void XMLHttpRequest::abort() { // internalAbort() calls dropProtection(), which may release the last reference. Ref<XMLHttpRequest> protect(*this); bool sendFlag = m_loader; if (!internalAbort()) return; clearResponseBuffers(); // Clear headers as required by the spec m_requestHeaders.clear(); if ((m_state <= OPENED && !sendFlag) || m_state == DONE) m_state = UNSENT; else { ASSERT(!m_loader); changeState(DONE); m_state = UNSENT; } dispatchErrorEvents(eventNames().abortEvent); }
void XMLHttpRequest::abort() { // internalAbort() calls dropProtection(), which may release the last reference. RefPtr<XMLHttpRequest> protect(this); bool sendFlag = m_loader; internalAbort(); clearResponseBuffers(); // Clear headers as required by the spec m_requestHeaders.clear(); if ((m_state <= OPENED && !sendFlag) || m_state == DONE) m_state = UNSENT; else { ASSERT(!m_loader); changeState(DONE); m_state = UNSENT; } m_progressEventThrottle.dispatchEvent(XMLHttpRequestProgressEvent::create(eventNames().abortEvent)); if (!m_uploadComplete) { m_uploadComplete = true; if (m_upload && m_uploadEventsAllowed) m_upload->dispatchEvent(XMLHttpRequestProgressEvent::create(eventNames().abortEvent)); } }
void XMLHttpRequest::abort() { // internalAbort() calls dropProtection(), which may release the last reference. RefPtr<XMLHttpRequest> protect(this); bool sendFlag = m_loader; internalAbort(); // Clear headers as required by the spec m_requestHeaders.clear(); if ((m_state <= OPENED && !sendFlag) || m_state == DONE) m_state = UNSENT; else { ASSERT(!m_loader); changeState(DONE); m_state = UNSENT; } dispatchAbortEvent(); if (!m_uploadComplete) { m_uploadComplete = true; if (m_upload) m_upload->dispatchAbortEvent(); } }
void XMLHttpRequest::abort() { WTF_LOG(Network, "XMLHttpRequest %p abort()", this); // internalAbort() calls dropProtection(), which may release the last reference. RefPtr<XMLHttpRequest> protect(this); bool sendFlag = m_loader; // Response is cleared next, save needed progress event data. long long expectedLength = m_response.expectedContentLength(); long long receivedLength = m_receivedLength; if (!internalAbort()) return; clearResponse(); // Clear headers as required by the spec m_requestHeaders.clear(); if (!((m_state <= OPENED && !sendFlag) || m_state == DONE)) { ASSERT(!m_loader); handleRequestError(0, EventTypeNames::abort, receivedLength, expectedLength); } m_state = UNSENT; }
void XMLHttpRequest::open(const String& method, const KURL& url, bool async, ExceptionCode& ec) { internalAbort(); State previousState = m_state; m_state = UNSENT; m_error = false; m_uploadComplete = false; // clear stuff from possible previous load clearResponse(); clearRequest(); ASSERT(m_state == UNSENT); if (!isValidHTTPToken(method)) { ec = SYNTAX_ERR; return; } if (!isAllowedHTTPMethod(method)) { ec = SECURITY_ERR; return; } if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectFromSource(url)) { // FIXME: Should this be throwing an exception? ec = SECURITY_ERR; return; } // Newer functionality is not available to synchronous requests in window contexts, as a spec-mandated // attempt to discourage synchronous XHR use. responseType is one such piece of functionality. // We'll only disable this functionality for HTTP(S) requests since sync requests for local protocols // such as file: and data: still make sense to allow. if (!async && scriptExecutionContext()->isDocument() && url.protocolIsInHTTPFamily() && m_responseTypeCode != ResponseTypeDefault) { logConsoleError(scriptExecutionContext(), "Synchronous HTTP(S) requests made from the window context cannot have XMLHttpRequest.responseType set."); ec = INVALID_ACCESS_ERR; return; } m_method = uppercaseKnownHTTPMethod(method); m_url = url; m_async = async; ASSERT(!m_loader); // Check previous state to avoid dispatching readyState event // when calling open several times in a row. if (previousState != OPENED) changeState(OPENED); else m_state = OPENED; }
void XMLHttpRequest::networkError() { genericError(); m_progressEventThrottle.dispatchEvent(XMLHttpRequestProgressEvent::create(eventNames().errorEvent)); if (!m_uploadComplete) { m_uploadComplete = true; if (m_upload && m_uploadEventsAllowed) m_upload->dispatchEvent(XMLHttpRequestProgressEvent::create(eventNames().errorEvent)); } internalAbort(); }
void XMLHttpRequest::networkError() { genericError(); dispatchErrorEvent(); if (!m_uploadComplete) { m_uploadComplete = true; if (m_upload) m_upload->dispatchErrorEvent(); } internalAbort(); }
void XMLHttpRequest::handleNetworkError() { WTF_LOG(Network, "XMLHttpRequest %p handleNetworkError()", this); // Response is cleared next, save needed progress event data. long long expectedLength = m_response.expectedContentLength(); long long receivedLength = m_receivedLength; handleDidFailGeneric(); handleRequestError(NetworkError, EventTypeNames::error, receivedLength, expectedLength); internalAbort(); }
void XMLHttpRequest::open(const String& method, const KURL& url, bool async, ExceptionCode& ec) { internalAbort(); State previousState = m_state; m_state = UNSENT; m_error = false; #if ENABLE(XHR_RESPONSE_BLOB) m_asBlob = false; #endif m_uploadComplete = false; // clear stuff from possible previous load clearResponse(); clearRequest(); ASSERT(m_state == UNSENT); if (!isValidToken(method)) { ec = SYNTAX_ERR; return; } // Method names are case sensitive. But since Firefox uppercases method names it knows, we'll do the same. String methodUpper(method.upper()); if (methodUpper == "TRACE" || methodUpper == "TRACK" || methodUpper == "CONNECT") { ec = SECURITY_ERR; return; } m_url = url; if (methodUpper == "COPY" || methodUpper == "DELETE" || methodUpper == "GET" || methodUpper == "HEAD" || methodUpper == "INDEX" || methodUpper == "LOCK" || methodUpper == "M-POST" || methodUpper == "MKCOL" || methodUpper == "MOVE" || methodUpper == "OPTIONS" || methodUpper == "POST" || methodUpper == "PROPFIND" || methodUpper == "PROPPATCH" || methodUpper == "PUT" || methodUpper == "UNLOCK") m_method = methodUpper; else m_method = method; m_async = async; ASSERT(!m_loader); // Check previous state to avoid dispatching readyState event // when calling open several times in a row. if (previousState != OPENED) changeState(OPENED); else m_state = OPENED; }
void XMLHttpRequest::open(const String& method, const KURL& url, bool async, ExceptionCode& ec) { internalAbort(); State previousState = m_state; m_state = UNSENT; m_error = false; m_responseTypeCode = ResponseTypeDefault; m_uploadComplete = false; // clear stuff from possible previous load clearResponse(); clearRequest(); ASSERT(m_state == UNSENT); if (!isValidHTTPToken(method)) { ec = SYNTAX_ERR; return; } if (!isAllowedHTTPMethod(method)) { ec = SECURITY_ERR; return; } if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectFromSource(url)) { // FIXME: Should this be throwing an exception? ec = SECURITY_ERR; return; } m_method = uppercaseKnownHTTPMethod(method); m_url = url; m_async = async; ASSERT(!m_loader); // Check previous state to avoid dispatching readyState event // when calling open several times in a row. if (previousState != OPENED) changeState(OPENED); else m_state = OPENED; }
void XMLHttpRequest::abort() { bool sendFlag = m_loader; internalAbort(); // Clear headers as required by the spec m_requestHeaders.clear(); m_crossSiteRequestHeaders.clear(); if ((m_state <= OPENED && !sendFlag) || m_state == DONE) m_state = UNSENT; else { ASSERT(!m_loader); changeState(DONE); m_state = UNSENT; } dispatchAbortEvent(); }
void XMLHttpRequest::abort() { // internalAbort() calls dropProtection(), which may release the last reference. Ref<XMLHttpRequest> protectedThis(*this); if (!internalAbort()) return; clearResponseBuffers(); // Clear headers as required by the spec m_requestHeaders.clear(); if ((m_state == OPENED && m_sendFlag) || m_state == HEADERS_RECEIVED || m_state == LOADING) { ASSERT(!m_loader); m_sendFlag = false; changeState(DONE); dispatchErrorEvents(eventNames().abortEvent); } m_state = UNSENT; }
void XMLHttpRequest::open(const String& method, const KURL& url, bool async, ExceptionCode& ec) { internalAbort(); State previousState = m_state; m_state = UNSENT; m_error = false; m_uploadComplete = false; // clear stuff from possible previous load clearResponse(); clearRequest(); ASSERT(m_state == UNSENT); if (!isValidHTTPToken(method)) { ec = SYNTAX_ERR; return; } if (!isAllowedHTTPMethod(method)) { ec = SECURITY_ERR; return; } // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved. bool shouldBypassMainWorldContentSecurityPolicy = false; if (scriptExecutionContext()->isDocument()) { Document* document = static_cast<Document*>(scriptExecutionContext()); shouldBypassMainWorldContentSecurityPolicy = document->frame()->script()->shouldBypassMainWorldContentSecurityPolicy(); } if (!shouldBypassMainWorldContentSecurityPolicy && !scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url)) { // FIXME: Should this be throwing an exception? ec = SECURITY_ERR; return; } if (!async && scriptExecutionContext()->isDocument()) { if (document()->settings() && !document()->settings()->syncXHRInDocumentsEnabled()) { logConsoleError(scriptExecutionContext(), "Synchronous XMLHttpRequests are disabled for this page."); ec = INVALID_ACCESS_ERR; return; } // Newer functionality is not available to synchronous requests in window contexts, as a spec-mandated // attempt to discourage synchronous XHR use. responseType is one such piece of functionality. // We'll only disable this functionality for HTTP(S) requests since sync requests for local protocols // such as file: and data: still make sense to allow. if (url.protocolIsInHTTPFamily() && m_responseTypeCode != ResponseTypeDefault) { logConsoleError(scriptExecutionContext(), "Synchronous HTTP(S) requests made from the window context cannot have XMLHttpRequest.responseType set."); ec = INVALID_ACCESS_ERR; return; } #if ENABLE(XHR_TIMEOUT) // Similarly, timeouts are disabled for synchronous requests as well. if (m_timeoutMilliseconds > 0) { logConsoleError(scriptExecutionContext(), "Synchronous XMLHttpRequests must not have a timeout value set."); ec = INVALID_ACCESS_ERR; return; } #endif } m_method = uppercaseKnownHTTPMethod(method); m_url = url; m_async = async; ASSERT(!m_loader); // Check previous state to avoid dispatching readyState event // when calling open several times in a row. if (previousState != OPENED) changeState(OPENED); else m_state = OPENED; }
void XMLHttpRequest::networkError() { genericError(); dispatchErrorEvents(eventNames().errorEvent); internalAbort(); }
void XMLHttpRequest::open(const String& method, const URL& url, bool async, ExceptionCode& ec) { if (!internalAbort()) return; State previousState = m_state; m_state = UNSENT; m_error = false; m_sendFlag = false; m_uploadComplete = false; // clear stuff from possible previous load clearResponse(); clearRequest(); ASSERT(m_state == UNSENT); if (!isValidHTTPToken(method)) { ec = SYNTAX_ERR; return; } if (!isAllowedHTTPMethod(method)) { ec = SECURITY_ERR; return; } if (!async && scriptExecutionContext()->isDocument()) { if (document()->settings() && !document()->settings()->syncXHRInDocumentsEnabled()) { logConsoleError(scriptExecutionContext(), "Synchronous XMLHttpRequests are disabled for this page."); ec = INVALID_ACCESS_ERR; return; } // Newer functionality is not available to synchronous requests in window contexts, as a spec-mandated // attempt to discourage synchronous XHR use. responseType is one such piece of functionality. // We'll only disable this functionality for HTTP(S) requests since sync requests for local protocols // such as file: and data: still make sense to allow. if (url.protocolIsInHTTPFamily() && m_responseType != ResponseType::EmptyString) { logConsoleError(scriptExecutionContext(), "Synchronous HTTP(S) requests made from the window context cannot have XMLHttpRequest.responseType set."); ec = INVALID_ACCESS_ERR; return; } // Similarly, timeouts are disabled for synchronous requests as well. if (m_timeoutMilliseconds > 0) { logConsoleError(scriptExecutionContext(), "Synchronous XMLHttpRequests must not have a timeout value set."); ec = INVALID_ACCESS_ERR; return; } } m_method = uppercaseKnownHTTPMethod(method); m_url = url; scriptExecutionContext()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(m_url, ContentSecurityPolicy::InsecureRequestType::Load); m_async = async; ASSERT(!m_loader); // Check previous state to avoid dispatching readyState event // when calling open several times in a row. if (previousState != OPENED) changeState(OPENED); else m_state = OPENED; }
void XMLHttpRequest::open(const AtomicString& method, const KURL& url, bool async, ExceptionState& exceptionState) { WTF_LOG(Network, "XMLHttpRequest %p open('%s', '%s', %d)", this, method.string().utf8().data(), url.elidedString().utf8().data(), async); if (!internalAbort()) return; State previousState = m_state; m_state = UNSENT; m_error = false; m_uploadComplete = false; // clear stuff from possible previous load clearResponse(); clearRequest(); ASSERT(m_state == UNSENT); if (!isValidHTTPToken(method)) { exceptionState.throwDOMException(SyntaxError, "'" + method + "' is not a valid HTTP method."); return; } if (!isAllowedHTTPMethod(method)) { exceptionState.throwSecurityError("'" + method + "' HTTP method is unsupported."); return; } if (!ContentSecurityPolicy::shouldBypassMainWorld(executionContext()) && !executionContext()->contentSecurityPolicy()->allowConnectToSource(url)) { // We can safely expose the URL to JavaScript, as these checks happen synchronously before redirection. JavaScript receives no new information. exceptionState.throwSecurityError("Refused to connect to '" + url.elidedString() + "' because it violates the document's Content Security Policy."); return; } if (!async && executionContext()->isDocument()) { if (document()->settings() && !document()->settings()->syncXHRInDocumentsEnabled()) { exceptionState.throwDOMException(InvalidAccessError, "Synchronous requests are disabled for this page."); return; } // Newer functionality is not available to synchronous requests in window contexts, as a spec-mandated // attempt to discourage synchronous XHR use. responseType is one such piece of functionality. // We'll only disable this functionality for HTTP(S) requests since sync requests for local protocols // such as file: and data: still make sense to allow. if (url.protocolIsInHTTPFamily() && m_responseTypeCode != ResponseTypeDefault) { exceptionState.throwDOMException(InvalidAccessError, "Synchronous HTTP requests from a document must not set a response type."); return; } // Similarly, timeouts are disabled for synchronous requests as well. if (m_timeoutMilliseconds > 0) { exceptionState.throwDOMException(InvalidAccessError, "Synchronous requests must not set a timeout."); return; } } m_method = uppercaseKnownHTTPMethod(method); m_url = url; m_async = async; ASSERT(!m_loader); // Check previous state to avoid dispatching readyState event // when calling open several times in a row. if (previousState != OPENED) changeState(OPENED); else m_state = OPENED; }