mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-12-08 06:09:58 +00:00
9375660b64
The end goal here is for LibHTTP to be the home of our RFC 9111 (HTTP caching) implementation. We currently have one implementation in LibWeb for our in-memory cache and another in RequestServer for our disk cache. The implementations both largely revolve around interacting with HTTP headers. But in LibWeb, we are using Fetch's header infra, and in RS we are using are home-grown header infra from LibHTTP. So to give these a common denominator, this patch replaces the LibHTTP implementation with Fetch's infra. Our existing LibHTTP implementation was not particularly compliant with any spec, so this at least gives us a standards-based common implementation. This migration also required moving a handful of other Fetch AOs over to LibHTTP. (It turns out these AOs were all from the Fetch/Infra/HTTP folder, so perhaps it makes sense for LibHTTP to be the implementation of that entire set of facilities.)
59 lines
2.4 KiB
C++
59 lines
2.4 KiB
C++
/*
|
||
* Copyright (c) 2022-2023, Linus Groh <linusg@serenityos.org>
|
||
*
|
||
* SPDX-License-Identifier: BSD-2-Clause
|
||
*/
|
||
|
||
#include <LibHTTP/HeaderList.h>
|
||
#include <LibWeb/Fetch/Infrastructure/HTTP/MIME.h>
|
||
#include <LibWeb/Fetch/Infrastructure/HTTP/Requests.h>
|
||
#include <LibWeb/Fetch/Infrastructure/HTTP/Responses.h>
|
||
#include <LibWeb/Fetch/Infrastructure/NoSniffBlocking.h>
|
||
#include <LibWeb/Infra/Strings.h>
|
||
|
||
namespace Web::Fetch::Infrastructure {
|
||
|
||
// https://fetch.spec.whatwg.org/#determine-nosniff
|
||
bool determine_nosniff(HTTP::HeaderList const& list)
|
||
{
|
||
// 1. Let values be the result of getting, decoding, and splitting `X-Content-Type-Options` from list.
|
||
auto values = list.get_decode_and_split("X-Content-Type-Options"sv.bytes());
|
||
|
||
// 2. If values is null, then return false.
|
||
if (!values.has_value())
|
||
return false;
|
||
|
||
// 3. If values[0] is an ASCII case-insensitive match for "nosniff", then return true.
|
||
if (!values->is_empty() && values->at(0).equals_ignoring_ascii_case("nosniff"sv))
|
||
return true;
|
||
|
||
// 4. Return false.
|
||
return false;
|
||
}
|
||
|
||
// https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-nosniff?
|
||
RequestOrResponseBlocking should_response_to_request_be_blocked_due_to_nosniff(Response const& response, Request const& request)
|
||
{
|
||
// 1. If determine nosniff with response’s header list is false, then return allowed.
|
||
if (!determine_nosniff(response.header_list()))
|
||
return RequestOrResponseBlocking::Allowed;
|
||
|
||
// 2. Let mimeType be the result of extracting a MIME type from response’s header list.
|
||
auto mime_type = Infrastructure::extract_mime_type(response.header_list());
|
||
|
||
// 3. Let destination be request’s destination.
|
||
auto const& destination = request.destination();
|
||
|
||
// 4. If destination is script-like and mimeType is failure or is not a JavaScript MIME type, then return blocked.
|
||
if (request.destination_is_script_like() && (!mime_type.has_value() || !mime_type->is_javascript()))
|
||
return RequestOrResponseBlocking::Blocked;
|
||
|
||
// 5. If destination is "style" and mimeType is failure or its essence is not "text/css", then return blocked.
|
||
if (destination == Request::Destination::Style && (!mime_type.has_value() || mime_type->essence() != "text/css"sv))
|
||
return RequestOrResponseBlocking::Blocked;
|
||
|
||
// 6. Return allowed.
|
||
return RequestOrResponseBlocking::Allowed;
|
||
}
|
||
|
||
}
|