2 * Copyright (C) 2006-2017 Apple Inc. All rights reserved.
3 * Copyright (C) 2011 Google Inc. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of Apple Inc. ("Apple") nor the names of
15 * its contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
19 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 #include "DocumentLoader.h"
33 #include "ApplicationCacheHost.h"
35 #include "ArchiveResourceCollection.h"
36 #include "CachedPage.h"
37 #include "CachedRawResource.h"
38 #include "CachedResourceLoader.h"
39 #include "ContentExtensionError.h"
40 #include "ContentSecurityPolicy.h"
41 #include "DOMWindow.h"
43 #include "DocumentParser.h"
44 #include "DocumentWriter.h"
45 #include "ElementChildIterator.h"
47 #include "EventNames.h"
48 #include "ExtensionStyleSheets.h"
49 #include "FormState.h"
50 #include "FrameLoader.h"
51 #include "FrameLoaderClient.h"
52 #include "FrameTree.h"
53 #include "HTMLFormElement.h"
54 #include "HTMLFrameOwnerElement.h"
55 #include "HTTPHeaderField.h"
56 #include "HTTPHeaderNames.h"
57 #include "HistoryItem.h"
58 #include "IconLoader.h"
59 #include "InspectorInstrumentation.h"
60 #include "LinkIconCollector.h"
61 #include "LinkIconType.h"
63 #include "MainFrame.h"
64 #include "MemoryCache.h"
65 #include "NetworkLoadMetrics.h"
67 #include "PolicyChecker.h"
68 #include "ProgressTracker.h"
69 #include "ResourceHandle.h"
70 #include "ResourceLoadObserver.h"
71 #include "SWClientConnection.h"
72 #include "SchemeRegistry.h"
73 #include "ScriptableDocumentParser.h"
74 #include "SecurityPolicy.h"
75 #include "ServiceWorker.h"
76 #include "ServiceWorkerProvider.h"
78 #include "SubresourceLoader.h"
79 #include "TextResourceDecoder.h"
80 #include <wtf/Assertions.h>
81 #include <wtf/CompletionHandler.h>
82 #include <wtf/NeverDestroyed.h>
84 #include <wtf/text/CString.h>
85 #include <wtf/text/WTFString.h>
87 #if ENABLE(APPLICATION_MANIFEST)
88 #include "ApplicationManifestLoader.h"
89 #include "HTMLHeadElement.h"
90 #include "HTMLLinkElement.h"
93 #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
94 #include "ArchiveFactory.h"
97 #if ENABLE(CONTENT_FILTERING)
98 #include "ContentFilter.h"
102 #include "PreviewConverter.h"
103 #include "QuickLook.h"
106 #define RELEASE_LOG_IF_ALLOWED(fmt, ...) RELEASE_LOG_IF(isAlwaysOnLoggingAllowed(), Network, "%p - DocumentLoader::" fmt, this, ##__VA_ARGS__)
110 static void cancelAll(const ResourceLoaderMap& loaders)
112 for (auto& loader : copyToVector(loaders.values()))
116 static void setAllDefersLoading(const ResourceLoaderMap& loaders, bool defers)
118 for (auto& loader : copyToVector(loaders.values()))
119 loader->setDefersLoading(defers);
122 static bool areAllLoadersPageCacheAcceptable(const ResourceLoaderMap& loaders)
124 for (auto& loader : copyToVector(loaders.values())) {
125 if (!loader->frameLoader() || !loader->frameLoader()->frame().page())
128 CachedResource* cachedResource = MemoryCache::singleton().resourceForRequest(loader->request(), loader->frameLoader()->frame().page()->sessionID());
132 // Only image and XHR loads do prevent the page from entering the PageCache.
133 // All non-image loads will prevent the page from entering the PageCache.
134 if (!cachedResource->isImage() && !cachedResource->areAllClientsXMLHttpRequests())
140 DocumentLoader::DocumentLoader(const ResourceRequest& request, const SubstituteData& substituteData)
141 : FrameDestructionObserver(nullptr)
142 , m_cachedResourceLoader(CachedResourceLoader::create(this))
144 , m_originalRequest(request)
145 , m_substituteData(substituteData)
146 , m_originalRequestCopy(request)
148 , m_originalSubstituteDataWasValid(substituteData.isValid())
149 , m_substituteResourceDeliveryTimer(*this, &DocumentLoader::substituteResourceDeliveryTimerFired)
150 , m_dataLoadTimer(*this, &DocumentLoader::handleSubstituteDataLoadNow)
151 , m_applicationCacheHost(std::make_unique<ApplicationCacheHost>(*this))
155 FrameLoader* DocumentLoader::frameLoader() const
159 return &m_frame->loader();
162 SubresourceLoader* DocumentLoader::mainResourceLoader() const
166 return m_mainResource->loader();
169 DocumentLoader::~DocumentLoader()
171 ASSERT(!m_frame || !isLoading() || frameLoader()->activeDocumentLoader() != this);
172 ASSERT_WITH_MESSAGE(!m_waitingForContentPolicy, "The content policy callback should never outlive its DocumentLoader.");
173 ASSERT_WITH_MESSAGE(!m_waitingForNavigationPolicy, "The navigation policy callback should never outlive its DocumentLoader.");
175 m_cachedResourceLoader->clearDocumentLoader();
179 RefPtr<SharedBuffer> DocumentLoader::mainResourceData() const
181 if (m_substituteData.isValid())
182 return m_substituteData.content()->copy();
184 return m_mainResource->resourceBuffer();
188 Document* DocumentLoader::document() const
190 if (m_frame && m_frame->loader().documentLoader() == this)
191 return m_frame->document();
195 void DocumentLoader::replaceRequestURLForSameDocumentNavigation(const URL& url)
197 m_originalRequestCopy.setURL(url);
198 m_request.setURL(url);
201 void DocumentLoader::setRequest(const ResourceRequest& req)
203 // Replacing an unreachable URL with alternate content looks like a server-side
204 // redirect at this point, but we can replace a committed dataSource.
205 bool handlingUnreachableURL = false;
207 handlingUnreachableURL = m_substituteData.isValid() && !m_substituteData.failingURL().isEmpty();
209 bool shouldNotifyAboutProvisionalURLChange = false;
210 if (handlingUnreachableURL)
212 else if (isLoadingMainResource() && req.url() != m_request.url())
213 shouldNotifyAboutProvisionalURLChange = true;
215 // We should never be getting a redirect callback after the data
216 // source is committed, except in the unreachable URL case. It
217 // would be a WebFoundation bug if it sent a redirect callback after commit.
218 ASSERT(!m_committed);
221 if (shouldNotifyAboutProvisionalURLChange)
222 frameLoader()->client().dispatchDidChangeProvisionalURL();
225 void DocumentLoader::setMainDocumentError(const ResourceError& error)
227 m_mainDocumentError = error;
228 frameLoader()->client().setMainDocumentError(this, error);
231 void DocumentLoader::mainReceivedError(const ResourceError& error)
233 ASSERT(!error.isNull());
238 if (m_identifierForLoadWithoutResourceLoader) {
239 ASSERT(!mainResourceLoader());
240 frameLoader()->client().dispatchDidFailLoading(this, m_identifierForLoadWithoutResourceLoader, error);
243 // There is a bug in CFNetwork where callbacks can be dispatched even when loads are deferred.
244 // See <rdar://problem/6304600> for more details.
246 ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading());
249 m_applicationCacheHost->failedLoadingMainResource();
251 setMainDocumentError(error);
252 clearMainResourceLoader();
253 frameLoader()->receivedMainResourceError(error);
256 // Cancels the data source's pending loads. Conceptually, a data source only loads
257 // one document at a time, but one document may have many related resources.
258 // stopLoading will stop all loads initiated by the data source,
259 // but not loads initiated by child frames' data sources -- that's the WebFrame's job.
260 void DocumentLoader::stopLoading()
262 RefPtr<Frame> protectedFrame(m_frame);
263 Ref<DocumentLoader> protectedThis(*this);
265 // In some rare cases, calling FrameLoader::stopLoading could cause isLoading() to return false.
266 // (This can happen when there's a single XMLHttpRequest currently loading and stopLoading causes it
267 // to stop loading. Because of this, we need to save it so we don't return early.
268 bool loading = isLoading();
270 // We may want to audit the existing subresource loaders when we are on a page which has completed
271 // loading but there are subresource loads during cancellation. This must be done before the
272 // frame->stopLoading() call, which may evict the CachedResources, which we rely on to check
273 // the type of the resource loads.
274 if (loading && m_committed && !mainResourceLoader() && !m_subresourceLoaders.isEmpty())
275 m_subresourceLoadersArePageCacheAcceptable = areAllLoadersPageCacheAcceptable(m_subresourceLoaders);
278 // Attempt to stop the frame if the document loader is loading, or if it is done loading but
279 // still parsing. Failure to do so can cause a world leak.
280 Document* doc = m_frame->document();
282 if (loading || doc->parsing())
283 m_frame->loader().stopLoading(UnloadEventPolicyNone);
286 for (auto callbackIdentifier : m_iconLoaders.values())
287 notifyFinishedLoadingIcon(callbackIdentifier, nullptr);
288 m_iconLoaders.clear();
289 m_iconsPendingLoadDecision.clear();
291 #if ENABLE(APPLICATION_MANIFEST)
292 for (auto callbackIdentifier : m_applicationManifestLoaders.values())
293 notifyFinishedLoadingApplicationManifest(callbackIdentifier, std::nullopt);
294 m_applicationManifestLoaders.clear();
297 // Always cancel multipart loaders
298 cancelAll(m_multipartSubresourceLoaders);
300 // Appcache uses ResourceHandle directly, DocumentLoader doesn't count these loads.
301 m_applicationCacheHost->stopLoadingInFrame(*m_frame);
303 #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
304 clearArchiveResources();
308 // If something above restarted loading we might run into mysterious crashes like
309 // https://bugs.webkit.org/show_bug.cgi?id=62764 and <rdar://problem/9328684>
310 ASSERT(!isLoading());
314 // We might run in to infinite recursion if we're stopping loading as the result of
315 // detaching from the frame, so break out of that recursion here.
316 // See <rdar://problem/9673866> for more details.
322 // The frame may have been detached from this document by the onunload handler
323 if (auto* frameLoader = DocumentLoader::frameLoader()) {
324 if (isLoadingMainResource()) {
325 // Stop the main resource loader and let it send the cancelled message.
326 cancelMainResourceLoad(frameLoader->cancelledError(m_request));
327 } else if (!m_subresourceLoaders.isEmpty() || !m_plugInStreamLoaders.isEmpty()) {
328 // The main resource loader already finished loading. Set the cancelled error on the
329 // document and let the subresourceLoaders and pluginLoaders send individual cancelled messages below.
330 setMainDocumentError(frameLoader->cancelledError(m_request));
332 // If there are no resource loaders, we need to manufacture a cancelled message.
333 // (A back/forward navigation has no resource loaders because its resources are cached.)
334 mainReceivedError(frameLoader->cancelledError(m_request));
338 // We always need to explicitly cancel the Document's parser when stopping the load.
339 // Otherwise cancelling the parser while starting the next page load might result
340 // in unexpected side effects such as erroneous event dispatch. ( http://webkit.org/b/117112 )
341 if (Document* document = this->document())
342 document->cancelParsing();
344 stopLoadingSubresources();
345 stopLoadingPlugIns();
347 m_isStopping = false;
350 void DocumentLoader::commitIfReady()
354 frameLoader()->commitProvisionalLoad();
358 bool DocumentLoader::isLoading() const
360 // if (document() && document()->hasActiveParser())
362 // FIXME: The above code should be enabled, but it seems to cause
363 // http/tests/security/feed-urls-from-remote.html to timeout on Mac WK1
364 // see http://webkit.org/b/110554 and http://webkit.org/b/110401
366 return isLoadingMainResource() || !m_subresourceLoaders.isEmpty() || !m_plugInStreamLoaders.isEmpty();
369 void DocumentLoader::notifyFinished(CachedResource& resource)
371 #if ENABLE(CONTENT_FILTERING)
372 if (m_contentFilter && !m_contentFilter->continueAfterNotifyFinished(resource))
376 ASSERT_UNUSED(resource, m_mainResource == &resource);
377 ASSERT(m_mainResource);
378 if (!m_mainResource->errorOccurred() && !m_mainResource->wasCanceled()) {
383 if (m_request.cachePolicy() == ReturnCacheDataDontLoad && !m_mainResource->wasCanceled()) {
384 frameLoader()->retryAfterFailedCacheOnlyMainResourceLoad();
388 mainReceivedError(m_mainResource->resourceError());
391 void DocumentLoader::finishedLoading()
393 // There is a bug in CFNetwork where callbacks can be dispatched even when loads are deferred.
394 // See <rdar://problem/6304600> for more details.
396 ASSERT(!m_frame->page()->defersLoading() || frameLoader()->stateMachine().creatingInitialEmptyDocument() || InspectorInstrumentation::isDebuggerPaused(m_frame));
399 Ref<DocumentLoader> protectedThis(*this);
401 if (m_identifierForLoadWithoutResourceLoader) {
402 // A didFinishLoading delegate might try to cancel the load (despite it
403 // being finished). Clear m_identifierForLoadWithoutResourceLoader
404 // before calling dispatchDidFinishLoading so that we don't later try to
405 // cancel the already-finished substitute load.
406 NetworkLoadMetrics emptyMetrics;
407 unsigned long identifier = m_identifierForLoadWithoutResourceLoader;
408 m_identifierForLoadWithoutResourceLoader = 0;
409 frameLoader()->notifier().dispatchDidFinishLoading(this, identifier, emptyMetrics, nullptr);
412 maybeFinishLoadingMultipartContent();
414 MonotonicTime responseEndTime = m_timeOfLastDataReceived ? m_timeOfLastDataReceived : MonotonicTime::now();
415 timing().setResponseEnd(responseEndTime);
421 if (!maybeCreateArchive()) {
422 // If this is an empty document, it will not have actually been created yet. Commit dummy data so that
423 // DocumentWriter::begin() gets called and creates the Document.
426 frameLoader()->client().finishedLoading(this);
430 if (!m_mainDocumentError.isNull())
432 clearMainResourceLoader();
433 if (!frameLoader()->stateMachine().creatingInitialEmptyDocument())
434 frameLoader()->checkLoadComplete();
436 // If the document specified an application cache manifest, it violates the author's intent if we store it in the memory cache
437 // and deny the appcache the chance to intercept it in the future, so remove from the memory cache.
439 if (m_mainResource && m_frame->document()->hasManifest())
440 MemoryCache::singleton().remove(*m_mainResource);
442 m_applicationCacheHost->finishedLoadingMainResource();
445 bool DocumentLoader::isPostOrRedirectAfterPost(const ResourceRequest& newRequest, const ResourceResponse& redirectResponse)
447 if (newRequest.httpMethod() == "POST")
450 int status = redirectResponse.httpStatusCode();
451 if (((status >= 301 && status <= 303) || status == 307)
452 && m_originalRequest.httpMethod() == "POST")
458 void DocumentLoader::handleSubstituteDataLoadNow()
460 ResourceResponse response = m_substituteData.response();
461 if (response.url().isEmpty())
462 response = ResourceResponse(m_request.url(), m_substituteData.mimeType(), m_substituteData.content()->size(), m_substituteData.textEncoding());
464 responseReceived(response);
467 void DocumentLoader::startDataLoadTimer()
469 m_dataLoadTimer.startOneShot(0_s);
471 #if HAVE(RUNLOOP_TIMER)
472 if (SchedulePairHashSet* scheduledPairs = m_frame->page()->scheduledRunLoopPairs())
473 m_dataLoadTimer.schedule(*scheduledPairs);
477 void DocumentLoader::handleSubstituteDataLoadSoon()
479 if (!m_deferMainResourceDataLoad || frameLoader()->loadsSynchronously())
480 handleSubstituteDataLoadNow();
482 startDataLoadTimer();
485 void DocumentLoader::redirectReceived(CachedResource& resource, ResourceRequest&& request, const ResourceResponse& redirectResponse, CompletionHandler<void(ResourceRequest&&)>&& completionHandler)
487 ASSERT_UNUSED(resource, &resource == m_mainResource);
488 willSendRequest(WTFMove(request), redirectResponse, WTFMove(completionHandler));
491 void DocumentLoader::willSendRequest(ResourceRequest&& newRequest, const ResourceResponse& redirectResponse, CompletionHandler<void(ResourceRequest&&)>&& completionHandler)
493 // Note that there are no asserts here as there are for the other callbacks. This is due to the
494 // fact that this "callback" is sent when starting every load, and the state of callback
495 // deferrals plays less of a part in this function in preventing the bad behavior deferring
496 // callbacks is meant to prevent.
497 ASSERT(!newRequest.isNull());
499 bool didReceiveRedirectResponse = !redirectResponse.isNull();
500 if (!frameLoader()->checkIfFormActionAllowedByCSP(newRequest.url(), didReceiveRedirectResponse)) {
501 cancelMainResourceLoad(frameLoader()->cancelledError(newRequest));
502 return completionHandler(WTFMove(newRequest));
505 ASSERT(timing().fetchStart());
506 if (didReceiveRedirectResponse) {
507 // If the redirecting url is not allowed to display content from the target origin,
508 // then block the redirect.
509 Ref<SecurityOrigin> redirectingOrigin(SecurityOrigin::create(redirectResponse.url()));
510 if (!redirectingOrigin.get().canDisplay(newRequest.url())) {
511 FrameLoader::reportLocalLoadFailed(m_frame, newRequest.url().string());
512 cancelMainResourceLoad(frameLoader()->cancelledError(newRequest));
513 return completionHandler(WTFMove(newRequest));
515 if (!portAllowed(newRequest.url())) {
516 FrameLoader::reportBlockedPortFailed(m_frame, newRequest.url().string());
517 cancelMainResourceLoad(frameLoader()->blockedError(newRequest));
518 return completionHandler(WTFMove(newRequest));
520 timing().addRedirect(redirectResponse.url(), newRequest.url());
525 Frame& topFrame = m_frame->tree().top();
527 ASSERT(m_frame->document());
528 ASSERT(topFrame.document());
530 ResourceLoadObserver::shared().logFrameNavigation(*m_frame, topFrame, newRequest, redirectResponse.url());
532 // Update cookie policy base URL as URL changes, except for subframes, which use the
533 // URL of the main frame which doesn't change when we redirect.
534 if (m_frame->isMainFrame())
535 newRequest.setFirstPartyForCookies(newRequest.url());
537 if (!didReceiveRedirectResponse)
538 frameLoader()->client().dispatchWillChangeDocument();
540 // If we're fielding a redirect in response to a POST, force a load from origin, since
541 // this is a common site technique to return to a page viewing some data that the POST
543 // Also, POST requests always load from origin, but this does not affect subresources.
544 if (newRequest.cachePolicy() == UseProtocolCachePolicy && isPostOrRedirectAfterPost(newRequest, redirectResponse))
545 newRequest.setCachePolicy(ReloadIgnoringCacheData);
547 if (&topFrame != m_frame) {
548 if (!m_frame->loader().mixedContentChecker().canDisplayInsecureContent(m_frame->document()->securityOrigin(), MixedContentChecker::ContentType::Active, newRequest.url(), MixedContentChecker::AlwaysDisplayInNonStrictMode::Yes)) {
549 cancelMainResourceLoad(frameLoader()->cancelledError(newRequest));
550 return completionHandler(WTFMove(newRequest));
552 if (!frameLoader()->mixedContentChecker().canDisplayInsecureContent(topFrame.document()->securityOrigin(), MixedContentChecker::ContentType::Active, newRequest.url())) {
553 cancelMainResourceLoad(frameLoader()->cancelledError(newRequest));
554 return completionHandler(WTFMove(newRequest));
558 #if ENABLE(CONTENT_FILTERING)
559 if (m_contentFilter && !m_contentFilter->continueAfterWillSendRequest(newRequest, redirectResponse))
560 return completionHandler(WTFMove(newRequest));
563 setRequest(newRequest);
565 if (didReceiveRedirectResponse) {
566 // We checked application cache for initial URL, now we need to check it for redirected one.
567 ASSERT(!m_substituteData.isValid());
568 m_applicationCacheHost->maybeLoadMainResourceForRedirect(newRequest, m_substituteData);
569 if (m_substituteData.isValid()) {
570 RELEASE_ASSERT(m_mainResource);
571 ResourceLoader* loader = m_mainResource->loader();
572 m_identifierForLoadWithoutResourceLoader = loader ? loader->identifier() : m_mainResource->identifierForLoadWithoutResourceLoader();
576 // FIXME: Ideally we'd stop the I/O until we hear back from the navigation policy delegate
577 // listener. But there's no way to do that in practice. So instead we cancel later if the
578 // listener tells us to. In practice that means the navigation policy needs to be decided
579 // synchronously for these redirect cases.
580 if (!didReceiveRedirectResponse)
581 return completionHandler(WTFMove(newRequest));
583 ASSERT(!m_waitingForNavigationPolicy);
584 m_waitingForNavigationPolicy = true;
585 frameLoader()->policyChecker().checkNavigationPolicy(ResourceRequest(newRequest), didReceiveRedirectResponse, [this, protectedThis = makeRef(*this), completionHandler = WTFMove(completionHandler)] (ResourceRequest&& request, FormState*, bool shouldContinue) mutable {
586 continueAfterNavigationPolicy(request, shouldContinue);
587 completionHandler(WTFMove(request));
591 void DocumentLoader::continueAfterNavigationPolicy(const ResourceRequest&, bool shouldContinue)
593 ASSERT(m_waitingForNavigationPolicy);
594 m_waitingForNavigationPolicy = false;
596 stopLoadingForPolicyChange();
597 else if (m_substituteData.isValid()) {
598 // A redirect resulted in loading substitute data.
599 ASSERT(timing().redirectCount());
601 // We need to remove our reference to the CachedResource in favor of a SubstituteData load.
602 // This will probably trigger the cancellation of the CachedResource's underlying ResourceLoader, though there is a
603 // small chance that the resource is being loaded by a different Frame, preventing the ResourceLoader from being cancelled.
604 // If the ResourceLoader is indeed cancelled, it would normally send resource load callbacks.
605 // However, from an API perspective, this isn't a cancellation. Therefore, sever our relationship with the network load,
606 // but prevent the ResourceLoader from sending ResourceLoadNotifier callbacks.
607 RefPtr<ResourceLoader> resourceLoader = mainResourceLoader();
608 if (resourceLoader) {
609 ASSERT(resourceLoader->shouldSendResourceLoadCallbacks());
610 resourceLoader->setSendCallbackPolicy(DoNotSendCallbacks);
616 resourceLoader->setSendCallbackPolicy(SendCallbacks);
617 handleSubstituteDataLoadSoon();
621 void DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(unsigned long identifier, const ResourceResponse& response)
623 InspectorInstrumentation::continueAfterXFrameOptionsDenied(*m_frame, identifier, *this, response);
624 m_frame->document()->enforceSandboxFlags(SandboxOrigin);
625 if (HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement())
626 ownerElement->dispatchEvent(Event::create(eventNames().loadEvent, false, false));
628 // The load event might have detached this frame. In that case, the load will already have been cancelled during detach.
629 if (FrameLoader* frameLoader = this->frameLoader())
630 cancelMainResourceLoad(frameLoader->cancelledError(m_request));
633 void DocumentLoader::responseReceived(CachedResource& resource, const ResourceResponse& response)
635 ASSERT_UNUSED(resource, m_mainResource == &resource);
636 responseReceived(response);
639 void DocumentLoader::responseReceived(const ResourceResponse& response)
641 #if ENABLE(CONTENT_FILTERING)
642 if (m_contentFilter && !m_contentFilter->continueAfterResponseReceived(response))
646 Ref<DocumentLoader> protectedThis(*this);
647 bool willLoadFallback = m_applicationCacheHost->maybeLoadFallbackForMainResponse(request(), response);
649 // The memory cache doesn't understand the application cache or its caching rules. So if a main resource is served
650 // from the application cache, ensure we don't save the result for future use.
651 if (willLoadFallback)
652 MemoryCache::singleton().remove(*m_mainResource);
654 if (willLoadFallback)
657 ASSERT(m_identifierForLoadWithoutResourceLoader || m_mainResource);
658 unsigned long identifier = m_identifierForLoadWithoutResourceLoader ? m_identifierForLoadWithoutResourceLoader : m_mainResource->identifier();
661 auto url = response.url();
663 ContentSecurityPolicy contentSecurityPolicy(SecurityOrigin::create(url), m_frame);
664 contentSecurityPolicy.didReceiveHeaders(ContentSecurityPolicyResponseHeaders(response));
665 if (!contentSecurityPolicy.allowFrameAncestors(*m_frame, url)) {
666 stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(identifier, response);
670 const auto& commonHeaders = response.httpHeaderFields().commonHeaders();
671 auto it = commonHeaders.find(HTTPHeaderName::XFrameOptions);
672 if (it != commonHeaders.end()) {
673 String content = it->value;
674 if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, url, identifier)) {
675 String message = "Refused to display '" + url.stringCenterEllipsizedToLength() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
676 m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, identifier);
677 stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(identifier, response);
682 // There is a bug in CFNetwork where callbacks can be dispatched even when loads are deferred.
683 // See <rdar://problem/6304600> for more details.
685 ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading());
688 if (m_isLoadingMultipartContent) {
690 m_mainResource->clear();
691 } else if (response.isMultipart())
692 m_isLoadingMultipartContent = true;
694 m_response = response;
696 if (m_identifierForLoadWithoutResourceLoader) {
697 if (m_mainResource && m_mainResource->wasRedirected()) {
698 ASSERT(m_mainResource->status() == CachedResource::Status::Cached);
699 frameLoader()->client().dispatchDidReceiveServerRedirectForProvisionalLoad();
701 addResponse(m_response);
702 frameLoader()->notifier().dispatchDidReceiveResponse(this, m_identifierForLoadWithoutResourceLoader, m_response, 0);
705 ASSERT(!m_waitingForContentPolicy);
706 ASSERT(frameLoader());
707 m_waitingForContentPolicy = true;
709 // Always show content with valid substitute data.
710 if (m_substituteData.isValid()) {
711 continueAfterContentPolicy(PolicyAction::Use);
716 // Respect the hidden FTP Directory Listing pref so it can be tested even if the policy delegate might otherwise disallow it
717 if (m_frame->settings().forceFTPDirectoryListings() && m_response.mimeType() == "application/x-ftp-directory") {
718 continueAfterContentPolicy(PolicyAction::Use);
723 frameLoader()->checkContentPolicy(m_response, [this, protectedThis = makeRef(*this)](PolicyAction policy) {
724 continueAfterContentPolicy(policy);
728 static bool isRemoteWebArchive(const DocumentLoader& documentLoader)
730 using MIMETypeHashSet = HashSet<String, ASCIICaseInsensitiveHash>;
731 static NeverDestroyed<MIMETypeHashSet> webArchiveMIMETypes {
733 ASCIILiteral("application/x-webarchive"),
734 ASCIILiteral("application/x-mimearchive"),
735 ASCIILiteral("multipart/related"),
737 ASCIILiteral("message/rfc822"),
742 const ResourceResponse& response = documentLoader.response();
743 String mimeType = response.mimeType();
744 if (mimeType.isNull() || !webArchiveMIMETypes.get().contains(mimeType))
748 if (isQuickLookPreviewURL(response.url()))
752 return !documentLoader.substituteData().isValid() && !SchemeRegistry::shouldTreatURLSchemeAsLocal(documentLoader.request().url().protocol().toStringWithoutCopying());
755 void DocumentLoader::continueAfterContentPolicy(PolicyAction policy)
757 ASSERT(m_waitingForContentPolicy);
758 m_waitingForContentPolicy = false;
763 case PolicyAction::Use: {
764 // Prevent remote web archives from loading because they can claim to be from any domain and thus avoid cross-domain security checks (4120255).
765 if (!frameLoader()->client().canShowMIMEType(m_response.mimeType()) || isRemoteWebArchive(*this)) {
766 frameLoader()->policyChecker().cannotShowMIMEType(m_response);
767 // Check reachedTerminalState since the load may have already been canceled inside of _handleUnimplementablePolicyWithErrorCode::.
768 stopLoadingForPolicyChange();
774 case PolicyAction::Download: {
775 // m_mainResource can be null, e.g. when loading a substitute resource from application cache.
776 if (!m_mainResource) {
777 mainReceivedError(frameLoader()->client().cannotShowURLError(m_request));
781 if (ResourceLoader* mainResourceLoader = this->mainResourceLoader())
782 InspectorInstrumentation::continueWithPolicyDownload(*m_frame, mainResourceLoader->identifier(), *this, m_response);
784 // When starting the request, we didn't know that it would result in download and not navigation. Now we know that main document URL didn't change.
785 // Download may use this knowledge for purposes unrelated to cookies, notably for setting file quarantine data.
786 frameLoader()->setOriginalURLForDownloadRequest(m_request);
788 PAL::SessionID sessionID = PAL::SessionID::defaultSessionID();
789 if (frame() && frame()->page())
790 sessionID = frame()->page()->sessionID();
792 if (m_request.url().protocolIsData()) {
793 // We decode data URL internally, there is no resource load to convert.
794 frameLoader()->client().startDownload(m_request);
796 frameLoader()->client().convertMainResourceLoadToDownload(this, sessionID, m_request, m_response);
798 // It might have gone missing
799 if (mainResourceLoader())
800 static_cast<ResourceLoader*>(mainResourceLoader())->didFail(interruptedForPolicyChangeError());
803 case PolicyAction::Ignore:
804 if (ResourceLoader* mainResourceLoader = this->mainResourceLoader())
805 InspectorInstrumentation::continueWithPolicyIgnore(*m_frame, mainResourceLoader->identifier(), *this, m_response);
806 stopLoadingForPolicyChange();
810 if (m_response.isHTTP()) {
811 int status = m_response.httpStatusCode(); // Status may be zero when loading substitute data, in particular from a WebArchive.
812 if (status && (status < 200 || status >= 300)) {
813 bool hostedByObject = frameLoader()->isHostedByObjectElement();
815 frameLoader()->handleFallbackContent();
816 // object elements are no longer rendered after we fallback, so don't
817 // keep trying to process data from their load
820 cancelMainResourceLoad(frameLoader()->cancelledError(m_request));
824 if (!isStopping() && m_substituteData.isValid() && isLoadingMainResource()) {
825 auto content = m_substituteData.content();
826 if (content && content->size())
827 dataReceived(content->data(), content->size());
828 if (isLoadingMainResource())
833 void DocumentLoader::commitLoad(const char* data, int length)
835 // Both unloading the old page and parsing the new page may execute JavaScript which destroys the datasource
836 // by starting a new load, so retain temporarily.
837 RefPtr<Frame> protectedFrame(m_frame);
838 Ref<DocumentLoader> protectedThis(*this);
841 FrameLoader* frameLoader = DocumentLoader::frameLoader();
844 #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
845 if (ArchiveFactory::isArchiveMimeType(response().mimeType()))
848 frameLoader->client().committedLoad(this, data, length);
850 if (isMultipartReplacingLoad())
851 frameLoader->client().didReplaceMultipartContent();
854 ResourceError DocumentLoader::interruptedForPolicyChangeError() const
856 return frameLoader()->client().interruptedForPolicyChangeError(request());
859 void DocumentLoader::stopLoadingForPolicyChange()
861 ResourceError error = interruptedForPolicyChangeError();
862 error.setType(ResourceError::Type::Cancellation);
863 cancelMainResourceLoad(error);
866 #if ENABLE(SERVICE_WORKER)
867 static inline bool isLocalURL(const URL& url)
869 // https://fetch.spec.whatwg.org/#is-local
870 auto protocol = url.protocol().toStringWithoutCopying();
871 return equalLettersIgnoringASCIICase(protocol, "data") || equalLettersIgnoringASCIICase(protocol, "blob") || equalLettersIgnoringASCIICase(protocol, "about");
875 void DocumentLoader::commitData(const char* bytes, size_t length)
877 if (!m_gotFirstByte) {
878 m_gotFirstByte = true;
879 m_writer.begin(documentURL(), false);
880 m_writer.setDocumentWasLoadedAsPartOfNavigation();
882 if (SecurityPolicy::allowSubstituteDataAccessToLocal() && m_originalSubstituteDataWasValid) {
883 // If this document was loaded with substituteData, then the document can
884 // load local resources. See https://bugs.webkit.org/show_bug.cgi?id=16756
885 // and https://bugs.webkit.org/show_bug.cgi?id=19760 for further
887 m_frame->document()->securityOrigin().grantLoadLocalResources();
890 if (frameLoader()->stateMachine().creatingInitialEmptyDocument())
893 #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
894 if (m_archive && m_archive->shouldOverrideBaseURL())
895 m_frame->document()->setBaseURLOverride(m_archive->mainResource()->url());
897 #if ENABLE(SERVICE_WORKER)
898 if (RuntimeEnabledFeatures::sharedFeatures().serviceWorkerEnabled()) {
899 // FIXME: We should probably register the client as soon as we do the related navigation fetch.
900 // We can probably implement this when supporting FetchEvent.reservedClientId.
901 if (m_serviceWorkerRegistrationData && m_serviceWorkerRegistrationData->activeWorker) {
902 m_frame->document()->setActiveServiceWorker(ServiceWorker::getOrCreate(*m_frame->document(), WTFMove(m_serviceWorkerRegistrationData->activeWorker.value())));
903 m_serviceWorkerRegistrationData = { };
904 } else if (isLocalURL(m_frame->document()->url())) {
905 if (auto* parent = m_frame->document()->parentDocument())
906 m_frame->document()->setActiveServiceWorker(parent->activeServiceWorker());
909 if (m_frame->document()->activeServiceWorker() || SchemeRegistry::canServiceWorkersHandleURLScheme(m_frame->document()->url().protocol().toStringWithoutCopying()))
910 m_frame->document()->setServiceWorkerConnection(&ServiceWorkerProvider::singleton().serviceWorkerConnectionForSession(m_frame->page()->sessionID()));
913 // Call receivedFirstData() exactly once per load. We should only reach this point multiple times
914 // for multipart loads, and FrameLoader::isReplacing() will be true after the first time.
915 if (!isMultipartReplacingLoad())
916 frameLoader()->receivedFirstData();
918 // The load could be canceled under receivedFirstData(), which makes delegate calls and even sometimes dispatches DOM events.
924 if (overrideEncoding().isNull()) {
926 encoding = response().textEncodingName();
927 #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
928 if (m_archive && m_archive->shouldUseMainResourceEncoding())
929 encoding = m_archive->mainResource()->textEncoding();
933 encoding = overrideEncoding();
936 m_writer.setEncoding(encoding, userChosen);
939 #if ENABLE(CONTENT_EXTENSIONS)
940 auto& extensionStyleSheets = m_frame->document()->extensionStyleSheets();
942 for (auto& pendingStyleSheet : m_pendingNamedContentExtensionStyleSheets)
943 extensionStyleSheets.maybeAddContentExtensionSheet(pendingStyleSheet.key, *pendingStyleSheet.value);
944 for (auto& pendingSelectorEntry : m_pendingContentExtensionDisplayNoneSelectors) {
945 for (const auto& pendingSelector : pendingSelectorEntry.value)
946 extensionStyleSheets.addDisplayNoneSelector(pendingSelectorEntry.key, pendingSelector.first, pendingSelector.second);
949 m_pendingNamedContentExtensionStyleSheets.clear();
950 m_pendingContentExtensionDisplayNoneSelectors.clear();
953 ASSERT(m_frame->document()->parsing());
954 m_writer.addData(bytes, length);
957 void DocumentLoader::dataReceived(CachedResource& resource, const char* data, int length)
959 ASSERT_UNUSED(resource, &resource == m_mainResource);
960 dataReceived(data, length);
963 void DocumentLoader::dataReceived(const char* data, int length)
965 #if ENABLE(CONTENT_FILTERING)
966 if (m_contentFilter && !m_contentFilter->continueAfterDataReceived(data, length))
972 ASSERT(!m_response.isNull());
974 // There is a bug in CFNetwork where callbacks can be dispatched even when loads are deferred.
975 // See <rdar://problem/6304600> for more details.
977 ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading());
980 if (m_identifierForLoadWithoutResourceLoader)
981 frameLoader()->notifier().dispatchDidReceiveData(this, m_identifierForLoadWithoutResourceLoader, data, length, -1);
983 m_applicationCacheHost->mainResourceDataReceived(data, length, -1, false);
984 m_timeOfLastDataReceived = MonotonicTime::now();
986 if (!isMultipartReplacingLoad())
987 commitLoad(data, length);
990 void DocumentLoader::setupForReplace()
992 if (!mainResourceData())
995 frameLoader()->client().willReplaceMultipartContent();
997 maybeFinishLoadingMultipartContent();
998 maybeCreateArchive();
1000 frameLoader()->setReplacing();
1001 m_gotFirstByte = false;
1003 stopLoadingSubresources();
1004 stopLoadingPlugIns();
1005 #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
1006 clearArchiveResources();
1010 void DocumentLoader::checkLoadComplete()
1012 if (!m_frame || isLoading())
1015 ASSERT(this == frameLoader()->activeDocumentLoader());
1016 m_frame->document()->domWindow()->finishedLoading();
1019 void DocumentLoader::attachToFrame(Frame& frame)
1021 if (m_frame == &frame)
1025 observeFrame(&frame);
1026 m_writer.setFrame(&frame);
1030 m_hasEverBeenAttached = true;
1034 void DocumentLoader::attachToFrame()
1039 void DocumentLoader::detachFromFrame()
1042 if (m_hasEverBeenAttached)
1043 ASSERT_WITH_MESSAGE(m_frame, "detachFromFrame() is being called on a DocumentLoader twice without an attachToFrame() inbetween");
1045 ASSERT_WITH_MESSAGE(m_frame, "detachFromFrame() is being called on a DocumentLoader that has never attached to any Frame");
1047 RefPtr<Frame> protectedFrame(m_frame);
1048 Ref<DocumentLoader> protectedThis(*this);
1050 // It never makes sense to have a document loader that is detached from its
1051 // frame have any loads active, so kill all the loads.
1053 if (m_mainResource && m_mainResource->hasClient(*this))
1054 m_mainResource->removeClient(*this);
1055 #if ENABLE(CONTENT_FILTERING)
1056 if (m_contentFilter)
1057 m_contentFilter->stopFilteringMainResource();
1060 m_applicationCacheHost->setDOMApplicationCache(nullptr);
1062 cancelPolicyCheckIfNeeded();
1064 InspectorInstrumentation::loaderDetachedFromFrame(*m_frame, *this);
1066 observeFrame(nullptr);
1069 void DocumentLoader::clearMainResourceLoader()
1071 m_loadingMainResource = false;
1073 if (this == frameLoader()->activeDocumentLoader())
1074 checkLoadComplete();
1077 #if ENABLE(APPLICATION_MANIFEST)
1078 uint64_t DocumentLoader::loadApplicationManifest()
1080 static uint64_t nextCallbackID = 1;
1082 auto* document = this->document();
1086 if (!m_frame->isMainFrame())
1089 if (document->url().isEmpty() || document->url().isBlankURL())
1092 auto head = document->head();
1097 bool useCredentials = false;
1098 for (const auto& link : childrenOfType<HTMLLinkElement>(*head)) {
1099 if (link.isApplicationManifest()) {
1100 manifestURL = link.href();
1101 useCredentials = equalIgnoringASCIICase(link.attributeWithoutSynchronization(HTMLNames::crossoriginAttr), "use-credentials");
1106 if (manifestURL.isEmpty() || !manifestURL.isValid())
1109 auto manifestLoader = std::make_unique<ApplicationManifestLoader>(*this, manifestURL, useCredentials);
1110 auto* rawManifestLoader = manifestLoader.get();
1111 auto callbackID = nextCallbackID++;
1112 m_applicationManifestLoaders.set(WTFMove(manifestLoader), callbackID);
1114 if (!rawManifestLoader->startLoading()) {
1115 m_applicationManifestLoaders.remove(rawManifestLoader);
1122 void DocumentLoader::finishedLoadingApplicationManifest(ApplicationManifestLoader& loader)
1124 // If the DocumentLoader has detached from its frame, all manifest loads should have already been canceled.
1127 auto callbackIdentifier = m_applicationManifestLoaders.get(&loader);
1128 notifyFinishedLoadingApplicationManifest(callbackIdentifier, loader.processManifest());
1129 m_applicationManifestLoaders.remove(&loader);
1132 void DocumentLoader::notifyFinishedLoadingApplicationManifest(uint64_t callbackIdentifier, std::optional<ApplicationManifest> manifest)
1134 RELEASE_ASSERT(callbackIdentifier);
1135 RELEASE_ASSERT(m_frame);
1136 m_frame->loader().client().finishedLoadingApplicationManifest(callbackIdentifier, manifest);
1140 void DocumentLoader::setCustomHeaderFields(Vector<HTTPHeaderField>&& fields)
1142 m_customHeaderFields = WTFMove(fields);
1145 bool DocumentLoader::isLoadingInAPISense() const
1147 // Once a frame has loaded, we no longer need to consider subresources,
1148 // but we still need to consider subframes.
1149 if (frameLoader()->state() != FrameStateComplete) {
1150 if (m_frame->settings().needsIsLoadingInAPISenseQuirk() && !m_subresourceLoaders.isEmpty())
1153 ASSERT(m_frame->document());
1154 auto& document = *m_frame->document();
1155 if ((isLoadingMainResource() || !document.loadEventFinished()) && isLoading())
1157 if (m_cachedResourceLoader->requestCount())
1159 if (document.isDelayingLoadEvent())
1161 if (document.processingLoadEvent())
1163 if (document.hasActiveParser())
1165 auto* scriptableParser = document.scriptableDocumentParser();
1166 if (scriptableParser && scriptableParser->hasScriptsWaitingForStylesheets())
1169 return frameLoader()->subframeIsLoading();
1172 bool DocumentLoader::maybeCreateArchive()
1174 #if !ENABLE(WEB_ARCHIVE) && !ENABLE(MHTML)
1177 // Give the archive machinery a crack at this document. If the MIME type is not an archive type, it will return 0.
1178 m_archive = ArchiveFactory::create(m_response.url(), mainResourceData().get(), m_response.mimeType());
1182 addAllArchiveResources(*m_archive);
1183 ASSERT(m_archive->mainResource());
1184 auto& mainResource = *m_archive->mainResource();
1185 m_parsedArchiveData = &mainResource.data();
1186 m_writer.setMIMEType(mainResource.mimeType());
1188 ASSERT(m_frame->document());
1189 commitData(mainResource.data().data(), mainResource.data().size());
1194 #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
1196 void DocumentLoader::setArchive(Ref<Archive>&& archive)
1198 m_archive = WTFMove(archive);
1199 addAllArchiveResources(*m_archive);
1202 void DocumentLoader::addAllArchiveResources(Archive& archive)
1204 if (!m_archiveResourceCollection)
1205 m_archiveResourceCollection = std::make_unique<ArchiveResourceCollection>();
1206 m_archiveResourceCollection->addAllResources(archive);
1209 // FIXME: Adding a resource directly to a DocumentLoader/ArchiveResourceCollection seems like bad design, but is API some apps rely on.
1210 // Can we change the design in a manner that will let us deprecate that API without reducing functionality of those apps?
1211 void DocumentLoader::addArchiveResource(Ref<ArchiveResource>&& resource)
1213 if (!m_archiveResourceCollection)
1214 m_archiveResourceCollection = std::make_unique<ArchiveResourceCollection>();
1215 m_archiveResourceCollection->addResource(WTFMove(resource));
1218 RefPtr<Archive> DocumentLoader::popArchiveForSubframe(const String& frameName, const URL& url)
1220 return m_archiveResourceCollection ? m_archiveResourceCollection->popSubframeArchive(frameName, url) : nullptr;
1223 void DocumentLoader::clearArchiveResources()
1225 m_archiveResourceCollection = nullptr;
1226 m_substituteResourceDeliveryTimer.stop();
1229 SharedBuffer* DocumentLoader::parsedArchiveData() const
1231 return m_parsedArchiveData.get();
1234 #endif // ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
1236 ArchiveResource* DocumentLoader::archiveResourceForURL(const URL& url) const
1238 if (!m_archiveResourceCollection)
1240 auto* resource = m_archiveResourceCollection->archiveResourceForURL(url);
1241 if (!resource || resource->shouldIgnoreWhenUnarchiving())
1246 RefPtr<ArchiveResource> DocumentLoader::mainResource() const
1248 RefPtr<SharedBuffer> data = mainResourceData();
1250 data = SharedBuffer::create();
1251 auto& response = this->response();
1252 return ArchiveResource::create(WTFMove(data), response.url(), response.mimeType(), response.textEncodingName(), frame()->tree().uniqueName());
1255 RefPtr<ArchiveResource> DocumentLoader::subresource(const URL& url) const
1260 auto* resource = m_cachedResourceLoader->cachedResource(url);
1261 if (!resource || !resource->isLoaded())
1262 return archiveResourceForURL(url);
1264 if (resource->type() == CachedResource::MainResource)
1267 auto* data = resource->resourceBuffer();
1271 return ArchiveResource::create(data, url, resource->response());
1274 Vector<Ref<ArchiveResource>> DocumentLoader::subresources() const
1279 Vector<Ref<ArchiveResource>> subresources;
1280 for (auto& handle : m_cachedResourceLoader->allCachedResources().values()) {
1281 if (auto subresource = this->subresource({ ParsedURLString, handle->url() }))
1282 subresources.append(subresource.releaseNonNull());
1284 return subresources;
1287 void DocumentLoader::deliverSubstituteResourcesAfterDelay()
1289 if (m_pendingSubstituteResources.isEmpty())
1292 ASSERT(m_frame->page());
1293 if (m_frame->page()->defersLoading())
1296 if (!m_substituteResourceDeliveryTimer.isActive())
1297 m_substituteResourceDeliveryTimer.startOneShot(0_s);
1300 void DocumentLoader::substituteResourceDeliveryTimerFired()
1302 if (m_pendingSubstituteResources.isEmpty())
1305 ASSERT(m_frame->page());
1306 if (m_frame->page()->defersLoading())
1309 auto pendingSubstituteResources = WTFMove(m_pendingSubstituteResources);
1310 for (auto& pendingSubstituteResource : pendingSubstituteResources) {
1311 auto& loader = pendingSubstituteResource.key;
1312 if (auto& resource = pendingSubstituteResource.value)
1313 resource->deliver(*loader);
1315 // A null resource means that we should fail the load.
1316 // FIXME: Maybe we should use another error here - something like "not in cache".
1317 loader->didFail(loader->cannotShowURLError());
1324 bool DocumentLoader::isSubstituteLoadPending(ResourceLoader* loader) const
1326 return m_pendingSubstituteResources.contains(loader);
1331 void DocumentLoader::cancelPendingSubstituteLoad(ResourceLoader* loader)
1333 if (m_pendingSubstituteResources.isEmpty())
1335 m_pendingSubstituteResources.remove(loader);
1336 if (m_pendingSubstituteResources.isEmpty())
1337 m_substituteResourceDeliveryTimer.stop();
1340 #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
1342 bool DocumentLoader::scheduleArchiveLoad(ResourceLoader& loader, const ResourceRequest& request)
1344 if (auto* resource = archiveResourceForURL(request.url())) {
1345 scheduleSubstituteResourceLoad(loader, *resource);
1352 #if ENABLE(WEB_ARCHIVE)
1353 // The idea of WebArchiveDebugMode is that we should fail instead of trying to fetch from the network.
1354 // Returning true ensures the caller will not try to fetch from the network.
1355 if (m_frame->settings().webArchiveDebugModeEnabled() && responseMIMEType() == "application/x-webarchive")
1359 // If we want to load from the archive only, then we should always return true so that the caller
1360 // does not try to fetch form the network.
1361 return m_archive->shouldLoadFromArchiveOnly();
1366 void DocumentLoader::scheduleSubstituteResourceLoad(ResourceLoader& loader, SubstituteResource& resource)
1368 m_pendingSubstituteResources.set(&loader, &resource);
1369 deliverSubstituteResourcesAfterDelay();
1372 void DocumentLoader::addResponse(const ResourceResponse& response)
1374 if (!m_stopRecordingResponses)
1375 m_responses.append(response);
1378 void DocumentLoader::stopRecordingResponses()
1380 m_stopRecordingResponses = true;
1381 m_responses.shrinkToFit();
1384 void DocumentLoader::setTitle(const StringWithDirection& title)
1386 if (m_pageTitle == title)
1389 frameLoader()->willChangeTitle(this);
1390 m_pageTitle = title;
1391 frameLoader()->didChangeTitle(this);
1394 URL DocumentLoader::urlForHistory() const
1396 // Return the URL to be used for history and B/F list.
1397 // Returns nil for WebDataProtocol URLs that aren't alternates
1398 // for unreachable URLs, because these can't be stored in history.
1399 if (m_substituteData.isValid() && !m_substituteData.shouldRevealToSessionHistory())
1400 return unreachableURL();
1402 return m_originalRequestCopy.url();
1405 bool DocumentLoader::urlForHistoryReflectsFailure() const
1407 return m_substituteData.isValid() || m_response.httpStatusCode() >= 400;
1410 URL DocumentLoader::documentURL() const
1412 URL url = substituteData().response().url();
1413 #if ENABLE(WEB_ARCHIVE)
1414 if (url.isEmpty() && m_archive && m_archive->shouldUseMainResourceURL())
1415 url = m_archive->mainResource()->url();
1418 url = m_request.url();
1420 url = m_response.url();
1426 // FIXME: This method seems to violate the encapsulation of this class.
1427 void DocumentLoader::setResponseMIMEType(const String& responseMimeType)
1429 m_response.setMimeType(responseMimeType);
1434 void DocumentLoader::setDefersLoading(bool defers)
1436 // Multiple frames may be loading the same main resource simultaneously. If deferral state changes,
1437 // each frame's DocumentLoader will try to send a setDefersLoading() to the same underlying ResourceLoader. Ensure only
1438 // the "owning" DocumentLoader does so, as setDefersLoading() is not resilient to setting the same value repeatedly.
1439 if (mainResourceLoader() && mainResourceLoader()->documentLoader() == this)
1440 mainResourceLoader()->setDefersLoading(defers);
1442 setAllDefersLoading(m_subresourceLoaders, defers);
1443 setAllDefersLoading(m_plugInStreamLoaders, defers);
1445 deliverSubstituteResourcesAfterDelay();
1448 void DocumentLoader::setMainResourceDataBufferingPolicy(DataBufferingPolicy dataBufferingPolicy)
1451 m_mainResource->setDataBufferingPolicy(dataBufferingPolicy);
1454 void DocumentLoader::stopLoadingPlugIns()
1456 cancelAll(m_plugInStreamLoaders);
1459 void DocumentLoader::stopLoadingSubresources()
1461 cancelAll(m_subresourceLoaders);
1462 ASSERT(m_subresourceLoaders.isEmpty());
1465 void DocumentLoader::addSubresourceLoader(ResourceLoader* loader)
1467 // The main resource's underlying ResourceLoader will ask to be added here.
1468 // It is much simpler to handle special casing of main resource loads if we don't
1469 // let it be added. In the main resource load case, mainResourceLoader()
1470 // will still be null at this point, but m_gotFirstByte should be false here if and only
1471 // if we are just starting the main resource load.
1472 if (!m_gotFirstByte)
1474 ASSERT(loader->identifier());
1475 ASSERT(!m_subresourceLoaders.contains(loader->identifier()));
1476 ASSERT(!mainResourceLoader() || mainResourceLoader() != loader);
1478 // A page in the PageCache or about to enter PageCache should not be able to start loads.
1479 ASSERT_WITH_SECURITY_IMPLICATION(!document() || document()->pageCacheState() == Document::NotInPageCache);
1481 m_subresourceLoaders.add(loader->identifier(), loader);
1484 void DocumentLoader::removeSubresourceLoader(ResourceLoader* loader)
1486 ASSERT(loader->identifier());
1488 if (!m_subresourceLoaders.remove(loader->identifier()))
1490 checkLoadComplete();
1491 if (Frame* frame = m_frame)
1492 frame->loader().checkLoadComplete();
1495 void DocumentLoader::addPlugInStreamLoader(ResourceLoader& loader)
1497 ASSERT(loader.identifier());
1498 ASSERT(!m_plugInStreamLoaders.contains(loader.identifier()));
1500 m_plugInStreamLoaders.add(loader.identifier(), &loader);
1503 void DocumentLoader::removePlugInStreamLoader(ResourceLoader& loader)
1505 ASSERT(loader.identifier());
1506 ASSERT(&loader == m_plugInStreamLoaders.get(loader.identifier()));
1508 m_plugInStreamLoaders.remove(loader.identifier());
1509 checkLoadComplete();
1512 bool DocumentLoader::isMultipartReplacingLoad() const
1514 return isLoadingMultipartContent() && frameLoader()->isReplacing();
1517 bool DocumentLoader::maybeLoadEmpty()
1519 bool shouldLoadEmpty = !m_substituteData.isValid() && (m_request.url().isEmpty() || SchemeRegistry::shouldLoadURLSchemeAsEmptyDocument(m_request.url().protocol().toStringWithoutCopying()));
1520 if (!shouldLoadEmpty && !frameLoader()->client().representationExistsForURLScheme(m_request.url().protocol().toStringWithoutCopying()))
1523 if (m_request.url().isEmpty() && !frameLoader()->stateMachine().creatingInitialEmptyDocument()) {
1524 m_request.setURL(blankURL());
1525 if (isLoadingMainResource())
1526 frameLoader()->client().dispatchDidChangeProvisionalURL();
1529 String mimeType = shouldLoadEmpty ? "text/html" : frameLoader()->client().generatedMIMETypeForURLScheme(m_request.url().protocol().toStringWithoutCopying());
1530 m_response = ResourceResponse(m_request.url(), mimeType, 0, String());
1535 void DocumentLoader::startLoadingMainResource()
1537 m_mainDocumentError = ResourceError();
1538 timing().markStartTimeAndFetchStart();
1539 ASSERT(!m_mainResource);
1540 ASSERT(!m_loadingMainResource);
1541 m_loadingMainResource = true;
1543 if (maybeLoadEmpty()) {
1544 RELEASE_LOG_IF_ALLOWED("startLoadingMainResource: Returning empty document (frame = %p, main = %d)", m_frame, m_frame ? m_frame->isMainFrame() : false);
1548 #if ENABLE(CONTENT_FILTERING)
1549 m_contentFilter = !m_substituteData.isValid() ? ContentFilter::create(*this) : nullptr;
1552 // FIXME: Is there any way the extra fields could have not been added by now?
1553 // If not, it would be great to remove this line of code.
1554 // Note that currently, some requests may have incorrect extra fields even if this function has been called,
1555 // because we pass a wrong loadType (see FIXME in addExtraFieldsToMainResourceRequest()).
1556 frameLoader()->addExtraFieldsToMainResourceRequest(m_request);
1558 ASSERT(timing().startTime());
1559 ASSERT(timing().fetchStart());
1561 willSendRequest(ResourceRequest(m_request), ResourceResponse(), [this, protectedThis = makeRef(*this)] (ResourceRequest&& request) mutable {
1562 m_request = request;
1564 // willSendRequest() may lead to our Frame being detached or cancelling the load via nulling the ResourceRequest.
1565 if (!m_frame || m_request.isNull()) {
1566 RELEASE_LOG_IF_ALLOWED("startLoadingMainResource: Load canceled after willSendRequest (frame = %p, main = %d)", m_frame, m_frame ? m_frame->isMainFrame() : false);
1570 m_applicationCacheHost->maybeLoadMainResource(m_request, m_substituteData);
1572 if (m_substituteData.isValid() && m_frame->page()) {
1573 RELEASE_LOG_IF_ALLOWED("startLoadingMainResource: Returning cached main resource (frame = %p, main = %d)", m_frame, m_frame->isMainFrame());
1574 m_identifierForLoadWithoutResourceLoader = m_frame->page()->progress().createUniqueIdentifier();
1575 frameLoader()->notifier().assignIdentifierToInitialRequest(m_identifierForLoadWithoutResourceLoader, this, m_request);
1576 frameLoader()->notifier().dispatchWillSendRequest(this, m_identifierForLoadWithoutResourceLoader, m_request, ResourceResponse());
1577 handleSubstituteDataLoadSoon();
1581 request.setRequester(ResourceRequest::Requester::Main);
1582 // If this is a reload the cache layer might have made the previous request conditional. DocumentLoader can't handle 304 responses itself.
1583 request.makeUnconditional();
1585 RELEASE_LOG_IF_ALLOWED("startLoadingMainResource: Starting load (frame = %p, main = %d)", m_frame, m_frame->isMainFrame());
1587 #if ENABLE(SERVICE_WORKER)
1588 // FIXME: Implement local URL interception by getting the service worker of the parent.
1589 auto tryLoadingThroughServiceWorker = !frameLoader()->isReloadingFromOrigin() && m_frame->page() && RuntimeEnabledFeatures::sharedFeatures().serviceWorkerEnabled() && SchemeRegistry::canServiceWorkersHandleURLScheme(request.url().protocol().toStringWithoutCopying());
1590 if (tryLoadingThroughServiceWorker) {
1591 auto origin = (!m_frame->isMainFrame() && m_frame->document()) ? makeRef(m_frame->document()->topOrigin()) : SecurityOrigin::create(request.url());
1592 auto& connection = ServiceWorkerProvider::singleton().serviceWorkerConnectionForSession(m_frame->page()->sessionID());
1593 if (connection.mayHaveServiceWorkerRegisteredForOrigin(origin)) {
1594 auto url = request.url();
1595 connection.matchRegistration(origin, url, [request = WTFMove(request), protectedThis = WTFMove(protectedThis), this] (auto&& registrationData) mutable {
1596 if (!m_mainDocumentError.isNull() || !m_frame)
1599 m_serviceWorkerRegistrationData = WTFMove(registrationData);
1600 loadMainResource(WTFMove(request));
1606 loadMainResource(WTFMove(request));
1610 void DocumentLoader::loadMainResource(ResourceRequest&& request)
1612 static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, StoredCredentialsPolicy::Use, ClientCredentialPolicy::MayAskClientForCredentials, FetchOptions::Credentials::Include, SkipSecurityCheck, FetchOptions::Mode::Navigate, IncludeCertificateInfo, ContentSecurityPolicyImposition::SkipPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching);
1613 CachedResourceRequest mainResourceRequest(ResourceRequest(request), mainResourceLoadOptions);
1614 if (!m_frame->isMainFrame() && m_frame->document()) {
1615 // If we are loading the main resource of a subframe, use the cache partition of the main document.
1616 mainResourceRequest.setDomainForCachePartition(*m_frame->document());
1618 auto origin = SecurityOrigin::create(request.url());
1619 origin->setStorageBlockingPolicy(frameLoader()->frame().settings().storageBlockingPolicy());
1620 mainResourceRequest.setDomainForCachePartition(origin->domainForCachePartition());
1623 #if ENABLE(SERVICE_WORKER)
1624 mainResourceRequest.setNavigationServiceWorkerRegistrationData(m_serviceWorkerRegistrationData);
1627 m_mainResource = m_cachedResourceLoader->requestMainResource(WTFMove(mainResourceRequest)).value_or(nullptr);
1629 #if ENABLE(CONTENT_EXTENSIONS)
1630 if (m_mainResource && m_mainResource->errorOccurred() && m_frame->page() && m_mainResource->resourceError().domain() == ContentExtensions::WebKitContentBlockerDomain) {
1631 RELEASE_LOG_IF_ALLOWED("startLoadingMainResource: Blocked by content blocker error (frame = %p, main = %d)", m_frame, m_frame->isMainFrame());
1632 cancelMainResourceLoad(frameLoader()->blockedByContentBlockerError(m_request));
1637 if (!m_mainResource) {
1638 if (!m_request.url().isValid()) {
1639 RELEASE_LOG_IF_ALLOWED("startLoadingMainResource: Unable to load main resource, URL is invalid (frame = %p, main = %d)", m_frame, m_frame->isMainFrame());
1640 cancelMainResourceLoad(frameLoader()->client().cannotShowURLError(m_request));
1644 RELEASE_LOG_IF_ALLOWED("startLoadingMainResource: Unable to load main resource, returning empty document (frame = %p, main = %d)", m_frame, m_frame->isMainFrame());
1646 setRequest(ResourceRequest());
1647 // If the load was aborted by clearing m_request, it's possible the ApplicationCacheHost
1648 // is now in a state where starting an empty load will be inconsistent. Replace it with
1649 // a new ApplicationCacheHost.
1650 m_applicationCacheHost = std::make_unique<ApplicationCacheHost>(*this);
1655 if (!mainResourceLoader()) {
1656 m_identifierForLoadWithoutResourceLoader = m_frame->page()->progress().createUniqueIdentifier();
1657 frameLoader()->notifier().assignIdentifierToInitialRequest(m_identifierForLoadWithoutResourceLoader, this, request);
1658 frameLoader()->notifier().dispatchWillSendRequest(this, m_identifierForLoadWithoutResourceLoader, request, ResourceResponse());
1661 becomeMainResourceClient();
1663 // A bunch of headers are set when the underlying ResourceLoader is created, and m_request needs to include those.
1664 if (mainResourceLoader())
1665 request = mainResourceLoader()->originalRequest();
1666 // If there was a fragment identifier on m_request, the cache will have stripped it. m_request should include
1667 // the fragment identifier, so add that back in.
1668 if (equalIgnoringFragmentIdentifier(m_request.url(), request.url()))
1669 request.setURL(m_request.url());
1670 setRequest(request);
1673 void DocumentLoader::cancelPolicyCheckIfNeeded()
1675 RELEASE_ASSERT(frameLoader());
1677 if (m_waitingForContentPolicy || m_waitingForNavigationPolicy) {
1678 frameLoader()->policyChecker().stopCheck();
1679 m_waitingForContentPolicy = false;
1680 m_waitingForNavigationPolicy = false;
1684 void DocumentLoader::cancelMainResourceLoad(const ResourceError& resourceError)
1686 Ref<DocumentLoader> protectedThis(*this);
1687 ResourceError error = resourceError.isNull() ? frameLoader()->cancelledError(m_request) : resourceError;
1689 m_dataLoadTimer.stop();
1691 cancelPolicyCheckIfNeeded();
1693 if (mainResourceLoader())
1694 mainResourceLoader()->cancel(error);
1696 clearMainResource();
1698 mainReceivedError(error);
1701 void DocumentLoader::willContinueMainResourceLoadAfterRedirect(const ResourceRequest& newRequest)
1703 setRequest(newRequest);
1706 void DocumentLoader::clearMainResource()
1708 if (m_mainResource && m_mainResource->hasClient(*this))
1709 m_mainResource->removeClient(*this);
1710 #if ENABLE(CONTENT_FILTERING)
1711 if (m_contentFilter)
1712 m_contentFilter->stopFilteringMainResource();
1715 m_mainResource = nullptr;
1718 void DocumentLoader::subresourceLoaderFinishedLoadingOnePart(ResourceLoader* loader)
1720 unsigned long identifier = loader->identifier();
1723 if (!m_multipartSubresourceLoaders.add(identifier, loader).isNewEntry) {
1724 ASSERT(m_multipartSubresourceLoaders.get(identifier) == loader);
1725 ASSERT(!m_subresourceLoaders.contains(identifier));
1727 ASSERT(m_subresourceLoaders.contains(identifier));
1728 m_subresourceLoaders.remove(identifier);
1731 checkLoadComplete();
1732 if (Frame* frame = m_frame)
1733 frame->loader().checkLoadComplete();
1736 void DocumentLoader::maybeFinishLoadingMultipartContent()
1738 if (!isMultipartReplacingLoad())
1741 frameLoader()->setupForReplace();
1742 m_committed = false;
1743 RefPtr<SharedBuffer> resourceData = mainResourceData();
1744 commitLoad(resourceData->data(), resourceData->size());
1747 void DocumentLoader::startIconLoading()
1749 static uint64_t nextIconCallbackID = 1;
1751 auto* document = this->document();
1755 if (!m_frame->isMainFrame())
1758 if (document->url().isEmpty() || document->url().isBlankURL())
1761 m_linkIcons = LinkIconCollector { *document }.iconsOfTypes({ LinkIconType::Favicon, LinkIconType::TouchIcon, LinkIconType::TouchPrecomposedIcon });
1763 auto findResult = m_linkIcons.findMatching([](auto& icon) { return icon.type == LinkIconType::Favicon; });
1764 if (findResult == notFound)
1765 m_linkIcons.append({ document->completeURL(ASCIILiteral("/favicon.ico")), LinkIconType::Favicon, String(), std::nullopt });
1767 if (!m_linkIcons.size())
1770 Vector<std::pair<WebCore::LinkIcon&, uint64_t>> iconDecisions;
1771 iconDecisions.reserveInitialCapacity(m_linkIcons.size());
1772 for (auto& icon : m_linkIcons) {
1773 auto result = m_iconsPendingLoadDecision.add(nextIconCallbackID++, icon);
1774 iconDecisions.uncheckedAppend({ icon, result.iterator->key });
1777 m_frame->loader().client().getLoadDecisionForIcons(iconDecisions);
1780 void DocumentLoader::didGetLoadDecisionForIcon(bool decision, uint64_t loadIdentifier, uint64_t newCallbackID)
1782 auto icon = m_iconsPendingLoadDecision.take(loadIdentifier);
1784 // If the decision was not to load or this DocumentLoader is already detached, there is no load to perform.
1785 if (!decision || !m_frame)
1788 // If the LinkIcon we just took is empty, then the DocumentLoader had all of its loaders stopped
1789 // while this icon load decision was pending.
1790 // In this case we need to notify the client that the icon finished loading with empty data.
1791 if (icon.url.isEmpty()) {
1792 notifyFinishedLoadingIcon(newCallbackID, nullptr);
1796 auto iconLoader = std::make_unique<IconLoader>(*this, icon.url);
1797 auto* rawIconLoader = iconLoader.get();
1798 m_iconLoaders.set(WTFMove(iconLoader), newCallbackID);
1800 rawIconLoader->startLoading();
1803 void DocumentLoader::finishedLoadingIcon(IconLoader& loader, SharedBuffer* buffer)
1805 // If the DocumentLoader has detached from its frame, all icon loads should have already been cancelled.
1808 auto callbackIdentifier = m_iconLoaders.take(&loader);
1809 notifyFinishedLoadingIcon(callbackIdentifier, buffer);
1812 void DocumentLoader::notifyFinishedLoadingIcon(uint64_t callbackIdentifier, SharedBuffer* buffer)
1814 RELEASE_ASSERT(callbackIdentifier);
1815 RELEASE_ASSERT(m_frame);
1816 m_frame->loader().client().finishedLoadingIcon(callbackIdentifier, buffer);
1819 void DocumentLoader::dispatchOnloadEvents()
1821 m_wasOnloadDispatched = true;
1822 m_applicationCacheHost->stopDeferringEvents();
1825 void DocumentLoader::setTriggeringAction(const NavigationAction& action)
1827 m_triggeringAction = action.copyWithShouldOpenExternalURLsPolicy(m_frame ? shouldOpenExternalURLsPolicyToPropagate() : m_shouldOpenExternalURLsPolicy);
1830 ShouldOpenExternalURLsPolicy DocumentLoader::shouldOpenExternalURLsPolicyToPropagate() const
1832 if (!m_frame || !m_frame->isMainFrame())
1833 return ShouldOpenExternalURLsPolicy::ShouldNotAllow;
1835 return m_shouldOpenExternalURLsPolicy;
1838 void DocumentLoader::becomeMainResourceClient()
1840 #if ENABLE(CONTENT_FILTERING)
1841 if (m_contentFilter)
1842 m_contentFilter->startFilteringMainResource(*m_mainResource);
1844 m_mainResource->addClient(*this);
1847 #if ENABLE(CONTENT_EXTENSIONS)
1848 void DocumentLoader::addPendingContentExtensionSheet(const String& identifier, StyleSheetContents& sheet)
1850 ASSERT(!m_gotFirstByte);
1851 m_pendingNamedContentExtensionStyleSheets.set(identifier, &sheet);
1854 void DocumentLoader::addPendingContentExtensionDisplayNoneSelector(const String& identifier, const String& selector, uint32_t selectorID)
1856 ASSERT(!m_gotFirstByte);
1857 auto addResult = m_pendingContentExtensionDisplayNoneSelectors.add(identifier, Vector<std::pair<String, uint32_t>>());
1858 addResult.iterator->value.append(std::make_pair(selector, selectorID));
1862 bool DocumentLoader::isAlwaysOnLoggingAllowed() const
1864 return !m_frame || m_frame->isAlwaysOnLoggingAllowed();
1869 void DocumentLoader::setPreviewConverter(std::unique_ptr<PreviewConverter>&& previewConverter)
1871 m_previewConverter = WTFMove(previewConverter);
1874 PreviewConverter* DocumentLoader::previewConverter() const
1876 return m_previewConverter.get();
1881 } // namespace WebCore