Exemple #1
0
ScriptPromise ServiceWorkerClients::openWindow(ScriptState* scriptState,
                                               const String& url) {
  ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState);
  ScriptPromise promise = resolver->promise();
  ExecutionContext* context = scriptState->getExecutionContext();

  KURL parsedUrl = KURL(toWorkerGlobalScope(context)->location()->url(), url);
  if (!parsedUrl.isValid()) {
    resolver->reject(V8ThrowException::createTypeError(
        scriptState->isolate(), "'" + url + "' is not a valid URL."));
    return promise;
  }

  if (!context->getSecurityOrigin()->canDisplay(parsedUrl)) {
    resolver->reject(V8ThrowException::createTypeError(
        scriptState->isolate(),
        "'" + parsedUrl.elidedString() + "' cannot be opened."));
    return promise;
  }

  if (!context->isWindowInteractionAllowed()) {
    resolver->reject(DOMException::create(InvalidAccessError,
                                          "Not allowed to open a window."));
    return promise;
  }
  context->consumeWindowInteraction();

  ServiceWorkerGlobalScopeClient::from(context)->openWindow(
      parsedUrl, WTF::makeUnique<NavigateClientCallback>(resolver));
  return promise;
}
Exemple #2
0
void FileReaderLoader::startInternal(ExecutionContext& executionContext, const Stream* stream, PassRefPtr<BlobDataHandle> blobData)
{
    // The blob is read by routing through the request handling layer given a temporary public url.
    m_urlForReading = BlobURL::createPublicURL(executionContext.getSecurityOrigin());
    if (m_urlForReading.isEmpty()) {
        failed(FileError::SECURITY_ERR);
        return;
    }

    if (blobData) {
        ASSERT(!stream);
        BlobRegistry::registerPublicBlobURL(executionContext.getSecurityOrigin(), m_urlForReading, blobData);
    } else {
        ASSERT(stream);
        BlobRegistry::registerStreamURL(executionContext.getSecurityOrigin(), m_urlForReading, stream->url());
    }

    // Construct and load the request.
    ResourceRequest request(m_urlForReading);
    request.setExternalRequestStateFromRequestorAddressSpace(executionContext.securityContext().addressSpace());

    // FIXME: Should this really be 'internal'? Do we know anything about the actual request that generated this fetch?
    request.setRequestContext(WebURLRequest::RequestContextInternal);

    request.setHTTPMethod(HTTPNames::GET);
    if (m_hasRange)
        request.setHTTPHeaderField(HTTPNames::Range, AtomicString(String::format("bytes=%d-%d", m_rangeStart, m_rangeEnd)));

    ThreadableLoaderOptions options;
    options.preflightPolicy = ConsiderPreflight;
    options.crossOriginRequestPolicy = DenyCrossOriginRequests;
    // FIXME: Is there a directive to which this load should be subject?
    options.contentSecurityPolicyEnforcement = DoNotEnforceContentSecurityPolicy;
    // Use special initiator to hide the request from the inspector.
    options.initiator = FetchInitiatorTypeNames::internal;

    ResourceLoaderOptions resourceLoaderOptions;
    resourceLoaderOptions.allowCredentials = AllowStoredCredentials;

    if (m_client) {
        m_loader = ThreadableLoader::create(executionContext, this, options, resourceLoaderOptions);
        m_loader->start(request);
    } else {
        ThreadableLoader::loadResourceSynchronously(executionContext, request, *this, options, resourceLoaderOptions);
    }
}
Exemple #3
0
void PerformanceBase::addResourceTiming(const ResourceTimingInfo& info) {
  if (isResourceTimingBufferFull() &&
      !hasObserverFor(PerformanceEntry::Resource))
    return;
  SecurityOrigin* securityOrigin = nullptr;
  ExecutionContext* context = getExecutionContext();
  if (context)
    securityOrigin = context->getSecurityOrigin();
  if (!securityOrigin)
    return;

  const ResourceResponse& finalResponse = info.finalResponse();
  bool allowTimingDetails =
      passesTimingAllowCheck(finalResponse, *securityOrigin,
                             info.originalTimingAllowOrigin(), context);
  double startTime = info.initialTime();

  if (info.redirectChain().isEmpty()) {
    PerformanceEntry* entry = PerformanceResourceTiming::create(
        info, timeOrigin(), startTime, allowTimingDetails);
    notifyObserversOfEntry(*entry);
    if (!isResourceTimingBufferFull())
      addResourceTimingBuffer(*entry);
    return;
  }

  const Vector<ResourceResponse>& redirectChain = info.redirectChain();
  bool allowRedirectDetails = allowsTimingRedirect(redirectChain, finalResponse,
                                                   *securityOrigin, context);

  if (!allowRedirectDetails) {
    ResourceLoadTiming* finalTiming = finalResponse.resourceLoadTiming();
    ASSERT(finalTiming);
    if (finalTiming)
      startTime = finalTiming->requestTime();
  }

  ResourceLoadTiming* lastRedirectTiming =
      redirectChain.back().resourceLoadTiming();
  ASSERT(lastRedirectTiming);
  double lastRedirectEndTime = lastRedirectTiming->receiveHeadersEnd();

  PerformanceEntry* entry = PerformanceResourceTiming::create(
      info, timeOrigin(), startTime, lastRedirectEndTime, allowTimingDetails,
      allowRedirectDetails);
  notifyObserversOfEntry(*entry);
  if (!isResourceTimingBufferFull())
    addResourceTimingBuffer(*entry);
}
ScriptPromise ServiceWorkerWindowClient::navigate(ScriptState* scriptState,
                                                  const String& url) {
  ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState);
  ScriptPromise promise = resolver->promise();
  ExecutionContext* context = scriptState->getExecutionContext();

  KURL parsedUrl = KURL(toWorkerGlobalScope(context)->location()->url(), url);
  if (!parsedUrl.isValid() || parsedUrl.protocolIsAbout()) {
    resolver->reject(V8ThrowException::createTypeError(
        scriptState->isolate(), "'" + url + "' is not a valid URL."));
    return promise;
  }
  if (!context->getSecurityOrigin()->canDisplay(parsedUrl)) {
    resolver->reject(V8ThrowException::createTypeError(
        scriptState->isolate(),
        "'" + parsedUrl.elidedString() + "' cannot navigate."));
    return promise;
  }

  ServiceWorkerGlobalScopeClient::from(context)->navigate(
      uuid(), parsedUrl, new NavigateClientCallback(resolver));
  return promise;
}