void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) { KURL url = fetchRequest.resourceRequest().url(); // Tack an 'Upgrade-Insecure-Requests' header to outgoing navigational requests, as described in // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNone) fetchRequest.mutableResourceRequest().addHTTPHeaderField("Upgrade-Insecure-Requests", "1"); if (m_document && m_document->insecureRequestsPolicy() == SecurityContext::InsecureRequestsUpgrade && url.protocolIs("http")) { ASSERT(m_document->insecureNavigationsToUpgrade()); // We always upgrade requests that meet any of the following criteria: // // 1. Are for subresources (including nested frames). // 2. Are form submissions. // 3. Whose hosts are contained in the document's InsecureNavigationSet. const ResourceRequest& request = fetchRequest.resourceRequest(); if (request.frameType() == WebURLRequest::FrameTypeNone || request.frameType() == WebURLRequest::FrameTypeNested || request.requestContext() == WebURLRequest::RequestContextForm || (!url.host().isNull() && m_document->insecureNavigationsToUpgrade()->contains(url.host().impl()->hash()))) { UseCounter::count(m_document, UseCounter::UpgradeInsecureRequestsUpgradedRequest); url.setProtocol("https"); if (url.port() == 80) url.setPort(443); fetchRequest.mutableResourceRequest().setURL(url); } } }
void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) { KURL url = fetchRequest.resourceRequest().url(); // Tack an 'Upgrade-Insecure-Requests' header to outgoing navigational requests, as described in // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNone) fetchRequest.mutableResourceRequest().addHTTPHeaderField("Upgrade-Insecure-Requests", "1"); // If we don't yet have an |m_document| (because we're loading an iframe, for instance), check the FrameLoader's policy. WebInsecureRequestPolicy relevantPolicy = m_document ? m_document->getInsecureRequestPolicy() : frame()->loader().getInsecureRequestPolicy(); SecurityContext::InsecureNavigationsSet* relevantNavigationSet = m_document ? m_document->insecureNavigationsToUpgrade() : frame()->loader().insecureNavigationsToUpgrade(); if (url.protocolIs("http") && relevantPolicy & kUpgradeInsecureRequests) { // We always upgrade requests that meet any of the following criteria: // // 1. Are for subresources (including nested frames). // 2. Are form submissions. // 3. Whose hosts are contained in the document's InsecureNavigationSet. const ResourceRequest& request = fetchRequest.resourceRequest(); if (request.frameType() == WebURLRequest::FrameTypeNone || request.frameType() == WebURLRequest::FrameTypeNested || request.requestContext() == WebURLRequest::RequestContextForm || (!url.host().isNull() && relevantNavigationSet->contains(url.host().impl()->hash()))) { UseCounter::count(m_document, UseCounter::UpgradeInsecureRequestsUpgradedRequest); url.setProtocol("https"); if (url.port() == 80) url.setPort(443); fetchRequest.mutableResourceRequest().setURL(url); } } }
PassRefPtrWillBeRawPtr<XSLStyleSheetResource> XSLStyleSheetResource::fetchSynchronously(FetchRequest& request, ResourceFetcher* fetcher) { request.mutableResourceRequest().setTimeoutInterval(10); request.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextXSLT); ResourceLoaderOptions options(request.options()); options.synchronousPolicy = RequestSynchronously; request.setOptions(options); RefPtrWillBeRawPtr<XSLStyleSheetResource> resource = toXSLStyleSheetResource(fetcher->requestResource(request, XSLStyleSheetResourceFactory())); if (resource && resource->m_data) resource->m_sheet = resource->decodedText(); return resource; }
void expectHTTPSHeader(const char* input, WebURLRequest::FrameType frameType, bool shouldPrefer) { KURL inputURL(ParsedURLString, input); FetchRequest fetchRequest = FetchRequest(ResourceRequest(inputURL), FetchInitiatorInfo()); fetchRequest.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextScript); fetchRequest.mutableResourceRequest().setFrameType(frameType); fetchContext->upgradeInsecureRequest(fetchRequest); EXPECT_STREQ(shouldPrefer ? "1" : "", fetchRequest.resourceRequest().httpHeaderField(HTTPNames::Upgrade_Insecure_Requests).utf8().data()); }
ResourcePtr<Resource> LinkFetchResource::fetch(Resource::Type type, FetchRequest& request, ResourceFetcher* fetcher) { ASSERT(type == LinkPrefetch); ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeNone); fetcher->determineRequestContext(request.mutableResourceRequest(), type); return fetcher->requestResource(request, LinkResourceFactory(type)); }
void FrameFetchContext::addCSPHeaderIfNecessary(Resource::Type type, FetchRequest& fetchRequest) { if (!m_document) return; const ContentSecurityPolicy* csp = m_document->contentSecurityPolicy(); if (csp->shouldSendCSPHeader(type)) fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP", "active"); }
void expectUpgrade(const char* input, WebURLRequest::RequestContext requestContext, WebURLRequest::FrameType frameType, const char* expected) { KURL inputURL(ParsedURLString, input); KURL expectedURL(ParsedURLString, expected); FetchRequest fetchRequest = FetchRequest(ResourceRequest(inputURL), FetchInitiatorInfo()); fetchRequest.mutableResourceRequest().setRequestContext(requestContext); fetchRequest.mutableResourceRequest().setFrameType(frameType); fetchContext->upgradeInsecureRequest(fetchRequest); EXPECT_STREQ(expectedURL.getString().utf8().data(), fetchRequest.resourceRequest().url().getString().utf8().data()); EXPECT_EQ(expectedURL.protocol(), fetchRequest.resourceRequest().url().protocol()); EXPECT_EQ(expectedURL.host(), fetchRequest.resourceRequest().url().host()); EXPECT_EQ(expectedURL.port(), fetchRequest.resourceRequest().url().port()); EXPECT_EQ(expectedURL.hasPort(), fetchRequest.resourceRequest().url().hasPort()); EXPECT_EQ(expectedURL.path(), fetchRequest.resourceRequest().url().path()); }
ResourcePtr<ScriptResource> ScriptResource::fetch(FetchRequest& request, ResourceFetcher* fetcher) { ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeNone); request.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextScript); ResourcePtr<ScriptResource> resource = toScriptResource(fetcher->requestResource(request, ScriptResourceFactory())); if (resource && !request.integrityMetadata().isEmpty()) resource->setIntegrityMetadata(request.integrityMetadata()); return resource; }
ResourcePtr<Resource> ResourceFetcher::createResourceForLoading(Resource::Type type, FetchRequest& request, const String& charset) { ASSERT(!memoryCache()->resourceForURL(request.resourceRequest().url())); WTF_LOG(ResourceLoading, "Loading Resource for '%s'.", request.resourceRequest().url().elidedString().latin1().data()); addAdditionalRequestHeaders(request.mutableResourceRequest(), type); ResourcePtr<Resource> resource = createResource(type, request.resourceRequest(), charset); memoryCache()->add(resource.get()); return resource; }
void FrameFetchContext::addClientHintsIfNecessary(FetchRequest& fetchRequest) { if (!RuntimeEnabledFeatures::clientHintsEnabled() || !m_document) return; bool shouldSendDPR = m_document->clientHintsPreferences().shouldSendDPR() || fetchRequest.clientHintsPreferences().shouldSendDPR(); bool shouldSendResourceWidth = m_document->clientHintsPreferences().shouldSendResourceWidth() || fetchRequest.clientHintsPreferences().shouldSendResourceWidth(); bool shouldSendViewportWidth = m_document->clientHintsPreferences().shouldSendViewportWidth() || fetchRequest.clientHintsPreferences().shouldSendViewportWidth(); if (shouldSendDPR) fetchRequest.mutableResourceRequest().addHTTPHeaderField("DPR", AtomicString(String::number(m_document->devicePixelRatio()))); if (shouldSendResourceWidth) { FetchRequest::ResourceWidth resourceWidth = fetchRequest.getResourceWidth(); if (resourceWidth.isSet) { float physicalWidth = resourceWidth.width * m_document->devicePixelRatio(); fetchRequest.mutableResourceRequest().addHTTPHeaderField("Width", AtomicString(String::number(ceil(physicalWidth)))); } } if (shouldSendViewportWidth && frame()->view()) fetchRequest.mutableResourceRequest().addHTTPHeaderField("Viewport-Width", AtomicString(String::number(frame()->view()->viewportWidth()))); }
ResourcePtr<ImageResource> ImageResource::fetch(FetchRequest& request, ResourceFetcher* fetcher) { if (request.resourceRequest().requestContext() == WebURLRequest::RequestContextUnspecified) request.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextImage); if (fetcher->context().pageDismissalEventBeingDispatched()) { KURL requestURL = request.resourceRequest().url(); if (requestURL.isValid() && fetcher->context().canRequest(Resource::Image, request.resourceRequest(), requestURL, request.options(), request.forPreload(), request.originRestriction())) fetcher->context().sendImagePing(requestURL); return 0; } if (fetcher->clientDefersImage(request.resourceRequest().url())) request.setDefer(FetchRequest::DeferredByClient); return toImageResource(fetcher->requestResource(request, ImageResourceFactory())); }
ResourcePtr<FontResource> ResourceFetcher::fetchFont(FetchRequest& request) { ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeNone); request.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextFont); return toFontResource(requestResource(Resource::Font, request)); }
ResourcePtr<FontResource> FontResource::fetch(FetchRequest& request, ResourceFetcher* fetcher) { ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeNone); request.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextFont); return toFontResource(fetcher->requestResource(request, FontResourceFactory())); }
PassRefPtrWillBeRawPtr<XSLStyleSheetResource> XSLStyleSheetResource::fetch(FetchRequest& request, ResourceFetcher* fetcher) { ASSERT(RuntimeEnabledFeatures::xsltEnabled()); request.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextXSLT); return toXSLStyleSheetResource(fetcher->requestResource(request, XSLStyleSheetResourceFactory())); }
ResourcePtr<DocumentResource> DocumentResource::fetchSVGDocument(FetchRequest& request, ResourceFetcher* fetcher) { ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeNone); request.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextImage); return toDocumentResource(fetcher->requestResource(request, SVGDocumentResourceFactory())); }