void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse& response)
{
ASSERT_UNUSED(resource, m_mainResource == resource);
RefPtr<DocumentLoader> protect(this);
m_applicationCacheHost->didReceiveResponseForMainResource(response);
// The memory cache doesn't understand the application cache or its caching rules. So if a main resource is served
// from the application cache, ensure we don't save the result for future use. All responses loaded
// from appcache will have a non-zero appCacheID().
if (response.appCacheID())
memoryCache()->remove(m_mainResource.get());
DEFINE_STATIC_LOCAL(AtomicString, xFrameOptionHeader, ("x-frame-options", AtomicString::ConstructFromLiteral));
HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(xFrameOptionHeader);
if (it != response.httpHeaderFields().end()) {
String content = it->value;
ASSERT(m_mainResource);
unsigned long identifier = mainResourceIdentifier();
ASSERT(identifier);
if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), identifier)) {
InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame, this, identifier, response);
String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
frame()->document()->addConsoleMessageWithRequestIdentifier(SecurityMessageSource, ErrorMessageLevel, message, identifier);
frame()->document()->enforceSandboxFlags(SandboxOrigin);
if (HTMLFrameOwnerElement* ownerElement = frame()->ownerElement())
ownerElement->dispatchEvent(Event::create(EventTypeNames::load));
// The load event might have detached this frame. In that case, the load will already have been cancelled during detach.
if (frameLoader())
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
return;
}
}
ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading());
m_response = response;
if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->dataBufferingPolicy() != BufferData)
m_mainResource->setDataBufferingPolicy(BufferData);
if (!shouldContinueForResponse()) {
InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_mainResource->identifier(), m_response);
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
return;
}
if (m_response.isHTTP()) {
int status = m_response.httpStatusCode();
if ((status < 200 || status >= 300) && m_frame->ownerElement() && m_frame->ownerElement()->isObjectElement()) {
m_frame->ownerElement()->renderFallbackContent();
// object elements are no longer rendered after we fallback, so don't
// keep trying to process data from their load
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
}
}
}
void DocumentLoader::willSendRequest(ResourceRequest& newRequest, const ResourceResponse& redirectResponse)
{
// Note that there are no asserts here as there are for the other callbacks. This is due to the
// fact that this "callback" is sent when starting every load, and the state of callback
// deferrals plays less of a part in this function in preventing the bad behavior deferring
// callbacks is meant to prevent.
ASSERT(!newRequest.isNull());
if (!frameLoader()->checkIfFormActionAllowedByCSP(newRequest.url())) {
cancelMainResourceLoad(frameLoader()->cancelledError(newRequest));
return;
}
ASSERT(timing()->fetchStart());
if (!redirectResponse.isNull()) {
// If the redirecting url is not allowed to display content from the target origin,
// then block the redirect.
RefPtr<SecurityOrigin> redirectingOrigin = SecurityOrigin::create(redirectResponse.url());
if (!redirectingOrigin->canDisplay(newRequest.url())) {
FrameLoader::reportLocalLoadFailed(m_frame, newRequest.url().string());
cancelMainResourceLoad(frameLoader()->cancelledError(newRequest));
return;
}
timing()->addRedirect(redirectResponse.url(), newRequest.url());
}
// Update cookie policy base URL as URL changes, except for subframes, which use the
// URL of the main frame which doesn't change when we redirect.
if (frameLoader()->isLoadingMainFrame())
newRequest.setFirstPartyForCookies(newRequest.url());
// If we're fielding a redirect in response to a POST, force a load from origin, since
// this is a common site technique to return to a page viewing some data that the POST
// just modified.
// Also, POST requests always load from origin, but this does not affect subresources.
if (newRequest.cachePolicy() == UseProtocolCachePolicy && isPostOrRedirectAfterPost(newRequest, redirectResponse))
newRequest.setCachePolicy(ReloadIgnoringCacheData);
Frame* top = m_frame->tree()->top();
if (top) {
if (!top->loader()->mixedContentChecker()->canDisplayInsecureContent(top->document()->securityOrigin(), newRequest.url())) {
cancelMainResourceLoad(frameLoader()->cancelledError(newRequest));
return;
}
}
setRequest(newRequest);
if (redirectResponse.isNull())
return;
frameLoader()->client()->dispatchDidReceiveServerRedirectForProvisionalLoad();
if (!shouldContinueForNavigationPolicy(newRequest))
stopLoadingForPolicyChange();
}
void DocumentLoader::willSendRequest(ResourceRequest& newRequest, const ResourceResponse& redirectResponse)
{
// Note that there are no asserts here as there are for the other callbacks. This is due to the
// fact that this "callback" is sent when starting every load, and the state of callback
// deferrals plays less of a part in this function in preventing the bad behavior deferring
// callbacks is meant to prevent.
ASSERT(!newRequest.isNull());
if (isFormSubmission(m_triggeringAction.type()) && !m_frame->document()->contentSecurityPolicy()->allowFormAction(newRequest.url())) {
cancelMainResourceLoad(ResourceError::cancelledError(newRequest.url()));
return;
}
ASSERT(timing()->fetchStart());
if (!redirectResponse.isNull()) {
// If the redirecting url is not allowed to display content from the target origin,
// then block the redirect.
RefPtr<SecurityOrigin> redirectingOrigin = SecurityOrigin::create(redirectResponse.url());
if (!redirectingOrigin->canDisplay(newRequest.url())) {
FrameLoader::reportLocalLoadFailed(m_frame, newRequest.url().string());
cancelMainResourceLoad(ResourceError::cancelledError(newRequest.url()));
return;
}
timing()->addRedirect(redirectResponse.url(), newRequest.url());
}
// If we're fielding a redirect in response to a POST, force a load from origin, since
// this is a common site technique to return to a page viewing some data that the POST
// just modified.
if (newRequest.cachePolicy() == UseProtocolCachePolicy && isRedirectAfterPost(newRequest, redirectResponse))
newRequest.setCachePolicy(ReloadBypassingCache);
// If this is a sub-frame, check for mixed content blocking against the top frame.
if (m_frame->tree().parent()) {
// FIXME: This does not yet work with out-of-process iframes.
Frame* top = m_frame->tree().top();
if (top->isLocalFrame() && !toLocalFrame(top)->loader().mixedContentChecker()->canRunInsecureContent(toLocalFrame(top)->document()->securityOrigin(), newRequest.url())) {
cancelMainResourceLoad(ResourceError::cancelledError(newRequest.url()));
return;
}
}
m_request = newRequest;
if (redirectResponse.isNull())
return;
appendRedirect(newRequest.url());
frameLoader()->client()->dispatchDidReceiveServerRedirectForProvisionalLoad();
if (!shouldContinueForNavigationPolicy(newRequest))
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
}
void DocumentLoader::dataReceived(Resource* resource, const char* data, unsigned length)
{
ASSERT(data);
ASSERT(length);
ASSERT_UNUSED(resource, resource == m_mainResource);
ASSERT(!m_response.isNull());
ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading());
// Both unloading the old page and parsing the new page may execute JavaScript which destroys the datasource
// by starting a new load, so retain temporarily.
RefPtrWillBeRawPtr<LocalFrame> protectFrame(m_frame);
RefPtr<DocumentLoader> protectLoader(this);
m_applicationCacheHost->mainResourceDataReceived(data, length);
m_timeOfLastDataReceived = monotonicallyIncreasingTime();
if (isArchiveMIMEType(response().mimeType()))
return;
commitIfReady();
if (!frameLoader())
return;
commitData(data, length);
// If we are sending data to MediaDocument, we should stop here
// and cancel the request.
if (m_frame && m_frame->document()->isMediaDocument())
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
}
// Cancels the data source's pending loads. Conceptually, a data source only loads
// one document at a time, but one document may have many related resources.
// stopLoading will stop all loads initiated by the data source,
// but not loads initiated by child frames' data sources -- that's the WebFrame's job.
void DocumentLoader::stopLoading()
{
RefPtr<Frame> protectFrame(m_frame);
RefPtr<DocumentLoader> protectLoader(this);
// In some rare cases, calling FrameLoader::stopLoading could cause isLoading() to return false.
// (This can happen when there's a single XMLHttpRequest currently loading and stopLoading causes it
// to stop loading. Because of this, we need to save it so we don't return early.
bool loading = isLoading();
if (m_committed) {
// Attempt to stop the frame if the document loader is loading, or if it is done loading but
// still parsing. Failure to do so can cause a world leak.
Document* doc = m_frame->document();
if (loading || doc->parsing())
m_frame->loader()->stopLoading(UnloadEventPolicyNone);
}
// Always cancel multipart loaders
cancelAll(m_multipartResourceLoaders);
clearArchiveResources();
if (!loading) {
// If something above restarted loading we might run into mysterious crashes like
// https://bugs.webkit.org/show_bug.cgi?id=62764 and <rdar://problem/9328684>
ASSERT(!isLoading());
return;
}
// We might run in to infinite recursion if we're stopping loading as the result of
// detaching from the frame, so break out of that recursion here.
// See <rdar://problem/9673866> for more details.
if (m_isStopping)
return;
m_isStopping = true;
FrameLoader* frameLoader = DocumentLoader::frameLoader();
if (isLoadingMainResource())
// Stop the main resource loader and let it send the cancelled message.
cancelMainResourceLoad(frameLoader->cancelledError(m_request));
else if (!m_resourceLoaders.isEmpty())
// The main resource loader already finished loading. Set the cancelled error on the
// document and let the resourceLoaders send individual cancelled messages below.
setMainDocumentError(frameLoader->cancelledError(m_request));
else
// If there are no resource loaders, we need to manufacture a cancelled message.
// (A back/forward navigation has no resource loaders because its resources are cached.)
mainReceivedError(frameLoader->cancelledError(m_request));
stopLoadingSubresources();
m_isStopping = false;
}
void DocumentLoader::cancelLoadAfterXFrameOptionsOrCSPDenied(const ResourceResponse& response)
{
InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame, this, mainResourceIdentifier(), response);
frame()->document()->enforceSandboxFlags(SandboxOrigin);
if (FrameOwner* owner = frame()->owner())
owner->dispatchLoad();
// The load event might have detached this frame. In that case, the load will already have been cancelled during detach.
if (frameLoader())
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
return;
}
// Cancels the data source's pending loads. Conceptually, a data source only loads
// one document at a time, but one document may have many related resources.
// stopLoading will stop all loads initiated by the data source,
// but not loads initiated by child frames' data sources -- that's the WebFrame's job.
void DocumentLoader::stopLoading()
{
RefPtrWillBeRawPtr<LocalFrame> protectFrame(m_frame);
RefPtr<DocumentLoader> protectLoader(this);
// In some rare cases, calling FrameLoader::stopLoading could cause isLoading() to return false.
// (This can happen when there's a single XMLHttpRequest currently loading and stopLoading causes it
// to stop loading. Because of this, we need to save it so we don't return early.
bool loading = isLoading();
if (m_committed) {
// Attempt to stop the frame if the document loader is loading, or if it is done loading but
// still parsing. Failure to do so can cause a world leak.
Document* doc = m_frame->document();
if (loading || doc->parsing())
m_frame->loader().stopLoading();
}
if (!loading) {
m_fetcher->stopFetching();
return;
}
if (m_loadingMainResource) {
// Stop the main resource loader and let it send the cancelled message.
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
} else if (m_fetcher->isFetching()) {
// The main resource loader already finished loading. Set the cancelled error on the
// document and let the resourceLoaders send individual cancelled messages below.
setMainDocumentError(ResourceError::cancelledError(m_request.url()));
} else {
// If there are no resource loaders, we need to manufacture a cancelled message.
// (A back/forward navigation has no resource loaders because its resources are cached.)
mainReceivedError(ResourceError::cancelledError(m_request.url()));
}
m_fetcher->stopFetching();
}
void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse& response, PassOwnPtr<WebDataConsumerHandle> handle)
{
ASSERT_UNUSED(resource, m_mainResource == resource);
ASSERT_UNUSED(handle, !handle);
RefPtr<DocumentLoader> protect(this);
m_applicationCacheHost->didReceiveResponseForMainResource(response);
// The memory cache doesn't understand the application cache or its caching rules. So if a main resource is served
// from the application cache, ensure we don't save the result for future use. All responses loaded
// from appcache will have a non-zero appCacheID().
if (response.appCacheID())
memoryCache()->remove(m_mainResource.get());
DEFINE_STATIC_LOCAL(AtomicString, xFrameOptionHeader, ("x-frame-options", AtomicString::ConstructFromLiteral));
HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(xFrameOptionHeader);
if (it != response.httpHeaderFields().end()) {
String content = it->value;
if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), mainResourceIdentifier())) {
String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
RefPtrWillBeRawPtr<ConsoleMessage> consoleMessage = ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message);
consoleMessage->setRequestIdentifier(mainResourceIdentifier());
frame()->document()->addConsoleMessage(consoleMessage.release());
cancelLoadAfterXFrameOptionsOrCSPDenied(response);
return;
}
}
m_contentSecurityPolicy = ContentSecurityPolicy::create();
m_contentSecurityPolicy->setOverrideURLForSelf(response.url());
m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(response));
if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) {
cancelLoadAfterXFrameOptionsOrCSPDenied(response);
return;
}
ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading());
m_response = response;
if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->dataBufferingPolicy() != BufferData)
m_mainResource->setDataBufferingPolicy(BufferData);
if (!shouldContinueForResponse()) {
InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_mainResource->identifier(), m_response);
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
return;
}
if (m_response.isHTTP()) {
int status = m_response.httpStatusCode();
// FIXME: Fallback content only works if the parent is in the same processs.
if ((status < 200 || status >= 300) && m_frame->owner()) {
if (!m_frame->deprecatedLocalOwner()) {
ASSERT_NOT_REACHED();
} else if (m_frame->deprecatedLocalOwner()->isObjectElement()) {
m_frame->deprecatedLocalOwner()->renderFallbackContent();
// object elements are no longer rendered after we fallback, so don't
// keep trying to process data from their load
cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
}
}
}
}
void DocumentLoader::stopLoadingForPolicyChange()
{
ResourceError error = interruptedForPolicyChangeError();
error.setIsCancellation(true);
cancelMainResourceLoad(error);
}