static CFURLRequestRef makeFinalRequest(const ResourceRequest& request, bool shouldContentSniff) { CFMutableURLRequestRef newRequest = CFURLRequestCreateMutableCopy(kCFAllocatorDefault, request.cfURLRequest()); if (!shouldContentSniff) wkSetCFURLRequestShouldContentSniff(newRequest, false); RetainPtr<CFMutableDictionaryRef> sslProps; if (allowsAnyHTTPSCertificateHosts().contains(request.url().host().lower())) { sslProps.adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue); } HashMap<String, RetainPtr<CFDataRef> >::iterator clientCert = clientCerts().find(request.url().host().lower()); if (clientCert != clientCerts().end()) { if (!sslProps) sslProps.adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)); wkSetClientCertificateInSSLProperties(sslProps.get(), (clientCert->second).get()); } if (sslProps) CFURLRequestSetSSLProperties(newRequest, sslProps.get()); if (CFHTTPCookieStorageRef cookieStorage = currentCookieStorage()) { CFURLRequestSetHTTPCookieStorage(newRequest, cookieStorage); CFURLRequestSetHTTPCookieStorageAcceptPolicy(newRequest, CFHTTPCookieStorageGetCookieAcceptPolicy(cookieStorage)); } return newRequest; }
void ResourceHandle::setClientCertificate(const String& host, CFDataRef cert) { clientCerts().set(host.lower(), cert); }
void ResourceHandle::createCFURLConnection(bool shouldUseCredentialStorage, bool shouldContentSniff, SchedulingBehavior schedulingBehavior, CFDictionaryRef clientProperties) { if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) { // Credentials for ftp can only be passed in URL, the didReceiveAuthenticationChallenge delegate call won't be made. URL urlWithCredentials(firstRequest().url()); urlWithCredentials.setUser(d->m_user); urlWithCredentials.setPass(d->m_pass); firstRequest().setURL(urlWithCredentials); } // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, // try and reuse the credential preemptively, as allowed by RFC 2617. if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) { if (d->m_user.isEmpty() && d->m_pass.isEmpty()) { // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, // try and reuse the credential preemptively, as allowed by RFC 2617. d->m_initialCredential = CredentialStorage::get(firstRequest().url()); } else { // If there is already a protection space known for the URL, update stored credentials before sending a request. // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately // (so that an authentication dialog doesn't pop up). CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url()); } } if (!d->m_initialCredential.isEmpty()) { // FIXME: Support Digest authentication, and Proxy-Authorization. applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential); } RetainPtr<CFMutableURLRequestRef> request = adoptCF(CFURLRequestCreateMutableCopy(kCFAllocatorDefault, firstRequest().cfURLRequest(UpdateHTTPBody))); wkSetRequestStorageSession(d->m_storageSession.get(), request.get()); if (!shouldContentSniff) wkSetCFURLRequestShouldContentSniff(request.get(), false); RetainPtr<CFMutableDictionaryRef> sslProps; #if PLATFORM(IOS) sslProps = adoptCF(ResourceHandle::createSSLPropertiesFromNSURLRequest(firstRequest())); #else if (allowsAnyHTTPSCertificateHosts().contains(firstRequest().url().host().lower())) { sslProps = adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse); } HashMap<String, RetainPtr<CFDataRef>>::iterator clientCert = clientCerts().find(firstRequest().url().host().lower()); if (clientCert != clientCerts().end()) { if (!sslProps) sslProps = adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)); #if PLATFORM(WIN) wkSetClientCertificateInSSLProperties(sslProps.get(), (clientCert->value).get()); #endif } #endif // PLATFORM(IOS) if (sslProps) CFURLRequestSetSSLProperties(request.get(), sslProps.get()); #if PLATFORM(WIN) if (CFHTTPCookieStorageRef cookieStorage = overridenCookieStorage()) { // Overridden cookie storage doesn't come from a session, so the request does not have it yet. CFURLRequestSetHTTPCookieStorage(request.get(), cookieStorage); } #endif CFMutableDictionaryRef streamProperties = CFDictionaryCreateMutable(0, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); if (!shouldUseCredentialStorage) { // Avoid using existing connections, because they may be already authenticated. CFDictionarySetValue(streamProperties, CFSTR("_kCFURLConnectionSessionID"), CFSTR("WebKitPrivateSession")); } if (schedulingBehavior == SchedulingBehavior::Synchronous) { // Synchronous requests should not be subject to regular connection count limit to avoid deadlocks. // If we are using all available connections for async requests, and make a sync request, then prior // requests may get stuck waiting for delegate calls while we are in nested run loop, and the sync // request won't start because there are no available connections. // Connections are grouped by their socket stream properties, with each group having a separate count. CFDictionarySetValue(streamProperties, CFSTR("_WebKitSynchronousRequest"), kCFBooleanTrue); } #if PLATFORM(IOS) || (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1090) RetainPtr<CFDataRef> sourceApplicationAuditData = d->m_context->sourceApplicationAuditData(); if (sourceApplicationAuditData) CFDictionarySetValue(streamProperties, CFSTR("kCFStreamPropertySourceApplication"), sourceApplicationAuditData.get()); #endif static const CFStringRef kCFURLConnectionSocketStreamProperties = CFSTR("kCFURLConnectionSocketStreamProperties"); RetainPtr<CFMutableDictionaryRef> propertiesDictionary; if (clientProperties) propertiesDictionary = adoptCF(CFDictionaryCreateMutableCopy(kCFAllocatorDefault, 0, clientProperties)); else propertiesDictionary = adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)); // FIXME: This code is different from iOS code in ResourceHandleMac.mm in that here we ignore stream properties that were present in client properties. CFDictionaryAddValue(propertiesDictionary.get(), kCFURLConnectionSocketStreamProperties, streamProperties); CFRelease(streamProperties); #if PLATFORM(COCOA) if (client() && client()->usesAsyncCallbacks()) d->m_connectionDelegate = adoptRef(new ResourceHandleCFURLConnectionDelegateWithOperationQueue(this)); else d->m_connectionDelegate = adoptRef(new SynchronousResourceHandleCFURLConnectionDelegate(this)); #else d->m_connectionDelegate = adoptRef(new SynchronousResourceHandleCFURLConnectionDelegate(this)); #endif d->m_connectionDelegate->setupRequest(request.get()); CFURLConnectionClient_V6 client = d->m_connectionDelegate->makeConnectionClient(); d->m_connection = adoptCF(CFURLConnectionCreateWithProperties(0, request.get(), reinterpret_cast<CFURLConnectionClient*>(&client), propertiesDictionary.get())); }
void ResourceHandle::createCFURLConnection(bool shouldUseCredentialStorage, bool shouldRelaxThirdPartyCookiePolicy, bool shouldContentSniff) { if ((!d->m_user.isEmpty() || !d->m_pass.isEmpty()) && !firstRequest().url().protocolIsInHTTPFamily()) { // Credentials for ftp can only be passed in URL, the didReceiveAuthenticationChallenge delegate call won't be made. KURL urlWithCredentials(firstRequest().url()); urlWithCredentials.setUser(d->m_user); urlWithCredentials.setPass(d->m_pass); firstRequest().setURL(urlWithCredentials); } if (shouldRelaxThirdPartyCookiePolicy) firstRequest().setFirstPartyForCookies(firstRequest().url()); // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, // try and reuse the credential preemptively, as allowed by RFC 2617. if (shouldUseCredentialStorage && firstRequest().url().protocolIsInHTTPFamily()) { if (d->m_user.isEmpty() && d->m_pass.isEmpty()) { // <rdar://problem/7174050> - For URLs that match the paths of those previously challenged for HTTP Basic authentication, // try and reuse the credential preemptively, as allowed by RFC 2617. d->m_initialCredential = CredentialStorage::get(firstRequest().url()); } else { // If there is already a protection space known for the URL, update stored credentials before sending a request. // This makes it possible to implement logout by sending an XMLHttpRequest with known incorrect credentials, and aborting it immediately // (so that an authentication dialog doesn't pop up). CredentialStorage::set(Credential(d->m_user, d->m_pass, CredentialPersistenceNone), firstRequest().url()); } } if (!d->m_initialCredential.isEmpty()) { // FIXME: Support Digest authentication, and Proxy-Authorization. applyBasicAuthorizationHeader(firstRequest(), d->m_initialCredential); } RetainPtr<CFMutableURLRequestRef> request = adoptCF(CFURLRequestCreateMutableCopy(kCFAllocatorDefault, firstRequest().cfURLRequest())); wkSetRequestStorageSession(d->m_storageSession.get(), request.get()); if (!shouldContentSniff) wkSetCFURLRequestShouldContentSniff(request.get(), false); RetainPtr<CFMutableDictionaryRef> sslProps; if (allowsAnyHTTPSCertificateHosts().contains(firstRequest().url().host().lower())) { sslProps.adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsAnyRoot, kCFBooleanTrue); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue); CFDictionaryAddValue(sslProps.get(), kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse); } HashMap<String, RetainPtr<CFDataRef> >::iterator clientCert = clientCerts().find(firstRequest().url().host().lower()); if (clientCert != clientCerts().end()) { if (!sslProps) sslProps.adoptCF(CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)); #if PLATFORM(WIN) wkSetClientCertificateInSSLProperties(sslProps.get(), (clientCert->value).get()); #endif } if (sslProps) CFURLRequestSetSSLProperties(request.get(), sslProps.get()); #if PLATFORM(WIN) if (CFHTTPCookieStorageRef cookieStorage = overridenCookieStorage()) { // Overridden cookie storage doesn't come from a session, so the request does not have it yet. CFURLRequestSetHTTPCookieStorage(request.get(), cookieStorage); } #endif CFURLConnectionClient_V6 client = { 6, this, 0, 0, 0, WebCore::willSendRequest, didReceiveResponse, didReceiveData, 0, didFinishLoading, didFail, willCacheResponse, didReceiveChallenge, didSendBodyData, shouldUseCredentialStorageCallback, 0, #if USE(PROTECTION_SPACE_AUTH_CALLBACK) canRespondToProtectionSpace, #else 0, #endif 0, #if USE(NETWORK_CFDATA_ARRAY_CALLBACK) didReceiveDataArray #else 0 #endif }; RetainPtr<CFDictionaryRef> connectionProperties(AdoptCF, createConnectionProperties(shouldUseCredentialStorage)); d->m_connection.adoptCF(CFURLConnectionCreateWithProperties(0, request.get(), reinterpret_cast<CFURLConnectionClient*>(&client), connectionProperties.get())); }