blob: 2084e02dde1607c635cbd7cc668a61dafc8c30ac [file] [log] [blame]
/*
* Copyright (C) 2016 Canon Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted, provided that the following conditions
* are required to be met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Canon Inc. nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY CANON INC. AND ITS CONTRIBUTORS "AS IS" AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL CANON INC. AND ITS CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#include "FetchHeaders.h"
#include "HTTPParsers.h"
namespace WebCore {
// https://fetch.spec.whatwg.org/#concept-headers-remove-privileged-no-cors-request-headers
static void removePrivilegedNoCORSRequestHeaders(HTTPHeaderMap& headers)
{
headers.remove(HTTPHeaderName::Range);
}
static ExceptionOr<bool> canWriteHeader(const String& name, const String& value, const String& combinedValue, FetchHeaders::Guard guard)
{
if (!isValidHTTPToken(name))
return Exception { TypeError, makeString("Invalid header name: '", name, "'") };
ASSERT(value.isEmpty() || (!isHTTPSpace(value[0]) && !isHTTPSpace(value[value.length() - 1])));
if (!isValidHTTPHeaderValue((value)))
return Exception { TypeError, makeString("Header '", name, "' has invalid value: '", value, "'") };
if (guard == FetchHeaders::Guard::Immutable)
return Exception { TypeError, "Headers object's guard is 'immutable'"_s };
if (guard == FetchHeaders::Guard::Request && isForbiddenHeaderName(name))
return false;
if (guard == FetchHeaders::Guard::RequestNoCors && !combinedValue.isEmpty() && !isSimpleHeader(name, combinedValue))
return false;
if (guard == FetchHeaders::Guard::Response && isForbiddenResponseHeaderName(name))
return false;
return true;
}
static ExceptionOr<void> appendToHeaderMap(const String& name, const String& value, HTTPHeaderMap& headers, FetchHeaders::Guard guard)
{
String normalizedValue = stripLeadingAndTrailingHTTPSpaces(value);
String combinedValue = normalizedValue;
if (headers.contains(name))
combinedValue = makeString(headers.get(name), ", ", normalizedValue);
auto canWriteResult = canWriteHeader(name, normalizedValue, combinedValue, guard);
if (canWriteResult.hasException())
return canWriteResult.releaseException();
if (!canWriteResult.releaseReturnValue())
return { };
headers.set(name, combinedValue);
if (guard == FetchHeaders::Guard::RequestNoCors)
removePrivilegedNoCORSRequestHeaders(headers);
return { };
}
static ExceptionOr<void> appendToHeaderMap(const HTTPHeaderMap::HTTPHeaderMapConstIterator::KeyValue& header, HTTPHeaderMap& headers, FetchHeaders::Guard guard)
{
String normalizedValue = stripLeadingAndTrailingHTTPSpaces(header.value);
auto canWriteResult = canWriteHeader(header.key, normalizedValue, header.value, guard);
if (canWriteResult.hasException())
return canWriteResult.releaseException();
if (!canWriteResult.releaseReturnValue())
return { };
if (header.keyAsHTTPHeaderName)
headers.add(header.keyAsHTTPHeaderName.value(), header.value);
else
headers.add(header.key, header.value);
if (guard == FetchHeaders::Guard::RequestNoCors)
removePrivilegedNoCORSRequestHeaders(headers);
return { };
}
// https://fetch.spec.whatwg.org/#concept-headers-fill
static ExceptionOr<void> fillHeaderMap(HTTPHeaderMap& headers, const FetchHeaders::Init& headersInit, FetchHeaders::Guard guard)
{
if (std::holds_alternative<Vector<Vector<String>>>(headersInit)) {
auto& sequence = std::get<Vector<Vector<String>>>(headersInit);
for (auto& header : sequence) {
if (header.size() != 2)
return Exception { TypeError, "Header sub-sequence must contain exactly two items" };
auto result = appendToHeaderMap(header[0], header[1], headers, guard);
if (result.hasException())
return result.releaseException();
}
} else {
auto& record = std::get<Vector<WTF::KeyValuePair<String, String>>>(headersInit);
for (auto& header : record) {
auto result = appendToHeaderMap(header.key, header.value, headers, guard);
if (result.hasException())
return result.releaseException();
}
}
return { };
}
ExceptionOr<Ref<FetchHeaders>> FetchHeaders::create(std::optional<Init>&& headersInit)
{
HTTPHeaderMap headers;
if (headersInit) {
auto result = fillHeaderMap(headers, *headersInit, Guard::None);
if (result.hasException())
return result.releaseException();
}
return adoptRef(*new FetchHeaders { Guard::None, WTFMove(headers) });
}
ExceptionOr<void> FetchHeaders::fill(const Init& headerInit)
{
return fillHeaderMap(m_headers, headerInit, m_guard);
}
ExceptionOr<void> FetchHeaders::fill(const FetchHeaders& otherHeaders)
{
for (auto& header : otherHeaders.m_headers) {
auto result = appendToHeaderMap(header, m_headers, m_guard);
if (result.hasException())
return result.releaseException();
}
return { };
}
ExceptionOr<void> FetchHeaders::append(const String& name, const String& value)
{
return appendToHeaderMap(name, value, m_headers, m_guard);
}
// https://fetch.spec.whatwg.org/#dom-headers-delete
ExceptionOr<void> FetchHeaders::remove(const String& name)
{
if (!isValidHTTPToken(name))
return Exception { TypeError, makeString("Invalid header name: '", name, "'") };
if (m_guard == FetchHeaders::Guard::Immutable)
return Exception { TypeError, "Headers object's guard is 'immutable'"_s };
if (m_guard == FetchHeaders::Guard::Request && isForbiddenHeaderName(name))
return { };
if (m_guard == FetchHeaders::Guard::RequestNoCors && !isNoCORSSafelistedRequestHeaderName(name) && !isPriviledgedNoCORSRequestHeaderName(name))
return { };
if (m_guard == FetchHeaders::Guard::Response && isForbiddenResponseHeaderName(name))
return { };
m_headers.remove(name);
if (m_guard == FetchHeaders::Guard::RequestNoCors)
removePrivilegedNoCORSRequestHeaders(m_headers);
return { };
}
ExceptionOr<String> FetchHeaders::get(const String& name) const
{
if (!isValidHTTPToken(name))
return Exception { TypeError, makeString("Invalid header name: '", name, "'") };
return m_headers.get(name);
}
ExceptionOr<bool> FetchHeaders::has(const String& name) const
{
if (!isValidHTTPToken(name))
return Exception { TypeError, makeString("Invalid header name: '", name, "'") };
return m_headers.contains(name);
}
ExceptionOr<void> FetchHeaders::set(const String& name, const String& value)
{
String normalizedValue = stripLeadingAndTrailingHTTPSpaces(value);
auto canWriteResult = canWriteHeader(name, normalizedValue, normalizedValue, m_guard);
if (canWriteResult.hasException())
return canWriteResult.releaseException();
if (!canWriteResult.releaseReturnValue())
return { };
m_headers.set(name, normalizedValue);
if (m_guard == FetchHeaders::Guard::RequestNoCors)
removePrivilegedNoCORSRequestHeaders(m_headers);
return { };
}
void FetchHeaders::filterAndFill(const HTTPHeaderMap& headers, Guard guard)
{
for (auto& header : headers) {
String normalizedValue = stripLeadingAndTrailingHTTPSpaces(header.value);
auto canWriteResult = canWriteHeader(header.key, normalizedValue, header.value, guard);
if (canWriteResult.hasException())
continue;
if (!canWriteResult.releaseReturnValue())
continue;
if (header.keyAsHTTPHeaderName)
m_headers.add(header.keyAsHTTPHeaderName.value(), header.value);
else
m_headers.add(header.key, header.value);
}
}
std::optional<WTF::KeyValuePair<String, String>> FetchHeaders::Iterator::next()
{
while (m_currentIndex < m_keys.size()) {
auto key = m_keys[m_currentIndex++];
auto value = m_headers->m_headers.get(key);
if (!value.isNull())
return WTF::KeyValuePair<String, String> { WTFMove(key), WTFMove(value) };
}
return std::nullopt;
}
FetchHeaders::Iterator::Iterator(FetchHeaders& headers)
: m_headers(headers)
{
m_keys.reserveInitialCapacity(headers.m_headers.size());
for (auto& header : headers.m_headers)
m_keys.uncheckedAppend(header.key.convertToASCIILowercase());
std::sort(m_keys.begin(), m_keys.end(), WTF::codePointCompareLessThan);
}
} // namespace WebCore