Requests handled by Service Worker should not go through preflighting
[WebKit-https.git] / Source / WebCore / loader / DocumentThreadableLoader.h
1 /*
2  * Copyright (C) 2009, 2012 Google Inc. All rights reserved.
3  * Copyright (C) 2016 Apple Inc. All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions are
7  * met:
8  *
9  *     * Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  *     * Redistributions in binary form must reproduce the above
12  * copyright notice, this list of conditions and the following disclaimer
13  * in the documentation and/or other materials provided with the
14  * distribution.
15  *     * Neither the name of Google Inc. nor the names of its
16  * contributors may be used to endorse or promote products derived from
17  * this software without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
23  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30  */
31
32 #pragma once
33
34 #include "ContentSecurityPolicy.h"
35 #include "CrossOriginPreflightChecker.h"
36 #include "ResourceResponse.h"
37 #include "SecurityOrigin.h"
38 #include "ThreadableLoader.h"
39
40 namespace WebCore {
41     class CachedRawResource;
42     class ContentSecurityPolicy;
43     class Document;
44     class ThreadableLoaderClient;
45
46     class DocumentThreadableLoader : public RefCounted<DocumentThreadableLoader>, public ThreadableLoader, private CachedRawResourceClient  {
47         WTF_MAKE_FAST_ALLOCATED;
48     public:
49         static void loadResourceSynchronously(Document&, ResourceRequest&&, ThreadableLoaderClient&, const ThreadableLoaderOptions&, RefPtr<SecurityOrigin>&&, std::unique_ptr<ContentSecurityPolicy>&&);
50         static void loadResourceSynchronously(Document&, ResourceRequest&&, ThreadableLoaderClient&, const ThreadableLoaderOptions&);
51
52         enum class ShouldLogError { No, Yes };
53         static RefPtr<DocumentThreadableLoader> create(Document&, ThreadableLoaderClient&, ResourceRequest&&, const ThreadableLoaderOptions&, RefPtr<SecurityOrigin>&&, std::unique_ptr<ContentSecurityPolicy>&&, String&& referrer, ShouldLogError);
54         static RefPtr<DocumentThreadableLoader> create(Document&, ThreadableLoaderClient&, ResourceRequest&&, const ThreadableLoaderOptions&, String&& referrer = String());
55
56         virtual ~DocumentThreadableLoader();
57
58         void cancel() override;
59         virtual void setDefersLoading(bool);
60
61         friend CrossOriginPreflightChecker;
62         friend class InspectorInstrumentation;
63         friend class InspectorNetworkAgent;
64
65         using RefCounted<DocumentThreadableLoader>::ref;
66         using RefCounted<DocumentThreadableLoader>::deref;
67
68     protected:
69         void refThreadableLoader() override { ref(); }
70         void derefThreadableLoader() override { deref(); }
71
72     private:
73         enum BlockingBehavior {
74             LoadSynchronously,
75             LoadAsynchronously
76         };
77
78         DocumentThreadableLoader(Document&, ThreadableLoaderClient&, BlockingBehavior, ResourceRequest&&, const ThreadableLoaderOptions&, RefPtr<SecurityOrigin>&&, std::unique_ptr<ContentSecurityPolicy>&&, String&&, ShouldLogError);
79
80         void clearResource();
81
82         // CachedRawResourceClient
83         void dataSent(CachedResource&, unsigned long long bytesSent, unsigned long long totalBytesToBeSent) override;
84         void responseReceived(CachedResource&, const ResourceResponse&) override;
85         void dataReceived(CachedResource&, const char* data, int dataLength) override;
86         void redirectReceived(CachedResource&, ResourceRequest&, const ResourceResponse&) override;
87         void finishedTimingForWorkerLoad(CachedResource&, const ResourceTiming&) override;
88         void finishedTimingForWorkerLoad(const ResourceTiming&);
89         void notifyFinished(CachedResource&) override;
90
91         void didReceiveResponse(unsigned long identifier, const ResourceResponse&);
92         void didReceiveData(unsigned long identifier, const char* data, int dataLength);
93         void didFinishLoading(unsigned long identifier);
94         void didFail(unsigned long identifier, const ResourceError&);
95         void makeCrossOriginAccessRequest(ResourceRequest&&);
96         void makeSimpleCrossOriginAccessRequest(ResourceRequest&&);
97         void makeCrossOriginAccessRequestWithPreflight(ResourceRequest&&);
98         void preflightSuccess(ResourceRequest&&);
99         void preflightFailure(unsigned long identifier, const ResourceError&);
100
101         void loadRequest(ResourceRequest&&, SecurityCheckPolicy);
102         bool isAllowedRedirect(const URL&);
103         bool isAllowedByContentSecurityPolicy(const URL&, ContentSecurityPolicy::RedirectResponseReceived);
104
105         bool isXMLHttpRequest() const final;
106
107         SecurityOrigin& securityOrigin() const;
108         const ContentSecurityPolicy& contentSecurityPolicy() const;
109
110         Document& document() { return m_document; }
111         const ThreadableLoaderOptions& options() const { return m_options; }
112         const String& referrer() const { return m_referrer; }
113         bool isLoading() { return m_resource || m_preflightChecker; }
114
115         void reportRedirectionWithBadScheme(const URL&);
116         void reportContentSecurityPolicyError(const URL&);
117         void reportCrossOriginResourceSharingError(const URL&);
118         void reportIntegrityMetadataError(const URL&);
119         void logErrorAndFail(const ResourceError&);
120
121         CachedResourceHandle<CachedRawResource> m_resource;
122         ThreadableLoaderClient* m_client;
123         Document& m_document;
124         ThreadableLoaderOptions m_options;
125         RefPtr<SecurityOrigin> m_origin;
126         String m_referrer;
127         bool m_sameOriginRequest;
128         bool m_simpleRequest;
129         bool m_async;
130         bool m_delayCallbacksForIntegrityCheck;
131         std::unique_ptr<ContentSecurityPolicy> m_contentSecurityPolicy;
132         std::optional<CrossOriginPreflightChecker> m_preflightChecker;
133         std::optional<HTTPHeaderMap> m_originalHeaders;
134
135         ShouldLogError m_shouldLogError;
136 #if ENABLE(SERVICE_WORKER)
137         std::optional<ResourceRequest> m_bypassingPreflightForServiceWorkerRequest;
138 #endif
139     };
140
141 } // namespace WebCore