2 * Copyright (C) 2004, 2005, 2006, 2007, 2009, 2010, 2011 Apple Inc. All rights reserved.
3 * Copyright (C) 2008 Alp Toker <alp@atoker.com>
4 * Copyright (C) 2008 Xan Lopez <xan@gnome.org>
5 * Copyright (C) 2008, 2010 Collabora Ltd.
6 * Copyright (C) 2009 Holger Hans Peter Freyther
7 * Copyright (C) 2009 Gustavo Noronha Silva <gns@gnome.org>
8 * Copyright (C) 2009 Christian Dywan <christian@imendio.com>
9 * Copyright (C) 2009, 2010, 2011, 2012 Igalia S.L.
10 * Copyright (C) 2009 John Kjellberg <john.kjellberg@power.alstom.com>
11 * Copyright (C) 2012 Intel Corporation
13 * This library is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU Library General Public
15 * License as published by the Free Software Foundation; either
16 * version 2 of the License, or (at your option) any later version.
18 * This library is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 * Library General Public License for more details.
23 * You should have received a copy of the GNU Library General Public License
24 * along with this library; see the file COPYING.LIB. If not, write to
25 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
26 * Boston, MA 02110-1301, USA.
30 #include "ResourceHandle.h"
32 #include "CachedResourceLoader.h"
33 #include "ChromeClient.h"
34 #include "CookieJarSoup.h"
35 #include "CredentialStorage.h"
36 #include "FileSystem.h"
38 #include "GOwnPtrSoup.h"
39 #include "HTTPParsers.h"
40 #include "LocalizedStrings.h"
42 #include "MIMETypeRegistry.h"
43 #include "NotImplemented.h"
45 #include "ResourceError.h"
46 #include "ResourceHandleClient.h"
47 #include "ResourceHandleInternal.h"
48 #include "ResourceResponse.h"
49 #include "SharedBuffer.h"
50 #include "TextEncoding.h"
55 #define LIBSOUP_USE_UNSTABLE_REQUEST_API
56 #include <libsoup/soup-request-http.h>
57 #include <libsoup/soup-requester.h>
58 #include <libsoup/soup.h>
60 #include <sys/types.h>
63 #include <wtf/gobject/GRefPtr.h>
64 #include <wtf/text/Base64.h>
65 #include <wtf/text/CString.h>
69 #include "BlobRegistryImpl.h"
70 #include "BlobStorageData.h"
74 #include "CredentialBackingStore.h"
79 #define READ_BUFFER_SIZE 8192
81 static bool loadingSynchronousRequest = false;
83 class WebCoreSynchronousLoader : public ResourceHandleClient {
84 WTF_MAKE_NONCOPYABLE(WebCoreSynchronousLoader);
87 WebCoreSynchronousLoader(ResourceError& error, ResourceResponse& response, SoupSession* session, Vector<char>& data)
89 , m_response(response)
94 // We don't want any timers to fire while we are doing our synchronous load
95 // so we replace the thread default main context. The main loop iterations
96 // will only process GSources associated with this inner context.
97 loadingSynchronousRequest = true;
98 GRefPtr<GMainContext> innerMainContext = adoptGRef(g_main_context_new());
99 g_main_context_push_thread_default(innerMainContext.get());
100 m_mainLoop = adoptGRef(g_main_loop_new(innerMainContext.get(), false));
102 adjustMaxConnections(1);
105 ~WebCoreSynchronousLoader()
107 adjustMaxConnections(-1);
108 g_main_context_pop_thread_default(g_main_context_get_thread_default());
109 loadingSynchronousRequest = false;
112 void adjustMaxConnections(int adjustment)
114 int maxConnections, maxConnectionsPerHost;
115 g_object_get(m_session,
116 SOUP_SESSION_MAX_CONNS, &maxConnections,
117 SOUP_SESSION_MAX_CONNS_PER_HOST, &maxConnectionsPerHost,
119 maxConnections += adjustment;
120 maxConnectionsPerHost += adjustment;
121 g_object_set(m_session,
122 SOUP_SESSION_MAX_CONNS, maxConnections,
123 SOUP_SESSION_MAX_CONNS_PER_HOST, maxConnectionsPerHost,
128 virtual bool isSynchronousClient()
133 virtual void didReceiveResponse(ResourceHandle*, const ResourceResponse& response)
135 m_response = response;
138 virtual void didReceiveData(ResourceHandle*, const char* data, int length, int)
140 m_data.append(data, length);
143 virtual void didFinishLoading(ResourceHandle*, double)
145 if (g_main_loop_is_running(m_mainLoop.get()))
146 g_main_loop_quit(m_mainLoop.get());
150 virtual void didFail(ResourceHandle* handle, const ResourceError& error)
153 didFinishLoading(handle, 0);
156 virtual void didReceiveAuthenticationChallenge(ResourceHandle*, const AuthenticationChallenge& challenge)
158 // We do not handle authentication for synchronous XMLHttpRequests.
159 challenge.authenticationClient()->receivedRequestToContinueWithoutCredential(challenge);
165 g_main_loop_run(m_mainLoop.get());
169 ResourceError& m_error;
170 ResourceResponse& m_response;
171 SoupSession* m_session;
172 Vector<char>& m_data;
174 GRefPtr<GMainLoop> m_mainLoop;
177 class HostTLSCertificateSet {
179 void add(GTlsCertificate* certificate)
181 String certificateHash = computeCertificateHash(certificate);
182 if (!certificateHash.isEmpty())
183 m_certificates.add(certificateHash);
186 bool contains(GTlsCertificate* certificate)
188 return m_certificates.contains(computeCertificateHash(certificate));
192 static String computeCertificateHash(GTlsCertificate* certificate)
194 GByteArray* data = 0;
195 g_object_get(G_OBJECT(certificate), "certificate", &data, NULL);
199 static const size_t sha1HashSize = 20;
200 GRefPtr<GByteArray> certificateData = adoptGRef(data);
202 sha1.addBytes(certificateData->data, certificateData->len);
204 Vector<uint8_t, sha1HashSize> digest;
205 sha1.computeHash(digest);
207 return base64Encode(reinterpret_cast<const char*>(digest.data()), sha1HashSize);
210 HashSet<String> m_certificates;
213 static void cleanupSoupRequestOperation(ResourceHandle*, bool isDestroying);
214 static void sendRequestCallback(GObject*, GAsyncResult*, gpointer);
215 static void readCallback(GObject*, GAsyncResult*, gpointer);
216 static void closeCallback(GObject*, GAsyncResult*, gpointer);
217 static gboolean requestTimeoutCallback(void*);
218 #if ENABLE(WEB_TIMING)
219 static int milisecondsSinceRequest(double requestTime);
222 static bool gIgnoreSSLErrors = false;
224 static HashSet<String>& allowsAnyHTTPSCertificateHosts()
226 DEFINE_STATIC_LOCAL(HashSet<String>, hosts, ());
230 typedef HashMap<String, HostTLSCertificateSet> CertificatesMap;
231 static CertificatesMap& clientCertificates()
233 DEFINE_STATIC_LOCAL(CertificatesMap, certificates, ());
237 ResourceHandleInternal::~ResourceHandleInternal()
241 static SoupSession* sessionFromContext(NetworkingContext* context)
243 return (context && context->isValid()) ? context->soupSession() : ResourceHandle::defaultSession();
246 ResourceHandle::~ResourceHandle()
248 cleanupSoupRequestOperation(this, true);
251 static void ensureSessionIsInitialized(SoupSession* session)
253 if (g_object_get_data(G_OBJECT(session), "webkit-init"))
256 if (session == ResourceHandle::defaultSession()) {
257 SoupCookieJar* jar = SOUP_COOKIE_JAR(soup_session_get_feature(session, SOUP_TYPE_COOKIE_JAR));
259 soup_session_add_feature(session, SOUP_SESSION_FEATURE(soupCookieJar()));
261 setSoupCookieJar(jar);
265 if (!soup_session_get_feature(session, SOUP_TYPE_LOGGER) && LogNetwork.state == WTFLogChannelOn) {
266 SoupLogger* logger = soup_logger_new(static_cast<SoupLoggerLogLevel>(SOUP_LOGGER_LOG_BODY), -1);
267 soup_session_add_feature(session, SOUP_SESSION_FEATURE(logger));
268 g_object_unref(logger);
270 #endif // !LOG_DISABLED
272 if (!soup_session_get_feature(session, SOUP_TYPE_REQUESTER)) {
273 SoupRequester* requester = soup_requester_new();
274 soup_session_add_feature(session, SOUP_SESSION_FEATURE(requester));
275 g_object_unref(requester);
278 g_object_set_data(G_OBJECT(session), "webkit-init", reinterpret_cast<void*>(0xdeadbeef));
281 SoupSession* ResourceHandleInternal::soupSession()
283 SoupSession* session = sessionFromContext(m_context.get());
284 ensureSessionIsInitialized(session);
288 static void gotHeadersCallback(SoupMessage* message, gpointer data)
290 ResourceHandle* handle = static_cast<ResourceHandle*>(data);
293 ResourceHandleInternal* d = handle->getInternal();
297 #if ENABLE(WEB_TIMING)
298 if (d->m_response.resourceLoadTiming())
299 d->m_response.resourceLoadTiming()->receiveHeadersEnd = milisecondsSinceRequest(d->m_response.resourceLoadTiming()->requestTime);
303 // We are a bit more conservative with the persistent credential storage than the session store,
304 // since we are waiting until we know that this authentication succeeded before actually storing.
305 // This is because we want to avoid hitting the disk twice (once to add and once to remove) for
306 // incorrect credentials or polluting the keychain with invalid credentials.
307 if (message->status_code != 401 && message->status_code < 500 && !d->m_credentialDataToSaveInPersistentStore.credential.isEmpty()) {
308 credentialBackingStore().storeCredentialsForChallenge(
309 d->m_credentialDataToSaveInPersistentStore.challenge,
310 d->m_credentialDataToSaveInPersistentStore.credential);
314 // The original response will be needed later to feed to willSendRequest in
315 // restartedCallback() in case we are redirected. For this reason, so we store it
317 ResourceResponse response;
318 response.updateFromSoupMessage(message);
319 d->m_response = response;
322 static void applyAuthenticationToRequest(ResourceHandle* handle, bool redirect)
324 // m_user/m_pass are credentials given manually, for instance, by the arguments passed to XMLHttpRequest.open().
325 ResourceHandleInternal* d = handle->getInternal();
326 String user = d->m_user;
327 String password = d->m_pass;
329 ResourceRequest& request = d->m_firstRequest;
330 if (handle->shouldUseCredentialStorage()) {
331 if (d->m_user.isEmpty() && d->m_pass.isEmpty())
332 d->m_initialCredential = CredentialStorage::get(request.url());
333 else if (!redirect) {
334 // If there is already a protection space known for the URL, update stored credentials
335 // before sending a request. This makes it possible to implement logout by sending an
336 // XMLHttpRequest with known incorrect credentials, and aborting it immediately (so that
337 // an authentication dialog doesn't pop up).
338 CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), request.url());
342 if (!d->m_initialCredential.isEmpty()) {
343 user = d->m_initialCredential.user();
344 password = d->m_initialCredential.password();
347 // We always put the credentials into the URL. In the CFNetwork-port HTTP family credentials are applied in
348 // the didReceiveAuthenticationChallenge callback, but libsoup requires us to use this method to override
349 // any previously remembered credentials. It has its own per-session credential storage.
350 if (!user.isEmpty() || !password.isEmpty()) {
351 KURL urlWithCredentials(request.url());
352 urlWithCredentials.setUser(d->m_user);
353 urlWithCredentials.setPass(d->m_pass);
354 request.setURL(urlWithCredentials);
358 // Called each time the message is going to be sent again except the first time.
359 // It's used mostly to let webkit know about redirects.
360 static void restartedCallback(SoupMessage* message, gpointer data)
362 ResourceHandle* handle = static_cast<ResourceHandle*>(data);
365 ResourceHandleInternal* d = handle->getInternal();
369 GOwnPtr<char> uri(soup_uri_to_string(soup_message_get_uri(message), false));
370 String location = String::fromUTF8(uri.get());
371 KURL newURL = KURL(handle->firstRequest().url(), location);
373 ResourceRequest request = handle->firstRequest();
374 request.setURL(newURL);
375 request.setHTTPMethod(message->method);
377 // Should not set Referer after a redirect from a secure resource to non-secure one.
378 if (!request.url().protocolIs("https") && protocolIs(request.httpReferrer(), "https")) {
379 request.clearHTTPReferrer();
380 soup_message_headers_remove(message->request_headers, "Referer");
383 const KURL& url = request.url();
384 d->m_user = url.user();
385 d->m_pass = url.pass();
386 request.removeCredentials();
388 ResourceResponse& redirectResponse = d->m_response;
389 if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) {
390 // If the network layer carries over authentication headers from the original request
391 // in a cross-origin redirect, we want to clear those headers here.
392 request.clearHTTPAuthorization();
393 soup_message_headers_remove(message->request_headers, "Authorization");
395 // TODO: We are losing any username and password specified in the redirect URL, as this is the
396 // same behavior as the CFNet port. We should investigate if this is really what we want.
398 applyAuthenticationToRequest(handle, true);
400 // Per-request authentication is handled via the URI-embedded username/password.
401 GOwnPtr<SoupURI> newSoupURI(soup_uri_new(request.urlStringForSoup().utf8().data()));
402 soup_message_set_uri(message, newSoupURI.get());
405 d->client()->willSendRequest(handle, request, redirectResponse);
410 #if ENABLE(WEB_TIMING)
411 redirectResponse.setResourceLoadTiming(ResourceLoadTiming::create());
412 redirectResponse.resourceLoadTiming()->requestTime = monotonicallyIncreasingTime();
415 // Update the first party in case the base URL changed with the redirect
416 String firstPartyString = request.firstPartyForCookies().string();
417 if (!firstPartyString.isEmpty()) {
418 GOwnPtr<SoupURI> firstParty(soup_uri_new(firstPartyString.utf8().data()));
419 soup_message_set_first_party(d->m_soupMessage.get(), firstParty.get());
423 static void wroteBodyDataCallback(SoupMessage*, SoupBuffer* buffer, gpointer data)
425 RefPtr<ResourceHandle> handle = static_cast<ResourceHandle*>(data);
430 ResourceHandleInternal* internal = handle->getInternal();
431 internal->m_bodyDataSent += buffer->length;
433 if (internal->m_cancelled)
435 ResourceHandleClient* client = handle->client();
439 client->didSendData(handle.get(), internal->m_bodyDataSent, internal->m_bodySize);
442 static void cleanupSoupRequestOperation(ResourceHandle* handle, bool isDestroying = false)
444 ResourceHandleInternal* d = handle->getInternal();
446 if (d->m_soupRequest)
447 d->m_soupRequest.clear();
449 if (d->m_inputStream)
450 d->m_inputStream.clear();
452 d->m_cancellable.clear();
454 if (d->m_soupMessage) {
455 g_signal_handlers_disconnect_matched(d->m_soupMessage.get(), G_SIGNAL_MATCH_DATA,
457 g_object_set_data(G_OBJECT(d->m_soupMessage.get()), "handle", 0);
458 d->m_soupMessage.clear();
462 g_slice_free1(READ_BUFFER_SIZE, d->m_buffer);
466 if (d->m_timeoutSource) {
467 g_source_destroy(d->m_timeoutSource.get());
468 d->m_timeoutSource.clear();
475 static bool handleUnignoredTLSErrors(ResourceHandle* handle)
477 ResourceHandleInternal* d = handle->getInternal();
478 const ResourceResponse& response = d->m_response;
480 if (!response.soupMessageTLSErrors() || gIgnoreSSLErrors)
483 String lowercaseHostURL = handle->firstRequest().url().host().lower();
484 if (allowsAnyHTTPSCertificateHosts().contains(lowercaseHostURL))
487 // We aren't ignoring errors globally, but the user may have already decided to accept this certificate.
488 CertificatesMap::iterator i = clientCertificates().find(lowercaseHostURL);
489 if (i != clientCertificates().end() && i->value.contains(response.soupMessageCertificate()))
492 handle->client()->didFail(handle, ResourceError::tlsError(d->m_soupRequest.get(), response.soupMessageTLSErrors(), response.soupMessageCertificate()));
496 static void sendRequestCallback(GObject*, GAsyncResult* res, gpointer data)
498 RefPtr<ResourceHandle> handle = static_cast<ResourceHandle*>(data);
500 ResourceHandleInternal* d = handle->getInternal();
501 ResourceHandleClient* client = handle->client();
502 SoupMessage* soupMessage = d->m_soupMessage.get();
504 if (d->m_cancelled || !client) {
505 cleanupSoupRequestOperation(handle.get());
509 if (d->m_defersLoading) {
510 d->m_deferredResult = res;
514 GOwnPtr<GError> error;
515 GInputStream* in = soup_request_send_finish(d->m_soupRequest.get(), res, &error.outPtr());
517 client->didFail(handle.get(), ResourceError::httpError(soupMessage, error.get(), d->m_soupRequest.get()));
518 cleanupSoupRequestOperation(handle.get());
522 d->m_inputStream = adoptGRef(in);
523 d->m_buffer = static_cast<char*>(g_slice_alloc(READ_BUFFER_SIZE));
526 if (handle->shouldContentSniff() && soupMessage->status_code != SOUP_STATUS_NOT_MODIFIED) {
527 const char* sniffedType = soup_request_get_content_type(d->m_soupRequest.get());
528 d->m_response.setSniffedContentType(sniffedType);
530 d->m_response.updateFromSoupMessage(soupMessage);
532 if (handleUnignoredTLSErrors(handle.get())) {
533 cleanupSoupRequestOperation(handle.get());
538 d->m_response.setURL(handle->firstRequest().url());
539 const gchar* contentType = soup_request_get_content_type(d->m_soupRequest.get());
540 d->m_response.setMimeType(extractMIMETypeFromMediaType(contentType));
541 d->m_response.setTextEncodingName(extractCharsetFromMediaType(contentType));
542 d->m_response.setExpectedContentLength(soup_request_get_content_length(d->m_soupRequest.get()));
545 client->didReceiveResponse(handle.get(), d->m_response);
547 if (d->m_cancelled) {
548 cleanupSoupRequestOperation(handle.get());
552 g_input_stream_read_async(d->m_inputStream.get(), d->m_buffer, READ_BUFFER_SIZE,
553 G_PRIORITY_DEFAULT, d->m_cancellable.get(), readCallback, handle.get());
556 static bool addFileToSoupMessageBody(SoupMessage* message, const String& fileNameString, size_t offset, size_t lengthToSend, unsigned long& totalBodySize)
558 GOwnPtr<GError> error;
559 CString fileName = fileSystemRepresentation(fileNameString);
560 GMappedFile* fileMapping = g_mapped_file_new(fileName.data(), false, &error.outPtr());
564 gsize bufferLength = lengthToSend;
566 bufferLength = g_mapped_file_get_length(fileMapping);
567 totalBodySize += bufferLength;
569 SoupBuffer* soupBuffer = soup_buffer_new_with_owner(g_mapped_file_get_contents(fileMapping) + offset,
572 reinterpret_cast<GDestroyNotify>(g_mapped_file_unref));
573 soup_message_body_append_buffer(message->request_body, soupBuffer);
574 soup_buffer_free(soupBuffer);
579 static bool blobIsOutOfDate(const BlobDataItem& blobItem)
581 ASSERT(blobItem.type == BlobDataItem::File);
582 if (!isValidFileTime(blobItem.expectedModificationTime))
585 time_t fileModificationTime;
586 if (!getFileModificationTime(blobItem.path, fileModificationTime))
589 return fileModificationTime != static_cast<time_t>(blobItem.expectedModificationTime);
592 static void addEncodedBlobItemToSoupMessageBody(SoupMessage* message, const BlobDataItem& blobItem, unsigned long& totalBodySize)
594 if (blobItem.type == BlobDataItem::Data) {
595 totalBodySize += blobItem.length;
596 soup_message_body_append(message->request_body, SOUP_MEMORY_TEMPORARY,
597 blobItem.data->data() + blobItem.offset, blobItem.length);
601 ASSERT(blobItem.type == BlobDataItem::File);
602 if (blobIsOutOfDate(blobItem))
605 addFileToSoupMessageBody(message,
608 blobItem.length == BlobDataItem::toEndOfFile ? 0 : blobItem.length,
612 static void addEncodedBlobToSoupMessageBody(SoupMessage* message, const FormDataElement& element, unsigned long& totalBodySize)
614 RefPtr<BlobStorageData> blobData = static_cast<BlobRegistryImpl&>(blobRegistry()).getBlobDataFromURL(KURL(ParsedURLString, element.m_url));
618 for (size_t i = 0; i < blobData->items().size(); ++i)
619 addEncodedBlobItemToSoupMessageBody(message, blobData->items()[i], totalBodySize);
621 #endif // ENABLE(BLOB)
623 static bool addFormElementsToSoupMessage(SoupMessage* message, const char*, FormData* httpBody, unsigned long& totalBodySize)
625 soup_message_body_set_accumulate(message->request_body, FALSE);
626 size_t numElements = httpBody->elements().size();
627 for (size_t i = 0; i < numElements; i++) {
628 const FormDataElement& element = httpBody->elements()[i];
630 if (element.m_type == FormDataElement::data) {
631 totalBodySize += element.m_data.size();
632 soup_message_body_append(message->request_body, SOUP_MEMORY_TEMPORARY,
633 element.m_data.data(), element.m_data.size());
637 if (element.m_type == FormDataElement::encodedFile) {
638 if (!addFileToSoupMessageBody(message ,
641 0 /* lengthToSend */,
648 ASSERT(element.m_type == FormDataElement::encodedBlob);
649 addEncodedBlobToSoupMessageBody(message, element, totalBodySize);
655 #if ENABLE(WEB_TIMING)
656 static int milisecondsSinceRequest(double requestTime)
658 return static_cast<int>((monotonicallyIncreasingTime() - requestTime) * 1000.0);
661 static void wroteBodyCallback(SoupMessage*, gpointer data)
663 RefPtr<ResourceHandle> handle = static_cast<ResourceHandle*>(data);
667 ResourceHandleInternal* d = handle->getInternal();
668 if (!d->m_response.resourceLoadTiming())
671 d->m_response.resourceLoadTiming()->sendEnd = milisecondsSinceRequest(d->m_response.resourceLoadTiming()->requestTime);
674 static void requestStartedCallback(SoupSession*, SoupMessage* soupMessage, SoupSocket*, gpointer)
676 RefPtr<ResourceHandle> handle = static_cast<ResourceHandle*>(g_object_get_data(G_OBJECT(soupMessage), "handle"));
680 ResourceHandleInternal* d = handle->getInternal();
681 if (!d->m_response.resourceLoadTiming())
684 d->m_response.resourceLoadTiming()->sendStart = milisecondsSinceRequest(d->m_response.resourceLoadTiming()->requestTime);
685 if (d->m_response.resourceLoadTiming()->sslStart != -1) {
686 // WebCore/inspector/front-end/RequestTimingView.js assumes
687 // that SSL time is included in connection time so must
688 // substract here the SSL delta that will be added later (see
689 // WebInspector.RequestTimingView.createTimingTable in the
690 // file above for more details).
691 d->m_response.resourceLoadTiming()->sendStart -=
692 d->m_response.resourceLoadTiming()->sslEnd - d->m_response.resourceLoadTiming()->sslStart;
696 static void networkEventCallback(SoupMessage*, GSocketClientEvent event, GIOStream*, gpointer data)
698 ResourceHandle* handle = static_cast<ResourceHandle*>(data);
701 ResourceHandleInternal* d = handle->getInternal();
705 int deltaTime = milisecondsSinceRequest(d->m_response.resourceLoadTiming()->requestTime);
707 case G_SOCKET_CLIENT_RESOLVING:
708 d->m_response.resourceLoadTiming()->dnsStart = deltaTime;
710 case G_SOCKET_CLIENT_RESOLVED:
711 d->m_response.resourceLoadTiming()->dnsEnd = deltaTime;
713 case G_SOCKET_CLIENT_CONNECTING:
714 d->m_response.resourceLoadTiming()->connectStart = deltaTime;
715 if (d->m_response.resourceLoadTiming()->dnsStart != -1)
716 // WebCore/inspector/front-end/RequestTimingView.js assumes
717 // that DNS time is included in connection time so must
718 // substract here the DNS delta that will be added later (see
719 // WebInspector.RequestTimingView.createTimingTable in the
720 // file above for more details).
721 d->m_response.resourceLoadTiming()->connectStart -=
722 d->m_response.resourceLoadTiming()->dnsEnd - d->m_response.resourceLoadTiming()->dnsStart;
724 case G_SOCKET_CLIENT_CONNECTED:
725 // Web Timing considers that connection time involves dns, proxy & TLS negotiation...
726 // so we better pick G_SOCKET_CLIENT_COMPLETE for connectEnd
728 case G_SOCKET_CLIENT_PROXY_NEGOTIATING:
729 d->m_response.resourceLoadTiming()->proxyStart = deltaTime;
731 case G_SOCKET_CLIENT_PROXY_NEGOTIATED:
732 d->m_response.resourceLoadTiming()->proxyEnd = deltaTime;
734 case G_SOCKET_CLIENT_TLS_HANDSHAKING:
735 d->m_response.resourceLoadTiming()->sslStart = deltaTime;
737 case G_SOCKET_CLIENT_TLS_HANDSHAKED:
738 d->m_response.resourceLoadTiming()->sslEnd = deltaTime;
740 case G_SOCKET_CLIENT_COMPLETE:
741 d->m_response.resourceLoadTiming()->connectEnd = deltaTime;
744 ASSERT_NOT_REACHED();
750 static const char* gSoupRequestInitiaingPageIDKey = "wk-soup-request-initiaing-page-id";
752 static void setSoupRequestInitiaingPageIDFromNetworkingContext(SoupRequest* request, NetworkingContext* context)
754 if (!context || !context->isValid())
757 uint64_t* initiatingPageIDPtr = static_cast<uint64_t*>(fastMalloc(sizeof(uint64_t)));
758 *initiatingPageIDPtr = context->initiatingPageID();
759 g_object_set_data_full(G_OBJECT(request), g_intern_static_string(gSoupRequestInitiaingPageIDKey), initiatingPageIDPtr, fastFree);
762 static bool createSoupMessageForHandleAndRequest(ResourceHandle* handle, const ResourceRequest& request)
766 ResourceHandleInternal* d = handle->getInternal();
767 ASSERT(d->m_soupRequest);
769 d->m_soupMessage = adoptGRef(soup_request_http_get_message(SOUP_REQUEST_HTTP(d->m_soupRequest.get())));
770 if (!d->m_soupMessage)
773 SoupMessage* soupMessage = d->m_soupMessage.get();
774 request.updateSoupMessage(soupMessage);
776 g_object_set_data(G_OBJECT(soupMessage), "handle", handle);
777 if (!handle->shouldContentSniff())
778 soup_message_disable_feature(soupMessage, SOUP_TYPE_CONTENT_SNIFFER);
780 String firstPartyString = request.firstPartyForCookies().string();
781 if (!firstPartyString.isEmpty()) {
782 GOwnPtr<SoupURI> firstParty(soup_uri_new(firstPartyString.utf8().data()));
783 soup_message_set_first_party(soupMessage, firstParty.get());
786 FormData* httpBody = request.httpBody();
787 CString contentType = request.httpContentType().utf8().data();
788 if (httpBody && !httpBody->isEmpty() && !addFormElementsToSoupMessage(soupMessage, contentType.data(), httpBody, d->m_bodySize)) {
789 // We failed to prepare the body data, so just fail this load.
790 d->m_soupMessage.clear();
794 // Make sure we have an Accept header for subresources; some sites
795 // want this to serve some of their subresources
796 if (!soup_message_headers_get_one(soupMessage->request_headers, "Accept"))
797 soup_message_headers_append(soupMessage->request_headers, "Accept", "*/*");
799 // In the case of XHR .send() and .send("") explicitly tell libsoup to send a zero content-lenght header
800 // for consistency with other backends (e.g. Chromium's) and other UA implementations like FF. It's done
801 // in the backend here instead of in XHR code since in XHR CORS checking prevents us from this kind of
802 // late header manipulation.
803 if ((request.httpMethod() == "POST" || request.httpMethod() == "PUT")
804 && (!request.httpBody() || request.httpBody()->isEmpty()))
805 soup_message_headers_set_content_length(soupMessage->request_headers, 0);
807 g_signal_connect(d->m_soupMessage.get(), "got-headers", G_CALLBACK(gotHeadersCallback), handle);
808 g_signal_connect(d->m_soupMessage.get(), "restarted", G_CALLBACK(restartedCallback), handle);
809 g_signal_connect(d->m_soupMessage.get(), "wrote-body-data", G_CALLBACK(wroteBodyDataCallback), handle);
811 #if ENABLE(WEB_TIMING)
812 d->m_response.setResourceLoadTiming(ResourceLoadTiming::create());
813 g_signal_connect(d->m_soupMessage.get(), "network-event", G_CALLBACK(networkEventCallback), handle);
814 g_signal_connect(d->m_soupMessage.get(), "wrote-body", G_CALLBACK(wroteBodyCallback), handle);
820 static bool createSoupRequestAndMessageForHandle(ResourceHandle* handle, bool isHTTPFamilyRequest)
822 ResourceHandleInternal* d = handle->getInternal();
823 SoupRequester* requester = SOUP_REQUESTER(soup_session_get_feature(d->soupSession(), SOUP_TYPE_REQUESTER));
825 GOwnPtr<GError> error;
826 ResourceRequest& request = handle->firstRequest();
828 d->m_soupRequest = adoptGRef(soup_requester_request(requester, request.urlStringForSoup().utf8().data(), &error.outPtr()));
830 d->m_soupRequest.clear();
834 // SoupMessages are only applicable to HTTP-family requests.
835 if (isHTTPFamilyRequest && !createSoupMessageForHandleAndRequest(handle, request)) {
836 d->m_soupRequest.clear();
843 bool ResourceHandle::start(NetworkingContext* context)
845 ASSERT(!d->m_soupMessage);
847 // The frame could be null if the ResourceHandle is not associated to any
848 // Frame, e.g. if we are downloading a file.
849 // If the frame is not null but the page is null this must be an attempted
850 // load from an unload handler, so let's just block it.
851 // If both the frame and the page are not null the context is valid.
852 if (context && !context->isValid())
855 // Used to set the keep track of custom SoupSessions for ports that support it (EFL).
856 d->m_context = context;
858 // Only allow the POST and GET methods for non-HTTP requests.
859 const ResourceRequest& request = firstRequest();
860 bool isHTTPFamilyRequest = request.url().protocolIsInHTTPFamily();
861 if (!isHTTPFamilyRequest && request.httpMethod() != "GET" && request.httpMethod() != "POST") {
862 this->scheduleFailure(InvalidURLFailure); // Error must not be reported immediately
866 applyAuthenticationToRequest(this, false);
867 // The CFNet backend clears these, so we do as well.
868 d->m_user = String();
869 d->m_pass = String();
871 if (!createSoupRequestAndMessageForHandle(this, isHTTPFamilyRequest)) {
872 this->scheduleFailure(InvalidURLFailure); // Error must not be reported immediately
876 setSoupRequestInitiaingPageIDFromNetworkingContext(d->m_soupRequest.get(), context);
878 // Send the request only if it's not been explicitly deferred.
879 if (!d->m_defersLoading)
880 sendPendingRequest();
885 void ResourceHandle::sendPendingRequest()
887 #if ENABLE(WEB_TIMING)
888 if (d->m_response.resourceLoadTiming())
889 d->m_response.resourceLoadTiming()->requestTime = monotonicallyIncreasingTime();
892 if (d->m_firstRequest.timeoutInterval() > 0) {
893 // soup_add_timeout returns a GSource* whose only reference is owned by
894 // the context. We need to have our own reference to it, hence not using adoptRef.
895 d->m_timeoutSource = soup_add_timeout(g_main_context_get_thread_default(),
896 d->m_firstRequest.timeoutInterval() * 1000, requestTimeoutCallback, this);
899 // Balanced by a deref() in cleanupSoupRequestOperation, which should always run.
902 d->m_cancellable = adoptGRef(g_cancellable_new());
903 soup_request_send_async(d->m_soupRequest.get(), d->m_cancellable.get(), sendRequestCallback, this);
906 void ResourceHandle::cancel()
908 d->m_cancelled = true;
909 if (d->m_soupMessage)
910 soup_session_cancel_message(d->soupSession(), d->m_soupMessage.get(), SOUP_STATUS_CANCELLED);
911 else if (d->m_cancellable)
912 g_cancellable_cancel(d->m_cancellable.get());
915 bool ResourceHandle::shouldUseCredentialStorage()
917 return (!client() || client()->shouldUseCredentialStorage(this)) && firstRequest().url().protocolIsInHTTPFamily();
920 void ResourceHandle::setHostAllowsAnyHTTPSCertificate(const String& host)
922 allowsAnyHTTPSCertificateHosts().add(host.lower());
925 void ResourceHandle::setClientCertificate(const String& host, GTlsCertificate* certificate)
927 clientCertificates().add(host.lower(), HostTLSCertificateSet()).iterator->value.add(certificate);
930 void ResourceHandle::setIgnoreSSLErrors(bool ignoreSSLErrors)
932 gIgnoreSSLErrors = ignoreSSLErrors;
936 void getCredentialFromPersistentStoreCallback(const Credential& credential, void* data)
938 static_cast<ResourceHandle*>(data)->continueDidReceiveAuthenticationChallenge(credential);
942 void ResourceHandle::continueDidReceiveAuthenticationChallenge(const Credential& credentialFromPersistentStorage)
944 ASSERT(!d->m_currentWebChallenge.isNull());
945 AuthenticationChallenge& challenge = d->m_currentWebChallenge;
947 ASSERT(challenge.soupSession());
948 ASSERT(challenge.soupMessage());
949 if (!credentialFromPersistentStorage.isEmpty())
950 challenge.setProposedCredential(credentialFromPersistentStorage);
953 soup_session_unpause_message(challenge.soupSession(), challenge.soupMessage());
954 clearAuthentication();
958 ASSERT(challenge.soupSession());
959 ASSERT(challenge.soupMessage());
960 client()->didReceiveAuthenticationChallenge(this, challenge);
963 void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
965 ASSERT(d->m_currentWebChallenge.isNull());
967 bool useCredentialStorage = shouldUseCredentialStorage();
968 if (!d->m_user.isNull() && !d->m_pass.isNull()) {
969 Credential credential = Credential(d->m_user, d->m_pass, CredentialPersistenceForSession);
970 if (useCredentialStorage)
971 CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
972 soup_auth_authenticate(challenge.soupAuth(), credential.user().utf8().data(), credential.password().utf8().data());
977 // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
978 if (useCredentialStorage) {
979 if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) {
980 // The stored credential wasn't accepted, stop using it. There is a race condition
981 // here, since a different credential might have already been stored by another
982 // ResourceHandle, but the observable effect should be very minor, if any.
983 CredentialStorage::remove(challenge.protectionSpace());
986 if (!challenge.previousFailureCount()) {
987 Credential credential = CredentialStorage::get(challenge.protectionSpace());
988 if (!credential.isEmpty() && credential != d->m_initialCredential) {
989 ASSERT(credential.persistence() == CredentialPersistenceNone);
991 // Store the credential back, possibly adding it as a default for this directory.
992 if (challenge.failureResponse().httpStatusCode() == 401)
993 CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
995 soup_auth_authenticate(challenge.soupAuth(), credential.user().utf8().data(), credential.password().utf8().data());
1001 d->m_currentWebChallenge = challenge;
1002 soup_session_pause_message(challenge.soupSession(), challenge.soupMessage());
1005 // We could also do this before we even start the request, but that would be at the expense
1006 // of all request latency, versus a one-time latency for the small subset of requests that
1007 // use HTTP authentication. In the end, this doesn't matter much, because persistent credentials
1008 // will become session credentials after the first use.
1009 if (useCredentialStorage) {
1010 credentialBackingStore().credentialForChallenge(challenge, getCredentialFromPersistentStoreCallback, this);
1015 continueDidReceiveAuthenticationChallenge(Credential());
1018 void ResourceHandle::receivedRequestToContinueWithoutCredential(const AuthenticationChallenge& challenge)
1020 ASSERT(!challenge.isNull());
1021 if (challenge != d->m_currentWebChallenge)
1023 soup_session_unpause_message(challenge.soupSession(), challenge.soupMessage());
1025 clearAuthentication();
1028 void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
1030 ASSERT(!challenge.isNull());
1031 if (challenge != d->m_currentWebChallenge)
1034 // FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map.
1035 if (credential.isEmpty()) {
1036 receivedRequestToContinueWithoutCredential(challenge);
1040 if (shouldUseCredentialStorage()) {
1041 // Eventually we will manage per-session credentials only internally or use some newly-exposed API from libsoup,
1042 // because once we authenticate via libsoup, there is no way to ignore it for a particular request. Right now,
1043 // we place the credentials in the store even though libsoup will never fire the authenticate signal again for
1044 // this protection space.
1045 if (credential.persistence() == CredentialPersistenceForSession || credential.persistence() == CredentialPersistencePermanent)
1046 CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
1049 if (credential.persistence() == CredentialPersistencePermanent) {
1050 d->m_credentialDataToSaveInPersistentStore.credential = credential;
1051 d->m_credentialDataToSaveInPersistentStore.challenge = challenge;
1056 ASSERT(challenge.soupSession());
1057 ASSERT(challenge.soupMessage());
1058 soup_auth_authenticate(challenge.soupAuth(), credential.user().utf8().data(), credential.password().utf8().data());
1059 soup_session_unpause_message(challenge.soupSession(), challenge.soupMessage());
1061 clearAuthentication();
1064 void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
1066 ASSERT(!challenge.isNull());
1067 if (challenge != d->m_currentWebChallenge)
1070 soup_session_unpause_message(challenge.soupSession(), challenge.soupMessage());
1073 client()->receivedCancellation(this, challenge);
1075 clearAuthentication();
1078 static bool waitingToSendRequest(ResourceHandle* handle)
1080 // We need to check for d->m_soupRequest because the request may have raised a failure
1081 // (for example invalid URLs). We cannot simply check for d->m_scheduledFailure because
1082 // it's cleared as soon as the failure event is fired.
1083 return handle->getInternal()->m_soupRequest && !handle->getInternal()->m_cancellable;
1086 void ResourceHandle::platformSetDefersLoading(bool defersLoading)
1091 // Except when canceling a possible timeout timer, we only need to take action here to UN-defer loading.
1092 if (defersLoading) {
1093 if (d->m_timeoutSource) {
1094 g_source_destroy(d->m_timeoutSource.get());
1095 d->m_timeoutSource.clear();
1100 if (waitingToSendRequest(this)) {
1101 sendPendingRequest();
1105 if (d->m_deferredResult) {
1106 GRefPtr<GAsyncResult> asyncResult = adoptGRef(d->m_deferredResult.leakRef());
1108 if (d->m_inputStream)
1109 readCallback(G_OBJECT(d->m_inputStream.get()), asyncResult.get(), this);
1111 sendRequestCallback(G_OBJECT(d->m_soupRequest.get()), asyncResult.get(), this);
1115 bool ResourceHandle::loadsBlocked()
1120 bool ResourceHandle::willLoadFromCache(ResourceRequest&, Frame*)
1122 // Not having this function means that we'll ask the user about re-posting a form
1123 // even when we go back to a page that's still in the cache.
1128 void ResourceHandle::loadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentials /*storedCredentials*/, ResourceError& error, ResourceResponse& response, Vector<char>& data)
1131 if (request.url().protocolIs("blob")) {
1132 blobRegistry().loadResourceSynchronously(request, error, response, data);
1137 ASSERT(!loadingSynchronousRequest);
1138 if (loadingSynchronousRequest) // In practice this cannot happen, but if for some reason it does,
1139 return; // we want to avoid accidentally going into an infinite loop of requests.
1141 WebCoreSynchronousLoader syncLoader(error, response, sessionFromContext(context), data);
1142 RefPtr<ResourceHandle> handle = create(context, request, &syncLoader, false /*defersLoading*/, false /*shouldContentSniff*/);
1146 // If the request has already failed, do not run the main loop, or else we'll block indefinitely.
1147 if (handle->d->m_scheduledFailureType != NoFailure)
1153 static void closeCallback(GObject*, GAsyncResult* res, gpointer data)
1155 RefPtr<ResourceHandle> handle = static_cast<ResourceHandle*>(data);
1156 ResourceHandleInternal* d = handle->getInternal();
1158 g_input_stream_close_finish(d->m_inputStream.get(), res, 0);
1160 ResourceHandleClient* client = handle->client();
1161 if (client && loadingSynchronousRequest)
1162 client->didFinishLoading(handle.get(), 0);
1164 cleanupSoupRequestOperation(handle.get());
1167 static void readCallback(GObject*, GAsyncResult* asyncResult, gpointer data)
1169 RefPtr<ResourceHandle> handle = static_cast<ResourceHandle*>(data);
1171 ResourceHandleInternal* d = handle->getInternal();
1172 ResourceHandleClient* client = handle->client();
1174 if (d->m_cancelled || !client) {
1175 cleanupSoupRequestOperation(handle.get());
1179 if (d->m_defersLoading) {
1180 d->m_deferredResult = asyncResult;
1184 GOwnPtr<GError> error;
1185 gssize bytesRead = g_input_stream_read_finish(d->m_inputStream.get(), asyncResult, &error.outPtr());
1187 client->didFail(handle.get(), ResourceError::genericIOError(error.get(), d->m_soupRequest.get()));
1188 cleanupSoupRequestOperation(handle.get());
1193 // We inform WebCore of load completion now instead of waiting for the input
1194 // stream to close because the input stream is closed asynchronously. If this
1195 // is a synchronous request, we wait until the closeCallback, because we don't
1196 // want to halt the internal main loop before the input stream closes.
1197 if (client && !loadingSynchronousRequest) {
1198 client->didFinishLoading(handle.get(), 0);
1199 handle->setClient(0); // Unset the client so that we do not try to access th
1200 // client in the closeCallback.
1202 g_input_stream_close_async(d->m_inputStream.get(), G_PRIORITY_DEFAULT, 0, closeCallback, handle.get());
1206 // It's mandatory to have sent a response before sending data
1207 ASSERT(!d->m_response.isNull());
1209 client->didReceiveData(handle.get(), d->m_buffer, bytesRead, bytesRead);
1211 // didReceiveData may cancel the load, which may release the last reference.
1212 if (d->m_cancelled || !client) {
1213 cleanupSoupRequestOperation(handle.get());
1217 g_input_stream_read_async(d->m_inputStream.get(), d->m_buffer, READ_BUFFER_SIZE, G_PRIORITY_DEFAULT,
1218 d->m_cancellable.get(), readCallback, handle.get());
1221 static gboolean requestTimeoutCallback(gpointer data)
1223 RefPtr<ResourceHandle> handle = static_cast<ResourceHandle*>(data);
1224 handle->client()->didFail(handle.get(), ResourceError::timeoutError(handle->getInternal()->m_firstRequest.url().string()));
1230 static void authenticateCallback(SoupSession* session, SoupMessage* soupMessage, SoupAuth* soupAuth, gboolean retrying)
1232 RefPtr<ResourceHandle> handle = static_cast<ResourceHandle*>(g_object_get_data(G_OBJECT(soupMessage), "handle"));
1235 handle->didReceiveAuthenticationChallenge(AuthenticationChallenge(session, soupMessage, soupAuth, retrying, handle.get()));
1238 SoupSession* ResourceHandle::defaultSession()
1240 static SoupSession* session = 0;
1241 // Values taken from http://www.browserscope.org/ following
1242 // the rule "Do What Every Other Modern Browser Is Doing". They seem
1243 // to significantly improve page loading time compared to soup's
1245 static const int maxConnections = 35;
1246 static const int maxConnectionsPerHost = 6;
1249 session = soup_session_async_new();
1250 g_object_set(session,
1251 SOUP_SESSION_MAX_CONNS, maxConnections,
1252 SOUP_SESSION_MAX_CONNS_PER_HOST, maxConnectionsPerHost,
1253 SOUP_SESSION_ADD_FEATURE_BY_TYPE, SOUP_TYPE_CONTENT_DECODER,
1254 SOUP_SESSION_ADD_FEATURE_BY_TYPE, SOUP_TYPE_CONTENT_SNIFFER,
1255 SOUP_SESSION_ADD_FEATURE_BY_TYPE, SOUP_TYPE_PROXY_RESOLVER_DEFAULT,
1256 SOUP_SESSION_USE_THREAD_CONTEXT, TRUE,
1258 g_signal_connect(session, "authenticate", G_CALLBACK(authenticateCallback), 0);
1260 #if ENABLE(WEB_TIMING)
1261 g_signal_connect(session, "request-started", G_CALLBACK(requestStartedCallback), 0);
1268 uint64_t ResourceHandle::getSoupRequestInitiaingPageID(SoupRequest* request)
1270 uint64_t* initiatingPageIDPtr = static_cast<uint64_t*>(g_object_get_data(G_OBJECT(request), gSoupRequestInitiaingPageIDKey));
1271 return initiatingPageIDPtr ? *initiatingPageIDPtr : 0;
git://git.webkit.org / WebKit-https.git / blob