Deprecate ActiveDOMObject::canSuspendForDocumentSuspension()
[WebKit-https.git] / Source / WebCore / page / EventSource.cpp
1 /*
2  * Copyright (C) 2009, 2012 Ericsson AB. All rights reserved.
3  * Copyright (C) 2010, 2016 Apple Inc. All rights reserved.
4  * Copyright (C) 2011, Code Aurora Forum. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer
14  *    in the documentation and/or other materials provided with the
15  *    distribution.
16  * 3. Neither the name of Ericsson nor the names of its contributors
17  *    may be used to endorse or promote products derived from this
18  *    software without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  */
32
33 #include "config.h"
34 #include "EventSource.h"
35
36 #include "CachedResourceRequestInitiators.h"
37 #include "ContentSecurityPolicy.h"
38 #include "EventNames.h"
39 #include "MessageEvent.h"
40 #include "ResourceError.h"
41 #include "ResourceRequest.h"
42 #include "ResourceResponse.h"
43 #include "ScriptExecutionContext.h"
44 #include "SecurityOrigin.h"
45 #include "TextResourceDecoder.h"
46 #include "ThreadableLoader.h"
47 #include <wtf/IsoMallocInlines.h>
48 #include <wtf/SetForScope.h>
49
50 namespace WebCore {
51
52 WTF_MAKE_ISO_ALLOCATED_IMPL(EventSource);
53
54 const uint64_t EventSource::defaultReconnectDelay = 3000;
55
56 inline EventSource::EventSource(ScriptExecutionContext& context, const URL& url, const Init& eventSourceInit)
57     : ActiveDOMObject(&context)
58     , m_url(url)
59     , m_withCredentials(eventSourceInit.withCredentials)
60     , m_decoder(TextResourceDecoder::create("text/plain"_s, "UTF-8"))
61     , m_connectTimer(&context, *this, &EventSource::connect)
62 {
63     m_connectTimer.suspendIfNeeded();
64 }
65
66 ExceptionOr<Ref<EventSource>> EventSource::create(ScriptExecutionContext& context, const String& url, const Init& eventSourceInit)
67 {
68     if (url.isEmpty())
69         return Exception { SyntaxError };
70
71     URL fullURL = context.completeURL(url);
72     if (!fullURL.isValid())
73         return Exception { SyntaxError };
74
75     // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is resolved.
76     if (!context.shouldBypassMainWorldContentSecurityPolicy() && !context.contentSecurityPolicy()->allowConnectToSource(fullURL)) {
77         // FIXME: Should this be throwing an exception?
78         return Exception { SecurityError };
79     }
80
81     auto source = adoptRef(*new EventSource(context, fullURL, eventSourceInit));
82     source->setPendingActivity(source.get());
83     source->scheduleInitialConnect();
84     source->suspendIfNeeded();
85     return source;
86 }
87
88 EventSource::~EventSource()
89 {
90     ASSERT(m_state == CLOSED);
91     ASSERT(!m_requestInFlight);
92 }
93
94 void EventSource::connect()
95 {
96     ASSERT(m_state == CONNECTING);
97     ASSERT(!m_requestInFlight);
98
99     ResourceRequest request { m_url };
100     request.setHTTPMethod("GET");
101     request.setHTTPHeaderField(HTTPHeaderName::Accept, "text/event-stream");
102     request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "no-cache");
103     if (!m_lastEventId.isEmpty())
104         request.setHTTPHeaderField(HTTPHeaderName::LastEventID, m_lastEventId);
105
106     ThreadableLoaderOptions options;
107     options.sendLoadCallbacks = SendCallbackPolicy::SendCallbacks;
108     options.credentials = m_withCredentials ? FetchOptions::Credentials::Include : FetchOptions::Credentials::SameOrigin;
109     options.preflightPolicy = PreflightPolicy::Prevent;
110     options.mode = FetchOptions::Mode::Cors;
111     options.cache = FetchOptions::Cache::NoStore;
112     options.dataBufferingPolicy = DataBufferingPolicy::DoNotBufferData;
113     options.contentSecurityPolicyEnforcement = scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective;
114     options.initiator = cachedResourceRequestInitiators().eventsource;
115
116     ASSERT(scriptExecutionContext());
117     m_loader = ThreadableLoader::create(*scriptExecutionContext(), *this, WTFMove(request), options);
118
119     // FIXME: Can we just use m_loader for this, null it out when it's no longer in flight, and eliminate the m_requestInFlight member?
120     if (m_loader)
121         m_requestInFlight = true;
122 }
123
124 void EventSource::networkRequestEnded()
125 {
126     ASSERT(m_requestInFlight);
127
128     m_requestInFlight = false;
129
130     if (m_state != CLOSED)
131         scheduleReconnect();
132     else
133         unsetPendingActivity(*this);
134 }
135
136 void EventSource::scheduleInitialConnect()
137 {
138     ASSERT(m_state == CONNECTING);
139     ASSERT(!m_requestInFlight);
140
141     m_connectTimer.startOneShot(0_s);
142 }
143
144 void EventSource::scheduleReconnect()
145 {
146     RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!m_isSuspendedForBackForwardCache);
147     m_state = CONNECTING;
148     m_connectTimer.startOneShot(1_ms * m_reconnectDelay);
149     dispatchErrorEvent();
150 }
151
152 void EventSource::close()
153 {
154     if (m_state == CLOSED) {
155         ASSERT(!m_requestInFlight);
156         return;
157     }
158
159     // Stop trying to connect/reconnect if EventSource was explicitly closed or if ActiveDOMObject::stop() was called.
160     if (m_connectTimer.isActive())
161         m_connectTimer.cancel();
162
163     if (m_requestInFlight)
164         doExplicitLoadCancellation();
165     else {
166         m_state = CLOSED;
167         unsetPendingActivity(*this);
168     }
169 }
170
171 bool EventSource::responseIsValid(const ResourceResponse& response) const
172 {
173     // Logs to the console as a side effect.
174
175     // To keep the signal-to-noise ratio low, we don't log anything if the status code is not 200.
176     if (response.httpStatusCode() != 200)
177         return false;
178
179     if (!equalLettersIgnoringASCIICase(response.mimeType(), "text/event-stream")) {
180         auto message = makeString("EventSource's response has a MIME type (\"", response.mimeType(), "\") that is not \"text/event-stream\". Aborting the connection.");
181         // FIXME: Console message would be better with a source code location; where would we get that?
182         scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, WTFMove(message));
183         return false;
184     }
185
186     // If we have a charset, the only allowed value is UTF-8 (case-insensitive).
187     auto& charset = response.textEncodingName();
188     if (!charset.isEmpty() && !equalLettersIgnoringASCIICase(charset, "utf-8")) {
189         auto message = makeString("EventSource's response has a charset (\"", charset, "\") that is not UTF-8. Aborting the connection.");
190         // FIXME: Console message would be better with a source code location; where would we get that?
191         scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, WTFMove(message));
192         return false;
193     }
194
195     return true;
196 }
197
198 void EventSource::didReceiveResponse(unsigned long, const ResourceResponse& response)
199 {
200     ASSERT(m_state == CONNECTING);
201     ASSERT(m_requestInFlight);
202     RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!m_isSuspendedForBackForwardCache);
203
204     if (!responseIsValid(response)) {
205         doExplicitLoadCancellation();
206         dispatchErrorEvent();
207         return;
208     }
209
210     m_eventStreamOrigin = SecurityOriginData::fromURL(response.url()).toString();
211     m_state = OPEN;
212     dispatchEvent(Event::create(eventNames().openEvent, Event::CanBubble::No, Event::IsCancelable::No));
213 }
214
215 void EventSource::dispatchErrorEvent()
216 {
217     dispatchEvent(Event::create(eventNames().errorEvent, Event::CanBubble::No, Event::IsCancelable::No));
218 }
219
220 void EventSource::didReceiveData(const char* data, int length)
221 {
222     ASSERT(m_state == OPEN);
223     ASSERT(m_requestInFlight);
224     RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!m_isSuspendedForBackForwardCache);
225
226     append(m_receiveBuffer, m_decoder->decode(data, length));
227     parseEventStream();
228 }
229
230 void EventSource::didFinishLoading(unsigned long)
231 {
232     ASSERT(m_state == OPEN);
233     ASSERT(m_requestInFlight);
234     RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!m_isSuspendedForBackForwardCache);
235
236     append(m_receiveBuffer, m_decoder->flush());
237     parseEventStream();
238
239     // Discard everything that has not been dispatched by now.
240     // FIXME: Why does this need to be done?
241     // If this is important, why isn't it important to clear other data members: m_decoder, m_lastEventId, m_loader?
242     m_receiveBuffer.clear();
243     m_data.clear();
244     m_eventName = { };
245     m_currentlyParsedEventId = { };
246
247     networkRequestEnded();
248 }
249
250 void EventSource::didFail(const ResourceError& error)
251 {
252     ASSERT(m_state != CLOSED);
253
254     if (error.isAccessControl()) {
255         abortConnectionAttempt();
256         return;
257     }
258
259     ASSERT(m_requestInFlight);
260
261     // This is the case where the load gets cancelled on navigating away. We only fire an error event and attempt to reconnect
262     // if we end up getting resumed from back/forward cache.
263     if (error.isCancellation() && !m_isDoingExplicitCancellation) {
264         m_shouldReconnectOnResume = true;
265         m_requestInFlight = false;
266         return;
267     }
268
269     if (error.isCancellation())
270         m_state = CLOSED;
271
272     // FIXME: Why don't we need to clear data members here as in didFinishLoading?
273
274     networkRequestEnded();
275 }
276
277 void EventSource::abortConnectionAttempt()
278 {
279     ASSERT(m_state == CONNECTING);
280     RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!m_isSuspendedForBackForwardCache);
281
282     if (m_requestInFlight)
283         doExplicitLoadCancellation();
284     else {
285         m_state = CLOSED;
286         unsetPendingActivity(*this);
287     }
288
289     ASSERT(m_state == CLOSED);
290     dispatchEvent(Event::create(eventNames().errorEvent, Event::CanBubble::No, Event::IsCancelable::No));
291 }
292
293 void EventSource::doExplicitLoadCancellation()
294 {
295     ASSERT(m_requestInFlight);
296     SetForScope<bool> explicitLoadCancellation(m_isDoingExplicitCancellation, true);
297     m_loader->cancel();
298 }
299
300 void EventSource::parseEventStream()
301 {
302     unsigned position = 0;
303     unsigned size = m_receiveBuffer.size();
304     while (position < size) {
305         if (m_discardTrailingNewline) {
306             if (m_receiveBuffer[position] == '\n')
307                 ++position;
308             m_discardTrailingNewline = false;
309         }
310
311         Optional<unsigned> lineLength;
312         Optional<unsigned> fieldLength;
313         for (unsigned i = position; !lineLength && i < size; ++i) {
314             switch (m_receiveBuffer[i]) {
315             case ':':
316                 if (!fieldLength)
317                     fieldLength = i - position;
318                 break;
319             case '\r':
320                 m_discardTrailingNewline = true;
321                 FALLTHROUGH;
322             case '\n':
323                 lineLength = i - position;
324                 break;
325             }
326         }
327
328         if (!lineLength)
329             break;
330
331         parseEventStreamLine(position, fieldLength, lineLength.value());
332         position += lineLength.value() + 1;
333
334         // EventSource.close() might've been called by one of the message event handlers.
335         // Per spec, no further messages should be fired after that.
336         if (m_state == CLOSED)
337             break;
338     }
339
340     // FIXME: The following operation makes it clear that m_receiveBuffer should be some other type,
341     // perhaps a Deque or a circular buffer of some sort.
342     if (position == size)
343         m_receiveBuffer.clear();
344     else if (position)
345         m_receiveBuffer.remove(0, position);
346 }
347
348 void EventSource::parseEventStreamLine(unsigned position, Optional<unsigned> fieldLength, unsigned lineLength)
349 {
350     if (!lineLength) {
351         if (!m_data.isEmpty())
352             dispatchMessageEvent();
353         m_eventName = { };
354         return;
355     }
356
357     if (fieldLength && !fieldLength.value())
358         return;
359
360     StringView field { &m_receiveBuffer[position], fieldLength ? fieldLength.value() : lineLength };
361
362     unsigned step;
363     if (!fieldLength)
364         step = lineLength;
365     else if (m_receiveBuffer[position + fieldLength.value() + 1] != ' ')
366         step = fieldLength.value() + 1;
367     else
368         step = fieldLength.value() + 2;
369     position += step;
370     unsigned valueLength = lineLength - step;
371
372     if (field == "data") {
373         m_data.append(&m_receiveBuffer[position], valueLength);
374         m_data.append('\n');
375     } else if (field == "event")
376         m_eventName = { &m_receiveBuffer[position], valueLength };
377     else if (field == "id") {
378         StringView parsedEventId = { &m_receiveBuffer[position], valueLength };
379         constexpr UChar nullCharacter = '\0';
380         if (!parsedEventId.contains(nullCharacter))
381             m_currentlyParsedEventId = parsedEventId.toString();
382     } else if (field == "retry") {
383         if (!valueLength)
384             m_reconnectDelay = defaultReconnectDelay;
385         else {
386             // FIXME: Do we really want to ignore trailing garbage here? Should we be using the strict version instead?
387             // FIXME: If we can't parse the value, should we leave m_reconnectDelay alone or set it to defaultReconnectDelay?
388             bool ok;
389             auto reconnectDelay = charactersToUInt64(&m_receiveBuffer[position], valueLength, &ok);
390             if (ok)
391                 m_reconnectDelay = reconnectDelay;
392         }
393     }
394 }
395
396 void EventSource::stop()
397 {
398     close();
399 }
400
401 const char* EventSource::activeDOMObjectName() const
402 {
403     return "EventSource";
404 }
405
406 void EventSource::suspend(ReasonForSuspension reason)
407 {
408     if (reason != ReasonForSuspension::BackForwardCache)
409         return;
410
411     m_isSuspendedForBackForwardCache = true;
412     RELEASE_ASSERT_WITH_MESSAGE(!m_requestInFlight, "Loads get cancelled before entering the BackForwardCache.");
413 }
414
415 void EventSource::resume()
416 {
417     if (!m_isSuspendedForBackForwardCache)
418         return;
419
420     m_isSuspendedForBackForwardCache = false;
421     if (std::exchange(m_shouldReconnectOnResume, false)) {
422         scriptExecutionContext()->postTask([this, pendingActivity = makePendingActivity(*this)](ScriptExecutionContext&) {
423             if (!isContextStopped())
424                 scheduleReconnect();
425         });
426     }
427 }
428
429 void EventSource::dispatchMessageEvent()
430 {
431     RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!m_isSuspendedForBackForwardCache);
432
433     if (!m_currentlyParsedEventId.isNull())
434         m_lastEventId = WTFMove(m_currentlyParsedEventId);
435
436     auto& name = m_eventName.isEmpty() ? eventNames().messageEvent : m_eventName;
437
438     // Omit the trailing "\n" character.
439     ASSERT(!m_data.isEmpty());
440     unsigned size = m_data.size() - 1;
441     auto data = SerializedScriptValue::create({ m_data.data(), size });
442     RELEASE_ASSERT(data);
443     m_data = { };
444
445     dispatchEvent(MessageEvent::create(name, data.releaseNonNull(), m_eventStreamOrigin, m_lastEventId));
446 }
447
448 } // namespace WebCore