[GTK][WPE] Don't use prgname in dbus-proxy socket path
[WebKit-https.git] / Source / WebCore / page / EventSource.cpp
1 /*
2  * Copyright (C) 2009, 2012 Ericsson AB. All rights reserved.
3  * Copyright (C) 2010, 2016 Apple Inc. All rights reserved.
4  * Copyright (C) 2011, Code Aurora Forum. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer
14  *    in the documentation and/or other materials provided with the
15  *    distribution.
16  * 3. Neither the name of Ericsson nor the names of its contributors
17  *    may be used to endorse or promote products derived from this
18  *    software without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  */
32
33 #include "config.h"
34 #include "EventSource.h"
35
36 #include "CachedResourceRequestInitiators.h"
37 #include "ContentSecurityPolicy.h"
38 #include "EventNames.h"
39 #include "MessageEvent.h"
40 #include "ResourceError.h"
41 #include "ResourceRequest.h"
42 #include "ResourceResponse.h"
43 #include "ScriptExecutionContext.h"
44 #include "SecurityOrigin.h"
45 #include "TextResourceDecoder.h"
46 #include "ThreadableLoader.h"
47 #include <wtf/IsoMallocInlines.h>
48
49 namespace WebCore {
50
51 WTF_MAKE_ISO_ALLOCATED_IMPL(EventSource);
52
53 const uint64_t EventSource::defaultReconnectDelay = 3000;
54
55 inline EventSource::EventSource(ScriptExecutionContext& context, const URL& url, const Init& eventSourceInit)
56     : ActiveDOMObject(&context)
57     , m_url(url)
58     , m_withCredentials(eventSourceInit.withCredentials)
59     , m_decoder(TextResourceDecoder::create("text/plain"_s, "UTF-8"))
60     , m_connectTimer(*this, &EventSource::connect)
61 {
62 }
63
64 ExceptionOr<Ref<EventSource>> EventSource::create(ScriptExecutionContext& context, const String& url, const Init& eventSourceInit)
65 {
66     if (url.isEmpty())
67         return Exception { SyntaxError };
68
69     URL fullURL = context.completeURL(url);
70     if (!fullURL.isValid())
71         return Exception { SyntaxError };
72
73     // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is resolved.
74     if (!context.shouldBypassMainWorldContentSecurityPolicy() && !context.contentSecurityPolicy()->allowConnectToSource(fullURL)) {
75         // FIXME: Should this be throwing an exception?
76         return Exception { SecurityError };
77     }
78
79     auto source = adoptRef(*new EventSource(context, fullURL, eventSourceInit));
80     source->setPendingActivity(source.get());
81     source->scheduleInitialConnect();
82     source->suspendIfNeeded();
83     return source;
84 }
85
86 EventSource::~EventSource()
87 {
88     ASSERT(m_state == CLOSED);
89     ASSERT(!m_requestInFlight);
90 }
91
92 void EventSource::connect()
93 {
94     ASSERT(m_state == CONNECTING);
95     ASSERT(!m_requestInFlight);
96
97     ResourceRequest request { m_url };
98     request.setHTTPMethod("GET");
99     request.setHTTPHeaderField(HTTPHeaderName::Accept, "text/event-stream");
100     request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "no-cache");
101     if (!m_lastEventId.isEmpty())
102         request.setHTTPHeaderField(HTTPHeaderName::LastEventID, m_lastEventId);
103
104     ThreadableLoaderOptions options;
105     options.sendLoadCallbacks = SendCallbackPolicy::SendCallbacks;
106     options.credentials = m_withCredentials ? FetchOptions::Credentials::Include : FetchOptions::Credentials::SameOrigin;
107     options.preflightPolicy = PreflightPolicy::Prevent;
108     options.mode = FetchOptions::Mode::Cors;
109     options.cache = FetchOptions::Cache::NoStore;
110     options.dataBufferingPolicy = DataBufferingPolicy::DoNotBufferData;
111     options.contentSecurityPolicyEnforcement = scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective;
112     options.initiator = cachedResourceRequestInitiators().eventsource;
113
114     ASSERT(scriptExecutionContext());
115     m_loader = ThreadableLoader::create(*scriptExecutionContext(), *this, WTFMove(request), options);
116
117     // FIXME: Can we just use m_loader for this, null it out when it's no longer in flight, and eliminate the m_requestInFlight member?
118     if (m_loader)
119         m_requestInFlight = true;
120 }
121
122 void EventSource::networkRequestEnded()
123 {
124     ASSERT(m_requestInFlight);
125
126     m_requestInFlight = false;
127
128     if (m_state != CLOSED)
129         scheduleReconnect();
130     else
131         unsetPendingActivity(*this);
132 }
133
134 void EventSource::scheduleInitialConnect()
135 {
136     ASSERT(m_state == CONNECTING);
137     ASSERT(!m_requestInFlight);
138
139     m_connectTimer.startOneShot(0_s);
140 }
141
142 void EventSource::scheduleReconnect()
143 {
144     m_state = CONNECTING;
145     m_connectTimer.startOneShot(1_ms * m_reconnectDelay);
146     dispatchEvent(Event::create(eventNames().errorEvent, Event::CanBubble::No, Event::IsCancelable::No));
147 }
148
149 void EventSource::close()
150 {
151     if (m_state == CLOSED) {
152         ASSERT(!m_requestInFlight);
153         return;
154     }
155
156     // Stop trying to connect/reconnect if EventSource was explicitly closed or if ActiveDOMObject::stop() was called.
157     if (m_connectTimer.isActive())
158         m_connectTimer.stop();
159
160     if (m_requestInFlight)
161         m_loader->cancel();
162     else {
163         m_state = CLOSED;
164         unsetPendingActivity(*this);
165     }
166 }
167
168 bool EventSource::responseIsValid(const ResourceResponse& response) const
169 {
170     // Logs to the console as a side effect.
171
172     // To keep the signal-to-noise ratio low, we don't log anything if the status code is not 200.
173     if (response.httpStatusCode() != 200)
174         return false;
175
176     if (!equalLettersIgnoringASCIICase(response.mimeType(), "text/event-stream")) {
177         auto message = makeString("EventSource's response has a MIME type (\"", response.mimeType(), "\") that is not \"text/event-stream\". Aborting the connection.");
178         // FIXME: Console message would be better with a source code location; where would we get that?
179         scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, WTFMove(message));
180         return false;
181     }
182
183     // If we have a charset, the only allowed value is UTF-8 (case-insensitive).
184     auto& charset = response.textEncodingName();
185     if (!charset.isEmpty() && !equalLettersIgnoringASCIICase(charset, "utf-8")) {
186         auto message = makeString("EventSource's response has a charset (\"", charset, "\") that is not UTF-8. Aborting the connection.");
187         // FIXME: Console message would be better with a source code location; where would we get that?
188         scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, WTFMove(message));
189         return false;
190     }
191
192     return true;
193 }
194
195 void EventSource::didReceiveResponse(unsigned long, const ResourceResponse& response)
196 {
197     ASSERT(m_state == CONNECTING);
198     ASSERT(m_requestInFlight);
199
200     if (!responseIsValid(response)) {
201         m_loader->cancel();
202         dispatchEvent(Event::create(eventNames().errorEvent, Event::CanBubble::No, Event::IsCancelable::No));
203         return;
204     }
205
206     m_eventStreamOrigin = SecurityOriginData::fromURL(response.url()).toString();
207     m_state = OPEN;
208     dispatchEvent(Event::create(eventNames().openEvent, Event::CanBubble::No, Event::IsCancelable::No));
209 }
210
211 void EventSource::didReceiveData(const char* data, int length)
212 {
213     ASSERT(m_state == OPEN);
214     ASSERT(m_requestInFlight);
215
216     append(m_receiveBuffer, m_decoder->decode(data, length));
217     parseEventStream();
218 }
219
220 void EventSource::didFinishLoading(unsigned long)
221 {
222     ASSERT(m_state == OPEN);
223     ASSERT(m_requestInFlight);
224
225     append(m_receiveBuffer, m_decoder->flush());
226     parseEventStream();
227
228     // Discard everything that has not been dispatched by now.
229     // FIXME: Why does this need to be done?
230     // If this is important, why isn't it important to clear other data members: m_decoder, m_lastEventId, m_loader?
231     m_receiveBuffer.clear();
232     m_data.clear();
233     m_eventName = { };
234     m_currentlyParsedEventId = { };
235
236     networkRequestEnded();
237 }
238
239 void EventSource::didFail(const ResourceError& error)
240 {
241     ASSERT(m_state != CLOSED);
242
243     if (error.isAccessControl()) {
244         abortConnectionAttempt();
245         return;
246     }
247
248     ASSERT(m_requestInFlight);
249
250     if (error.isCancellation())
251         m_state = CLOSED;
252
253     // FIXME: Why don't we need to clear data members here as in didFinishLoading?
254
255     networkRequestEnded();
256 }
257
258 void EventSource::abortConnectionAttempt()
259 {
260     ASSERT(m_state == CONNECTING);
261
262     if (m_requestInFlight)
263         m_loader->cancel();
264     else {
265         m_state = CLOSED;
266         unsetPendingActivity(*this);
267     }
268
269     ASSERT(m_state == CLOSED);
270     dispatchEvent(Event::create(eventNames().errorEvent, Event::CanBubble::No, Event::IsCancelable::No));
271 }
272
273 void EventSource::parseEventStream()
274 {
275     unsigned position = 0;
276     unsigned size = m_receiveBuffer.size();
277     while (position < size) {
278         if (m_discardTrailingNewline) {
279             if (m_receiveBuffer[position] == '\n')
280                 ++position;
281             m_discardTrailingNewline = false;
282         }
283
284         Optional<unsigned> lineLength;
285         Optional<unsigned> fieldLength;
286         for (unsigned i = position; !lineLength && i < size; ++i) {
287             switch (m_receiveBuffer[i]) {
288             case ':':
289                 if (!fieldLength)
290                     fieldLength = i - position;
291                 break;
292             case '\r':
293                 m_discardTrailingNewline = true;
294                 FALLTHROUGH;
295             case '\n':
296                 lineLength = i - position;
297                 break;
298             }
299         }
300
301         if (!lineLength)
302             break;
303
304         parseEventStreamLine(position, fieldLength, lineLength.value());
305         position += lineLength.value() + 1;
306
307         // EventSource.close() might've been called by one of the message event handlers.
308         // Per spec, no further messages should be fired after that.
309         if (m_state == CLOSED)
310             break;
311     }
312
313     // FIXME: The following operation makes it clear that m_receiveBuffer should be some other type,
314     // perhaps a Deque or a circular buffer of some sort.
315     if (position == size)
316         m_receiveBuffer.clear();
317     else if (position)
318         m_receiveBuffer.remove(0, position);
319 }
320
321 void EventSource::parseEventStreamLine(unsigned position, Optional<unsigned> fieldLength, unsigned lineLength)
322 {
323     if (!lineLength) {
324         if (!m_data.isEmpty())
325             dispatchMessageEvent();
326         m_eventName = { };
327         return;
328     }
329
330     if (fieldLength && !fieldLength.value())
331         return;
332
333     StringView field { &m_receiveBuffer[position], fieldLength ? fieldLength.value() : lineLength };
334
335     unsigned step;
336     if (!fieldLength)
337         step = lineLength;
338     else if (m_receiveBuffer[position + fieldLength.value() + 1] != ' ')
339         step = fieldLength.value() + 1;
340     else
341         step = fieldLength.value() + 2;
342     position += step;
343     unsigned valueLength = lineLength - step;
344
345     if (field == "data") {
346         m_data.append(&m_receiveBuffer[position], valueLength);
347         m_data.append('\n');
348     } else if (field == "event")
349         m_eventName = { &m_receiveBuffer[position], valueLength };
350     else if (field == "id") {
351         StringView parsedEventId = { &m_receiveBuffer[position], valueLength };
352         constexpr UChar nullCharacter = '\0';
353         if (!parsedEventId.contains(nullCharacter))
354             m_currentlyParsedEventId = parsedEventId.toString();
355     } else if (field == "retry") {
356         if (!valueLength)
357             m_reconnectDelay = defaultReconnectDelay;
358         else {
359             // FIXME: Do we really want to ignore trailing garbage here? Should we be using the strict version instead?
360             // FIXME: If we can't parse the value, should we leave m_reconnectDelay alone or set it to defaultReconnectDelay?
361             bool ok;
362             auto reconnectDelay = charactersToUInt64(&m_receiveBuffer[position], valueLength, &ok);
363             if (ok)
364                 m_reconnectDelay = reconnectDelay;
365         }
366     }
367 }
368
369 void EventSource::stop()
370 {
371     close();
372 }
373
374 const char* EventSource::activeDOMObjectName() const
375 {
376     return "EventSource";
377 }
378
379 bool EventSource::canSuspendForDocumentSuspension() const
380 {
381     // FIXME: We should return true here when we can because this object is not actually currently active.
382     return false;
383 }
384
385 void EventSource::dispatchMessageEvent()
386 {
387     if (!m_currentlyParsedEventId.isNull())
388         m_lastEventId = WTFMove(m_currentlyParsedEventId);
389
390     auto& name = m_eventName.isEmpty() ? eventNames().messageEvent : m_eventName;
391
392     // Omit the trailing "\n" character.
393     ASSERT(!m_data.isEmpty());
394     unsigned size = m_data.size() - 1;
395     auto data = SerializedScriptValue::create({ m_data.data(), size });
396     RELEASE_ASSERT(data);
397     m_data = { };
398
399     dispatchEvent(MessageEvent::create(name, data.releaseNonNull(), m_eventStreamOrigin, m_lastEventId));
400 }
401
402 } // namespace WebCore