Move URL from WebCore to WTF
[WebKit-https.git] / Source / WebKit / NetworkProcess / NetworkLoadChecker.h
1 /*
2  * Copyright (C) 2018 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
14  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
15  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
17  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
18  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
19  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
21  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
22  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
23  * THE POSSIBILITY OF SUCH DAMAGE.
24  */
25
26 #pragma once
27
28 #include "NetworkContentRuleListManager.h"
29 #include "NetworkResourceLoadParameters.h"
30 #include <WebCore/ContentSecurityPolicyClient.h>
31 #include <WebCore/NetworkLoadInformation.h>
32 #include <WebCore/ResourceError.h>
33 #include <WebCore/SecurityPolicyViolationEvent.h>
34 #include <wtf/CompletionHandler.h>
35 #include <wtf/Expected.h>
36 #include <wtf/WeakPtr.h>
37
38 namespace WebCore {
39 class ContentSecurityPolicy;
40 struct ContentSecurityPolicyClient;
41 }
42
43 namespace WebKit {
44
45 class NetworkConnectionToWebProcess;
46 class NetworkCORSPreflightChecker;
47
48 class NetworkLoadChecker : public CanMakeWeakPtr<NetworkLoadChecker> {
49 public:
50     NetworkLoadChecker(WebCore::FetchOptions&&, PAL::SessionID, uint64_t pageID, uint64_t frameID, WebCore::HTTPHeaderMap&&, URL&&, RefPtr<WebCore::SecurityOrigin>&&, WebCore::PreflightPolicy, String&& referrer, bool shouldCaptureExtraNetworkLoadMetrics = false);
51     ~NetworkLoadChecker();
52
53     using RequestOrError = Expected<WebCore::ResourceRequest, WebCore::ResourceError>;
54     using ValidationHandler = CompletionHandler<void(RequestOrError&&)>;
55     void check(WebCore::ResourceRequest&&, WebCore::ContentSecurityPolicyClient*, ValidationHandler&&);
56
57     struct RedirectionTriplet {
58         WebCore::ResourceRequest request;
59         WebCore::ResourceRequest redirectRequest;
60         WebCore::ResourceResponse redirectResponse;
61     };
62     using RedirectionRequestOrError = Expected<RedirectionTriplet, WebCore::ResourceError>;
63     using RedirectionValidationHandler = CompletionHandler<void(RedirectionRequestOrError&&)>;
64     void checkRedirection(WebCore::ResourceRequest&& request, WebCore::ResourceRequest&& redirectRequest, WebCore::ResourceResponse&& redirectResponse, WebCore::ContentSecurityPolicyClient*, RedirectionValidationHandler&&);
65
66     void prepareRedirectedRequest(WebCore::ResourceRequest&);
67
68     WebCore::ResourceError validateResponse(WebCore::ResourceResponse&);
69
70     void setCSPResponseHeaders(WebCore::ContentSecurityPolicyResponseHeaders&& headers) { m_cspResponseHeaders = WTFMove(headers); }
71 #if ENABLE(CONTENT_EXTENSIONS)
72     void setContentExtensionController(URL&& mainDocumentURL, std::optional<UserContentControllerIdentifier> identifier)
73     {
74         m_mainDocumentURL = WTFMove(mainDocumentURL);
75         m_userContentControllerIdentifier = identifier;
76     }
77 #endif
78
79     const URL& url() const { return m_url; }
80     WebCore::StoredCredentialsPolicy storedCredentialsPolicy() const { return m_storedCredentialsPolicy; }
81
82     WebCore::NetworkLoadInformation takeNetworkLoadInformation() { return WTFMove(m_loadInformation); }
83     void storeRedirectionIfNeeded(const WebCore::ResourceRequest&, const WebCore::ResourceResponse&);
84
85     void enableContentExtensionsCheck() { m_checkContentExtensions = true; }
86
87 private:
88     WebCore::ContentSecurityPolicy* contentSecurityPolicy();
89     bool isChecking() const { return !!m_corsPreflightChecker; }
90     bool isRedirected() const { return m_redirectCount; }
91
92     void checkRequest(WebCore::ResourceRequest&&, WebCore::ContentSecurityPolicyClient*, ValidationHandler&&);
93
94     bool isAllowedByContentSecurityPolicy(const WebCore::ResourceRequest&, WebCore::ContentSecurityPolicyClient*);
95
96     void continueCheckingRequest(WebCore::ResourceRequest&&, ValidationHandler&&);
97
98     bool doesNotNeedCORSCheck(const URL&) const;
99     void checkCORSRequest(WebCore::ResourceRequest&&, ValidationHandler&&);
100     void checkCORSRedirectedRequest(WebCore::ResourceRequest&&, ValidationHandler&&);
101     void checkCORSRequestWithPreflight(WebCore::ResourceRequest&&, ValidationHandler&&);
102
103     RequestOrError accessControlErrorForValidationHandler(String&&);
104
105 #if ENABLE(CONTENT_EXTENSIONS)
106     struct ContentExtensionResult {
107         WebCore::ResourceRequest request;
108         const WebCore::ContentExtensions::BlockedStatus& status;
109     };
110     using ContentExtensionResultOrError = Expected<ContentExtensionResult, WebCore::ResourceError>;
111     using ContentExtensionCallback = CompletionHandler<void(ContentExtensionResultOrError)>;
112     void processContentExtensionRulesForLoad(WebCore::ResourceRequest&&, ContentExtensionCallback&&);
113 #endif
114     WebCore::FetchOptions m_options;
115     WebCore::StoredCredentialsPolicy m_storedCredentialsPolicy;
116     PAL::SessionID m_sessionID;
117     uint64_t m_pageID;
118     uint64_t m_frameID;
119     WebCore::HTTPHeaderMap m_originalRequestHeaders; // Needed for CORS checks.
120     WebCore::HTTPHeaderMap m_firstRequestHeaders; // Needed for CORS checks.
121     URL m_url;
122     RefPtr<WebCore::SecurityOrigin> m_origin;
123     std::optional<WebCore::ContentSecurityPolicyResponseHeaders> m_cspResponseHeaders;
124 #if ENABLE(CONTENT_EXTENSIONS)
125     URL m_mainDocumentURL;
126     std::optional<UserContentControllerIdentifier> m_userContentControllerIdentifier;
127 #endif
128
129     std::unique_ptr<NetworkCORSPreflightChecker> m_corsPreflightChecker;
130     bool m_isSameOriginRequest { true };
131     bool m_isSimpleRequest { true };
132     std::unique_ptr<WebCore::ContentSecurityPolicy> m_contentSecurityPolicy;
133     size_t m_redirectCount { 0 };
134     URL m_previousURL;
135     WebCore::PreflightPolicy m_preflightPolicy;
136     String m_dntHeaderValue;
137     String m_referrer;
138     bool m_checkContentExtensions { false };
139     bool m_shouldCaptureExtraNetworkLoadMetrics { false };
140     WebCore::NetworkLoadInformation m_loadInformation;
141
142 #if ENABLE(HTTPS_UPGRADE)
143     static bool applyHTTPSUpgradeIfNeeded(WebCore::ResourceRequest&);
144 #endif // ENABLE(HTTPS_UPGRADE)
145
146 };
147
148 }