bool DocumentLoader::maybeCreateArchive() { // Only the top-frame can load MHTML. if (m_frame->tree().parent()) return false; // Give the archive machinery a crack at this document. If the MIME type is not an archive type, it will return 0. if (!isArchiveMIMEType(m_response.mimeType())) return false; ASSERT(m_mainResource); m_archive = MHTMLArchive::create(m_response.url(), m_mainResource->resourceBuffer()); // Invalid MHTML. if (!m_archive || !m_archive->mainResource()) { m_archive.clear(); return false; } addAllArchiveResources(m_archive.get()); ArchiveResource* mainResource = m_archive->mainResource(); // The origin is the MHTML file, we need to set the base URL to the document encoded in the MHTML so // relative URLs are resolved properly. ensureWriter(mainResource->mimeType(), m_archive->mainResource()->url()); // The Document has now been created. document()->enforceSandboxFlags(SandboxAll); commitData(mainResource->data()->data(), mainResource->data()->size()); return true; }
void DocumentLoader::dataReceived(Resource* resource, const char* data, unsigned length) { ASSERT(data); ASSERT(length); ASSERT_UNUSED(resource, resource == m_mainResource); ASSERT(!m_response.isNull()); ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading()); // Both unloading the old page and parsing the new page may execute JavaScript which destroys the datasource // by starting a new load, so retain temporarily. RefPtrWillBeRawPtr<LocalFrame> protectFrame(m_frame); RefPtr<DocumentLoader> protectLoader(this); m_applicationCacheHost->mainResourceDataReceived(data, length); m_timeOfLastDataReceived = monotonicallyIncreasingTime(); if (isArchiveMIMEType(response().mimeType())) return; commitIfReady(); if (!frameLoader()) return; commitData(data, length); // If we are sending data to MediaDocument, we should stop here // and cancel the request. if (m_frame && m_frame->document()->isMediaDocument()) cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); }
void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse& response) { ASSERT_UNUSED(resource, m_mainResource == resource); RefPtr<DocumentLoader> protect(this); m_applicationCacheHost->didReceiveResponseForMainResource(response); // The memory cache doesn't understand the application cache or its caching rules. So if a main resource is served // from the application cache, ensure we don't save the result for future use. All responses loaded // from appcache will have a non-zero appCacheID(). if (response.appCacheID()) memoryCache()->remove(m_mainResource.get()); DEFINE_STATIC_LOCAL(AtomicString, xFrameOptionHeader, ("x-frame-options", AtomicString::ConstructFromLiteral)); HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(xFrameOptionHeader); if (it != response.httpHeaderFields().end()) { String content = it->value; ASSERT(m_mainResource); unsigned long identifier = mainResourceIdentifier(); ASSERT(identifier); if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), identifier)) { InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame, this, identifier, response); String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'."; frame()->document()->addConsoleMessageWithRequestIdentifier(SecurityMessageSource, ErrorMessageLevel, message, identifier); frame()->document()->enforceSandboxFlags(SandboxOrigin); if (HTMLFrameOwnerElement* ownerElement = frame()->ownerElement()) ownerElement->dispatchEvent(Event::create(EventTypeNames::load)); // The load event might have detached this frame. In that case, the load will already have been cancelled during detach. if (frameLoader()) cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); return; } } ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading()); m_response = response; if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->dataBufferingPolicy() != BufferData) m_mainResource->setDataBufferingPolicy(BufferData); if (!shouldContinueForResponse()) { InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_mainResource->identifier(), m_response); cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); return; } if (m_response.isHTTP()) { int status = m_response.httpStatusCode(); if ((status < 200 || status >= 300) && m_frame->ownerElement() && m_frame->ownerElement()->isObjectElement()) { m_frame->ownerElement()->renderFallbackContent(); // object elements are no longer rendered after we fallback, so don't // keep trying to process data from their load cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); } } }
void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse& response, std::unique_ptr<WebDataConsumerHandle> handle) { ASSERT_UNUSED(resource, m_mainResource == resource); ASSERT_UNUSED(handle, !handle); ASSERT(frame()); m_applicationCacheHost->didReceiveResponseForMainResource(response); // The memory cache doesn't understand the application cache or its caching rules. So if a main resource is served // from the application cache, ensure we don't save the result for future use. All responses loaded // from appcache will have a non-zero appCacheID(). if (response.appCacheID()) memoryCache()->remove(m_mainResource.get()); m_contentSecurityPolicy = ContentSecurityPolicy::create(); m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(response)); if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { cancelLoadAfterXFrameOptionsOrCSPDenied(response); return; } // 'frame-ancestors' obviates 'x-frame-options': https://w3c.github.io/webappsec/specs/content-security-policy/#frame-ancestors-and-frame-options if (!m_contentSecurityPolicy->isFrameAncestorsEnforced()) { HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(HTTPNames::X_Frame_Options); if (it != response.httpHeaderFields().end()) { String content = it->value; if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), mainResourceIdentifier())) { String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'."; ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest(SecurityMessageSource, ErrorMessageLevel, message, response.url(), mainResourceIdentifier()); frame()->document()->addConsoleMessage(consoleMessage); cancelLoadAfterXFrameOptionsOrCSPDenied(response); return; } } } ASSERT(!m_frame->page()->defersLoading()); m_response = response; if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->getDataBufferingPolicy() != BufferData) m_mainResource->setDataBufferingPolicy(BufferData); if (!shouldContinueForResponse()) { InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_mainResource->identifier(), m_response, m_mainResource.get()); m_fetcher->stopFetching(); return; } if (m_response.isHTTP()) { int status = m_response.httpStatusCode(); if ((status < 200 || status >= 300) && m_frame->owner()) m_frame->owner()->renderFallbackContent(); } }
PassRefPtr<SharedBuffer> DocumentLoader::mainResourceData() const { ASSERT(isArchiveMIMEType(m_response.mimeType())); if (m_substituteData.isValid()) return m_substituteData.content()->copy(); if (m_mainResource) return m_mainResource->resourceBuffer(); return 0; }
void DocumentLoader::commitLoad(const char* data, int length) { // Both unloading the old page and parsing the new page may execute JavaScript which destroys the datasource // by starting a new load, so retain temporarily. RefPtr<Frame> protectFrame(m_frame); RefPtr<DocumentLoader> protectLoader(this); commitIfReady(); FrameLoader* frameLoader = DocumentLoader::frameLoader(); if (!frameLoader) return; if (isArchiveMIMEType(response().mimeType())) return; frameLoader->client()->committedLoad(this, data, length); }
void DocumentLoader::processData(const char* data, size_t length) { m_applicationCacheHost->mainResourceDataReceived(data, length); m_timeOfLastDataReceived = monotonicallyIncreasingTime(); if (isArchiveMIMEType(response().mimeType())) return; commitIfReady(); if (!frameLoader()) return; commitData(data, length); // If we are sending data to MediaDocument, we should stop here and cancel the // request. if (m_frame && m_frame->document()->isMediaDocument()) m_fetcher->stopFetching(); }
bool DocumentLoader::maybeCreateArchive() { // Give the archive machinery a crack at this document. If the MIME type is not an archive type, it will return 0. if (!isArchiveMIMEType(m_response.mimeType())) return false; m_archive = MHTMLArchive::create(m_response.url(), mainResourceData().get()); ASSERT(m_archive); addAllArchiveResources(m_archive.get()); ArchiveResource* mainResource = m_archive->mainResource(); m_writer.setMIMEType(mainResource->mimeType()); ASSERT(m_frame->document()); commitData(mainResource->data()->data(), mainResource->data()->size()); return true; }
bool DocumentLoader::maybeCreateArchive() { // Give the archive machinery a crack at this document. If the MIME type is not an archive type, it will return 0. if (!isArchiveMIMEType(m_response.mimeType())) return false; ASSERT(m_mainResource); ArchiveResource* mainResource = m_fetcher->createArchive(m_mainResource.get()); if (!mainResource) return false; // The origin is the MHTML file, we need to set the base URL to the document encoded in the MHTML so // relative URLs are resolved properly. ensureWriter(mainResource->mimeType(), mainResource->url()); // The Document has now been created. m_frame->document()->enforceSandboxFlags(SandboxAll); commitData(mainResource->data()->data(), mainResource->data()->size()); return true; }
void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse& response, PassOwnPtr<WebDataConsumerHandle> handle) { ASSERT_UNUSED(resource, m_mainResource == resource); ASSERT_UNUSED(handle, !handle); RefPtr<DocumentLoader> protect(this); m_applicationCacheHost->didReceiveResponseForMainResource(response); // The memory cache doesn't understand the application cache or its caching rules. So if a main resource is served // from the application cache, ensure we don't save the result for future use. All responses loaded // from appcache will have a non-zero appCacheID(). if (response.appCacheID()) memoryCache()->remove(m_mainResource.get()); DEFINE_STATIC_LOCAL(AtomicString, xFrameOptionHeader, ("x-frame-options", AtomicString::ConstructFromLiteral)); HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(xFrameOptionHeader); if (it != response.httpHeaderFields().end()) { String content = it->value; if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), mainResourceIdentifier())) { String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'."; RefPtrWillBeRawPtr<ConsoleMessage> consoleMessage = ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message); consoleMessage->setRequestIdentifier(mainResourceIdentifier()); frame()->document()->addConsoleMessage(consoleMessage.release()); cancelLoadAfterXFrameOptionsOrCSPDenied(response); return; } } m_contentSecurityPolicy = ContentSecurityPolicy::create(); m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(response)); if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { cancelLoadAfterXFrameOptionsOrCSPDenied(response); return; } ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading()); m_response = response; if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->dataBufferingPolicy() != BufferData) m_mainResource->setDataBufferingPolicy(BufferData); if (!shouldContinueForResponse()) { InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_mainResource->identifier(), m_response); cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); return; } if (m_response.isHTTP()) { int status = m_response.httpStatusCode(); // FIXME: Fallback content only works if the parent is in the same processs. if ((status < 200 || status >= 300) && m_frame->owner()) { if (!m_frame->deprecatedLocalOwner()) { ASSERT_NOT_REACHED(); } else if (m_frame->deprecatedLocalOwner()->isObjectElement()) { m_frame->deprecatedLocalOwner()->renderFallbackContent(); // object elements are no longer rendered after we fallback, so don't // keep trying to process data from their load cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); } } } }