0d9cc14ac93d7432ec5c0f4a3375a6d31c274f78
[WebKit-https.git] / Source / WebCore / page / EventSource.cpp
1 /*
2  * Copyright (C) 2009, 2012 Ericsson AB. All rights reserved.
3  * Copyright (C) 2010, 2016 Apple Inc. All rights reserved.
4  * Copyright (C) 2011, Code Aurora Forum. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer
14  *    in the documentation and/or other materials provided with the
15  *    distribution.
16  * 3. Neither the name of Ericsson nor the names of its contributors
17  *    may be used to endorse or promote products derived from this
18  *    software without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  */
32
33 #include "config.h"
34 #include "EventSource.h"
35
36 #include "CachedResourceRequestInitiators.h"
37 #include "ContentSecurityPolicy.h"
38 #include "EventNames.h"
39 #include "MessageEvent.h"
40 #include "ResourceError.h"
41 #include "ResourceRequest.h"
42 #include "ResourceResponse.h"
43 #include "ScriptExecutionContext.h"
44 #include "SecurityOrigin.h"
45 #include "TextResourceDecoder.h"
46 #include "ThreadableLoader.h"
47
48 namespace WebCore {
49
50 const uint64_t EventSource::defaultReconnectDelay = 3000;
51
52 inline EventSource::EventSource(ScriptExecutionContext& context, const URL& url, const Init& eventSourceInit)
53     : ActiveDOMObject(&context)
54     , m_url(url)
55     , m_withCredentials(eventSourceInit.withCredentials)
56     , m_decoder(TextResourceDecoder::create("text/plain"_s, "UTF-8"))
57     , m_connectTimer(*this, &EventSource::connect)
58 {
59 }
60
61 ExceptionOr<Ref<EventSource>> EventSource::create(ScriptExecutionContext& context, const String& url, const Init& eventSourceInit)
62 {
63     if (url.isEmpty())
64         return Exception { SyntaxError };
65
66     URL fullURL = context.completeURL(url);
67     if (!fullURL.isValid())
68         return Exception { SyntaxError };
69
70     // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is resolved.
71     if (!context.shouldBypassMainWorldContentSecurityPolicy() && !context.contentSecurityPolicy()->allowConnectToSource(fullURL)) {
72         // FIXME: Should this be throwing an exception?
73         return Exception { SecurityError };
74     }
75
76     auto source = adoptRef(*new EventSource(context, fullURL, eventSourceInit));
77     source->setPendingActivity(source.ptr());
78     source->scheduleInitialConnect();
79     source->suspendIfNeeded();
80     return WTFMove(source);
81 }
82
83 EventSource::~EventSource()
84 {
85     ASSERT(m_state == CLOSED);
86     ASSERT(!m_requestInFlight);
87 }
88
89 void EventSource::connect()
90 {
91     ASSERT(m_state == CONNECTING);
92     ASSERT(!m_requestInFlight);
93
94     ResourceRequest request { m_url };
95     request.setHTTPMethod("GET");
96     request.setHTTPHeaderField(HTTPHeaderName::Accept, "text/event-stream");
97     request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "no-cache");
98     if (!m_lastEventId.isEmpty())
99         request.setHTTPHeaderField(HTTPHeaderName::LastEventID, m_lastEventId);
100
101     ThreadableLoaderOptions options;
102     options.sendLoadCallbacks = SendCallbacks;
103     options.credentials = m_withCredentials ? FetchOptions::Credentials::Include : FetchOptions::Credentials::SameOrigin;
104     options.preflightPolicy = PreflightPolicy::Prevent;
105     options.mode = FetchOptions::Mode::Cors;
106     options.cache = FetchOptions::Cache::NoStore;
107     options.dataBufferingPolicy = DoNotBufferData;
108     options.contentSecurityPolicyEnforcement = scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective;
109     options.initiator = cachedResourceRequestInitiators().eventsource;
110
111     ASSERT(scriptExecutionContext());
112     m_loader = ThreadableLoader::create(*scriptExecutionContext(), *this, WTFMove(request), options);
113
114     // FIXME: Can we just use m_loader for this, null it out when it's no longer in flight, and eliminate the m_requestInFlight member?
115     if (m_loader)
116         m_requestInFlight = true;
117 }
118
119 void EventSource::networkRequestEnded()
120 {
121     ASSERT(m_requestInFlight);
122
123     m_requestInFlight = false;
124
125     if (m_state != CLOSED)
126         scheduleReconnect();
127     else
128         unsetPendingActivity(this);
129 }
130
131 void EventSource::scheduleInitialConnect()
132 {
133     ASSERT(m_state == CONNECTING);
134     ASSERT(!m_requestInFlight);
135
136     m_connectTimer.startOneShot(0_s);
137 }
138
139 void EventSource::scheduleReconnect()
140 {
141     m_state = CONNECTING;
142     m_connectTimer.startOneShot(1_ms * m_reconnectDelay);
143     dispatchEvent(Event::create(eventNames().errorEvent, false, false));
144 }
145
146 void EventSource::close()
147 {
148     if (m_state == CLOSED) {
149         ASSERT(!m_requestInFlight);
150         return;
151     }
152
153     // Stop trying to connect/reconnect if EventSource was explicitly closed or if ActiveDOMObject::stop() was called.
154     if (m_connectTimer.isActive())
155         m_connectTimer.stop();
156
157     if (m_requestInFlight)
158         m_loader->cancel();
159     else {
160         m_state = CLOSED;
161         unsetPendingActivity(this);
162     }
163 }
164
165 bool EventSource::responseIsValid(const ResourceResponse& response) const
166 {
167     // Logs to the console as a side effect.
168
169     // To keep the signal-to-noise ratio low, we don't log anything if the status code is not 200.
170     if (response.httpStatusCode() != 200)
171         return false;
172
173     if (!equalLettersIgnoringASCIICase(response.mimeType(), "text/event-stream")) {
174         auto message = makeString("EventSource's response has a MIME type (\"", response.mimeType(), "\") that is not \"text/event-stream\". Aborting the connection.");
175         // FIXME: Console message would be better with a source code location; where would we get that?
176         scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, WTFMove(message));
177         return false;
178     }
179
180     // If we have a charset, the only allowed value is UTF-8 (case-insensitive).
181     auto& charset = response.textEncodingName();
182     if (!charset.isEmpty() && !equalLettersIgnoringASCIICase(charset, "utf-8")) {
183         auto message = makeString("EventSource's response has a charset (\"", charset, "\") that is not UTF-8. Aborting the connection.");
184         // FIXME: Console message would be better with a source code location; where would we get that?
185         scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, WTFMove(message));
186         return false;
187     }
188
189     return true;
190 }
191
192 void EventSource::didReceiveResponse(unsigned long, const ResourceResponse& response)
193 {
194     ASSERT(m_state == CONNECTING);
195     ASSERT(m_requestInFlight);
196
197     if (!responseIsValid(response)) {
198         m_loader->cancel();
199         dispatchEvent(Event::create(eventNames().errorEvent, false, false));
200         return;
201     }
202
203     m_eventStreamOrigin = SecurityOriginData::fromURL(response.url()).toString();
204     m_state = OPEN;
205     dispatchEvent(Event::create(eventNames().openEvent, false, false));
206 }
207
208 void EventSource::didReceiveData(const char* data, int length)
209 {
210     ASSERT(m_state == OPEN);
211     ASSERT(m_requestInFlight);
212
213     append(m_receiveBuffer, m_decoder->decode(data, length));
214     parseEventStream();
215 }
216
217 void EventSource::didFinishLoading(unsigned long)
218 {
219     ASSERT(m_state == OPEN);
220     ASSERT(m_requestInFlight);
221
222     append(m_receiveBuffer, m_decoder->flush());
223     parseEventStream();
224
225     // Discard everything that has not been dispatched by now.
226     // FIXME: Why does this need to be done?
227     // If this is important, why isn't it important to clear other data members: m_decoder, m_lastEventId, m_loader?
228     m_receiveBuffer.clear();
229     m_data.clear();
230     m_eventName = { };
231     m_currentlyParsedEventId = { };
232
233     networkRequestEnded();
234 }
235
236 void EventSource::didFail(const ResourceError& error)
237 {
238     ASSERT(m_state != CLOSED);
239
240     if (error.isAccessControl()) {
241         abortConnectionAttempt();
242         return;
243     }
244
245     ASSERT(m_requestInFlight);
246
247     if (error.isCancellation())
248         m_state = CLOSED;
249
250     // FIXME: Why don't we need to clear data members here as in didFinishLoading?
251
252     networkRequestEnded();
253 }
254
255 void EventSource::abortConnectionAttempt()
256 {
257     ASSERT(m_state == CONNECTING);
258
259     if (m_requestInFlight)
260         m_loader->cancel();
261     else {
262         m_state = CLOSED;
263         unsetPendingActivity(this);
264     }
265
266     ASSERT(m_state == CLOSED);
267     dispatchEvent(Event::create(eventNames().errorEvent, false, false));
268 }
269
270 void EventSource::parseEventStream()
271 {
272     unsigned position = 0;
273     unsigned size = m_receiveBuffer.size();
274     while (position < size) {
275         if (m_discardTrailingNewline) {
276             if (m_receiveBuffer[position] == '\n')
277                 ++position;
278             m_discardTrailingNewline = false;
279         }
280
281         std::optional<unsigned> lineLength;
282         std::optional<unsigned> fieldLength;
283         for (unsigned i = position; !lineLength && i < size; ++i) {
284             switch (m_receiveBuffer[i]) {
285             case ':':
286                 if (!fieldLength)
287                     fieldLength = i - position;
288                 break;
289             case '\r':
290                 m_discardTrailingNewline = true;
291                 FALLTHROUGH;
292             case '\n':
293                 lineLength = i - position;
294                 break;
295             }
296         }
297
298         if (!lineLength)
299             break;
300
301         parseEventStreamLine(position, fieldLength, lineLength.value());
302         position += lineLength.value() + 1;
303
304         // EventSource.close() might've been called by one of the message event handlers.
305         // Per spec, no further messages should be fired after that.
306         if (m_state == CLOSED)
307             break;
308     }
309
310     // FIXME: The following operation makes it clear that m_receiveBuffer should be some other type,
311     // perhaps a Deque or a circular buffer of some sort.
312     if (position == size)
313         m_receiveBuffer.clear();
314     else if (position)
315         m_receiveBuffer.remove(0, position);
316 }
317
318 void EventSource::parseEventStreamLine(unsigned position, std::optional<unsigned> fieldLength, unsigned lineLength)
319 {
320     if (!lineLength) {
321         if (!m_data.isEmpty())
322             dispatchMessageEvent();
323         m_eventName = { };
324         return;
325     }
326
327     if (fieldLength && !fieldLength.value())
328         return;
329
330     StringView field { &m_receiveBuffer[position], fieldLength ? fieldLength.value() : lineLength };
331
332     unsigned step;
333     if (!fieldLength)
334         step = lineLength;
335     else if (m_receiveBuffer[position + fieldLength.value() + 1] != ' ')
336         step = fieldLength.value() + 1;
337     else
338         step = fieldLength.value() + 2;
339     position += step;
340     unsigned valueLength = lineLength - step;
341
342     if (field == "data") {
343         m_data.append(&m_receiveBuffer[position], valueLength);
344         m_data.append('\n');
345     } else if (field == "event")
346         m_eventName = { &m_receiveBuffer[position], valueLength };
347     else if (field == "id") {
348         StringView parsedEventId = { &m_receiveBuffer[position], valueLength };
349         if (!parsedEventId.contains('\0'))
350             m_currentlyParsedEventId = parsedEventId.toString();
351     } else if (field == "retry") {
352         if (!valueLength)
353             m_reconnectDelay = defaultReconnectDelay;
354         else {
355             // FIXME: Do we really want to ignore trailing garbage here? Should we be using the strict version instead?
356             // FIXME: If we can't parse the value, should we leave m_reconnectDelay alone or set it to defaultReconnectDelay?
357             bool ok;
358             auto reconnectDelay = charactersToUInt64(&m_receiveBuffer[position], valueLength, &ok);
359             if (ok)
360                 m_reconnectDelay = reconnectDelay;
361         }
362     }
363 }
364
365 void EventSource::stop()
366 {
367     close();
368 }
369
370 const char* EventSource::activeDOMObjectName() const
371 {
372     return "EventSource";
373 }
374
375 bool EventSource::canSuspendForDocumentSuspension() const
376 {
377     // FIXME: We should return true here when we can because this object is not actually currently active.
378     return false;
379 }
380
381 void EventSource::dispatchMessageEvent()
382 {
383     if (!m_currentlyParsedEventId.isNull())
384         m_lastEventId = WTFMove(m_currentlyParsedEventId);
385
386     auto& name = m_eventName.isEmpty() ? eventNames().messageEvent : m_eventName;
387
388     // Omit the trailing "\n" character.
389     ASSERT(!m_data.isEmpty());
390     unsigned size = m_data.size() - 1;
391     auto data = SerializedScriptValue::create({ m_data.data(), size });
392     RELEASE_ASSERT(data);
393     m_data = { };
394
395     dispatchEvent(MessageEvent::create(name, data.releaseNonNull(), m_eventStreamOrigin, m_lastEventId));
396 }
397
398 } // namespace WebCore