[WTF] Add makeUnique<T>, which ensures T is fast-allocated, makeUnique / makeUniqueWi...
[WebKit-https.git] / Source / WebCore / platform / network / curl / ResourceHandleCurl.cpp
index 46b150f..707d0a6 100644 (file)
@@ -1,7 +1,9 @@
 /*
  * Copyright (C) 2004, 2006 Apple Inc.  All rights reserved.
  * Copyright (C) 2005, 2006 Michael Emmel mike.emmel@gmail.com
+ * Copyright (C) 2017 Sony Interactive Entertainment Inc.
  * All rights reserved.
+ * Copyright (C) 2017 NAVER Corp.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
 
 #if USE(CURL)
 
-#include "CachedResourceLoader.h"
+#include "CookieJar.h"
+#include "CookieJarCurl.h"
 #include "CredentialStorage.h"
-#include "FileSystem.h"
+#include "CurlCacheManager.h"
+#include "CurlContext.h"
+#include "CurlRequest.h"
+#include "HTTPParsers.h"
 #include "Logging.h"
-#include "NetworkingContext.h"
-#include "NotImplemented.h"
+#include "NetworkStorageSession.h"
 #include "ResourceHandleInternal.h"
-#include "ResourceHandleManager.h"
-#include "SSLHandle.h"
+#include "SameSiteInfo.h"
+#include "SharedBuffer.h"
+#include "SynchronousLoaderClient.h"
+#include "TextEncoding.h"
+#include <wtf/CompletionHandler.h>
+#include <wtf/FileSystem.h>
+#include <wtf/text/Base64.h>
 
 namespace WebCore {
 
-class WebCoreSynchronousLoader : public ResourceHandleClient {
-public:
-    WebCoreSynchronousLoader();
+ResourceHandleInternal::~ResourceHandleInternal()
+{
+    if (m_curlRequest)
+        m_curlRequest->invalidateClient();
+}
 
-    virtual void didReceiveResponse(ResourceHandle*, const ResourceResponse&);
-    virtual void didReceiveData(ResourceHandle*, const char*, unsigned, int encodedDataLength);
-    virtual void didFinishLoading(ResourceHandle*, double /*finishTime*/);
-    virtual void didFail(ResourceHandle*, const ResourceError&);
+ResourceHandle::~ResourceHandle() = default;
 
-    ResourceResponse resourceResponse() const { return m_response; }
-    ResourceError resourceError() const { return m_error; }
-    Vector<char> data() const { return m_data; }
+bool ResourceHandle::start()
+{
+    ASSERT(isMainThread());
 
-private:
-    ResourceResponse m_response;
-    ResourceError m_error;
-    Vector<char> m_data;
-};
+    CurlContext::singleton();
 
-WebCoreSynchronousLoader::WebCoreSynchronousLoader()
-{
-}
+    // The frame could be null if the ResourceHandle is not associated to any
+    // Frame, e.g. if we are downloading a file.
+    // If the frame is not null but the page is null this must be an attempted
+    // load from an unload handler, so let's just block it.
+    // If both the frame and the page are not null the context is valid.
+    if (d->m_context && !d->m_context->isValid())
+        return false;
 
-void WebCoreSynchronousLoader::didReceiveResponse(ResourceHandle*, const ResourceResponse& response)
-{
-    m_response = response;
-}
+    // Only allow the POST and GET methods for non-HTTP requests.
+    auto request = firstRequest();
+    if (!request.url().protocolIsInHTTPFamily() && request.httpMethod() != "GET" && request.httpMethod() != "POST") {
+        scheduleFailure(InvalidURLFailure); // Error must not be reported immediately
+        return true;
+    }
 
-void WebCoreSynchronousLoader::didReceiveData(ResourceHandle*, const char* data, unsigned length, int)
-{
-    m_data.append(data, length);
-}
+    d->m_startTime = MonotonicTime::now();
 
-void WebCoreSynchronousLoader::didFinishLoading(ResourceHandle*, double)
-{
+    d->m_curlRequest = createCurlRequest(WTFMove(request));
+
+    if (auto credential = getCredential(d->m_firstRequest, false)) {
+        d->m_curlRequest->setUserPass(credential->user(), credential->password());
+        d->m_curlRequest->setAuthenticationScheme(ProtectionSpaceAuthenticationSchemeHTTPBasic);
+    }
+
+    d->m_curlRequest->setStartTime(d->m_startTime);
+    d->m_curlRequest->start();
+
+    return true;
 }
 
-void WebCoreSynchronousLoader::didFail(ResourceHandle*, const ResourceError& error)
+void ResourceHandle::cancel()
 {
-    m_error = error;
+    ASSERT(isMainThread());
+
+    d->m_cancelled = true;
+
+    if (d->m_curlRequest)
+        d->m_curlRequest->cancel();
 }
 
-ResourceHandleInternal::~ResourceHandleInternal()
+bool ResourceHandle::cancelledOrClientless()
 {
-    fastFree(m_url);
-    if (m_customHeaders)
-        curl_slist_free_all(m_customHeaders);
+    if (d->m_cancelled)
+        return true;
+
+    return !client();
 }
 
-ResourceHandle::~ResourceHandle()
+void ResourceHandle::addCacheValidationHeaders(ResourceRequest& request)
 {
-    cancel();
+    ASSERT(isMainThread());
+
+    d->m_addedCacheValidationHeaders = false;
+
+    auto hasCacheHeaders = request.httpHeaderFields().contains(HTTPHeaderName::IfModifiedSince) || request.httpHeaderFields().contains(HTTPHeaderName::IfNoneMatch);
+    if (hasCacheHeaders)
+        return;
+
+    auto& cache = CurlCacheManager::singleton();
+    URL cacheUrl = request.url();
+    cacheUrl.removeFragmentIdentifier();
+
+    if (cache.isCached(cacheUrl)) {
+        cache.addCacheEntryClient(cacheUrl, this);
+
+        for (const auto& entry : cache.requestHeaders(cacheUrl))
+            request.addHTTPHeaderField(entry.key, entry.value);
+
+        d->m_addedCacheValidationHeaders = true;
+    }
 }
 
-bool ResourceHandle::start()
+Ref<CurlRequest> ResourceHandle::createCurlRequest(ResourceRequest&& request, RequestStatus status)
 {
-    // The frame could be null if the ResourceHandle is not associated to any
-    // Frame, e.g. if we are downloading a file.
-    // If the frame is not null but the page is null this must be an attempted
-    // load from an unload handler, so let's just block it.
-    // If both the frame and the page are not null the context is valid.
-    if (d->m_context && !d->m_context->isValid())
-        return false;
+    ASSERT(isMainThread());
 
-    ResourceHandleManager::sharedInstance()->add(this);
-    return true;
+    if (status == RequestStatus::NewRequest) {
+        addCacheValidationHeaders(request);
+
+        auto& storageSession = *d->m_context->storageSession();
+        auto& cookieJar = storageSession.cookieStorage();
+        auto includeSecureCookies = request.url().protocolIs("https") ? IncludeSecureCookies::Yes : IncludeSecureCookies::No;
+        String cookieHeaderField = cookieJar.cookieRequestHeaderFieldValue(storageSession, request.firstPartyForCookies(), SameSiteInfo::create(request), request.url(), WTF::nullopt, WTF::nullopt, includeSecureCookies).first;
+        if (!cookieHeaderField.isEmpty())
+            request.addHTTPHeaderField(HTTPHeaderName::Cookie, cookieHeaderField);
+    }
+
+    CurlRequest::ShouldSuspend shouldSuspend = d->m_defersLoading ? CurlRequest::ShouldSuspend::Yes : CurlRequest::ShouldSuspend::No;
+    // FIXME: Use a correct sessionID.
+    auto curlRequest = CurlRequest::create(request, *delegate(), PAL::SessionID::emptySessionID(), shouldSuspend, CurlRequest::EnableMultipart::Yes, CurlRequest::CaptureNetworkLoadMetrics::Basic, d->m_messageQueue);
+    
+    return curlRequest;
 }
 
-void ResourceHandle::cancel()
+CurlResourceHandleDelegate* ResourceHandle::delegate()
 {
-    ResourceHandleManager::sharedInstance()->cancel(this);
+    if (!d->m_delegate)
+        d->m_delegate = makeUnique<CurlResourceHandleDelegate>(*this);
+
+    return d->m_delegate.get();
 }
 
+#if OS(WINDOWS)
+
 void ResourceHandle::setHostAllowsAnyHTTPSCertificate(const String& host)
 {
-    allowsAnyHTTPSCertificateHosts(host);
+    ASSERT(isMainThread());
+
+    CurlContext::singleton().sslHandle().allowAnyHTTPSCertificatesForHost(host);
 }
 
 void ResourceHandle::setClientCertificateInfo(const String& host, const String& certificate, const String& key)
 {
-    if (fileExists(certificate))
-        addAllowedClientCertificate(host, certificate, key);
+    ASSERT(isMainThread());
+
+    if (FileSystem::fileExists(certificate))
+        CurlContext::singleton().sslHandle().setClientCertificateInfo(host, certificate, key);
     else
         LOG(Network, "Invalid client certificate file: %s!\n", certificate.latin1().data());
 }
 
-#if PLATFORM(WIN) && USE(CF)
+#endif
+
+#if OS(WINDOWS) && USE(CF)
 
 void ResourceHandle::setClientCertificate(const String&, CFDataRef)
 {
@@ -138,20 +199,20 @@ void ResourceHandle::setClientCertificate(const String&, CFDataRef)
 
 void ResourceHandle::platformSetDefersLoading(bool defers)
 {
-    if (!d->m_handle)
+    ASSERT(isMainThread());
+
+    if (defers == d->m_defersLoading)
         return;
 
-    if (defers) {
-        CURLcode error = curl_easy_pause(d->m_handle, CURLPAUSE_ALL);
-        // If we could not defer the handle, so don't do it.
-        if (error != CURLE_OK)
-            return;
-    } else {
-        CURLcode error = curl_easy_pause(d->m_handle, CURLPAUSE_CONT);
-        if (error != CURLE_OK)
-            // Restarting the handle has failed so just cancel it.
-            cancel();
-    }
+    d->m_defersLoading = defers;
+
+    if (!d->m_curlRequest)
+        return;
+
+    if (d->m_defersLoading)
+        d->m_curlRequest->suspend();
+    else
+        d->m_curlRequest->resume();
 }
 
 bool ResourceHandle::shouldUseCredentialStorage()
@@ -159,32 +220,21 @@ bool ResourceHandle::shouldUseCredentialStorage()
     return (!client() || client()->shouldUseCredentialStorage(this)) && firstRequest().url().protocolIsInHTTPFamily();
 }
 
-void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& data)
+void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
 {
-    WebCoreSynchronousLoader syncLoader;
-    RefPtr<ResourceHandle> handle = adoptRef(new ResourceHandle(context, request, &syncLoader, true, false));
-
-    ResourceHandleManager* manager = ResourceHandleManager::sharedInstance();
+    ASSERT(isMainThread());
 
-    manager->dispatchSynchronousJob(handle.get());
-
-    error = syncLoader.resourceError();
-    data = syncLoader.data();
-    response = syncLoader.resourceResponse();
-}
+    String partition = firstRequest().cachePartition();
 
-void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
-{
     if (!d->m_user.isNull() && !d->m_pass.isNull()) {
         Credential credential(d->m_user, d->m_pass, CredentialPersistenceNone);
 
         URL urlToStore;
         if (challenge.failureResponse().httpStatusCode() == 401)
             urlToStore = challenge.failureResponse().url();
-        CredentialStorage::defaultCredentialStorage().set(credential, challenge.protectionSpace(), urlToStore);
-        
-        String userpass = credential.user() + ":" + credential.password();
-        curl_easy_setopt(d->m_handle, CURLOPT_USERPWD, userpass.utf8().data());
+        d->m_context->storageSession()->credentialStorage().set(partition, credential, challenge.protectionSpace(), urlToStore);
+
+        restartRequestWithCredential(challenge.protectionSpace(), credential);
 
         d->m_user = String();
         d->m_pass = String();
@@ -197,32 +247,36 @@ void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChall
             // The stored credential wasn't accepted, stop using it.
             // There is a race condition here, since a different credential might have already been stored by another ResourceHandle,
             // but the observable effect should be very minor, if any.
-            CredentialStorage::defaultCredentialStorage().remove(challenge.protectionSpace());
+            d->m_context->storageSession()->credentialStorage().remove(partition, challenge.protectionSpace());
         }
 
         if (!challenge.previousFailureCount()) {
-            Credential credential = CredentialStorage::defaultCredentialStorage().get(challenge.protectionSpace());
+            Credential credential = d->m_context->storageSession()->credentialStorage().get(partition, challenge.protectionSpace());
             if (!credential.isEmpty() && credential != d->m_initialCredential) {
                 ASSERT(credential.persistence() == CredentialPersistenceNone);
                 if (challenge.failureResponse().httpStatusCode() == 401) {
                     // Store the credential back, possibly adding it as a default for this directory.
-                    CredentialStorage::defaultCredentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url());
+                    d->m_context->storageSession()->credentialStorage().set(partition, credential, challenge.protectionSpace(), challenge.failureResponse().url());
                 }
-                String userpass = credential.user() + ":" + credential.password();
-                curl_easy_setopt(d->m_handle, CURLOPT_USERPWD, userpass.utf8().data());
+
+                restartRequestWithCredential(challenge.protectionSpace(), credential);
                 return;
             }
         }
     }
 
     d->m_currentWebChallenge = challenge;
-    
-    if (client())
+
+    if (client()) {
+        auto protectedThis = makeRef(*this);
         client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
+    }
 }
 
 void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
 {
+    ASSERT(isMainThread());
+
     if (challenge != d->m_currentWebChallenge)
         return;
 
@@ -231,37 +285,45 @@ void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge
         return;
     }
 
+    String partition = firstRequest().cachePartition();
+
     if (shouldUseCredentialStorage()) {
         if (challenge.failureResponse().httpStatusCode() == 401) {
             URL urlToStore = challenge.failureResponse().url();
-            CredentialStorage::defaultCredentialStorage().set(credential, challenge.protectionSpace(), urlToStore);
+            d->m_context->storageSession()->credentialStorage().set(partition, credential, challenge.protectionSpace(), urlToStore);
         }
     }
 
-    String userpass = credential.user() + ":" + credential.password();
-    curl_easy_setopt(d->m_handle, CURLOPT_USERPWD, userpass.utf8().data());
+    restartRequestWithCredential(challenge.protectionSpace(), credential);
 
     clearAuthentication();
 }
 
 void ResourceHandle::receivedRequestToContinueWithoutCredential(const AuthenticationChallenge& challenge)
 {
+    ASSERT(isMainThread());
+
     if (challenge != d->m_currentWebChallenge)
         return;
 
-    String userpass = emptyString();
-    curl_easy_setopt(d->m_handle, CURLOPT_USERPWD, userpass.utf8().data());
-
     clearAuthentication();
+
+    didReceiveResponse(ResourceResponse(delegate()->response()), [this, protectedThis = makeRef(*this)] {
+        continueAfterDidReceiveResponse();
+    });
 }
 
 void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
 {
+    ASSERT(isMainThread());
+
     if (challenge != d->m_currentWebChallenge)
         return;
 
-    if (client())
+    if (client()) {
+        auto protectedThis = makeRef(*this);
         client()->receivedCancellation(this, challenge);
+    }
 }
 
 void ResourceHandle::receivedRequestToPerformDefaultHandling(const AuthenticationChallenge&)
@@ -274,6 +336,267 @@ void ResourceHandle::receivedChallengeRejection(const AuthenticationChallenge&)
     ASSERT_NOT_REACHED();
 }
 
+Optional<Credential> ResourceHandle::getCredential(const ResourceRequest& request, bool redirect)
+{
+    // m_user/m_pass are credentials given manually, for instance, by the arguments passed to XMLHttpRequest.open().
+    Credential credential { d->m_user, d->m_pass, CredentialPersistenceNone };
+
+    if (shouldUseCredentialStorage()) {
+        String partition = request.cachePartition();
+
+        if (credential.isEmpty()) {
+            // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, 
+            // try and reuse the credential preemptively, as allowed by RFC 2617.
+            d->m_initialCredential = d->m_context->storageSession()->credentialStorage().get(partition, request.url());
+        } else if (!redirect) {
+            // If there is already a protection space known for the URL, update stored credentials
+            // before sending a request. This makes it possible to implement logout by sending an
+            // XMLHttpRequest with known incorrect credentials, and aborting it immediately (so that
+            // an authentication dialog doesn't pop up).
+            d->m_context->storageSession()->credentialStorage().set(partition, credential, request.url());
+        }
+    }
+
+    if (!d->m_initialCredential.isEmpty())
+        return d->m_initialCredential;
+
+    return WTF::nullopt;
+}
+
+void ResourceHandle::restartRequestWithCredential(const ProtectionSpace& protectionSpace, const Credential& credential)
+{
+    ASSERT(isMainThread());
+
+    if (!d->m_curlRequest)
+        return;
+    
+    auto previousRequest = d->m_curlRequest->resourceRequest();
+    d->m_curlRequest->cancel();
+
+    d->m_curlRequest = createCurlRequest(WTFMove(previousRequest), RequestStatus::ReusedRequest);
+    d->m_curlRequest->setAuthenticationScheme(protectionSpace.authenticationScheme());
+    d->m_curlRequest->setUserPass(credential.user(), credential.password());
+    d->m_curlRequest->setStartTime(d->m_startTime);
+    d->m_curlRequest->start();
+}
+
+void ResourceHandle::platformLoadResourceSynchronously(NetworkingContext* context, const ResourceRequest& request, StoredCredentialsPolicy storedCredentialsPolicy, ResourceError& error, ResourceResponse& response, Vector<char>& data)
+{
+    ASSERT(isMainThread());
+    ASSERT(!request.isEmpty());
+
+    SynchronousLoaderClient client;
+    client.setAllowStoredCredentials(storedCredentialsPolicy == StoredCredentialsPolicy::Use);
+
+    bool defersLoading = false;
+    bool shouldContentSniff = true;
+    bool shouldContentEncodingSniff = true;
+    RefPtr<ResourceHandle> handle = adoptRef(new ResourceHandle(context, request, &client, defersLoading, shouldContentSniff, shouldContentEncodingSniff));
+    handle->d->m_messageQueue = &client.messageQueue();
+    handle->d->m_startTime = MonotonicTime::now();
+
+    if (request.url().protocolIsData()) {
+        handle->handleDataURL();
+        return;
+    }
+
+    auto requestCopy = handle->firstRequest();
+    handle->d->m_curlRequest = handle->createCurlRequest(WTFMove(requestCopy));
+
+    if (auto credential = handle->getCredential(handle->d->m_firstRequest, false)) {
+        handle->d->m_curlRequest->setUserPass(credential->user(), credential->password());
+        handle->d->m_curlRequest->setAuthenticationScheme(ProtectionSpaceAuthenticationSchemeHTTPBasic);
+    }
+
+    handle->d->m_curlRequest->setStartTime(handle->d->m_startTime);
+    handle->d->m_curlRequest->start();
+
+    do {
+        if (auto task = client.messageQueue().waitForMessage())
+            (*task)();
+    } while (!client.messageQueue().killed() && !handle->cancelledOrClientless());
+
+    error = client.error();
+    data.swap(client.mutableData());
+    response = client.response();
+}
+
+void ResourceHandle::platformContinueSynchronousDidReceiveResponse()
+{
+    ASSERT(isMainThread());
+
+    continueAfterDidReceiveResponse();
+}
+
+void ResourceHandle::continueAfterDidReceiveResponse()
+{
+    ASSERT(isMainThread());
+
+    // continueDidReceiveResponse might cancel the load.
+    if (cancelledOrClientless() || !d->m_curlRequest)
+        return;
+
+    d->m_curlRequest->completeDidReceiveResponse();
+}
+
+bool ResourceHandle::shouldRedirectAsGET(const ResourceRequest& request, bool crossOrigin)
+{
+    if (request.httpMethod() == "GET" || request.httpMethod() == "HEAD")
+        return false;
+
+    if (!request.url().protocolIsInHTTPFamily())
+        return true;
+
+    if (delegate()->response().isSeeOther())
+        return true;
+
+    if ((delegate()->response().isMovedPermanently() || delegate()->response().isFound()) && (request.httpMethod() == "POST"))
+        return true;
+
+    if (crossOrigin && (request.httpMethod() == "DELETE"))
+        return true;
+
+    return false;
+}
+
+void ResourceHandle::willSendRequest()
+{
+    ASSERT(isMainThread());
+
+    static const int maxRedirects = 20;
+
+    if (d->m_redirectCount++ > maxRedirects) {
+        client()->didFail(this, ResourceError::httpError(CURLE_TOO_MANY_REDIRECTS, delegate()->response().url()));
+        return;
+    }
+
+    String location = delegate()->response().httpHeaderField(HTTPHeaderName::Location);
+    URL newURL = URL(delegate()->response().url(), location);
+    bool crossOrigin = !protocolHostAndPortAreEqual(d->m_firstRequest.url(), newURL);
+
+    ResourceRequest newRequest = d->m_firstRequest;
+    newRequest.setURL(newURL);
+
+    if (shouldRedirectAsGET(newRequest, crossOrigin)) {
+        newRequest.setHTTPMethod("GET");
+        newRequest.setHTTPBody(nullptr);
+        newRequest.clearHTTPContentType();
+    }
+
+    // Should not set Referer after a redirect from a secure resource to non-secure one.
+    if (!newURL.protocolIs("https") && protocolIs(newRequest.httpReferrer(), "https") && context()->shouldClearReferrerOnHTTPSToHTTPRedirect())
+        newRequest.clearHTTPReferrer();
+
+    d->m_user = newURL.user();
+    d->m_pass = newURL.pass();
+    newRequest.removeCredentials();
+
+    if (crossOrigin) {
+        // If the network layer carries over authentication headers from the original request
+        // in a cross-origin redirect, we want to clear those headers here. 
+        newRequest.clearHTTPAuthorization();
+        newRequest.clearHTTPOrigin();
+        d->m_startTime = WTF::MonotonicTime::now();
+    }
+
+    ResourceResponse responseCopy = delegate()->response();
+    client()->willSendRequestAsync(this, WTFMove(newRequest), WTFMove(responseCopy), [this, protectedThis = makeRef(*this)] (ResourceRequest&& request) {
+        continueAfterWillSendRequest(WTFMove(request));
+    });
+}
+
+void ResourceHandle::continueAfterWillSendRequest(ResourceRequest&& request)
+{
+    ASSERT(isMainThread());
+
+    // willSendRequest might cancel the load.
+    if (cancelledOrClientless() || !d->m_curlRequest)
+        return;
+
+    if (request.isNull()) {
+        cancel();
+        return;
+    }
+
+    auto shouldForwardCredential = protocolHostAndPortAreEqual(request.url(), delegate()->response().url());
+    auto credential = getCredential(request, true);
+
+    d->m_curlRequest->cancel();
+    d->m_curlRequest = createCurlRequest(WTFMove(request));
+
+    if (shouldForwardCredential && credential)
+        d->m_curlRequest->setUserPass(credential->user(), credential->password());
+
+    d->m_curlRequest->setStartTime(d->m_startTime);
+    d->m_curlRequest->start();
+}
+
+void ResourceHandle::handleDataURL()
+{
+    ASSERT(d->m_firstRequest.url().protocolIsData());
+    String url = d->m_firstRequest.url().string();
+
+    ASSERT(client());
+
+    auto index = url.find(',');
+    if (index == notFound) {
+        client()->cannotShowURL(this);
+        return;
+    }
+
+    String mediaType = url.substring(5, index - 5);
+    String data = url.substring(index + 1);
+    auto originalSize = data.length();
+
+    bool base64 = mediaType.endsWithIgnoringASCIICase(";base64");
+    if (base64)
+        mediaType = mediaType.left(mediaType.length() - 7);
+
+    if (mediaType.isEmpty())
+        mediaType = "text/plain"_s;
+
+    String mimeType = extractMIMETypeFromMediaType(mediaType);
+    String charset = extractCharsetFromMediaType(mediaType);
+
+    if (charset.isEmpty())
+        charset = "US-ASCII"_s;
+
+    ResourceResponse response;
+    response.setMimeType(mimeType);
+    response.setTextEncodingName(charset);
+    response.setURL(d->m_firstRequest.url());
+
+    if (base64) {
+        data = decodeURLEscapeSequences(data);
+        didReceiveResponse(WTFMove(response), [this, protectedThis = makeRef(*this)] {
+            continueAfterDidReceiveResponse();
+        });
+
+        // didReceiveResponse might cause the client to be deleted.
+        if (client()) {
+            Vector<char> out;
+            if (base64Decode(data, out, Base64IgnoreSpacesAndNewLines) && out.size() > 0)
+                client()->didReceiveBuffer(this, SharedBuffer::create(out.data(), out.size()), originalSize);
+        }
+    } else {
+        TextEncoding encoding(charset);
+        data = decodeURLEscapeSequences(data, encoding);
+        didReceiveResponse(WTFMove(response), [this, protectedThis = makeRef(*this)] {
+            continueAfterDidReceiveResponse();
+        });
+
+        // didReceiveResponse might cause the client to be deleted.
+        if (client()) {
+            auto encodedData = encoding.encode(data, UnencodableHandling::URLEncodedEntities);
+            if (encodedData.size())
+                client()->didReceiveBuffer(this, SharedBuffer::create(WTFMove(encodedData)), originalSize);
+        }
+    }
+
+    if (client())
+        client()->didFinishLoading(this);
+}
+
 } // namespace WebCore
 
 #endif