static bool setReferrer(FetchRequest::InternalRequest& request, ScriptExecutionContext& context, const Dictionary& init)
{
String referrer;
if (!init.get("referrer", referrer))
return true;
if (referrer.isEmpty()) {
request.referrer = ASCIILiteral("no-referrer");
return true;
}
// FIXME: Tighten the URL parsing algorithm according https://url.spec.whatwg.org/#concept-url-parser.
URL referrerURL = context.completeURL(referrer);
if (!referrerURL.isValid())
return false;
if (referrerURL.protocolIs("about") && referrerURL.path() == "client") {
request.referrer = ASCIILiteral("client");
return true;
}
if (!(context.securityOrigin() && context.securityOrigin()->canRequest(referrerURL)))
return false;
request.referrer = referrerURL.string();
return true;
}
void FetchLoader::start(ScriptExecutionContext& context, const Blob& blob)
{
auto urlForReading = BlobURL::createPublicURL(context.securityOrigin());
if (urlForReading.isEmpty()) {
m_client.didFail();
return;
}
ThreadableBlobRegistry::registerBlobURL(context.securityOrigin(), urlForReading, blob.url());
ResourceRequest request(urlForReading);
request.setInitiatorIdentifier(context.resourceRequestIdentifier());
request.setHTTPMethod("GET");
ThreadableLoaderOptions options;
options.sendLoadCallbacks = SendCallbacks;
options.dataBufferingPolicy = DoNotBufferData;
options.preflightPolicy = ConsiderPreflight;
options.credentials = FetchOptions::Credentials::Include;
options.mode = FetchOptions::Mode::SameOrigin;
options.contentSecurityPolicyEnforcement = ContentSecurityPolicyEnforcement::DoNotEnforce;
m_loader = ThreadableLoader::create(context, *this, WTFMove(request), options);
m_isStarted = m_loader;
}
ContentSecurityPolicy::ContentSecurityPolicy(ScriptExecutionContext& scriptExecutionContext)
: m_scriptExecutionContext(&scriptExecutionContext)
, m_sandboxFlags(SandboxNone)
{
ASSERT(scriptExecutionContext.securityOrigin());
auto& securityOrigin = *scriptExecutionContext.securityOrigin();
m_selfSourceProtocol = securityOrigin.protocol();
m_selfSource = std::make_unique<ContentSecurityPolicySource>(*this, m_selfSourceProtocol, securityOrigin.host(), securityOrigin.port(), emptyString(), false, false);
}
PassRefPtr<EntrySync> WorkerGlobalScopeFileSystem::webkitResolveLocalFileSystemSyncURL(WorkerGlobalScope* worker, const String& url, ExceptionCode& ec)
{
ec = 0;
KURL completedURL = worker->completeURL(url);
ScriptExecutionContext* secureContext = worker->scriptExecutionContext();
if (!AsyncFileSystem::isAvailable() || !secureContext->securityOrigin()->canAccessFileSystem() || !secureContext->securityOrigin()->canRequest(completedURL)) {
ec = FileException::SECURITY_ERR;
return 0;
}
FileSystemType type;
String filePath;
if (!completedURL.isValid() || !DOMFileSystemBase::crackFileSystemURL(completedURL, type, filePath)) {
ec = FileException::ENCODING_ERR;
return 0;
}
FileSystemSyncCallbackHelper readFileSystemHelper;
LocalFileSystem::localFileSystem().readFileSystem(worker, type, FileSystemCallbacks::create(readFileSystemHelper.successCallback(), readFileSystemHelper.errorCallback(), worker, type), SynchronousFileSystem);
RefPtr<DOMFileSystemSync> fileSystem = readFileSystemHelper.getResult(ec);
if (!fileSystem)
return 0;
RefPtr<EntrySync> entry = fileSystem->root()->getDirectory(filePath, Dictionary(), ec);
if (ec == FileException::TYPE_MISMATCH_ERR)
return fileSystem->root()->getFile(filePath, Dictionary(), ec);
return entry.release();
}
bool NotificationPresenterImpl::show(PassRefPtr<Notification> notification)
{
WebCore::Notification* notify = notification.get();
ScriptExecutionContext* sec = notify->scriptExecutionContext();
String originStr = sec->securityOrigin()->toString();
ALOGV("Inside NotificationPresenterImpl::show notification pointer is %u and ScriptExecutionContext is %u", notify, sec);
s_counter++;
s_notificationMap.set(s_counter, notification);
RefPtr<Notification> notificationptr = s_notificationMap.get(s_counter);
ALOGV("NotificationPresenterImpl::show with res as %d, size as %d ",
s_notificationMap.isEmpty(), s_notificationMap.size());
KURL iconURL = notify->iconURL();
String iconURLStr = iconURL.string();
NotificationContents notcontent = notify->contents();
String titleStr = notcontent.title();
String bodyStr = notcontent.body();
ALOGV("NotificationPresenterImpl::show is ICONURL is %s, COUNTER is %d ", iconURLStr.utf8().data(), s_counter);
bool allow = s_notificationPermissions.get(originStr);
if (allow || m_notificationState == NotificationPresenterImpl::AlwaysON )
m_webViewCore->notificationManagerShow(iconURLStr, titleStr, bodyStr, s_counter);
return true;
}
ExceptionOr<Ref<Database>> DatabaseManager::openDatabase(ScriptExecutionContext& context, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, RefPtr<DatabaseCallback>&& creationCallback)
{
ScriptController::initializeThreading();
bool setVersionInNewDatabase = !creationCallback;
auto openResult = openDatabaseBackend(context, name, expectedVersion, displayName, estimatedSize, setVersionInNewDatabase);
if (openResult.hasException())
return openResult.releaseException();
RefPtr<Database> database = openResult.releaseReturnValue();
auto databaseContext = this->databaseContext(context);
databaseContext->setHasOpenDatabases();
InspectorInstrumentation::didOpenDatabase(&context, database.copyRef(), context.securityOrigin()->host(), name, expectedVersion);
if (database->isNew() && creationCallback.get()) {
LOG(StorageAPI, "Scheduling DatabaseCreationCallbackTask for database %p\n", database.get());
database->setHasPendingCreationEvent(true);
database->m_scriptExecutionContext->postTask([creationCallback, database] (ScriptExecutionContext&) {
creationCallback->handleEvent(database.get());
database->setHasPendingCreationEvent(false);
});
}
return database.releaseNonNull();
}
ExceptionOr<Ref<Database>> DatabaseManager::openDatabaseBackend(ScriptExecutionContext& context, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase)
{
auto databaseContext = this->databaseContext(context);
auto backend = tryToOpenDatabaseBackend(databaseContext, name, expectedVersion, displayName, estimatedSize, setVersionInNewDatabase, FirstTryToOpenDatabase);
if (backend.hasException()) {
if (backend.exception().code() == QUOTA_EXCEEDED_ERR) {
// Notify the client that we've exceeded the database quota.
// The client may want to increase the quota, and we'll give it
// one more try after if that is the case.
{
// FIXME: What guarantees context.securityOrigin() is non-null?
ProposedDatabase proposedDatabase { *this, *context.securityOrigin(), name, displayName, estimatedSize };
databaseContext->databaseExceededQuota(name, proposedDatabase.details());
}
backend = tryToOpenDatabaseBackend(databaseContext, name, expectedVersion, displayName, estimatedSize, setVersionInNewDatabase, RetryOpenDatabase);
}
}
if (backend.hasException()) {
if (backend.exception().code() == INVALID_STATE_ERR)
logErrorMessage(context, backend.exception().message());
else
logOpenDatabaseError(context, name);
}
return backend;
}
void FetchLoader::start(ScriptExecutionContext& context, Blob& blob)
{
auto urlForReading = BlobURL::createPublicURL(context.securityOrigin());
if (urlForReading.isEmpty()) {
m_client.didFail();
return;
}
ThreadableBlobRegistry::registerBlobURL(context.securityOrigin(), urlForReading, blob.url());
ResourceRequest request(urlForReading);
request.setHTTPMethod("GET");
ThreadableLoaderOptions options;
options.setSendLoadCallbacks(SendCallbacks);
options.setSniffContent(DoNotSniffContent);
options.setDataBufferingPolicy(DoNotBufferData);
options.preflightPolicy = ConsiderPreflight;
options.setAllowCredentials(AllowStoredCredentials);
options.crossOriginRequestPolicy = DenyCrossOriginRequests;
options.contentSecurityPolicyEnforcement = ContentSecurityPolicyEnforcement::DoNotEnforce;
m_loader = ThreadableLoader::create(&context, this, request, options);
}
void WorkerGlobalScopeFileSystem::webkitRequestFileSystem(WorkerGlobalScope* worker, int type, long long size, PassRefPtr<FileSystemCallback> successCallback, PassRefPtr<ErrorCallback> errorCallback)
{
ScriptExecutionContext* secureContext = worker->scriptExecutionContext();
if (!AsyncFileSystem::isAvailable() || !secureContext->securityOrigin()->canAccessFileSystem()) {
DOMFileSystem::scheduleCallback(worker, errorCallback, FileError::create(FileError::SECURITY_ERR));
return;
}
FileSystemType fileSystemType = static_cast<FileSystemType>(type);
if (!DOMFileSystemBase::isValidType(fileSystemType)) {
DOMFileSystem::scheduleCallback(worker, errorCallback, FileError::create(FileError::INVALID_MODIFICATION_ERR));
return;
}
LocalFileSystem::localFileSystem().requestFileSystem(worker, fileSystemType, size, FileSystemCallbacks::create(successCallback, errorCallback, worker, fileSystemType), AsynchronousFileSystem);
}
void WorkerGlobalScopeFileSystem::webkitResolveLocalFileSystemURL(WorkerGlobalScope* worker, const String& url, PassRefPtr<EntryCallback> successCallback, PassRefPtr<ErrorCallback> errorCallback)
{
KURL completedURL = worker->completeURL(url);
ScriptExecutionContext* secureContext = worker->scriptExecutionContext();
if (!AsyncFileSystem::isAvailable() || !secureContext->securityOrigin()->canAccessFileSystem() || !secureContext->securityOrigin()->canRequest(completedURL)) {
DOMFileSystem::scheduleCallback(worker, errorCallback, FileError::create(FileError::SECURITY_ERR));
return;
}
FileSystemType type;
String filePath;
if (!completedURL.isValid() || !DOMFileSystemBase::crackFileSystemURL(completedURL, type, filePath)) {
DOMFileSystem::scheduleCallback(worker, errorCallback, FileError::create(FileError::ENCODING_ERR));
return;
}
LocalFileSystem::localFileSystem().readFileSystem(worker, type, ResolveURICallbacks::create(successCallback, errorCallback, worker, type, filePath));
}
PassRefPtr<DOMFileSystemSync> WorkerGlobalScopeFileSystem::webkitRequestFileSystemSync(WorkerGlobalScope* worker, int type, long long size, ExceptionCode& ec)
{
ec = 0;
ScriptExecutionContext* secureContext = worker->scriptExecutionContext();
if (!AsyncFileSystem::isAvailable() || !secureContext->securityOrigin()->canAccessFileSystem()) {
ec = FileException::SECURITY_ERR;
return 0;
}
FileSystemType fileSystemType = static_cast<FileSystemType>(type);
if (!DOMFileSystemBase::isValidType(fileSystemType)) {
ec = FileException::INVALID_MODIFICATION_ERR;
return 0;
}
FileSystemSyncCallbackHelper helper;
LocalFileSystem::localFileSystem().requestFileSystem(worker, fileSystemType, size, FileSystemCallbacks::create(helper.successCallback(), helper.errorCallback(), worker, fileSystemType), SynchronousFileSystem);
return helper.getResult(ec);
}
static void logOpenDatabaseError(ScriptExecutionContext& context, const String& name)
{
LOG(StorageAPI, "Database %s for origin %s not allowed to be established", name.utf8().data(), context.securityOrigin()->toString().utf8().data());
}