Include 'video/*' in image request Accept header if browser supports video media...
[WebKit-https.git] / Source / WebCore / loader / cache / CachedResourceRequest.cpp
1 /*
2  * Copyright (C) 2012 Google, Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25
26 #include "config.h"
27 #include "CachedResourceRequest.h"
28
29 #include "CachedResourceLoader.h"
30 #include "ContentExtensionActions.h"
31 #include "CrossOriginAccessControl.h"
32 #include "Document.h"
33 #include "Element.h"
34 #include "FrameLoader.h"
35 #include "HTTPHeaderValues.h"
36 #include "ImageDecoder.h"
37 #include "MemoryCache.h"
38 #include "SecurityPolicy.h"
39 #include <wtf/NeverDestroyed.h>
40
41 namespace WebCore {
42
43 CachedResourceRequest::CachedResourceRequest(ResourceRequest&& resourceRequest, const ResourceLoaderOptions& options, std::optional<ResourceLoadPriority> priority, String&& charset)
44     : m_resourceRequest(WTFMove(resourceRequest))
45     , m_charset(WTFMove(charset))
46     , m_options(options)
47     , m_priority(priority)
48     , m_fragmentIdentifier(splitFragmentIdentifierFromRequestURL(m_resourceRequest))
49 {
50 }
51
52 String CachedResourceRequest::splitFragmentIdentifierFromRequestURL(ResourceRequest& request)
53 {
54     if (!MemoryCache::shouldRemoveFragmentIdentifier(request.url()))
55         return { };
56     URL url = request.url();
57     String fragmentIdentifier = url.fragmentIdentifier();
58     url.removeFragmentIdentifier();
59     request.setURL(url);
60     return fragmentIdentifier;
61 }
62
63 void CachedResourceRequest::setInitiator(Element& element)
64 {
65     ASSERT(!m_initiatorElement);
66     ASSERT(m_initiatorName.isEmpty());
67     m_initiatorElement = &element;
68 }
69
70 void CachedResourceRequest::setInitiator(const AtomicString& name)
71 {
72     ASSERT(!m_initiatorElement);
73     ASSERT(m_initiatorName.isEmpty());
74     m_initiatorName = name;
75 }
76
77 const AtomicString& CachedResourceRequest::initiatorName() const
78 {
79     if (m_initiatorElement)
80         return m_initiatorElement->localName();
81     if (!m_initiatorName.isEmpty())
82         return m_initiatorName;
83
84     static NeverDestroyed<AtomicString> defaultName("other", AtomicString::ConstructFromLiteral);
85     return defaultName;
86 }
87
88 void CachedResourceRequest::setAsPotentiallyCrossOrigin(const String& mode, Document& document)
89 {
90     ASSERT(m_options.mode == FetchOptions::Mode::NoCors);
91
92     m_origin = &document.securityOrigin();
93
94     if (mode.isNull())
95         return;
96
97     m_options.mode = FetchOptions::Mode::Cors;
98
99     FetchOptions::Credentials credentials = equalLettersIgnoringASCIICase(mode, "omit")
100         ? FetchOptions::Credentials::Omit : equalLettersIgnoringASCIICase(mode, "use-credentials")
101         ? FetchOptions::Credentials::Include : FetchOptions::Credentials::SameOrigin;
102     m_options.credentials = credentials;
103     m_options.storedCredentialsPolicy = credentials == FetchOptions::Credentials::Include ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse;
104     WebCore::updateRequestForAccessControl(m_resourceRequest, document.securityOrigin(), m_options.storedCredentialsPolicy);
105 }
106
107 void CachedResourceRequest::updateForAccessControl(Document& document)
108 {
109     ASSERT(m_options.mode == FetchOptions::Mode::Cors);
110
111     m_origin = &document.securityOrigin();
112     WebCore::updateRequestForAccessControl(m_resourceRequest, *m_origin, m_options.storedCredentialsPolicy);
113 }
114
115 void upgradeInsecureResourceRequestIfNeeded(ResourceRequest& request, Document& document)
116 {
117     URL url = request.url();
118
119     ASSERT(document.contentSecurityPolicy());
120     document.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(url, ContentSecurityPolicy::InsecureRequestType::Load);
121
122     if (url == request.url())
123         return;
124
125     request.setURL(url);
126 }
127
128 void CachedResourceRequest::upgradeInsecureRequestIfNeeded(Document& document)
129 {
130     upgradeInsecureResourceRequestIfNeeded(m_resourceRequest, document);
131 }
132
133 void CachedResourceRequest::setDomainForCachePartition(Document& document)
134 {
135     m_resourceRequest.setDomainForCachePartition(document.topOrigin().domainForCachePartition());
136 }
137
138 void CachedResourceRequest::setDomainForCachePartition(const String& domain)
139 {
140     m_resourceRequest.setDomainForCachePartition(domain);
141 }
142
143 static inline String acceptHeaderValueFromType(CachedResource::Type type)
144 {
145     switch (type) {
146     case CachedResource::Type::MainResource:
147         return ASCIILiteral("text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
148     case CachedResource::Type::ImageResource:
149         if (ImageDecoder::supportsMediaType(ImageDecoder::MediaType::Video))
150             return ASCIILiteral("image/png,image/svg+xml,image/*;q=0.8,video/*;q=0.8,*/*;q=0.5");
151         return ASCIILiteral("image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5");
152     case CachedResource::Type::CSSStyleSheet:
153         return ASCIILiteral("text/css,*/*;q=0.1");
154     case CachedResource::Type::SVGDocumentResource:
155         return ASCIILiteral("image/svg+xml");
156 #if ENABLE(XSLT)
157     case CachedResource::Type::XSLStyleSheet:
158         // FIXME: This should accept more general xml formats */*+xml, image/svg+xml for example.
159         return ASCIILiteral("text/xml,application/xml,application/xhtml+xml,text/xsl,application/rss+xml,application/atom+xml");
160 #endif
161     default:
162         return ASCIILiteral("*/*");
163     }
164 }
165
166 void CachedResourceRequest::setAcceptHeaderIfNone(CachedResource::Type type)
167 {
168     if (!m_resourceRequest.hasHTTPHeader(HTTPHeaderName::Accept))
169         m_resourceRequest.setHTTPHeaderField(HTTPHeaderName::Accept, acceptHeaderValueFromType(type));
170 }
171
172 void CachedResourceRequest::updateAccordingCacheMode()
173 {
174     if (m_options.cache == FetchOptions::Cache::Default
175         && (m_resourceRequest.hasHTTPHeaderField(HTTPHeaderName::IfModifiedSince)
176             || m_resourceRequest.hasHTTPHeaderField(HTTPHeaderName::IfNoneMatch)
177             || m_resourceRequest.hasHTTPHeaderField(HTTPHeaderName::IfUnmodifiedSince)
178             || m_resourceRequest.hasHTTPHeaderField(HTTPHeaderName::IfMatch)
179             || m_resourceRequest.hasHTTPHeaderField(HTTPHeaderName::IfRange)))
180         m_options.cache = FetchOptions::Cache::NoStore;
181
182     switch (m_options.cache) {
183     case FetchOptions::Cache::NoCache:
184         m_resourceRequest.setCachePolicy(RefreshAnyCacheData);
185         m_resourceRequest.addHTTPHeaderFieldIfNotPresent(HTTPHeaderName::CacheControl, HTTPHeaderValues::maxAge0());
186         break;
187     case FetchOptions::Cache::NoStore:
188         m_options.cachingPolicy = CachingPolicy::DisallowCaching;
189         m_resourceRequest.setCachePolicy(DoNotUseAnyCache);
190         m_resourceRequest.addHTTPHeaderFieldIfNotPresent(HTTPHeaderName::Pragma, HTTPHeaderValues::noCache());
191         m_resourceRequest.addHTTPHeaderFieldIfNotPresent(HTTPHeaderName::CacheControl, HTTPHeaderValues::noCache());
192         break;
193     case FetchOptions::Cache::Reload:
194         m_resourceRequest.setCachePolicy(ReloadIgnoringCacheData);
195         m_resourceRequest.addHTTPHeaderFieldIfNotPresent(HTTPHeaderName::Pragma, HTTPHeaderValues::noCache());
196         m_resourceRequest.addHTTPHeaderFieldIfNotPresent(HTTPHeaderName::CacheControl, HTTPHeaderValues::noCache());
197         break;
198     case FetchOptions::Cache::Default:
199         break;
200     case FetchOptions::Cache::ForceCache:
201         m_resourceRequest.setCachePolicy(ReturnCacheDataElseLoad);
202         break;
203     case FetchOptions::Cache::OnlyIfCached:
204         m_resourceRequest.setCachePolicy(ReturnCacheDataDontLoad);
205         break;
206     }
207 }
208
209 void CachedResourceRequest::removeFragmentIdentifierIfNeeded()
210 {
211     URL url = MemoryCache::removeFragmentIdentifierIfNeeded(m_resourceRequest.url());
212     if (url.string() != m_resourceRequest.url())
213         m_resourceRequest.setURL(url);
214 }
215
216 #if ENABLE(CONTENT_EXTENSIONS)
217
218 void CachedResourceRequest::applyBlockedStatus(const ContentExtensions::BlockedStatus& blockedStatus, Page* page)
219 {
220     ContentExtensions::applyBlockedStatusToRequest(blockedStatus, page, m_resourceRequest);
221 }
222
223 #endif
224
225 void CachedResourceRequest::updateReferrerOriginAndUserAgentHeaders(FrameLoader& frameLoader, ReferrerPolicy defaultPolicy)
226 {
227     // Implementing step 7 to 9 of https://fetch.spec.whatwg.org/#http-network-or-cache-fetch
228
229     String outgoingOrigin;
230     String outgoingReferrer = m_resourceRequest.httpReferrer();
231     if (!outgoingReferrer.isNull())
232         outgoingOrigin = SecurityOrigin::createFromString(outgoingReferrer)->toString();
233     else {
234         outgoingReferrer = frameLoader.outgoingReferrer();
235         outgoingOrigin = frameLoader.outgoingOrigin();
236     }
237
238     switch (m_options.referrerPolicy) {
239     case ReferrerPolicy::EmptyString:
240         outgoingReferrer = SecurityPolicy::generateReferrerHeader(defaultPolicy, m_resourceRequest.url(), outgoingReferrer);
241         break;
242     default:
243         outgoingReferrer = SecurityPolicy::generateReferrerHeader(m_options.referrerPolicy, m_resourceRequest.url(), outgoingReferrer);
244         break;
245     };
246
247     if (outgoingReferrer.isEmpty())
248         m_resourceRequest.clearHTTPReferrer();
249     else
250         m_resourceRequest.setHTTPReferrer(outgoingReferrer);
251     FrameLoader::addHTTPOriginIfNeeded(m_resourceRequest, outgoingOrigin);
252
253     frameLoader.applyUserAgentIfNeeded(m_resourceRequest);
254 }
255
256 bool isRequestCrossOrigin(SecurityOrigin* origin, const URL& requestURL, const ResourceLoaderOptions& options)
257 {
258     if (!origin)
259         return false;
260
261     // Using same origin mode guarantees the loader will not do a cross-origin load, so we let it take care of it and just return false.
262     if (options.mode == FetchOptions::Mode::SameOrigin)
263         return false;
264
265     // FIXME: We should remove options.sameOriginDataURLFlag once https://github.com/whatwg/fetch/issues/393 is fixed.
266     if (requestURL.protocolIsData() && options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set)
267         return false;
268
269     return !origin->canRequest(requestURL);
270 }
271
272 void CachedResourceRequest::setDestinationIfNotSet(FetchOptions::Destination destination)
273 {
274     if (m_options.destination != FetchOptions::Destination::EmptyString)
275         return;
276     m_options.destination = destination;
277 }
278
279 #if ENABLE(SERVICE_WORKER)
280 void CachedResourceRequest::setClientIdentifierIfNeeded(DocumentIdentifier clientIdentifier)
281 {
282     if (!m_options.clientIdentifier)
283         m_options.clientIdentifier = clientIdentifier;
284 }
285
286 void CachedResourceRequest::setSelectedServiceWorkerIdentifierIfNeeded(ServiceWorkerIdentifier identifier)
287 {
288     if (isNonSubresourceRequest(m_options.destination))
289         return;
290     if (isPotentialNavigationOrSubresourceRequest(m_options.destination))
291         return;
292
293     if (m_options.serviceWorkersMode == ServiceWorkersMode::None)
294         return;
295     if (m_options.serviceWorkerIdentifier)
296         return;
297
298     m_options.serviceWorkerIdentifier = identifier;
299 }
300
301 void CachedResourceRequest::setNavigationServiceWorkerRegistrationData(const std::optional<ServiceWorkerRegistrationData>& data)
302 {
303     if (!data || !data->activeWorker) {
304         m_options.serviceWorkersMode = ServiceWorkersMode::None;
305         return;
306     }
307     m_options.serviceWorkerIdentifier = data->activeWorker->identifier;
308 }
309 #endif
310
311 } // namespace WebCore