void EventSource::connect()
{
ASSERT(m_state == CONNECTING);
ASSERT(!m_requestInFlight);
ResourceRequest request(m_url);
request.setHTTPMethod("GET");
request.setHTTPHeaderField(HTTPHeaderName::Accept, "text/event-stream");
request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "no-cache");
if (!m_lastEventId.isEmpty())
request.setHTTPHeaderField(HTTPHeaderName::LastEventID, m_lastEventId);
SecurityOrigin* origin = scriptExecutionContext()->securityOrigin();
ThreadableLoaderOptions options;
options.setSendLoadCallbacks(SendCallbacks);
options.setSniffContent(DoNotSniffContent);
options.setAllowCredentials((origin->canRequest(m_url) || m_withCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials);
options.preflightPolicy = PreventPreflight;
options.crossOriginRequestPolicy = UseAccessControl;
options.setDataBufferingPolicy(DoNotBufferData);
options.securityOrigin = origin;
m_loader = ThreadableLoader::create(scriptExecutionContext(), this, request, options);
if (m_loader)
m_requestInFlight = true;
}
void FileReaderLoader::start(ScriptExecutionContext* scriptExecutionContext, Blob* blob)
{
// The blob is read by routing through the request handling layer given a temporary public url.
m_urlForReading = BlobURL::createPublicURL(scriptExecutionContext->securityOrigin());
if (m_urlForReading.isEmpty()) {
failed(FileError::SECURITY_ERR);
return;
}
ThreadableBlobRegistry::registerBlobURL(scriptExecutionContext->securityOrigin(), m_urlForReading, blob->url());
// Construct and load the request.
ResourceRequest request(m_urlForReading);
request.setHTTPMethod("GET");
if (m_hasRange)
request.setHTTPHeaderField(HTTPHeaderName::Range, String::format("bytes=%d-%d", m_rangeStart, m_rangeEnd));
ThreadableLoaderOptions options;
options.setSendLoadCallbacks(SendCallbacks);
options.setSniffContent(DoNotSniffContent);
options.preflightPolicy = ConsiderPreflight;
options.setAllowCredentials(AllowStoredCredentials);
options.crossOriginRequestPolicy = DenyCrossOriginRequests;
if (m_client)
m_loader = ThreadableLoader::create(scriptExecutionContext, this, request, options);
else
ThreadableLoader::loadResourceSynchronously(scriptExecutionContext, request, *this, options);
}
void FetchLoader::start(ScriptExecutionContext& context, const FetchRequest& request)
{
// FIXME: Compute loading options according fetch options.
ThreadableLoaderOptions options;
options.setSendLoadCallbacks(SendCallbacks);
options.setSniffContent(DoNotSniffContent);
options.setDataBufferingPolicy(DoNotBufferData);
options.preflightPolicy = ConsiderPreflight;
options.setAllowCredentials(AllowStoredCredentials);
options.crossOriginRequestPolicy = DenyCrossOriginRequests;
options.contentSecurityPolicyEnforcement = ContentSecurityPolicyEnforcement::DoNotEnforce;
m_loader = ThreadableLoader::create(&context, this, request.internalRequest(), options);
}
void WorkerScriptLoader::loadSynchronously(ScriptExecutionContext* scriptExecutionContext, const URL& url, CrossOriginRequestPolicy crossOriginRequestPolicy)
{
m_url = url;
std::unique_ptr<ResourceRequest> request(createResourceRequest());
if (!request)
return;
ASSERT_WITH_SECURITY_IMPLICATION(scriptExecutionContext->isWorkerGlobalScope());
ThreadableLoaderOptions options;
options.setAllowCredentials(AllowStoredCredentials);
options.crossOriginRequestPolicy = crossOriginRequestPolicy;
options.setSendLoadCallbacks(SendCallbacks);
WorkerThreadableLoader::loadResourceSynchronously(toWorkerGlobalScope(scriptExecutionContext), *request, *this, options);
}
void WorkerScriptLoader::loadAsynchronously(ScriptExecutionContext* scriptExecutionContext, const URL& url, CrossOriginRequestPolicy crossOriginRequestPolicy, WorkerScriptLoaderClient* client)
{
ASSERT(client);
m_client = client;
m_url = url;
std::unique_ptr<ResourceRequest> request(createResourceRequest());
if (!request)
return;
ThreadableLoaderOptions options;
options.setAllowCredentials(AllowStoredCredentials);
options.crossOriginRequestPolicy = crossOriginRequestPolicy;
options.setSendLoadCallbacks(SendCallbacks);
// During create, callbacks may happen which remove the last reference to this object.
Ref<WorkerScriptLoader> protect(*this);
m_threadableLoader = ThreadableLoader::create(scriptExecutionContext, this, *request, options);
}
void InspectorResourceAgent::loadResource(ErrorString* errorString, const String& frameId, const String& urlString, PassRefPtr<LoadResourceCallback> prpCallback)
{
Frame* frame = m_pageAgent->assertFrame(errorString, frameId);
if (!frame)
return;
Document* document = frame->document();
if (!document) {
*errorString = ASCIILiteral("No Document instance for the specified frame");
return;
}
RefPtr<LoadResourceCallback> callback = prpCallback;
URL url = document->completeURL(urlString);
ResourceRequest request(url);
request.setHTTPMethod(ASCIILiteral("GET"));
request.setHiddenFromInspector(true);
ThreadableLoaderOptions options;
options.setSendLoadCallbacks(SendCallbacks); // So we remove this from m_hiddenRequestIdentifiers on completion.
options.setAllowCredentials(AllowStoredCredentials);
options.crossOriginRequestPolicy = AllowCrossOriginRequests;
// InspectorThreadableLoaderClient deletes itself when the load completes.
InspectorThreadableLoaderClient* inspectorThreadableLoaderClient = new InspectorThreadableLoaderClient(callback);
RefPtr<DocumentThreadableLoader> loader = DocumentThreadableLoader::create(*document, *inspectorThreadableLoaderClient, request, options);
if (!loader) {
inspectorThreadableLoaderClient->didFailLoaderCreation();
return;
}
loader->setDefersLoading(false);
// If the load already completed, inspectorThreadableLoaderClient will have been deleted and we will have already called the callback.
if (!callback->isActive())
return;
inspectorThreadableLoaderClient->setLoader(loader.release());
}
void FetchLoader::start(ScriptExecutionContext& context, Blob& blob)
{
auto urlForReading = BlobURL::createPublicURL(context.securityOrigin());
if (urlForReading.isEmpty()) {
m_client.didFail();
return;
}
ThreadableBlobRegistry::registerBlobURL(context.securityOrigin(), urlForReading, blob.url());
ResourceRequest request(urlForReading);
request.setHTTPMethod("GET");
ThreadableLoaderOptions options;
options.setSendLoadCallbacks(SendCallbacks);
options.setSniffContent(DoNotSniffContent);
options.setDataBufferingPolicy(DoNotBufferData);
options.preflightPolicy = ConsiderPreflight;
options.setAllowCredentials(AllowStoredCredentials);
options.crossOriginRequestPolicy = DenyCrossOriginRequests;
options.contentSecurityPolicyEnforcement = ContentSecurityPolicyEnforcement::DoNotEnforce;
m_loader = ThreadableLoader::create(&context, this, request, options);
}
void XMLHttpRequest::createRequest(ExceptionCode& ec)
{
// Only GET request is supported for blob URL.
if (m_url.protocolIs("blob") && m_method != "GET") {
ec = XMLHttpRequestException::NETWORK_ERR;
return;
}
// The presence of upload event listeners forces us to use preflighting because POSTing to an URL that does not
// permit cross origin requests should look exactly like POSTing to an URL that does not respond at all.
// Also, only async requests support upload progress events.
bool uploadEvents = false;
if (m_async) {
m_progressEventThrottle.dispatchProgressEvent(eventNames().loadstartEvent);
if (m_requestEntityBody && m_upload) {
uploadEvents = m_upload->hasEventListeners();
m_upload->dispatchProgressEvent(eventNames().loadstartEvent);
}
}
m_sameOriginRequest = securityOrigin()->canRequest(m_url);
// We also remember whether upload events should be allowed for this request in case the upload listeners are
// added after the request is started.
m_uploadEventsAllowed = m_sameOriginRequest || uploadEvents || !isSimpleCrossOriginAccessRequest(m_method, m_requestHeaders);
ResourceRequest request(m_url);
request.setHTTPMethod(m_method);
if (m_requestEntityBody) {
ASSERT(m_method != "GET");
ASSERT(m_method != "HEAD");
request.setHTTPBody(m_requestEntityBody.release());
}
if (!m_requestHeaders.isEmpty())
request.setHTTPHeaderFields(m_requestHeaders);
ThreadableLoaderOptions options;
options.setSendLoadCallbacks(SendCallbacks);
options.setSniffContent(DoNotSniffContent);
options.preflightPolicy = uploadEvents ? ForcePreflight : ConsiderPreflight;
options.setAllowCredentials((m_sameOriginRequest || m_includeCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials);
options.crossOriginRequestPolicy = UseAccessControl;
options.securityOrigin = securityOrigin();
#if ENABLE(RESOURCE_TIMING)
options.initiator = cachedResourceRequestInitiators().xmlhttprequest;
#endif
#if ENABLE(XHR_TIMEOUT)
if (m_timeoutMilliseconds)
request.setTimeoutInterval(m_timeoutMilliseconds / 1000.0);
#endif
m_exceptionCode = 0;
m_error = false;
if (m_async) {
if (m_upload)
request.setReportUploadProgress(true);
// ThreadableLoader::create can return null here, for example if we're no longer attached to a page.
// This is true while running onunload handlers.
// FIXME: Maybe we need to be able to send XMLHttpRequests from onunload, <http://bugs.webkit.org/show_bug.cgi?id=10904>.
// FIXME: Maybe create() can return null for other reasons too?
m_loader = ThreadableLoader::create(scriptExecutionContext(), this, request, options);
if (m_loader) {
// Neither this object nor the JavaScript wrapper should be deleted while
// a request is in progress because we need to keep the listeners alive,
// and they are referenced by the JavaScript wrapper.
setPendingActivity(this);
}
} else {
InspectorInstrumentation::willLoadXHRSynchronously(scriptExecutionContext());
ThreadableLoader::loadResourceSynchronously(scriptExecutionContext(), request, *this, options);
InspectorInstrumentation::didLoadXHRSynchronously(scriptExecutionContext());
}
if (!m_exceptionCode && m_error)
m_exceptionCode = XMLHttpRequestException::NETWORK_ERR;
ec = m_exceptionCode;
}
void XMLHttpRequest::createRequest(ExceptionCode& ec)
{
// Only GET request is supported for blob URL.
if (!m_async && m_url.protocolIsBlob() && m_method != "GET") {
ec = NETWORK_ERR;
return;
}
m_sendFlag = true;
// The presence of upload event listeners forces us to use preflighting because POSTing to an URL that does not
// permit cross origin requests should look exactly like POSTing to an URL that does not respond at all.
// Also, only async requests support upload progress events.
bool uploadEvents = false;
if (m_async) {
m_progressEventThrottle.dispatchProgressEvent(eventNames().loadstartEvent);
if (m_requestEntityBody && m_upload) {
uploadEvents = m_upload->hasEventListeners();
m_upload->dispatchProgressEvent(eventNames().loadstartEvent);
}
}
m_sameOriginRequest = securityOrigin()->canRequest(m_url);
// We also remember whether upload events should be allowed for this request in case the upload listeners are
// added after the request is started.
m_uploadEventsAllowed = m_sameOriginRequest || uploadEvents || !isSimpleCrossOriginAccessRequest(m_method, m_requestHeaders);
ResourceRequest request(m_url);
request.setRequester(ResourceRequest::Requester::XHR);
request.setHTTPMethod(m_method);
if (m_requestEntityBody) {
ASSERT(m_method != "GET");
ASSERT(m_method != "HEAD");
request.setHTTPBody(WTFMove(m_requestEntityBody));
}
if (!m_requestHeaders.isEmpty())
request.setHTTPHeaderFields(m_requestHeaders);
ThreadableLoaderOptions options;
options.setSendLoadCallbacks(SendCallbacks);
options.setSniffContent(DoNotSniffContent);
options.preflightPolicy = uploadEvents ? ForcePreflight : ConsiderPreflight;
options.setAllowCredentials((m_sameOriginRequest || m_includeCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials);
options.setCredentialRequest(m_includeCredentials ? ClientRequestedCredentials : ClientDidNotRequestCredentials);
options.crossOriginRequestPolicy = UseAccessControl;
options.securityOrigin = securityOrigin();
options.contentSecurityPolicyEnforcement = scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective;
options.initiator = cachedResourceRequestInitiators().xmlhttprequest;
if (m_timeoutMilliseconds) {
if (!m_async)
request.setTimeoutInterval(m_timeoutMilliseconds / 1000.0);
else {
m_sendingTime = std::chrono::steady_clock::now();
m_timeoutTimer.startOneShot(std::chrono::milliseconds { m_timeoutMilliseconds });
}
}
m_exceptionCode = 0;
m_error = false;
if (m_async) {
if (m_upload)
request.setReportUploadProgress(true);
// ThreadableLoader::create can return null here, for example if we're no longer attached to a page or if a content blocker blocks the load.
// This is true while running onunload handlers.
// FIXME: Maybe we need to be able to send XMLHttpRequests from onunload, <http://bugs.webkit.org/show_bug.cgi?id=10904>.
m_loader = ThreadableLoader::create(scriptExecutionContext(), this, request, options);
// Neither this object nor the JavaScript wrapper should be deleted while
// a request is in progress because we need to keep the listeners alive,
// and they are referenced by the JavaScript wrapper.
setPendingActivity(this);
if (!m_loader) {
m_sendFlag = false;
m_timeoutTimer.stop();
m_networkErrorTimer.startOneShot(0);
}
} else {
InspectorInstrumentation::willLoadXHRSynchronously(scriptExecutionContext());
ThreadableLoader::loadResourceSynchronously(scriptExecutionContext(), request, *this, options);
InspectorInstrumentation::didLoadXHRSynchronously(scriptExecutionContext());
}
if (!m_exceptionCode && m_error)
m_exceptionCode = NETWORK_ERR;
ec = m_exceptionCode;
}