void XMLHttpRequest::abort()
{
// internalAbort() calls dropProtection(), which may release the last reference.
Ref<XMLHttpRequest> protect(*this);
bool sendFlag = m_loader;
if (!internalAbort())
return;
clearResponseBuffers();
// Clear headers as required by the spec
m_requestHeaders.clear();
if ((m_state <= OPENED && !sendFlag) || m_state == DONE)
m_state = UNSENT;
else {
ASSERT(!m_loader);
changeState(DONE);
m_state = UNSENT;
}
dispatchErrorEvents(eventNames().abortEvent);
}
void XMLHttpRequest::abort()
{
// internalAbort() calls dropProtection(), which may release the last reference.
RefPtr<XMLHttpRequest> protect(this);
bool sendFlag = m_loader;
internalAbort();
clearResponseBuffers();
// Clear headers as required by the spec
m_requestHeaders.clear();
if ((m_state <= OPENED && !sendFlag) || m_state == DONE)
m_state = UNSENT;
else {
ASSERT(!m_loader);
changeState(DONE);
m_state = UNSENT;
}
m_progressEventThrottle.dispatchEvent(XMLHttpRequestProgressEvent::create(eventNames().abortEvent));
if (!m_uploadComplete) {
m_uploadComplete = true;
if (m_upload && m_uploadEventsAllowed)
m_upload->dispatchEvent(XMLHttpRequestProgressEvent::create(eventNames().abortEvent));
}
}
void XMLHttpRequest::abort()
{
// internalAbort() calls dropProtection(), which may release the last reference.
RefPtr<XMLHttpRequest> protect(this);
bool sendFlag = m_loader;
internalAbort();
// Clear headers as required by the spec
m_requestHeaders.clear();
if ((m_state <= OPENED && !sendFlag) || m_state == DONE)
m_state = UNSENT;
else {
ASSERT(!m_loader);
changeState(DONE);
m_state = UNSENT;
}
dispatchAbortEvent();
if (!m_uploadComplete) {
m_uploadComplete = true;
if (m_upload)
m_upload->dispatchAbortEvent();
}
}
void XMLHttpRequest::abort()
{
WTF_LOG(Network, "XMLHttpRequest %p abort()", this);
// internalAbort() calls dropProtection(), which may release the last reference.
RefPtr<XMLHttpRequest> protect(this);
bool sendFlag = m_loader;
// Response is cleared next, save needed progress event data.
long long expectedLength = m_response.expectedContentLength();
long long receivedLength = m_receivedLength;
if (!internalAbort())
return;
clearResponse();
// Clear headers as required by the spec
m_requestHeaders.clear();
if (!((m_state <= OPENED && !sendFlag) || m_state == DONE)) {
ASSERT(!m_loader);
handleRequestError(0, EventTypeNames::abort, receivedLength, expectedLength);
}
m_state = UNSENT;
}
void XMLHttpRequest::open(const String& method, const KURL& url, bool async, ExceptionCode& ec)
{
internalAbort();
State previousState = m_state;
m_state = UNSENT;
m_error = false;
m_uploadComplete = false;
// clear stuff from possible previous load
clearResponse();
clearRequest();
ASSERT(m_state == UNSENT);
if (!isValidHTTPToken(method)) {
ec = SYNTAX_ERR;
return;
}
if (!isAllowedHTTPMethod(method)) {
ec = SECURITY_ERR;
return;
}
if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectFromSource(url)) {
// FIXME: Should this be throwing an exception?
ec = SECURITY_ERR;
return;
}
// Newer functionality is not available to synchronous requests in window contexts, as a spec-mandated
// attempt to discourage synchronous XHR use. responseType is one such piece of functionality.
// We'll only disable this functionality for HTTP(S) requests since sync requests for local protocols
// such as file: and data: still make sense to allow.
if (!async && scriptExecutionContext()->isDocument() && url.protocolIsInHTTPFamily() && m_responseTypeCode != ResponseTypeDefault) {
logConsoleError(scriptExecutionContext(), "Synchronous HTTP(S) requests made from the window context cannot have XMLHttpRequest.responseType set.");
ec = INVALID_ACCESS_ERR;
return;
}
m_method = uppercaseKnownHTTPMethod(method);
m_url = url;
m_async = async;
ASSERT(!m_loader);
// Check previous state to avoid dispatching readyState event
// when calling open several times in a row.
if (previousState != OPENED)
changeState(OPENED);
else
m_state = OPENED;
}
void XMLHttpRequest::networkError()
{
genericError();
m_progressEventThrottle.dispatchEvent(XMLHttpRequestProgressEvent::create(eventNames().errorEvent));
if (!m_uploadComplete) {
m_uploadComplete = true;
if (m_upload && m_uploadEventsAllowed)
m_upload->dispatchEvent(XMLHttpRequestProgressEvent::create(eventNames().errorEvent));
}
internalAbort();
}
void XMLHttpRequest::networkError()
{
genericError();
dispatchErrorEvent();
if (!m_uploadComplete) {
m_uploadComplete = true;
if (m_upload)
m_upload->dispatchErrorEvent();
}
internalAbort();
}
void XMLHttpRequest::handleNetworkError()
{
WTF_LOG(Network, "XMLHttpRequest %p handleNetworkError()", this);
// Response is cleared next, save needed progress event data.
long long expectedLength = m_response.expectedContentLength();
long long receivedLength = m_receivedLength;
handleDidFailGeneric();
handleRequestError(NetworkError, EventTypeNames::error, receivedLength, expectedLength);
internalAbort();
}
void XMLHttpRequest::open(const String& method, const KURL& url, bool async, ExceptionCode& ec)
{
internalAbort();
State previousState = m_state;
m_state = UNSENT;
m_error = false;
#if ENABLE(XHR_RESPONSE_BLOB)
m_asBlob = false;
#endif
m_uploadComplete = false;
// clear stuff from possible previous load
clearResponse();
clearRequest();
ASSERT(m_state == UNSENT);
if (!isValidToken(method)) {
ec = SYNTAX_ERR;
return;
}
// Method names are case sensitive. But since Firefox uppercases method names it knows, we'll do the same.
String methodUpper(method.upper());
if (methodUpper == "TRACE" || methodUpper == "TRACK" || methodUpper == "CONNECT") {
ec = SECURITY_ERR;
return;
}
m_url = url;
if (methodUpper == "COPY" || methodUpper == "DELETE" || methodUpper == "GET" || methodUpper == "HEAD"
|| methodUpper == "INDEX" || methodUpper == "LOCK" || methodUpper == "M-POST" || methodUpper == "MKCOL" || methodUpper == "MOVE"
|| methodUpper == "OPTIONS" || methodUpper == "POST" || methodUpper == "PROPFIND" || methodUpper == "PROPPATCH" || methodUpper == "PUT"
|| methodUpper == "UNLOCK")
m_method = methodUpper;
else
m_method = method;
m_async = async;
ASSERT(!m_loader);
// Check previous state to avoid dispatching readyState event
// when calling open several times in a row.
if (previousState != OPENED)
changeState(OPENED);
else
m_state = OPENED;
}
void XMLHttpRequest::open(const String& method, const KURL& url, bool async, ExceptionCode& ec)
{
internalAbort();
State previousState = m_state;
m_state = UNSENT;
m_error = false;
m_responseTypeCode = ResponseTypeDefault;
m_uploadComplete = false;
// clear stuff from possible previous load
clearResponse();
clearRequest();
ASSERT(m_state == UNSENT);
if (!isValidHTTPToken(method)) {
ec = SYNTAX_ERR;
return;
}
if (!isAllowedHTTPMethod(method)) {
ec = SECURITY_ERR;
return;
}
if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectFromSource(url)) {
// FIXME: Should this be throwing an exception?
ec = SECURITY_ERR;
return;
}
m_method = uppercaseKnownHTTPMethod(method);
m_url = url;
m_async = async;
ASSERT(!m_loader);
// Check previous state to avoid dispatching readyState event
// when calling open several times in a row.
if (previousState != OPENED)
changeState(OPENED);
else
m_state = OPENED;
}
void XMLHttpRequest::abort()
{
bool sendFlag = m_loader;
internalAbort();
// Clear headers as required by the spec
m_requestHeaders.clear();
m_crossSiteRequestHeaders.clear();
if ((m_state <= OPENED && !sendFlag) || m_state == DONE)
m_state = UNSENT;
else {
ASSERT(!m_loader);
changeState(DONE);
m_state = UNSENT;
}
dispatchAbortEvent();
}
void XMLHttpRequest::abort()
{
// internalAbort() calls dropProtection(), which may release the last reference.
Ref<XMLHttpRequest> protectedThis(*this);
if (!internalAbort())
return;
clearResponseBuffers();
// Clear headers as required by the spec
m_requestHeaders.clear();
if ((m_state == OPENED && m_sendFlag) || m_state == HEADERS_RECEIVED || m_state == LOADING) {
ASSERT(!m_loader);
m_sendFlag = false;
changeState(DONE);
dispatchErrorEvents(eventNames().abortEvent);
}
m_state = UNSENT;
}
void XMLHttpRequest::open(const String& method, const KURL& url, bool async, ExceptionCode& ec)
{
internalAbort();
State previousState = m_state;
m_state = UNSENT;
m_error = false;
m_uploadComplete = false;
// clear stuff from possible previous load
clearResponse();
clearRequest();
ASSERT(m_state == UNSENT);
if (!isValidHTTPToken(method)) {
ec = SYNTAX_ERR;
return;
}
if (!isAllowedHTTPMethod(method)) {
ec = SECURITY_ERR;
return;
}
// FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
bool shouldBypassMainWorldContentSecurityPolicy = false;
if (scriptExecutionContext()->isDocument()) {
Document* document = static_cast<Document*>(scriptExecutionContext());
shouldBypassMainWorldContentSecurityPolicy = document->frame()->script()->shouldBypassMainWorldContentSecurityPolicy();
}
if (!shouldBypassMainWorldContentSecurityPolicy && !scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url)) {
// FIXME: Should this be throwing an exception?
ec = SECURITY_ERR;
return;
}
if (!async && scriptExecutionContext()->isDocument()) {
if (document()->settings() && !document()->settings()->syncXHRInDocumentsEnabled()) {
logConsoleError(scriptExecutionContext(), "Synchronous XMLHttpRequests are disabled for this page.");
ec = INVALID_ACCESS_ERR;
return;
}
// Newer functionality is not available to synchronous requests in window contexts, as a spec-mandated
// attempt to discourage synchronous XHR use. responseType is one such piece of functionality.
// We'll only disable this functionality for HTTP(S) requests since sync requests for local protocols
// such as file: and data: still make sense to allow.
if (url.protocolIsInHTTPFamily() && m_responseTypeCode != ResponseTypeDefault) {
logConsoleError(scriptExecutionContext(), "Synchronous HTTP(S) requests made from the window context cannot have XMLHttpRequest.responseType set.");
ec = INVALID_ACCESS_ERR;
return;
}
#if ENABLE(XHR_TIMEOUT)
// Similarly, timeouts are disabled for synchronous requests as well.
if (m_timeoutMilliseconds > 0) {
logConsoleError(scriptExecutionContext(), "Synchronous XMLHttpRequests must not have a timeout value set.");
ec = INVALID_ACCESS_ERR;
return;
}
#endif
}
m_method = uppercaseKnownHTTPMethod(method);
m_url = url;
m_async = async;
ASSERT(!m_loader);
// Check previous state to avoid dispatching readyState event
// when calling open several times in a row.
if (previousState != OPENED)
changeState(OPENED);
else
m_state = OPENED;
}
void XMLHttpRequest::networkError()
{
genericError();
dispatchErrorEvents(eventNames().errorEvent);
internalAbort();
}
void XMLHttpRequest::open(const String& method, const URL& url, bool async, ExceptionCode& ec)
{
if (!internalAbort())
return;
State previousState = m_state;
m_state = UNSENT;
m_error = false;
m_sendFlag = false;
m_uploadComplete = false;
// clear stuff from possible previous load
clearResponse();
clearRequest();
ASSERT(m_state == UNSENT);
if (!isValidHTTPToken(method)) {
ec = SYNTAX_ERR;
return;
}
if (!isAllowedHTTPMethod(method)) {
ec = SECURITY_ERR;
return;
}
if (!async && scriptExecutionContext()->isDocument()) {
if (document()->settings() && !document()->settings()->syncXHRInDocumentsEnabled()) {
logConsoleError(scriptExecutionContext(), "Synchronous XMLHttpRequests are disabled for this page.");
ec = INVALID_ACCESS_ERR;
return;
}
// Newer functionality is not available to synchronous requests in window contexts, as a spec-mandated
// attempt to discourage synchronous XHR use. responseType is one such piece of functionality.
// We'll only disable this functionality for HTTP(S) requests since sync requests for local protocols
// such as file: and data: still make sense to allow.
if (url.protocolIsInHTTPFamily() && m_responseType != ResponseType::EmptyString) {
logConsoleError(scriptExecutionContext(), "Synchronous HTTP(S) requests made from the window context cannot have XMLHttpRequest.responseType set.");
ec = INVALID_ACCESS_ERR;
return;
}
// Similarly, timeouts are disabled for synchronous requests as well.
if (m_timeoutMilliseconds > 0) {
logConsoleError(scriptExecutionContext(), "Synchronous XMLHttpRequests must not have a timeout value set.");
ec = INVALID_ACCESS_ERR;
return;
}
}
m_method = uppercaseKnownHTTPMethod(method);
m_url = url;
scriptExecutionContext()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(m_url, ContentSecurityPolicy::InsecureRequestType::Load);
m_async = async;
ASSERT(!m_loader);
// Check previous state to avoid dispatching readyState event
// when calling open several times in a row.
if (previousState != OPENED)
changeState(OPENED);
else
m_state = OPENED;
}
void XMLHttpRequest::open(const AtomicString& method, const KURL& url, bool async, ExceptionState& exceptionState)
{
WTF_LOG(Network, "XMLHttpRequest %p open('%s', '%s', %d)", this, method.string().utf8().data(), url.elidedString().utf8().data(), async);
if (!internalAbort())
return;
State previousState = m_state;
m_state = UNSENT;
m_error = false;
m_uploadComplete = false;
// clear stuff from possible previous load
clearResponse();
clearRequest();
ASSERT(m_state == UNSENT);
if (!isValidHTTPToken(method)) {
exceptionState.throwDOMException(SyntaxError, "'" + method + "' is not a valid HTTP method.");
return;
}
if (!isAllowedHTTPMethod(method)) {
exceptionState.throwSecurityError("'" + method + "' HTTP method is unsupported.");
return;
}
if (!ContentSecurityPolicy::shouldBypassMainWorld(executionContext()) && !executionContext()->contentSecurityPolicy()->allowConnectToSource(url)) {
// We can safely expose the URL to JavaScript, as these checks happen synchronously before redirection. JavaScript receives no new information.
exceptionState.throwSecurityError("Refused to connect to '" + url.elidedString() + "' because it violates the document's Content Security Policy.");
return;
}
if (!async && executionContext()->isDocument()) {
if (document()->settings() && !document()->settings()->syncXHRInDocumentsEnabled()) {
exceptionState.throwDOMException(InvalidAccessError, "Synchronous requests are disabled for this page.");
return;
}
// Newer functionality is not available to synchronous requests in window contexts, as a spec-mandated
// attempt to discourage synchronous XHR use. responseType is one such piece of functionality.
// We'll only disable this functionality for HTTP(S) requests since sync requests for local protocols
// such as file: and data: still make sense to allow.
if (url.protocolIsInHTTPFamily() && m_responseTypeCode != ResponseTypeDefault) {
exceptionState.throwDOMException(InvalidAccessError, "Synchronous HTTP requests from a document must not set a response type.");
return;
}
// Similarly, timeouts are disabled for synchronous requests as well.
if (m_timeoutMilliseconds > 0) {
exceptionState.throwDOMException(InvalidAccessError, "Synchronous requests must not set a timeout.");
return;
}
}
m_method = uppercaseKnownHTTPMethod(method);
m_url = url;
m_async = async;
ASSERT(!m_loader);
// Check previous state to avoid dispatching readyState event
// when calling open several times in a row.
if (previousState != OPENED)
changeState(OPENED);
else
m_state = OPENED;
}
