 #include "core/loader/FrameLoaderClient.h"
 #include "core/loader/MixedContentChecker.h"
+#include "core/loader/ThreadableLoader.h"
+#include "core/loader/ThreadableLoaderClient.h"
 #include "core/page/Page.h"
-#include "platform/WebFrameScheduler.h"
 #include "platform/exported/WrappedResourceRequest.h"
 #include "platform/exported/WrappedResourceResponse.h"
 #include "platform/network/EncodedFormData.h"
 #include "platform/network/ParsedContentType.h"
 #include "platform/network/ResourceError.h"
 #include "platform/network/ResourceRequest.h"
 #include "platform/network/ResourceResponse.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "platform/weborigin/SecurityPolicy.h"
 #include "public/platform/Platform.h"
@@ skipping 115 matching lines @@
   const AtomicString getContentType() const { return m_contentType; }
 
  private:
   const Member<FormData> m_data;
   RefPtr<EncodedFormData> m_entityBody;
   AtomicString m_contentType;
 };
 
 class PingLoaderImpl : public GarbageCollectedFinalized<PingLoaderImpl>,
                        public DOMWindowProperty,
-                       private WebURLLoaderClient {
+                       private ThreadableLoaderClient {
   USING_GARBAGE_COLLECTED_MIXIN(PingLoaderImpl);
   WTF_MAKE_NONCOPYABLE(PingLoaderImpl);
 
  public:
   PingLoaderImpl(LocalFrame*,
                  ResourceRequest&,
                  const AtomicString&,
-                 StoredCredentials,
-                 bool);
+                 StoredCredentials);
   ~PingLoaderImpl() override;
 
   DECLARE_VIRTUAL_TRACE();
 
  private:
   void dispose();
 
-  // WebURLLoaderClient
-  bool willFollowRedirect(WebURLRequest&, const WebURLResponse&) override;
-  void didReceiveResponse(const WebURLResponse&) final;
-  void didReceiveData(const char*, int) final;
-  void didFinishLoading(double, int64_t, int64_t) final;
-  void didFail(const WebURLError&, int64_t, int64_t) final;
+  // ThreadableLoaderClient
+  void didFail(const ResourceError&) final;
+  void didFinishLoading(unsigned long, double) final;
 
-  void timeout(TimerBase*);
-
-  void didFailLoading(LocalFrame*);
-
-  std::unique_ptr<WebURLLoader> m_loader;
-  Timer<PingLoaderImpl> m_timeout;
+  Member<ThreadableLoader> m_loader;
   String m_url;
-  unsigned long m_identifier;
   SelfKeepAlive<PingLoaderImpl> m_keepAlive;
-
-  bool m_isBeacon;
-
-  RefPtr<SecurityOrigin> m_origin;
-  CORSEnabled m_corsMode;
 };
 
 PingLoaderImpl::PingLoaderImpl(LocalFrame* frame,
                                ResourceRequest& request,
                                const AtomicString& initiator,
-                               StoredCredentials credentialsAllowed,
-                               bool isBeacon)
-    : DOMWindowProperty(frame),
-      m_timeout(this, &PingLoaderImpl::timeout),
-      m_url(request.url()),
-      m_identifier(createUniqueIdentifier()),
-      m_keepAlive(this),
-      m_isBeacon(isBeacon),
-      m_origin(frame->document()->getSecurityOrigin()),
-      m_corsMode(IsCORSEnabled) {
-  const AtomicString contentType = request.httpContentType();
-  if (!contentType.isNull() &&
-      FetchUtils::isSimpleHeader(AtomicString("content-type"), contentType))
-    m_corsMode = NotCORSEnabled;
-
+                               StoredCredentials credentialsAllowed)
+    : DOMWindowProperty(frame), m_url(request.url()), m_keepAlive(this) {
   frame->loader().client()->didDispatchPingLoader(request.url());
 
-  FetchContext& fetchContext = frame->document()->fetcher()->context();
-
-  fetchContext.willStartLoadingResource(m_identifier, request, Resource::Image);
-
-  FetchInitiatorInfo initiatorInfo;
-  initiatorInfo.name = initiator;
-  fetchContext.dispatchWillSendRequest(m_identifier, request,
-                                       ResourceResponse(), initiatorInfo);
-
-  // Make sure the scheduler doesn't wait for the ping.
-  if (frame->frameScheduler())
-    frame->frameScheduler()->didStopLoading(m_identifier);
-
-  m_loader = WTF::wrapUnique(Platform::current()->createURLLoader());
-  DCHECK(m_loader);
-  WrappedResourceRequest wrappedRequest(request);
-  wrappedRequest.setAllowStoredCredentials(credentialsAllowed ==
-                                           AllowStoredCredentials);
-  m_loader->loadAsynchronously(wrappedRequest, this);
-
+  ThreadableLoaderOptions options;
+  options.preflightPolicy = ConsiderPreflight;
+  options.crossOriginRequestPolicy = UseAccessControl;
+  options.initiator = initiator;
   // If the server never responds, FrameLoader won't be able to cancel this load
   // and we'll sit here waiting forever. Set a very generous timeout, just in
   // case.
-  m_timeout.startOneShot(60000, BLINK_FROM_HERE);
+  options.timeoutMilliseconds = 60000;
+  // Make sure the scheduler doesn't wait for the ping.
+  options.schedulerWaitingPolicy = PreventSchedulerFromWaiting;
+
+  ResourceLoaderOptions resourceLoaderOptions;
+  resourceLoaderOptions.allowCredentials = AllowStoredCredentials;
+  resourceLoaderOptions.credentialsRequested = ClientRequestedCredentials;
+  resourceLoaderOptions.securityOrigin = frame->document()->getSecurityOrigin();
+  resourceLoaderOptions.dataBufferingPolicy = DoNotBufferData;
+
+  m_loader = ThreadableLoader::create(*frame->document(), this, options,
+                                      resourceLoaderOptions);
+  DCHECK(m_loader);
+  m_loader->start(request);
 }
 
 PingLoaderImpl::~PingLoaderImpl() {
-  if (m_loader)
-    m_loader->cancel();
 }
 
 void PingLoaderImpl::dispose() {
   if (m_loader) {
     m_loader->cancel();
     m_loader = nullptr;
   }
-  m_timeout.stop();
   m_keepAlive.clear();
 }
 
-bool PingLoaderImpl::willFollowRedirect(
-    WebURLRequest& passedNewRequest,
-    const WebURLResponse& passedRedirectResponse) {
-  if (!m_isBeacon)
-    return true;
-
-  if (m_corsMode == NotCORSEnabled)
-    return true;
-
-  DCHECK(passedNewRequest.allowStoredCredentials());
-
-  ResourceRequest& newRequest(passedNewRequest.toMutableResourceRequest());
-  const ResourceResponse& redirectResponse(
-      passedRedirectResponse.toResourceResponse());
-
-  DCHECK(!newRequest.isNull());
-  DCHECK(!redirectResponse.isNull());
-
-  String errorDescription;
-  ResourceLoaderOptions options;
-  // TODO(tyoshino): Save updated data in options.securityOrigin and pass it
-  // on the next time.
-  if (!CrossOriginAccessControl::handleRedirect(
-          m_origin, newRequest, redirectResponse, AllowStoredCredentials,
-          options, errorDescription)) {
-    if (LocalFrame* localFrame = frame()) {
-      if (localFrame->document()) {
-        localFrame->document()->addConsoleMessage(ConsoleMessage::create(
-            JSMessageSource, ErrorMessageLevel, errorDescription));
-      }
-    }
-    // Cancel the load and self destruct.
-    dispose();
-
-    return false;
-  }
-  // FIXME: http://crbug.com/427429 is needed to correctly propagate updates of
-  // Origin: following this successful redirect.
-
-  return true;
-}
-
-void PingLoaderImpl::didReceiveResponse(const WebURLResponse& response) {
-  if (LocalFrame* frame = this->frame()) {
-    TRACE_EVENT1("devtools.timeline", "ResourceFinish", "data",
-                 InspectorResourceFinishEvent::data(m_identifier, 0, true));
-    const ResourceResponse& resourceResponse = response.toResourceResponse();
-    InspectorInstrumentation::didReceiveResourceResponse(frame, m_identifier, 0,
-                                                         resourceResponse, 0);
-    didFailLoading(frame);
-  }
+void PingLoaderImpl::didFail(const ResourceError& error) {
   dispose();
 }
 
-void PingLoaderImpl::didReceiveData(const char*, int) {
-  if (LocalFrame* frame = this->frame()) {
-    TRACE_EVENT1("devtools.timeline", "ResourceFinish", "data",
-                 InspectorResourceFinishEvent::data(m_identifier, 0, true));
-    didFailLoading(frame);
-  }
+void PingLoaderImpl::didFinishLoading(unsigned long, double) {
   dispose();
 }
 
-void PingLoaderImpl::didFinishLoading(double, int64_t, int64_t) {
-  if (LocalFrame* frame = this->frame()) {
-    TRACE_EVENT1("devtools.timeline", "ResourceFinish", "data",
-                 InspectorResourceFinishEvent::data(m_identifier, 0, true));
-    didFailLoading(frame);
-  }
-  dispose();
-}
-
-void PingLoaderImpl::didFail(const WebURLError& resourceError,
-                             int64_t,
-                             int64_t) {
-  if (LocalFrame* frame = this->frame()) {
-    TRACE_EVENT1("devtools.timeline", "ResourceFinish", "data",
-                 InspectorResourceFinishEvent::data(m_identifier, 0, true));
-    didFailLoading(frame);
-  }
-  dispose();
-}
-
-void PingLoaderImpl::timeout(TimerBase*) {
-  if (LocalFrame* frame = this->frame()) {
-    TRACE_EVENT1("devtools.timeline", "ResourceFinish", "data",
-                 InspectorResourceFinishEvent::data(m_identifier, 0, true));
-    didFailLoading(frame);
-  }
-  dispose();
-}
-
-void PingLoaderImpl::didFailLoading(LocalFrame* frame) {
-  InspectorInstrumentation::didFailLoading(
-      frame, m_identifier, ResourceError::cancelledError(m_url));
-  frame->console().didFailLoading(m_identifier,
-                                  ResourceError::cancelledError(m_url));
-}
-
 DEFINE_TRACE(PingLoaderImpl) {
+  visitor->trace(m_loader);
   DOMWindowProperty::trace(visitor);
 }
 
 void finishPingRequestInitialization(
     ResourceRequest& request,
     LocalFrame* frame,
     WebURLRequest::RequestContext requestContext) {
   request.setRequestContext(requestContext);
   FetchContext& fetchContext = frame->document()->fetcher()->context();
   fetchContext.addAdditionalRequestHeaders(request, FetchSubresource);
   fetchContext.populateRequestData(request);
 }
 
 bool sendPingCommon(LocalFrame* frame,
                     ResourceRequest& request,
                     const AtomicString& initiator,
                     StoredCredentials credentialsAllowed,
                     bool isBeacon) {
   if (MixedContentChecker::shouldBlockFetch(frame, request, request.url()))
     return false;
 
   // The loader keeps itself alive until it receives a response and disposes
   // itself.
   PingLoaderImpl* loader =
-      new PingLoaderImpl(frame, request, initiator, credentialsAllowed, true);
+      new PingLoaderImpl(frame, request, initiator, credentialsAllowed);
   DCHECK(loader);
 
   return true;
 }
 
 bool sendBeaconCommon(LocalFrame* frame,
                       int allowance,
                       const KURL& url,
                       const Beacon& beacon,
                       int& payloadLength) {
@@ skipping 127 matching lines @@
 bool PingLoader::sendBeacon(LocalFrame* frame,
                             int allowance,
                             const KURL& beaconURL,
                             Blob* data,
                             int& payloadLength) {
   BeaconBlob beacon(data);
   return sendBeaconCommon(frame, allowance, beaconURL, beacon, payloadLength);
 }
 
 }  // namespace blink