Allow XHR timeout attribute to be overridden after send(), per spec

Source/core/loader/DocumentThreadableLoader.cpp

 /*
  * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
  * Copyright (C) 2013, Intel Corporation
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
@@ skipping 58 matching lines @@
 }
 
 DocumentThreadableLoader::DocumentThreadableLoader(Document& document, ThreadableLoaderClient* client, BlockingBehavior blockingBehavior, const ResourceRequest& request, const ThreadableLoaderOptions& options)
     : m_client(client)
     , m_document(document)
     , m_options(options)
     , m_sameOriginRequest(securityOrigin()->canRequest(request.url()))
     , m_simpleRequest(true)
     , m_async(blockingBehavior == LoadAsynchronously)
     , m_timeoutTimer(this, &DocumentThreadableLoader::didTimeout)
+    , m_requestStarted(0.0)
 {
     ASSERT(client);
     // Setting an outgoing referer is only supported in the async code path.
     ASSERT(m_async || request.httpReferrer().isEmpty());
 
     // Save any CORS simple headers on the request here. If this request redirects cross-origin, we cancel the old request
     // create a new one, and copy these headers.
     const HTTPHeaderMap& headerMap = request.httpHeaderFields();
     HTTPHeaderMap::const_iterator end = headerMap.end();
     for (HTTPHeaderMap::const_iterator it = headerMap.begin(); it != end; ++it) {
@@ skipping 42 matching lines @@
             ResourceRequest preflightRequest = createAccessControlPreflightRequest(*m_actualRequest, securityOrigin());
             loadRequest(preflightRequest);
         }
     }
 }
 
 DocumentThreadableLoader::~DocumentThreadableLoader()
 {
 }
 
+void DocumentThreadableLoader::overrideTimeout(unsigned long timeoutMilliseconds)
+{
+    if (!m_async)
+        return;
+    m_timeoutTimer.stop();
+    // At the time of this method's implementation, it is only ever called by
+    // XMLHttpRequest, when the timeout attribute is set after sending the
+    // request.
+    //
+    // The XHR request says to resolve the time relative to when the request
+    // was initially sent, however other uses of this method may need to
+    // behave differently, in which case this should be re-arranged somehow.
+    if (timeoutMilliseconds) {
+        double elapsedTime = monotonicallyIncreasingTime() - m_requestStarted;
+        double nextFire = timeoutMilliseconds / 1000.0;
+        double resolvedTime = nextFire > elapsedTime ? nextFire - elapsedTime : 0.0;
+        m_timeoutTimer.startOneShot(resolvedTime, FROM_HERE);

[tyoshino (SeeGerritForStatus), 2014/05/15 09:15:43]

We should start the timer only when there's active fetch. There's no convenient
way to know whether there's an active fetch. We cannot check that by looking at
m_timeoutTimer.is_active() since it may not be active because the user didn't
set timeout option when the XHR is started. Maybe the right thing to do is
checking if resource() is NULL or not but currently resource() is cleared when
cancel() is called or didTimeout is called, but not when notifyFinished() is
called.

Could you please try clearing resource at the end of notifyFinished (and maybe
also m_client)?

[caitp (gmail), 2014/05/15 11:51:03]

What about just `m_requestStarted > 0.0` ? It gets reset on
cancel/timeout/error/finish --- But I think in practice, there's always an
active fetch, since DocumentThreadableLoader starts a request immediately after
being constructed, provided it doesn't fail

[tyoshino (SeeGerritForStatus), 2014/05/15 12:33:42]

Sounds fine as far as well commented.
I'm concerned about race between overrideTimeout call and completion of loading.
XMLHttpRequest is checking if m_loader is empty or not, but even with that check
when it's run in a worker, overrideTimeout call goes through the task queue and
can be run after notifyFinished in the main thread.

+    }
+}
+
 void DocumentThreadableLoader::cancel()
 {
     cancelWithError(ResourceError());
 }
 
 void DocumentThreadableLoader::cancelWithError(const ResourceError& error)
 {
     RefPtr<DocumentThreadableLoader> protect(this);
 
     // Cancel can re-enter and m_resource might be null here as a result.
@@ skipping 238 matching lines @@
 
     ThreadableLoaderOptions options = m_options;
     if (m_async) {
         if (m_actualRequest) {
             options.sniffContent = DoNotSniffContent;
             options.dataBufferingPolicy = BufferData;
         }
 
         if (m_options.timeoutMilliseconds > 0)
             m_timeoutTimer.startOneShot(m_options.timeoutMilliseconds / 1000.0, FROM_HERE);
+        m_requestStarted = monotonicallyIncreasingTime();
 
         FetchRequest newRequest(request, m_options.initiator, options);
         ASSERT(!resource());
         if (request.targetType() == ResourceRequest::TargetIsMedia)
             setResource(m_document.fetcher()->fetchMedia(newRequest));
         else
             setResource(m_document.fetcher()->fetchRawResource(newRequest));
         if (resource() && resource()->loader()) {
             unsigned long identifier = resource()->identifier();
             InspectorInstrumentation::documentThreadableLoaderStartedLoadingForClient(&m_document, identifier, m_client);
@@ skipping 52 matching lines @@
         return true;
     return m_document.contentSecurityPolicy()->allowConnectToSource(url);
 }
 
 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const
 {
     return m_options.securityOrigin ? m_options.securityOrigin.get() : m_document.securityOrigin();
 }
 
 } // namespace WebCore