bool DocumentLoader::maybeCreateArchive()
{
// Only the top-frame can load MHTML.
if (m_frame->tree().parent())
return false;
// Give the archive machinery a crack at this document. If the MIME type is not an archive type, it will return 0.
if (!isArchiveMIMEType(m_response.mimeType()))
return false;
ASSERT(m_mainResource);
m_archive = MHTMLArchive::create(m_response.url(), m_mainResource->resourceBuffer());
// Invalid MHTML.
if (!m_archive || !m_archive->mainResource()) {
m_archive.clear();
return false;
}
addAllArchiveResources(m_archive.get());
ArchiveResource* mainResource = m_archive->mainResource();
// The origin is the MHTML file, we need to set the base URL to the document encoded in the MHTML so
// relative URLs are resolved properly.
ensureWriter(mainResource->mimeType(), m_archive->mainResource()->url());
// The Document has now been created.
document()->enforceSandboxFlags(SandboxAll);
commitData(mainResource->data()->data(), mainResource->data()->size());
return true;
}
void DocumentLoader::dataReceived(Resource* resource, const char* data, unsigned length)
{
ASSERT(data);
ASSERT(length);
ASSERT_UNUSED(resource, resource == m_mainResource);
ASSERT(!m_response.isNull());
ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading());
// Both unloading the old page and parsing the new page may execute JavaScript which destroys the datasource
// by starting a new load, so retain temporarily.
RefPtrWillBeRawPtr<LocalFrame> protectFrame(m_frame);
RefPtr<DocumentLoader> protectLoader(this);
m_applicationCacheHost->mainResourceDataReceived(data, length);
m_timeOfLastDataReceived = monotonicallyIncreasingTime();
if (isArchiveMIMEType(response().mimeType()))
return;
commitIfReady();
if (!frameLoader())
return;
commitData(data, length);
// If we are sending data to MediaDocument, we should stop here
// and cancel the request.
if (m_frame && m_frame->document()->isMediaDocument())
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
}
void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse& response)
{
ASSERT_UNUSED(resource, m_mainResource == resource);
RefPtr<DocumentLoader> protect(this);
m_applicationCacheHost->didReceiveResponseForMainResource(response);
// The memory cache doesn't understand the application cache or its caching rules. So if a main resource is served
// from the application cache, ensure we don't save the result for future use. All responses loaded
// from appcache will have a non-zero appCacheID().
if (response.appCacheID())
memoryCache()->remove(m_mainResource.get());
DEFINE_STATIC_LOCAL(AtomicString, xFrameOptionHeader, ("x-frame-options", AtomicString::ConstructFromLiteral));
HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(xFrameOptionHeader);
if (it != response.httpHeaderFields().end()) {
String content = it->value;
ASSERT(m_mainResource);
unsigned long identifier = mainResourceIdentifier();
ASSERT(identifier);
if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), identifier)) {
InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame, this, identifier, response);
String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
frame()->document()->addConsoleMessageWithRequestIdentifier(SecurityMessageSource, ErrorMessageLevel, message, identifier);
frame()->document()->enforceSandboxFlags(SandboxOrigin);
if (HTMLFrameOwnerElement* ownerElement = frame()->ownerElement())
ownerElement->dispatchEvent(Event::create(EventTypeNames::load));
// The load event might have detached this frame. In that case, the load will already have been cancelled during detach.
if (frameLoader())
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
return;
}
}
ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading());
m_response = response;
if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->dataBufferingPolicy() != BufferData)
m_mainResource->setDataBufferingPolicy(BufferData);
if (!shouldContinueForResponse()) {
InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_mainResource->identifier(), m_response);
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
return;
}
if (m_response.isHTTP()) {
int status = m_response.httpStatusCode();
if ((status < 200 || status >= 300) && m_frame->ownerElement() && m_frame->ownerElement()->isObjectElement()) {
m_frame->ownerElement()->renderFallbackContent();
// object elements are no longer rendered after we fallback, so don't
// keep trying to process data from their load
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
}
}
}
void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse& response, std::unique_ptr<WebDataConsumerHandle> handle)
{
ASSERT_UNUSED(resource, m_mainResource == resource);
ASSERT_UNUSED(handle, !handle);
ASSERT(frame());
m_applicationCacheHost->didReceiveResponseForMainResource(response);
// The memory cache doesn't understand the application cache or its caching rules. So if a main resource is served
// from the application cache, ensure we don't save the result for future use. All responses loaded
// from appcache will have a non-zero appCacheID().
if (response.appCacheID())
memoryCache()->remove(m_mainResource.get());
m_contentSecurityPolicy = ContentSecurityPolicy::create();
m_contentSecurityPolicy->setOverrideURLForSelf(response.url());
m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(response));
if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) {
cancelLoadAfterXFrameOptionsOrCSPDenied(response);
return;
}
// 'frame-ancestors' obviates 'x-frame-options': https://w3c.github.io/webappsec/specs/content-security-policy/#frame-ancestors-and-frame-options
if (!m_contentSecurityPolicy->isFrameAncestorsEnforced()) {
HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(HTTPNames::X_Frame_Options);
if (it != response.httpHeaderFields().end()) {
String content = it->value;
if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), mainResourceIdentifier())) {
String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest(SecurityMessageSource, ErrorMessageLevel, message, response.url(), mainResourceIdentifier());
frame()->document()->addConsoleMessage(consoleMessage);
cancelLoadAfterXFrameOptionsOrCSPDenied(response);
return;
}
}
}
ASSERT(!m_frame->page()->defersLoading());
m_response = response;
if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->getDataBufferingPolicy() != BufferData)
m_mainResource->setDataBufferingPolicy(BufferData);
if (!shouldContinueForResponse()) {
InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_mainResource->identifier(), m_response, m_mainResource.get());
m_fetcher->stopFetching();
return;
}
if (m_response.isHTTP()) {
int status = m_response.httpStatusCode();
if ((status < 200 || status >= 300) && m_frame->owner())
m_frame->owner()->renderFallbackContent();
}
}
PassRefPtr<SharedBuffer> DocumentLoader::mainResourceData() const
{
ASSERT(isArchiveMIMEType(m_response.mimeType()));
if (m_substituteData.isValid())
return m_substituteData.content()->copy();
if (m_mainResource)
return m_mainResource->resourceBuffer();
return 0;
}
void DocumentLoader::commitLoad(const char* data, int length)
{
// Both unloading the old page and parsing the new page may execute JavaScript which destroys the datasource
// by starting a new load, so retain temporarily.
RefPtr<Frame> protectFrame(m_frame);
RefPtr<DocumentLoader> protectLoader(this);
commitIfReady();
FrameLoader* frameLoader = DocumentLoader::frameLoader();
if (!frameLoader)
return;
if (isArchiveMIMEType(response().mimeType()))
return;
frameLoader->client()->committedLoad(this, data, length);
}
void DocumentLoader::processData(const char* data, size_t length) {
m_applicationCacheHost->mainResourceDataReceived(data, length);
m_timeOfLastDataReceived = monotonicallyIncreasingTime();
if (isArchiveMIMEType(response().mimeType()))
return;
commitIfReady();
if (!frameLoader())
return;
commitData(data, length);
// If we are sending data to MediaDocument, we should stop here and cancel the
// request.
if (m_frame && m_frame->document()->isMediaDocument())
m_fetcher->stopFetching();
}
bool DocumentLoader::maybeCreateArchive()
{
// Give the archive machinery a crack at this document. If the MIME type is not an archive type, it will return 0.
if (!isArchiveMIMEType(m_response.mimeType()))
return false;
m_archive = MHTMLArchive::create(m_response.url(), mainResourceData().get());
ASSERT(m_archive);
addAllArchiveResources(m_archive.get());
ArchiveResource* mainResource = m_archive->mainResource();
m_writer.setMIMEType(mainResource->mimeType());
ASSERT(m_frame->document());
commitData(mainResource->data()->data(), mainResource->data()->size());
return true;
}
bool DocumentLoader::maybeCreateArchive()
{
// Give the archive machinery a crack at this document. If the MIME type is not an archive type, it will return 0.
if (!isArchiveMIMEType(m_response.mimeType()))
return false;
ASSERT(m_mainResource);
ArchiveResource* mainResource = m_fetcher->createArchive(m_mainResource.get());
if (!mainResource)
return false;
// The origin is the MHTML file, we need to set the base URL to the document encoded in the MHTML so
// relative URLs are resolved properly.
ensureWriter(mainResource->mimeType(), mainResource->url());
// The Document has now been created.
m_frame->document()->enforceSandboxFlags(SandboxAll);
commitData(mainResource->data()->data(), mainResource->data()->size());
return true;
}
void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse& response, PassOwnPtr<WebDataConsumerHandle> handle)
{
ASSERT_UNUSED(resource, m_mainResource == resource);
ASSERT_UNUSED(handle, !handle);
RefPtr<DocumentLoader> protect(this);
m_applicationCacheHost->didReceiveResponseForMainResource(response);
// The memory cache doesn't understand the application cache or its caching rules. So if a main resource is served
// from the application cache, ensure we don't save the result for future use. All responses loaded
// from appcache will have a non-zero appCacheID().
if (response.appCacheID())
memoryCache()->remove(m_mainResource.get());
DEFINE_STATIC_LOCAL(AtomicString, xFrameOptionHeader, ("x-frame-options", AtomicString::ConstructFromLiteral));
HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(xFrameOptionHeader);
if (it != response.httpHeaderFields().end()) {
String content = it->value;
if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), mainResourceIdentifier())) {
String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
RefPtrWillBeRawPtr<ConsoleMessage> consoleMessage = ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message);
consoleMessage->setRequestIdentifier(mainResourceIdentifier());
frame()->document()->addConsoleMessage(consoleMessage.release());
cancelLoadAfterXFrameOptionsOrCSPDenied(response);
return;
}
}
m_contentSecurityPolicy = ContentSecurityPolicy::create();
m_contentSecurityPolicy->setOverrideURLForSelf(response.url());
m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(response));
if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) {
cancelLoadAfterXFrameOptionsOrCSPDenied(response);
return;
}
ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading());
m_response = response;
if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->dataBufferingPolicy() != BufferData)
m_mainResource->setDataBufferingPolicy(BufferData);
if (!shouldContinueForResponse()) {
InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_mainResource->identifier(), m_response);
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
return;
}
if (m_response.isHTTP()) {
int status = m_response.httpStatusCode();
// FIXME: Fallback content only works if the parent is in the same processs.
if ((status < 200 || status >= 300) && m_frame->owner()) {
if (!m_frame->deprecatedLocalOwner()) {
ASSERT_NOT_REACHED();
} else if (m_frame->deprecatedLocalOwner()->isObjectElement()) {
m_frame->deprecatedLocalOwner()->renderFallbackContent();
// object elements are no longer rendered after we fallback, so don't
// keep trying to process data from their load
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
}
}
}
}
