Changeset 201924 in webkit

Timestamp:

Jun 10, 2016 6:26:30 AM (8 years ago)

Author:

youenn.fablet@crf.canon.fr

Message:

Move preflight check code outside of DocumentThreadableLoader
​https://bugs.webkit.org/show_bug.cgi?id=158425

Reviewed by Darin Adler.

Moving preflight check code in its own class.
This allows code to be easier to read, use/reuse and update.

Behavior should be the same as before except in the case of a preflight response
being a 3XX redirect response.
Before this patch, the 3XX response was directly passed to the code processing regular responses.
To keep compatibility with existing tests, a didFailRedirectCheck callback is called.
This should be change to a preflight failure.

Covered by existing tests.

• CMakeLists.txt:
• WebCore.xcodeproj/project.pbxproj:
• loader/CrossOriginPreflightChecker.cpp: Added.

(WebCore::CrossOriginPreflightChecker::CrossOriginPreflightChecker):
(WebCore::CrossOriginPreflightChecker::~CrossOriginPreflightChecker):
(WebCore::CrossOriginPreflightChecker::handleLoadingFailure):
(WebCore::CrossOriginPreflightChecker::validatePreflightResponse):
(WebCore::CrossOriginPreflightChecker::notifyFinished):
(WebCore::CrossOriginPreflightChecker::startPreflight):
(WebCore::CrossOriginPreflightChecker::doPreflight):
(WebCore::CrossOriginPreflightChecker::redirectReceived):
(WebCore::CrossOriginPreflightChecker::setDefersLoading):
(WebCore::CrossOriginPreflightChecker::isXMLHttpRequest):

• loader/CrossOriginPreflightChecker.h: Added.
• loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::create):
(WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
(WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight):
(WebCore::DocumentThreadableLoader::setDefersLoading):
(WebCore::DocumentThreadableLoader::clearResource):
(WebCore::DocumentThreadableLoader::didReceiveResponse):
(WebCore::DocumentThreadableLoader::didReceiveData):
(WebCore::DocumentThreadableLoader::notifyFinished):
(WebCore::DocumentThreadableLoader::didFinishLoading):
(WebCore::DocumentThreadableLoader::didFail):
(WebCore::DocumentThreadableLoader::preflightSuccess):
(WebCore::DocumentThreadableLoader::preflightFailure):
(WebCore::DocumentThreadableLoader::loadRequest):
(WebCore::DocumentThreadableLoader::responseReceived): Deleted.
(WebCore::DocumentThreadableLoader::dataReceived): Deleted.
(WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Deleted.

• loader/DocumentThreadableLoader.h:

(WebCore::DocumentThreadableLoader::options):
(WebCore::DocumentThreadableLoader::isLoading):
(WebCore::DocumentThreadableLoader::document):

Location:

trunk/Source/WebCore

Files:

• CMakeLists.txt (modified) (1 diff)
• ChangeLog (modified) (1 diff)
• WebCore.xcodeproj/project.pbxproj (modified) (5 diffs)
• loader/CrossOriginPreflightChecker.cpp (added)
• loader/CrossOriginPreflightChecker.h (added)
• loader/DocumentThreadableLoader.cpp (modified) (12 diffs)
• loader/DocumentThreadableLoader.h (modified) (6 diffs)

trunk/Source/WebCore/CMakeLists.txt

@@ -1901 +1901 @@
     loader/CookieJar.cpp
     loader/CrossOriginAccessControl.cpp
+    loader/CrossOriginPreflightChecker.cpp
     loader/CrossOriginPreflightResultCache.cpp
     loader/DocumentLoadTiming.cpp

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2016-06-10  Youenn Fablet  <youenn.fablet@crf.canon.fr>
+
+        Move preflight check code outside of DocumentThreadableLoader
+        https://bugs.webkit.org/show_bug.cgi?id=158425
+
+        Reviewed by Darin Adler.
+
+        Moving preflight check code in its own class.
+        This allows code to be easier to read, use/reuse and update.
+
+        Behavior should be the same as before except in the case of a preflight response
+        being a 3XX redirect response.
+        Before this patch, the 3XX response was directly passed to the code processing regular responses.
+        To keep compatibility with existing tests, a didFailRedirectCheck callback is called.
+        This should be change to a preflight failure.
+
+        Covered by existing tests.
+
+        * CMakeLists.txt:
+        * WebCore.xcodeproj/project.pbxproj:
+        * loader/CrossOriginPreflightChecker.cpp: Added.
+        (WebCore::CrossOriginPreflightChecker::CrossOriginPreflightChecker):
+        (WebCore::CrossOriginPreflightChecker::~CrossOriginPreflightChecker):
+        (WebCore::CrossOriginPreflightChecker::handleLoadingFailure):
+        (WebCore::CrossOriginPreflightChecker::validatePreflightResponse):
+        (WebCore::CrossOriginPreflightChecker::notifyFinished):
+        (WebCore::CrossOriginPreflightChecker::startPreflight):
+        (WebCore::CrossOriginPreflightChecker::doPreflight):
+        (WebCore::CrossOriginPreflightChecker::redirectReceived):
+        (WebCore::CrossOriginPreflightChecker::setDefersLoading):
+        (WebCore::CrossOriginPreflightChecker::isXMLHttpRequest):
+        * loader/CrossOriginPreflightChecker.h: Added.
+        * loader/DocumentThreadableLoader.cpp:
+        (WebCore::DocumentThreadableLoader::create):
+        (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
+        (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight):
+        (WebCore::DocumentThreadableLoader::setDefersLoading):
+        (WebCore::DocumentThreadableLoader::clearResource):
+        (WebCore::DocumentThreadableLoader::didReceiveResponse):
+        (WebCore::DocumentThreadableLoader::didReceiveData):
+        (WebCore::DocumentThreadableLoader::notifyFinished):
+        (WebCore::DocumentThreadableLoader::didFinishLoading):
+        (WebCore::DocumentThreadableLoader::didFail):
+        (WebCore::DocumentThreadableLoader::preflightSuccess):
+        (WebCore::DocumentThreadableLoader::preflightFailure):
+        (WebCore::DocumentThreadableLoader::loadRequest):
+        (WebCore::DocumentThreadableLoader::responseReceived): Deleted.
+        (WebCore::DocumentThreadableLoader::dataReceived): Deleted.
+        (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Deleted.
+        * loader/DocumentThreadableLoader.h:
+        (WebCore::DocumentThreadableLoader::options):
+        (WebCore::DocumentThreadableLoader::isLoading):
+        (WebCore::DocumentThreadableLoader::document):
+
 2016-06-10  Adam Bergkvist  <adam.bergkvist@ericsson.com>
 

trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -1570 +1570 @@
                 41A3D58E101C152D00316D07 /* DedicatedWorkerThread.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 41A3D58C101C152D00316D07 /* DedicatedWorkerThread.cpp */; };
                 41A3D58F101C152D00316D07 /* DedicatedWorkerThread.h in Headers */ = {isa = PBXBuildFile; fileRef = 41A3D58D101C152D00316D07 /* DedicatedWorkerThread.h */; };
+                41ABE67B1D0580DB006D862D /* CrossOriginPreflightChecker.h in Headers */ = {isa = PBXBuildFile; fileRef = 41ABE67A1D0580D5006D862D /* CrossOriginPreflightChecker.h */; };
+                41ABE67C1D0580E0006D862D /* CrossOriginPreflightChecker.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 41ABE6791D0580D5006D862D /* CrossOriginPreflightChecker.cpp */; };
                 41AD753A1CEF6BD100A31486 /* FetchOptions.h in Headers */ = {isa = PBXBuildFile; fileRef = 41AD75391CEF6BCE00A31486 /* FetchOptions.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 41BF700C0FE86F49005E8DEC /* MessagePortChannel.h in Headers */ = {isa = PBXBuildFile; fileRef = 41BF700A0FE86F49005E8DEC /* MessagePortChannel.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -9084 +9086 @@
                 41A3D58C101C152D00316D07 /* DedicatedWorkerThread.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DedicatedWorkerThread.cpp; sourceTree = "<group>"; };
                 41A3D58D101C152D00316D07 /* DedicatedWorkerThread.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DedicatedWorkerThread.h; sourceTree = "<group>"; };
+                41ABE6791D0580D5006D862D /* CrossOriginPreflightChecker.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CrossOriginPreflightChecker.cpp; sourceTree = "<group>"; };
+                41ABE67A1D0580D5006D862D /* CrossOriginPreflightChecker.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CrossOriginPreflightChecker.h; sourceTree = "<group>"; };
                 41AD75391CEF6BCE00A31486 /* FetchOptions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FetchOptions.h; sourceTree = "<group>"; };
                 41BF700A0FE86F49005E8DEC /* MessagePortChannel.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MessagePortChannel.h; sourceTree = "<group>"; };
@@ -22761 +22765 @@
                                 E1C416160F6563180092D2FB /* CrossOriginAccessControl.cpp */,
                                 E1C416110F6562FD0092D2FB /* CrossOriginAccessControl.h */,
+                                41ABE6791D0580D5006D862D /* CrossOriginPreflightChecker.cpp */,
+                                41ABE67A1D0580D5006D862D /* CrossOriginPreflightChecker.h */,
                                 E1C415DD0F655D7C0092D2FB /* CrossOriginPreflightResultCache.cpp */,
                                 E1C415D90F655D6F0092D2FB /* CrossOriginPreflightResultCache.h */,
@@ -25599 +25605 @@
                                 26A807851B18F97700E219BE /* DFACombiner.h in Headers */,
                                 26A517FE1AB92238006335DF /* DFAMinimizer.h in Headers */,
+                                41ABE67B1D0580DB006D862D /* CrossOriginPreflightChecker.h in Headers */,
                                 267725FF1A5B3AD9003C24DD /* DFANode.h in Headers */,
                                 CD19A2681A13E700008D650E /* DiagnosticLoggingClient.h in Headers */,
@@ -29703 +29710 @@
                                 BC1A37BF097C715F0019F3D8 /* DOMUtility.mm in Sources */,
                                 15C770A5100D41CD005BA267 /* DOMValidityState.mm in Sources */,
+                                41ABE67C1D0580E0006D862D /* CrossOriginPreflightChecker.cpp in Sources */,
                                 31C0FF4A0E4CEFDD007D6FE5 /* DOMWebKitAnimationEvent.mm in Sources */,
                                 3106037A143281CD00ABF4BA /* DOMWebKitCSSFilterValue.mm in Sources */,

trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp

@@ -38 +38 @@
 #include "ContentSecurityPolicy.h"
 #include "CrossOriginAccessControl.h"
+#include "CrossOriginPreflightChecker.h"
 #include "CrossOriginPreflightResultCache.h"
 #include "Document.h"
@@ -71 +72 @@
 {
     RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, client, LoadAsynchronously, request, options, WTFMove(contentSecurityPolicy)));
-    if (!loader->m_resource)
+    if (!loader->isLoading())
         loader = nullptr;
     return loader;
@@ -112 +113 @@
     ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl);
 
-    auto crossOriginRequest = std::make_unique<ResourceRequest>(request);
-    updateRequestForAccessControl(*crossOriginRequest, securityOrigin(), m_options.allowCredentials());
-
-    if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAccessRequest(crossOriginRequest->httpMethod(), crossOriginRequest->httpHeaderFields())) || m_options.preflightPolicy == PreventPreflight)
-        makeSimpleCrossOriginAccessRequest(*crossOriginRequest);
+    auto crossOriginRequest = request;
+    updateRequestForAccessControl(crossOriginRequest, securityOrigin(), m_options.allowCredentials());
+
+    if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAccessRequest(crossOriginRequest.httpMethod(), crossOriginRequest.httpHeaderFields())) || m_options.preflightPolicy == PreventPreflight)
+        makeSimpleCrossOriginAccessRequest(crossOriginRequest);
     else {
         m_simpleRequest = false;
-        m_actualRequest = WTFMove(crossOriginRequest);
-
-        if (CrossOriginPreflightResultCache::singleton().canSkipPreflight(securityOrigin()->toString(), m_actualRequest->url(), m_options.allowCredentials(), m_actualRequest->httpMethod(), m_actualRequest->httpHeaderFields()))
-            preflightSuccess();
+        if (CrossOriginPreflightResultCache::singleton().canSkipPreflight(securityOrigin()->toString(), crossOriginRequest.url(), m_options.allowCredentials(), crossOriginRequest.httpMethod(), crossOriginRequest.httpHeaderFields()))
+            preflightSuccess(WTFMove(crossOriginRequest));
         else
-            makeCrossOriginAccessRequestWithPreflight(*m_actualRequest);
+            makeCrossOriginAccessRequestWithPreflight(WTFMove(crossOriginRequest));
     }
 }
@@ -142 +141 @@
 }
 
-void DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight(const ResourceRequest& request)
-{
-    ResourceRequest preflightRequest = createAccessControlPreflightRequest(request, securityOrigin());
-    loadRequest(preflightRequest, DoSecurityCheck);
+void DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight(ResourceRequest&& request)
+{
+    if (m_async) {
+        m_preflightChecker = CrossOriginPreflightChecker(*this, WTFMove(request));
+        m_preflightChecker->startPreflight();
+        return;
+    }
+    CrossOriginPreflightChecker::doPreflight(*this, WTFMove(request));
 }
 
@@ -172 +175 @@
     if (m_resource)
         m_resource->setDefersLoading(value);
+    if (m_preflightChecker)
+        m_preflightChecker->setDefersLoading(value);
 }
 
@@ -184 +189 @@
         resource->removeClient(this);
     }
+    if (m_preflightChecker)
+        m_preflightChecker = Nullopt;
 }
 
@@ -261 +268 @@
 
     String accessControlErrorDescription;
-    if (m_actualRequest) {
-        DocumentLoader* loader = m_document.frame()->loader().documentLoader();
-        InspectorInstrumentationCookie cookie = InspectorInstrumentation::willReceiveResourceResponse(m_document.frame());
-        InspectorInstrumentation::didReceiveResourceResponse(cookie, identifier, loader, response, 0);
-
+    if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
         if (!passesAccessControlCheck(response, m_options.allowCredentials(), securityOrigin(), accessControlErrorDescription)) {
-            preflightFailure(identifier, response.url(), accessControlErrorDescription);
+            m_client->didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription));
             return;
         }
-
-        StoredCredentials allowCredentials = m_options.allowCredentials();
-        auto preflightResult = std::make_unique<CrossOriginPreflightResultCacheItem>(allowCredentials);
-        if (!preflightResult->parse(response, accessControlErrorDescription)
-            || !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod(), accessControlErrorDescription)
-            || !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields(), accessControlErrorDescription)) {
-            preflightFailure(identifier, response.url(), accessControlErrorDescription);
-            return;
-        }
-
-        CrossOriginPreflightResultCache::singleton().appendEntry(securityOrigin()->toString(), m_actualRequest->url(), WTFMove(preflightResult));
-    } else {
-        if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
-            if (!passesAccessControlCheck(response, m_options.allowCredentials(), securityOrigin(), accessControlErrorDescription)) {
-                m_client->didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription));
-                return;
-            }
-        }
-
-        m_client->didReceiveResponse(identifier, response);
-    }
+    }
+
+    m_client->didReceiveResponse(identifier, response);
 }
 
@@ -299 +284 @@
 }
 
-void DocumentThreadableLoader::didReceiveData(unsigned long identifier, const char* data, int dataLength)
-{
-    ASSERT(m_client);
-
-    // Preflight data should be invisible to clients.
-    if (m_actualRequest) {
-        InspectorInstrumentation::didReceiveData(m_document.frame(), identifier, 0, 0, dataLength);
-        return;
-    }
+void DocumentThreadableLoader::didReceiveData(unsigned long, const char* data, int dataLength)
+{
+    ASSERT(m_client);
 
     m_client->didReceiveData(data, dataLength);
@@ -316 +295 @@
     ASSERT(m_client);
     ASSERT_UNUSED(resource, resource == m_resource);
-        
+
     if (m_resource->errorOccurred())
         didFail(m_resource->identifier(), m_resource->resourceError());
@@ -325 +304 @@
 void DocumentThreadableLoader::didFinishLoading(unsigned long identifier, double finishTime)
 {
-    if (m_actualRequest) {
-        InspectorInstrumentation::didFinishLoading(m_document.frame(), m_document.frame()->loader().documentLoader(), identifier, finishTime);
-
-        ASSERT(!m_sameOriginRequest);
-        ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl);
-        preflightSuccess();
-    } else
-        m_client->didFinishLoading(identifier, finishTime);
-}
-
-void DocumentThreadableLoader::didFail(unsigned long identifier, const ResourceError& error)
-{
-    if (m_actualRequest)
-        InspectorInstrumentation::didFailLoading(m_document.frame(), m_document.frame()->loader().documentLoader(), identifier, error);
-
+    ASSERT(m_client);
+    m_client->didFinishLoading(identifier, finishTime);
+}
+
+void DocumentThreadableLoader::didFail(unsigned long, const ResourceError& error)
+{
+    ASSERT(m_client);
     m_client->didFail(error);
 }
 
-void DocumentThreadableLoader::preflightSuccess()
-{
-    std::unique_ptr<ResourceRequest> actualRequest;
-    actualRequest.swap(m_actualRequest);
-
-    actualRequest->setHTTPOrigin(securityOrigin()->toString());
-
-    clearResource();
+void DocumentThreadableLoader::preflightSuccess(ResourceRequest&& request)
+{
+    ResourceRequest actualRequest(WTFMove(request));
+    actualRequest.setHTTPOrigin(securityOrigin()->toString());
+
+    m_preflightChecker = Nullopt;
 
     // It should be ok to skip the security check since we already asked about the preflight request.
-    loadRequest(*actualRequest, SkipSecurityCheck);
-}
-
-void DocumentThreadableLoader::preflightFailure(unsigned long identifier, const URL& url, const String& errorDescription)
-{
-    ResourceError error(errorDomainWebKitInternal, 0, url, errorDescription);
-    if (m_actualRequest)
-        InspectorInstrumentation::didFailLoading(m_document.frame(), m_document.frame()->loader().documentLoader(), identifier, error);
-
-    m_actualRequest = nullptr; // Prevent didFinishLoading() from bypassing access check.
+    loadRequest(actualRequest, SkipSecurityCheck);
+}
+
+void DocumentThreadableLoader::preflightFailure(unsigned long identifier, const ResourceError& error)
+{
+    m_preflightChecker = Nullopt;
+
+    InspectorInstrumentation::didFailLoading(m_document.frame(), m_document.frame()->loader().documentLoader(), identifier, error);
+
+    ASSERT(m_client);
     m_client->didFailAccessControlCheck(error);
 }
@@ -377 +346 @@
         ThreadableLoaderOptions options = m_options;
         options.setClientCredentialPolicy(DoNotAskClientForCrossOriginCredentials);
-        if (m_actualRequest) {
-            // Don't sniff content or send load callbacks for the preflight request.
-            options.setSendLoadCallbacks(DoNotSendCallbacks);
-            options.setSniffContent(DoNotSniffContent);
-            // Keep buffering the data for the preflight request.
-            options.setDataBufferingPolicy(BufferData);
-        }
 
         CachedResourceRequest newRequest(request, options);
@@ -395 +357 @@
         return;
     }
-    
+
     // FIXME: ThreadableLoaderOptions.sniffContent is not supported for synchronous requests.
     RefPtr<SharedBuffer> data;

trunk/Source/WebCore/loader/DocumentThreadableLoader.h

@@ -32 +32 @@
 #define DocumentThreadableLoader_h
 
-#include "CachedRawResourceClient.h"
-#include "CachedResourceHandle.h"
+#include "CrossOriginPreflightChecker.h"
 #include "ThreadableLoader.h"
 
@@ -40 +39 @@
     class ContentSecurityPolicy;
     class Document;
-    class URL;
-    class ResourceRequest;
     class SecurityOrigin;
     class ThreadableLoaderClient;
@@ -58 +55 @@
         void cancel() override;
         virtual void setDefersLoading(bool);
+
+        friend CrossOriginPreflightChecker;
 
         using RefCounted<DocumentThreadableLoader>::ref;
@@ -88 +87 @@
         void didFail(unsigned long identifier, const ResourceError&);
         void makeCrossOriginAccessRequest(const ResourceRequest&);
-        void makeSimpleCrossOriginAccessRequest(const ResourceRequest& request);
-        void makeCrossOriginAccessRequestWithPreflight(const ResourceRequest& request);
-        void preflightSuccess();
-        void preflightFailure(unsigned long identifier, const URL&, const String& errorDescription);
+        void makeSimpleCrossOriginAccessRequest(const ResourceRequest&);
+        void makeCrossOriginAccessRequestWithPreflight(ResourceRequest&&);
+        void preflightSuccess(ResourceRequest&&);
+        void preflightFailure(unsigned long identifier, const ResourceError&);
 
         void loadRequest(const ResourceRequest&, SecurityCheckPolicy);
@@ -102 +101 @@
         const ContentSecurityPolicy& contentSecurityPolicy() const;
 
+        Document& document() { return m_document; }
+        const ThreadableLoaderOptions& options() const { return m_options; }
+        bool isLoading() { return m_resource || m_preflightChecker; }
+
         CachedResourceHandle<CachedRawResource> m_resource;
         ThreadableLoaderClient* m_client;
@@ -109 +112 @@
         bool m_simpleRequest;
         bool m_async;
-        std::unique_ptr<ResourceRequest> m_actualRequest; // non-null during Access Control preflight checks
         std::unique_ptr<ContentSecurityPolicy> m_contentSecurityPolicy;
+        Optional<CrossOriginPreflightChecker> m_preflightChecker;
     };