nsresult
FetchDriver::ContinueFetch(bool aCORSFlag)
{
workers::AssertIsOnMainThread();
nsAutoCString url;
mRequest->GetURL(url);
nsCOMPtr<nsIURI> requestURI;
nsresult rv = NS_NewURI(getter_AddRefs(requestURI), url,
nullptr, nullptr);
if (NS_WARN_IF(NS_FAILED(rv))) {
return FailWithNetworkError();
}
// Begin Step 4 of the Fetch algorithm
// https://fetch.spec.whatwg.org/#fetching
// FIXME(nsm): Bug 1039846: Add CSP checks
nsAutoCString scheme;
rv = requestURI->GetScheme(scheme);
if (NS_WARN_IF(NS_FAILED(rv))) {
return FailWithNetworkError();
}
rv = mPrincipal->CheckMayLoad(requestURI, false /* report */, false /* allowIfInheritsPrincipal */);
if ((!aCORSFlag && NS_SUCCEEDED(rv)) ||
(scheme.EqualsLiteral("data") && mRequest->SameOriginDataURL()) ||
scheme.EqualsLiteral("about")) {
return BasicFetch();
}
if (mRequest->Mode() == RequestMode::Same_origin) {
return FailWithNetworkError();
}
if (mRequest->Mode() == RequestMode::No_cors) {
mRequest->SetResponseTainting(InternalRequest::RESPONSETAINT_OPAQUE);
return BasicFetch();
}
if (!scheme.EqualsLiteral("http") && !scheme.EqualsLiteral("https")) {
return FailWithNetworkError();
}
bool corsPreflight = false;
if (mRequest->Mode() == RequestMode::Cors_with_forced_preflight ||
(mRequest->UnsafeRequest() && (!mRequest->HasSimpleMethod() || !mRequest->Headers()->HasOnlySimpleHeaders()))) {
corsPreflight = true;
}
mRequest->SetResponseTainting(InternalRequest::RESPONSETAINT_CORS);
return HttpFetch(true /* aCORSFlag */, corsPreflight);
}
nsresult
FetchDriver::ContinueFetch(bool aCORSFlag)
{
workers::AssertIsOnMainThread();
MainFetchOp nextOp = SetTaintingAndGetNextOp(aCORSFlag);
if (nextOp.mType == NETWORK_ERROR) {
return FailWithNetworkError();
}
if (nextOp.mType == BASIC_FETCH) {
return BasicFetch();
}
if (nextOp.mType == HTTP_FETCH) {
return HttpFetch(nextOp.mCORSFlag, nextOp.mCORSPreflightFlag);
}
MOZ_ASSERT_UNREACHABLE("Unexpected main fetch operation!");
return FailWithNetworkError();
}
nsresult
FetchDriver::ContinueFetch(bool aCORSFlag)
{
workers::AssertIsOnMainThread();
nsAutoCString url;
mRequest->GetURL(url);
nsCOMPtr<nsIURI> requestURI;
nsresult rv = NS_NewURI(getter_AddRefs(requestURI), url,
nullptr, nullptr);
if (NS_WARN_IF(NS_FAILED(rv))) {
return FailWithNetworkError();
}
// CSP/mixed content checks.
int16_t shouldLoad;
rv = NS_CheckContentLoadPolicy(mRequest->ContentPolicyType(),
requestURI,
mPrincipal,
mDocument,
// FIXME(nsm): Should MIME be extracted from
// Content-Type header?
EmptyCString(), /* mime guess */
nullptr, /* extra */
&shouldLoad,
nsContentUtils::GetContentPolicy(),
nsContentUtils::GetSecurityManager());
if (NS_WARN_IF(NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad))) {
// Disallowed by content policy.
return FailWithNetworkError();
}
// Begin Step 4 of the Fetch algorithm
// https://fetch.spec.whatwg.org/#fetching
nsAutoCString scheme;
rv = requestURI->GetScheme(scheme);
if (NS_WARN_IF(NS_FAILED(rv))) {
return FailWithNetworkError();
}
rv = mPrincipal->CheckMayLoad(requestURI, false /* report */, false /* allowIfInheritsPrincipal */);
if ((!aCORSFlag && NS_SUCCEEDED(rv)) ||
(scheme.EqualsLiteral("data") && mRequest->SameOriginDataURL()) ||
scheme.EqualsLiteral("about")) {
return BasicFetch();
}
if (mRequest->Mode() == RequestMode::Same_origin) {
return FailWithNetworkError();
}
if (mRequest->Mode() == RequestMode::No_cors) {
mRequest->SetResponseTainting(InternalRequest::RESPONSETAINT_OPAQUE);
return BasicFetch();
}
if (!scheme.EqualsLiteral("http") && !scheme.EqualsLiteral("https")) {
return FailWithNetworkError();
}
bool corsPreflight = false;
if (mRequest->Mode() == RequestMode::Cors_with_forced_preflight ||
(mRequest->UnsafeRequest() && (!mRequest->HasSimpleMethod() || !mRequest->Headers()->HasOnlySimpleHeaders()))) {
corsPreflight = true;
}
mRequest->SetResponseTainting(InternalRequest::RESPONSETAINT_CORS);
return HttpFetch(true /* aCORSFlag */, corsPreflight);
}
