void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest)
{
KURL url = fetchRequest.resourceRequest().url();
// Tack an 'Upgrade-Insecure-Requests' header to outgoing navigational requests, as described in
// https://w3c.github.io/webappsec/specs/upgrade/#feature-detect
if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNone)
fetchRequest.mutableResourceRequest().addHTTPHeaderField("Upgrade-Insecure-Requests", "1");
if (m_document && m_document->insecureRequestsPolicy() == SecurityContext::InsecureRequestsUpgrade && url.protocolIs("http")) {
ASSERT(m_document->insecureNavigationsToUpgrade());
// We always upgrade requests that meet any of the following criteria:
//
// 1. Are for subresources (including nested frames).
// 2. Are form submissions.
// 3. Whose hosts are contained in the document's InsecureNavigationSet.
const ResourceRequest& request = fetchRequest.resourceRequest();
if (request.frameType() == WebURLRequest::FrameTypeNone
|| request.frameType() == WebURLRequest::FrameTypeNested
|| request.requestContext() == WebURLRequest::RequestContextForm
|| (!url.host().isNull() && m_document->insecureNavigationsToUpgrade()->contains(url.host().impl()->hash())))
{
UseCounter::count(m_document, UseCounter::UpgradeInsecureRequestsUpgradedRequest);
url.setProtocol("https");
if (url.port() == 80)
url.setPort(443);
fetchRequest.mutableResourceRequest().setURL(url);
}
}
}
void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest)
{
KURL url = fetchRequest.resourceRequest().url();
// Tack an 'Upgrade-Insecure-Requests' header to outgoing navigational requests, as described in
// https://w3c.github.io/webappsec/specs/upgrade/#feature-detect
if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNone)
fetchRequest.mutableResourceRequest().addHTTPHeaderField("Upgrade-Insecure-Requests", "1");
// If we don't yet have an |m_document| (because we're loading an iframe, for instance), check the FrameLoader's policy.
WebInsecureRequestPolicy relevantPolicy = m_document ? m_document->getInsecureRequestPolicy() : frame()->loader().getInsecureRequestPolicy();
SecurityContext::InsecureNavigationsSet* relevantNavigationSet = m_document ? m_document->insecureNavigationsToUpgrade() : frame()->loader().insecureNavigationsToUpgrade();
if (url.protocolIs("http") && relevantPolicy & kUpgradeInsecureRequests) {
// We always upgrade requests that meet any of the following criteria:
//
// 1. Are for subresources (including nested frames).
// 2. Are form submissions.
// 3. Whose hosts are contained in the document's InsecureNavigationSet.
const ResourceRequest& request = fetchRequest.resourceRequest();
if (request.frameType() == WebURLRequest::FrameTypeNone
|| request.frameType() == WebURLRequest::FrameTypeNested
|| request.requestContext() == WebURLRequest::RequestContextForm
|| (!url.host().isNull() && relevantNavigationSet->contains(url.host().impl()->hash())))
{
UseCounter::count(m_document, UseCounter::UpgradeInsecureRequestsUpgradedRequest);
url.setProtocol("https");
if (url.port() == 80)
url.setPort(443);
fetchRequest.mutableResourceRequest().setURL(url);
}
}
}
PassRefPtrWillBeRawPtr<XSLStyleSheetResource> XSLStyleSheetResource::fetchSynchronously(FetchRequest& request, ResourceFetcher* fetcher)
{
request.mutableResourceRequest().setTimeoutInterval(10);
request.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextXSLT);
ResourceLoaderOptions options(request.options());
options.synchronousPolicy = RequestSynchronously;
request.setOptions(options);
RefPtrWillBeRawPtr<XSLStyleSheetResource> resource = toXSLStyleSheetResource(fetcher->requestResource(request, XSLStyleSheetResourceFactory()));
if (resource && resource->m_data)
resource->m_sheet = resource->decodedText();
return resource;
}
void expectHTTPSHeader(const char* input, WebURLRequest::FrameType frameType, bool shouldPrefer)
{
KURL inputURL(ParsedURLString, input);
FetchRequest fetchRequest = FetchRequest(ResourceRequest(inputURL), FetchInitiatorInfo());
fetchRequest.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextScript);
fetchRequest.mutableResourceRequest().setFrameType(frameType);
fetchContext->upgradeInsecureRequest(fetchRequest);
EXPECT_STREQ(shouldPrefer ? "1" : "",
fetchRequest.resourceRequest().httpHeaderField(HTTPNames::Upgrade_Insecure_Requests).utf8().data());
}
ResourcePtr<Resource> LinkFetchResource::fetch(Resource::Type type, FetchRequest& request, ResourceFetcher* fetcher)
{
ASSERT(type == LinkPrefetch);
ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeNone);
fetcher->determineRequestContext(request.mutableResourceRequest(), type);
return fetcher->requestResource(request, LinkResourceFactory(type));
}
void FrameFetchContext::addCSPHeaderIfNecessary(Resource::Type type, FetchRequest& fetchRequest)
{
if (!m_document)
return;
const ContentSecurityPolicy* csp = m_document->contentSecurityPolicy();
if (csp->shouldSendCSPHeader(type))
fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP", "active");
}
void expectUpgrade(const char* input, WebURLRequest::RequestContext requestContext, WebURLRequest::FrameType frameType, const char* expected)
{
KURL inputURL(ParsedURLString, input);
KURL expectedURL(ParsedURLString, expected);
FetchRequest fetchRequest = FetchRequest(ResourceRequest(inputURL), FetchInitiatorInfo());
fetchRequest.mutableResourceRequest().setRequestContext(requestContext);
fetchRequest.mutableResourceRequest().setFrameType(frameType);
fetchContext->upgradeInsecureRequest(fetchRequest);
EXPECT_STREQ(expectedURL.getString().utf8().data(), fetchRequest.resourceRequest().url().getString().utf8().data());
EXPECT_EQ(expectedURL.protocol(), fetchRequest.resourceRequest().url().protocol());
EXPECT_EQ(expectedURL.host(), fetchRequest.resourceRequest().url().host());
EXPECT_EQ(expectedURL.port(), fetchRequest.resourceRequest().url().port());
EXPECT_EQ(expectedURL.hasPort(), fetchRequest.resourceRequest().url().hasPort());
EXPECT_EQ(expectedURL.path(), fetchRequest.resourceRequest().url().path());
}
ResourcePtr<ScriptResource> ScriptResource::fetch(FetchRequest& request, ResourceFetcher* fetcher)
{
ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeNone);
request.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextScript);
ResourcePtr<ScriptResource> resource = toScriptResource(fetcher->requestResource(request, ScriptResourceFactory()));
if (resource && !request.integrityMetadata().isEmpty())
resource->setIntegrityMetadata(request.integrityMetadata());
return resource;
}
ResourcePtr<Resource> ResourceFetcher::createResourceForLoading(Resource::Type type, FetchRequest& request, const String& charset)
{
ASSERT(!memoryCache()->resourceForURL(request.resourceRequest().url()));
WTF_LOG(ResourceLoading, "Loading Resource for '%s'.", request.resourceRequest().url().elidedString().latin1().data());
addAdditionalRequestHeaders(request.mutableResourceRequest(), type);
ResourcePtr<Resource> resource = createResource(type, request.resourceRequest(), charset);
memoryCache()->add(resource.get());
return resource;
}
void FrameFetchContext::addClientHintsIfNecessary(FetchRequest& fetchRequest)
{
if (!RuntimeEnabledFeatures::clientHintsEnabled() || !m_document)
return;
bool shouldSendDPR = m_document->clientHintsPreferences().shouldSendDPR() || fetchRequest.clientHintsPreferences().shouldSendDPR();
bool shouldSendResourceWidth = m_document->clientHintsPreferences().shouldSendResourceWidth() || fetchRequest.clientHintsPreferences().shouldSendResourceWidth();
bool shouldSendViewportWidth = m_document->clientHintsPreferences().shouldSendViewportWidth() || fetchRequest.clientHintsPreferences().shouldSendViewportWidth();
if (shouldSendDPR)
fetchRequest.mutableResourceRequest().addHTTPHeaderField("DPR", AtomicString(String::number(m_document->devicePixelRatio())));
if (shouldSendResourceWidth) {
FetchRequest::ResourceWidth resourceWidth = fetchRequest.getResourceWidth();
if (resourceWidth.isSet) {
float physicalWidth = resourceWidth.width * m_document->devicePixelRatio();
fetchRequest.mutableResourceRequest().addHTTPHeaderField("Width", AtomicString(String::number(ceil(physicalWidth))));
}
}
if (shouldSendViewportWidth && frame()->view())
fetchRequest.mutableResourceRequest().addHTTPHeaderField("Viewport-Width", AtomicString(String::number(frame()->view()->viewportWidth())));
}
ResourcePtr<ImageResource> ImageResource::fetch(FetchRequest& request, ResourceFetcher* fetcher)
{
if (request.resourceRequest().requestContext() == WebURLRequest::RequestContextUnspecified)
request.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextImage);
if (fetcher->context().pageDismissalEventBeingDispatched()) {
KURL requestURL = request.resourceRequest().url();
if (requestURL.isValid() && fetcher->context().canRequest(Resource::Image, request.resourceRequest(), requestURL, request.options(), request.forPreload(), request.originRestriction()))
fetcher->context().sendImagePing(requestURL);
return 0;
}
if (fetcher->clientDefersImage(request.resourceRequest().url()))
request.setDefer(FetchRequest::DeferredByClient);
return toImageResource(fetcher->requestResource(request, ImageResourceFactory()));
}
ResourcePtr<FontResource> ResourceFetcher::fetchFont(FetchRequest& request)
{
ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeNone);
request.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextFont);
return toFontResource(requestResource(Resource::Font, request));
}
ResourcePtr<FontResource> FontResource::fetch(FetchRequest& request, ResourceFetcher* fetcher)
{
ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeNone);
request.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextFont);
return toFontResource(fetcher->requestResource(request, FontResourceFactory()));
}
PassRefPtrWillBeRawPtr<XSLStyleSheetResource> XSLStyleSheetResource::fetch(FetchRequest& request, ResourceFetcher* fetcher)
{
ASSERT(RuntimeEnabledFeatures::xsltEnabled());
request.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextXSLT);
return toXSLStyleSheetResource(fetcher->requestResource(request, XSLStyleSheetResourceFactory()));
}
ResourcePtr<DocumentResource> DocumentResource::fetchSVGDocument(FetchRequest& request, ResourceFetcher* fetcher)
{
ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeNone);
request.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextImage);
return toDocumentResource(fetcher->requestResource(request, SVGDocumentResourceFactory()));
}