void ResourceLoader::didReceiveResponse(const ResourceResponse& r)
{
ASSERT(!m_reachedTerminalState);
// Protect this in this delegate method since the additional processing can do
// anything including possibly derefing this; one example of this is Radar 3266216.
Ref<ResourceLoader> protect(*this);
logResourceResponseSource(m_frame.get(), r.source());
m_response = r;
if (FormData* data = m_request.httpBody())
data->removeGeneratedFilesIfNeeded();
if (m_options.sendLoadCallbacks() == SendCallbacks)
frameLoader()->notifier().didReceiveResponse(this, m_response);
}
void ResourceLoader::didReceiveResponse(const ResourceResponse& r)
{
ASSERT(!m_reachedTerminalState);
// Protect this in this delegate method since the additional processing can do
// anything including possibly derefing this; one example of this is Radar 3266216.
Ref<ResourceLoader> protectedThis(*this);
logResourceResponseSource(m_frame.get(), r.source());
m_response = r;
if (m_response.isHttpVersion0_9()) {
auto url = m_response.url();
// Non-HTTP responses are interpreted as HTTP/0.9 which may allow exfiltration of data
// from non-HTTP services. Therefore cancel if the document was loaded with different
// HTTP version or if the resource request was to a non-default port.
if (!m_documentLoader->response().isHttpVersion0_9()) {
String message = "Cancelled resource load from '" + url.string() + "' because it is using HTTP/0.9 and the document was loaded with a different HTTP version.";
m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, identifier());
ResourceError error(emptyString(), 0, url, message);
didFail(error);
return;
}
if (!isDefaultPortForProtocol(url.port(), url.protocol())) {
String message = "Cancelled resource load from '" + url.string() + "' because it is using HTTP/0.9 on a non-default port.";
m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, identifier());
ResourceError error(emptyString(), 0, url, message);
didFail(error);
return;
}
String message = "Sandboxing '" + m_response.url().string() + "' because it is using HTTP/0.9.";
m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, m_identifier);
frameLoader()->forceSandboxFlags(SandboxScripts | SandboxPlugins);
}
if (FormData* data = m_request.httpBody())
data->removeGeneratedFilesIfNeeded();
if (m_options.sendLoadCallbacks() == SendCallbacks)
frameLoader()->notifier().didReceiveResponse(this, m_response);
}
void ResourceLoader::didReceiveResponse(const ResourceResponse& r)
{
ASSERT(!m_reachedTerminalState);
// Protect this in this delegate method since the additional processing can do
// anything including possibly derefing this; one example of this is Radar 3266216.
Ref<ResourceLoader> protect(*this);
logResourceResponseSource(m_frame.get(), r.source());
m_response = r;
if (m_response.isHttpVersion0_9()) {
String message = "Sandboxing '" + m_response.url().string() + "' because it is using HTTP/0.9.";
m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, m_identifier);
frameLoader()->forceSandboxFlags(SandboxScripts | SandboxPlugins);
}
if (FormData* data = m_request.httpBody())
data->removeGeneratedFilesIfNeeded();
if (m_options.sendLoadCallbacks() == SendCallbacks)
frameLoader()->notifier().didReceiveResponse(this, m_response);
}
