2022-07-14 00:51:42 +01:00
/*
2023-03-02 23:26:35 +00:00
* Copyright ( c ) 2022 - 2023 , Linus Groh < linusg @ serenityos . org >
2022-07-14 00:51:42 +01:00
*
* SPDX - License - Identifier : BSD - 2 - Clause
*/
# include <AK/Array.h>
2024-11-15 04:01:23 +13:00
# include <LibGC/Heap.h>
2022-10-30 01:52:07 +00:00
# include <LibJS/Runtime/Realm.h>
2024-02-11 19:48:56 +13:00
# include <LibWeb/DOMURL/DOMURL.h>
2022-11-01 19:35:38 +00:00
# include <LibWeb/Fetch/Fetching/PendingResponse.h>
2022-07-14 00:51:42 +01:00
# include <LibWeb/Fetch/Infrastructure/HTTP/Requests.h>
2022-07-17 23:52:02 +01:00
namespace Web : : Fetch : : Infrastructure {
2022-07-14 00:51:42 +01:00
2024-11-15 04:01:23 +13:00
GC_DEFINE_ALLOCATOR ( Request ) ;
2023-11-19 19:47:52 +01:00
2024-11-15 04:01:23 +13:00
Request : : Request ( GC : : Ref < HeaderList > header_list )
2022-10-30 01:52:07 +00:00
: m_header_list ( header_list )
2022-09-25 20:52:51 +01:00
{
}
2022-10-30 01:52:07 +00:00
void Request : : visit_edges ( JS : : Cell : : Visitor & visitor )
2022-10-04 23:45:47 +01:00
{
2022-10-30 01:52:07 +00:00
Base : : visit_edges ( visitor ) ;
visitor . visit ( m_header_list ) ;
2023-03-21 10:08:44 -07:00
visitor . visit ( m_client ) ;
2023-08-18 19:38:13 +02:00
m_body . visit (
2024-11-15 04:01:23 +13:00
[ & ] ( GC : : Ref < Body > & body ) { visitor . visit ( body ) ; } ,
2023-08-18 19:38:13 +02:00
[ ] ( auto & ) { } ) ;
2024-04-24 11:09:36 +02:00
visitor . visit ( m_reserved_client ) ;
2023-03-21 10:08:44 -07:00
m_window . visit (
2024-11-15 04:01:23 +13:00
[ & ] ( GC : : Ptr < HTML : : EnvironmentSettingsObject > const & value ) { visitor . visit ( value ) ; } ,
2023-03-21 10:08:44 -07:00
[ ] ( auto const & ) { } ) ;
2024-04-15 13:58:21 +02:00
visitor . visit ( m_pending_responses ) ;
2024-11-25 14:30:12 +00:00
m_policy_container . visit (
[ & ] ( GC : : Ref < HTML : : PolicyContainer > const & policy_container ) { visitor . visit ( policy_container ) ; } ,
[ ] ( auto const & ) { } ) ;
2022-10-30 01:52:07 +00:00
}
2024-11-15 04:01:23 +13:00
GC : : Ref < Request > Request : : create ( JS : : VM & vm )
2022-10-30 01:52:07 +00:00
{
2024-11-14 06:13:46 +13:00
return vm . heap ( ) . allocate < Request > ( HeaderList : : create ( vm ) ) ;
2022-10-04 23:45:47 +01:00
}
2022-07-14 00:51:42 +01:00
// https://fetch.spec.whatwg.org/#concept-request-url
2024-03-18 16:22:27 +13:00
URL : : URL & Request : : url ( )
2022-07-14 00:51:42 +01:00
{
// A request has an associated URL (a URL).
// NOTE: Implementations are encouraged to make this a pointer to the first URL in request’ s URL list. It is provided as a distinct field solely for the convenience of other standards hooking into Fetch.
VERIFY ( ! m_url_list . is_empty ( ) ) ;
return m_url_list . first ( ) ;
}
2022-10-13 19:35:37 +02:00
// https://fetch.spec.whatwg.org/#concept-request-url
2024-03-18 16:22:27 +13:00
URL : : URL const & Request : : url ( ) const
2022-10-13 19:35:37 +02:00
{
return const_cast < Request & > ( * this ) . url ( ) ;
}
2022-07-14 00:51:42 +01:00
// https://fetch.spec.whatwg.org/#concept-request-current-url
2024-03-18 16:22:27 +13:00
URL : : URL & Request : : current_url ( )
2022-07-14 00:51:42 +01:00
{
// A request has an associated current URL. It is a pointer to the last URL in request’ s URL list.
VERIFY ( ! m_url_list . is_empty ( ) ) ;
return m_url_list . last ( ) ;
}
2022-10-13 19:35:37 +02:00
// https://fetch.spec.whatwg.org/#concept-request-current-url
2024-03-18 16:22:27 +13:00
URL : : URL const & Request : : current_url ( ) const
2022-10-13 19:35:37 +02:00
{
return const_cast < Request & > ( * this ) . current_url ( ) ;
}
2024-03-18 16:22:27 +13:00
void Request : : set_url ( URL : : URL url )
2022-07-14 00:51:42 +01:00
{
// Sometimes setting the URL and URL list are done as two distinct steps in the spec,
// but since we know the URL is always the URL list's first item and doesn't change later
// on, we can combine them.
2022-09-25 19:33:13 +01:00
if ( ! m_url_list . is_empty ( ) )
m_url_list . clear ( ) ;
2022-07-14 00:51:42 +01:00
m_url_list . append ( move ( url ) ) ;
}
// https://fetch.spec.whatwg.org/#request-destination-script-like
bool Request : : destination_is_script_like ( ) const
{
// A request’ s destination is script-like if it is "audioworklet", "paintworklet", "script", "serviceworker", "sharedworker", or "worker".
static constexpr Array script_like_destinations = {
Destination : : AudioWorklet ,
Destination : : PaintWorklet ,
Destination : : Script ,
Destination : : ServiceWorker ,
Destination : : SharedWorker ,
Destination : : Worker ,
} ;
return any_of ( script_like_destinations , [ this ] ( auto destination ) {
return m_destination = = destination ;
} ) ;
}
// https://fetch.spec.whatwg.org/#subresource-request
bool Request : : is_subresource_request ( ) const
{
2024-05-03 20:44:06 +01:00
// A subresource request is a request whose destination is "audio", "audioworklet", "font", "image", "json", "manifest", "paintworklet", "script", "style", "track", "video", "xslt", or the empty string.
2022-07-14 00:51:42 +01:00
static constexpr Array subresource_request_destinations = {
Destination : : Audio ,
Destination : : AudioWorklet ,
Destination : : Font ,
Destination : : Image ,
2024-05-03 20:44:06 +01:00
Destination : : JSON ,
2022-07-14 00:51:42 +01:00
Destination : : Manifest ,
Destination : : PaintWorklet ,
Destination : : Script ,
Destination : : Style ,
Destination : : Track ,
Destination : : Video ,
Destination : : XSLT ,
} ;
return any_of ( subresource_request_destinations , [ this ] ( auto destination ) {
return m_destination = = destination ;
} ) | | ! m_destination . has_value ( ) ;
}
// https://fetch.spec.whatwg.org/#non-subresource-request
bool Request : : is_non_subresource_request ( ) const
{
// A non-subresource request is a request whose destination is "document", "embed", "frame", "iframe", "object", "report", "serviceworker", "sharedworker", or "worker".
static constexpr Array non_subresource_request_destinations = {
Destination : : Document ,
Destination : : Embed ,
Destination : : Frame ,
Destination : : IFrame ,
Destination : : Object ,
Destination : : Report ,
Destination : : ServiceWorker ,
Destination : : SharedWorker ,
Destination : : Worker ,
} ;
return any_of ( non_subresource_request_destinations , [ this ] ( auto destination ) {
return m_destination = = destination ;
} ) ;
}
// https://fetch.spec.whatwg.org/#navigation-request
bool Request : : is_navigation_request ( ) const
{
// A navigation request is a request whose destination is "document", "embed", "frame", "iframe", or "object".
static constexpr Array navigation_request_destinations = {
Destination : : Document ,
Destination : : Embed ,
Destination : : Frame ,
Destination : : IFrame ,
Destination : : Object ,
} ;
return any_of ( navigation_request_destinations , [ this ] ( auto destination ) {
return m_destination = = destination ;
} ) ;
}
// https://fetch.spec.whatwg.org/#concept-request-tainted-origin
bool Request : : has_redirect_tainted_origin ( ) const
{
// A request request has a redirect-tainted origin if these steps return true:
// 1. Let lastURL be null.
2024-03-18 16:22:27 +13:00
Optional < URL : : URL const & > last_url ;
2022-07-14 00:51:42 +01:00
2022-12-07 18:29:17 +00:00
// 2. For each url of request’ s URL list:
2022-07-14 00:51:42 +01:00
for ( auto const & url : m_url_list ) {
// 1. If lastURL is null, then set lastURL to url and continue.
if ( ! last_url . has_value ( ) ) {
last_url = url ;
continue ;
}
// 2. If url’ s origin is not same origin with lastURL’ s origin and request’ s origin is not same origin with lastURL’ s origin, then return true.
2024-10-05 15:33:34 +13:00
auto const * request_origin = m_origin . get_pointer < URL : : Origin > ( ) ;
2024-10-05 17:03:51 +13:00
if ( ! url . origin ( ) . is_same_origin ( last_url - > origin ( ) )
& & ( request_origin = = nullptr | | ! request_origin - > is_same_origin ( last_url - > origin ( ) ) ) ) {
2022-07-14 00:51:42 +01:00
return true ;
2022-10-31 18:04:11 +00:00
}
2022-07-14 00:51:42 +01:00
// 3. Set lastURL to url.
last_url = url ;
}
// 3. Return false.
return false ;
}
// https://fetch.spec.whatwg.org/#serializing-a-request-origin
2024-04-26 13:35:10 -04:00
String Request : : serialize_origin ( ) const
2022-07-14 00:51:42 +01:00
{
// 1. If request has a redirect-tainted origin, then return "null".
if ( has_redirect_tainted_origin ( ) )
2023-03-02 23:26:35 +00:00
return " null " _string ;
2022-07-14 00:51:42 +01:00
// 2. Return request’ s origin, serialized.
2024-11-23 20:10:34 +13:00
return m_origin . get < URL : : Origin > ( ) . serialize ( ) ;
2022-07-14 00:51:42 +01:00
}
// https://fetch.spec.whatwg.org/#byte-serializing-a-request-origin
2024-04-26 13:35:10 -04:00
ByteBuffer Request : : byte_serialize_origin ( ) const
2022-07-14 00:51:42 +01:00
{
// Byte-serializing a request origin, given a request request, is to return the result of serializing a request origin with request, isomorphic encoded.
2024-04-26 13:35:10 -04:00
return MUST ( ByteBuffer : : copy ( serialize_origin ( ) . bytes ( ) ) ) ;
2022-07-14 00:51:42 +01:00
}
// https://fetch.spec.whatwg.org/#concept-request-clone
2024-11-15 04:01:23 +13:00
GC : : Ref < Request > Request : : clone ( JS : : Realm & realm ) const
2022-07-14 00:51:42 +01:00
{
// To clone a request request, run these steps:
2023-02-28 17:45:49 +00:00
auto & vm = realm . vm ( ) ;
2022-07-14 00:51:42 +01:00
// 1. Let newRequest be a copy of request, except for its body.
2022-10-30 01:52:07 +00:00
auto new_request = Infrastructure : : Request : : create ( vm ) ;
2022-10-04 23:45:47 +01:00
new_request - > set_method ( m_method ) ;
new_request - > set_local_urls_only ( m_local_urls_only ) ;
for ( auto const & header : * m_header_list )
2024-04-26 13:24:20 -04:00
new_request - > header_list ( ) - > append ( header ) ;
2022-10-04 23:45:47 +01:00
new_request - > set_unsafe_request ( m_unsafe_request ) ;
new_request - > set_client ( m_client ) ;
new_request - > set_reserved_client ( m_reserved_client ) ;
new_request - > set_replaces_client_id ( m_replaces_client_id ) ;
new_request - > set_window ( m_window ) ;
new_request - > set_keepalive ( m_keepalive ) ;
new_request - > set_initiator_type ( m_initiator_type ) ;
new_request - > set_service_workers_mode ( m_service_workers_mode ) ;
new_request - > set_initiator ( m_initiator ) ;
new_request - > set_destination ( m_destination ) ;
new_request - > set_priority ( m_priority ) ;
new_request - > set_origin ( m_origin ) ;
new_request - > set_policy_container ( m_policy_container ) ;
new_request - > set_referrer ( m_referrer ) ;
new_request - > set_referrer_policy ( m_referrer_policy ) ;
new_request - > set_mode ( m_mode ) ;
new_request - > set_use_cors_preflight ( m_use_cors_preflight ) ;
new_request - > set_credentials_mode ( m_credentials_mode ) ;
new_request - > set_use_url_credentials ( m_use_url_credentials ) ;
new_request - > set_cache_mode ( m_cache_mode ) ;
new_request - > set_redirect_mode ( m_redirect_mode ) ;
new_request - > set_integrity_metadata ( m_integrity_metadata ) ;
new_request - > set_cryptographic_nonce_metadata ( m_cryptographic_nonce_metadata ) ;
new_request - > set_parser_metadata ( m_parser_metadata ) ;
new_request - > set_reload_navigation ( m_reload_navigation ) ;
new_request - > set_history_navigation ( m_history_navigation ) ;
new_request - > set_user_activation ( m_user_activation ) ;
new_request - > set_render_blocking ( m_render_blocking ) ;
new_request - > set_url_list ( m_url_list ) ;
new_request - > set_redirect_count ( m_redirect_count ) ;
new_request - > set_response_tainting ( m_response_tainting ) ;
new_request - > set_prevent_no_cache_cache_control_header_modification ( m_prevent_no_cache_cache_control_header_modification ) ;
new_request - > set_done ( m_done ) ;
new_request - > set_timing_allow_failed ( m_timing_allow_failed ) ;
2024-05-26 08:03:29 -04:00
new_request - > set_buffer_policy ( m_buffer_policy ) ;
2022-09-25 19:25:53 +01:00
// 2. If request’ s body is non-null, set newRequest’ s body to the result of cloning request’ s body.
2024-11-15 04:01:23 +13:00
if ( auto const * body = m_body . get_pointer < GC : : Ref < Body > > ( ) )
2023-08-18 19:38:13 +02:00
new_request - > set_body ( ( * body ) - > clone ( realm ) ) ;
2022-07-14 00:51:42 +01:00
// 3. Return newRequest.
return new_request ;
}
// https://fetch.spec.whatwg.org/#concept-request-add-range-header
2024-04-26 13:35:10 -04:00
void Request : : add_range_header ( u64 first , Optional < u64 > const & last )
2022-07-14 00:51:42 +01:00
{
// To add a range header to a request request, with an integer first, and an optional integer last, run these steps:
// 1. Assert: last is not given, or first is less than or equal to last.
VERIFY ( ! last . has_value ( ) | | first < = last . value ( ) ) ;
// 2. Let rangeValue be `bytes=`.
2022-10-24 09:21:12 +01:00
auto range_value = MUST ( ByteBuffer : : copy ( " bytes " sv . bytes ( ) ) ) ;
2022-07-14 00:51:42 +01:00
// 3. Serialize and isomorphic encode first, and append the result to rangeValue.
2024-10-14 10:05:01 +02:00
range_value . append ( String : : number ( first ) . bytes ( ) ) ;
2022-07-14 00:51:42 +01:00
// 4. Append 0x2D (-) to rangeValue.
2024-04-26 13:35:10 -04:00
range_value . append ( ' - ' ) ;
2022-07-14 00:51:42 +01:00
// 5. If last is given, then serialize and isomorphic encode it, and append the result to rangeValue.
if ( last . has_value ( ) )
2024-10-14 10:05:01 +02:00
range_value . append ( String : : number ( * last ) . bytes ( ) ) ;
2022-07-14 00:51:42 +01:00
// 6. Append (`Range`, rangeValue) to request’ s header list.
auto header = Header {
2022-10-24 09:21:12 +01:00
. name = MUST ( ByteBuffer : : copy ( " Range " sv . bytes ( ) ) ) ,
2022-07-14 00:51:42 +01:00
. value = move ( range_value ) ,
} ;
2024-04-26 13:24:20 -04:00
m_header_list - > append ( move ( header ) ) ;
2022-07-14 00:51:42 +01:00
}
2022-10-24 09:18:51 +01:00
// https://fetch.spec.whatwg.org/#append-a-request-origin-header
2024-04-26 13:35:10 -04:00
void Request : : add_origin_header ( )
2022-10-24 09:18:51 +01:00
{
// 1. Let serializedOrigin be the result of byte-serializing a request origin with request.
2024-04-26 13:35:10 -04:00
auto serialized_origin = byte_serialize_origin ( ) ;
2022-10-24 09:18:51 +01:00
// 2. If request’ s response tainting is "cors" or request’ s mode is "websocket", then append (`Origin`, serializedOrigin) to request’ s header list.
if ( m_response_tainting = = ResponseTainting : : CORS | | m_mode = = Mode : : WebSocket ) {
auto header = Header {
. name = MUST ( ByteBuffer : : copy ( " Origin " sv . bytes ( ) ) ) ,
. value = move ( serialized_origin ) ,
} ;
2024-04-26 13:24:20 -04:00
m_header_list - > append ( move ( header ) ) ;
2022-10-24 09:18:51 +01:00
}
// 3. Otherwise, if request’ s method is neither `GET` nor `HEAD`, then:
else if ( ! StringView { m_method } . is_one_of ( " GET " sv , " HEAD " sv ) ) {
// 1. If request’ s mode is not "cors", then switch on request’ s referrer policy:
2024-03-05 09:35:25 -07:00
if ( m_mode ! = Mode : : CORS ) {
switch ( m_referrer_policy ) {
2022-10-24 09:18:51 +01:00
// -> "no-referrer"
case ReferrerPolicy : : ReferrerPolicy : : NoReferrer :
// Set serializedOrigin to `null`.
serialized_origin = MUST ( ByteBuffer : : copy ( " null " sv . bytes ( ) ) ) ;
break ;
// -> "no-referrer-when-downgrade"
// -> "strict-origin"
// -> "strict-origin-when-cross-origin"
case ReferrerPolicy : : ReferrerPolicy : : NoReferrerWhenDowngrade :
case ReferrerPolicy : : ReferrerPolicy : : StrictOrigin :
case ReferrerPolicy : : ReferrerPolicy : : StrictOriginWhenCrossOrigin :
// If request’ s origin is a tuple origin, its scheme is "https", and request’ s current URL’ s scheme is
// not "https", then set serializedOrigin to `null`.
2024-10-05 15:33:34 +13:00
if ( m_origin . has < URL : : Origin > ( ) & & m_origin . get < URL : : Origin > ( ) . scheme ( ) = = " https " sv & & current_url ( ) . scheme ( ) ! = " https " sv )
2022-10-24 09:18:51 +01:00
serialized_origin = MUST ( ByteBuffer : : copy ( " null " sv . bytes ( ) ) ) ;
break ;
// -> "same-origin"
case ReferrerPolicy : : ReferrerPolicy : : SameOrigin :
// If request’ s origin is not same origin with request’ s current URL’ s origin, then set serializedOrigin
// to `null`.
2024-10-05 17:03:51 +13:00
if ( m_origin . has < URL : : Origin > ( ) & & ! m_origin . get < URL : : Origin > ( ) . is_same_origin ( current_url ( ) . origin ( ) ) )
2022-10-24 09:18:51 +01:00
serialized_origin = MUST ( ByteBuffer : : copy ( " null " sv . bytes ( ) ) ) ;
break ;
// -> Otherwise
default :
// Do nothing.
break ;
}
}
// 2. Append (`Origin`, serializedOrigin) to request’ s header list.
auto header = Header {
. name = MUST ( ByteBuffer : : copy ( " Origin " sv . bytes ( ) ) ) ,
. value = move ( serialized_origin ) ,
} ;
2024-04-26 13:24:20 -04:00
m_header_list - > append ( move ( header ) ) ;
2022-10-24 09:18:51 +01:00
}
}
2022-07-14 00:51:42 +01:00
// https://fetch.spec.whatwg.org/#cross-origin-embedder-policy-allows-credentials
bool Request : : cross_origin_embedder_policy_allows_credentials ( ) const
{
// 1. If request’ s mode is not "no-cors", then return true.
if ( m_mode ! = Mode : : NoCORS )
return true ;
// 2. If request’ s client is null, then return true.
if ( m_client = = nullptr )
return true ;
2024-07-08 22:54:49 +01:00
// 3. If request’ s client’ s policy container’ s embedder policy’ s value is not "credentialless", then return true.
2024-11-25 14:30:12 +00:00
if ( m_policy_container . has < GC : : Ref < HTML : : PolicyContainer > > ( ) & & m_policy_container . get < GC : : Ref < HTML : : PolicyContainer > > ( ) - > embedder_policy . value ! = HTML : : EmbedderPolicyValue : : Credentialless )
2024-07-08 22:54:49 +01:00
return true ;
2022-07-14 00:51:42 +01:00
// 4. If request’ s origin is same origin with request’ s current URL’ s origin and request does not have a redirect-tainted origin, then return true.
// 5. Return false.
2024-10-05 15:33:34 +13:00
auto const * request_origin = m_origin . get_pointer < URL : : Origin > ( ) ;
2023-08-25 16:32:45 -07:00
if ( request_origin = = nullptr )
return false ;
2024-10-05 17:03:51 +13:00
return request_origin - > is_same_origin ( current_url ( ) . origin ( ) ) & & ! has_redirect_tainted_origin ( ) ;
2022-07-14 00:51:42 +01:00
}
2024-04-29 20:22:32 +01:00
StringView request_destination_to_string ( Request : : Destination destination )
{
switch ( destination ) {
case Request : : Destination : : Audio :
return " audio " sv ;
case Request : : Destination : : AudioWorklet :
return " audioworklet " sv ;
case Request : : Destination : : Document :
return " document " sv ;
case Request : : Destination : : Embed :
return " embed " sv ;
case Request : : Destination : : Font :
return " font " sv ;
case Request : : Destination : : Frame :
return " frame " sv ;
case Request : : Destination : : IFrame :
return " iframe " sv ;
case Request : : Destination : : Image :
return " image " sv ;
case Request : : Destination : : JSON :
return " json " sv ;
case Request : : Destination : : Manifest :
return " manifest " sv ;
case Request : : Destination : : Object :
return " object " sv ;
case Request : : Destination : : PaintWorklet :
return " paintworklet " sv ;
case Request : : Destination : : Report :
return " report " sv ;
case Request : : Destination : : Script :
return " script " sv ;
case Request : : Destination : : ServiceWorker :
return " serviceworker " sv ;
case Request : : Destination : : SharedWorker :
return " sharedworker " sv ;
case Request : : Destination : : Style :
return " style " sv ;
case Request : : Destination : : Track :
return " track " sv ;
case Request : : Destination : : Video :
return " video " sv ;
case Request : : Destination : : WebIdentity :
return " webidentity " sv ;
case Request : : Destination : : Worker :
return " worker " sv ;
case Request : : Destination : : XSLT :
return " xslt " sv ;
}
VERIFY_NOT_REACHED ( ) ;
}
2024-04-29 20:23:26 +01:00
StringView request_mode_to_string ( Request : : Mode mode )
{
switch ( mode ) {
case Request : : Mode : : SameOrigin :
return " same-origin " sv ;
case Request : : Mode : : CORS :
return " cors " sv ;
case Request : : Mode : : NoCORS :
return " no-cors " sv ;
case Request : : Mode : : Navigate :
return " navigate " sv ;
case Request : : Mode : : WebSocket :
return " websocket " sv ;
}
VERIFY_NOT_REACHED ( ) ;
}
2024-05-27 09:45:56 +01:00
Optional < Request : : Priority > request_priority_from_string ( StringView string )
{
if ( string . equals_ignoring_ascii_case ( " high " sv ) )
return Request : : Priority : : High ;
if ( string . equals_ignoring_ascii_case ( " low " sv ) )
return Request : : Priority : : Low ;
if ( string . equals_ignoring_ascii_case ( " auto " sv ) )
return Request : : Priority : : Auto ;
return { } ;
}
2022-07-14 00:51:42 +01:00
}