1/*
2 * Copyright (C) 2017 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
14 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
15 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
17 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
18 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
19 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
21 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
22 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
23 * THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "config.h"
27#include "NavigatorBeacon.h"
28
29#include "CachedRawResource.h"
30#include "CachedResourceLoader.h"
31#include "Document.h"
32#include "Frame.h"
33#include "HTTPParsers.h"
34#include "Navigator.h"
35#include "Page.h"
36#include <wtf/URL.h>
37
38namespace WebCore {
39
40NavigatorBeacon::NavigatorBeacon(Navigator& navigator)
41 : m_navigator(navigator)
42{
43}
44
45NavigatorBeacon::~NavigatorBeacon()
46{
47 for (auto& beacon : m_inflightBeacons)
48 beacon->removeClient(*this);
49}
50
51NavigatorBeacon* NavigatorBeacon::from(Navigator& navigator)
52{
53 auto* supplement = static_cast<NavigatorBeacon*>(Supplement<Navigator>::from(&navigator, supplementName()));
54 if (!supplement) {
55 auto newSupplement = std::make_unique<NavigatorBeacon>(navigator);
56 supplement = newSupplement.get();
57 provideTo(&navigator, supplementName(), WTFMove(newSupplement));
58 }
59 return supplement;
60}
61
62const char* NavigatorBeacon::supplementName()
63{
64 return "NavigatorBeacon";
65}
66
67void NavigatorBeacon::notifyFinished(CachedResource& resource)
68{
69 if (!resource.resourceError().isNull())
70 logError(resource.resourceError());
71
72 resource.removeClient(*this);
73 bool wasRemoved = m_inflightBeacons.removeFirst(&resource);
74 ASSERT_UNUSED(wasRemoved, wasRemoved);
75 ASSERT(!m_inflightBeacons.contains(&resource));
76}
77
78void NavigatorBeacon::logError(const ResourceError& error)
79{
80 ASSERT(!error.isNull());
81
82 auto* frame = m_navigator.frame();
83 if (!frame)
84 return;
85
86 auto* document = frame->document();
87 if (!document)
88 return;
89
90 ASCIILiteral messageMiddle { ". "_s };
91 String description = error.localizedDescription();
92 if (description.isEmpty()) {
93 if (error.isAccessControl())
94 messageMiddle = " due to access control checks."_s;
95 else
96 messageMiddle = "."_s;
97 }
98
99 document->addConsoleMessage(MessageSource::Network, MessageLevel::Error, makeString("Beacon API cannot load "_s, error.failingURL().string(), messageMiddle, description));
100}
101
102ExceptionOr<bool> NavigatorBeacon::sendBeacon(Document& document, const String& url, Optional<FetchBody::Init>&& body)
103{
104 URL parsedUrl = document.completeURL(url);
105
106 // Set parsedUrl to the result of the URL parser steps with url and base. If the algorithm returns an error, or if
107 // parsedUrl's scheme is not "http" or "https", throw a "TypeError" exception and terminate these steps.
108 if (!parsedUrl.isValid())
109 return Exception { TypeError, "This URL is invalid"_s };
110 if (!parsedUrl.protocolIsInHTTPFamily())
111 return Exception { TypeError, "Beacons can only be sent over HTTP(S)"_s };
112
113 if (!document.frame())
114 return false;
115
116 auto& contentSecurityPolicy = *document.contentSecurityPolicy();
117 if (!document.shouldBypassMainWorldContentSecurityPolicy() && !contentSecurityPolicy.allowConnectToSource(parsedUrl)) {
118 // We simulate a network error so we return true here. This is consistent with Blink.
119 return true;
120 }
121
122 ResourceRequest request(parsedUrl);
123 request.setHTTPMethod("POST"_s);
124 request.setPriority(ResourceLoadPriority::VeryLow);
125
126 ResourceLoaderOptions options;
127 options.credentials = FetchOptions::Credentials::Include;
128 options.cache = FetchOptions::Cache::NoCache;
129 options.keepAlive = true;
130 options.sendLoadCallbacks = SendCallbackPolicy::SendCallbacks;
131
132 if (body) {
133 options.mode = FetchOptions::Mode::Cors;
134 String mimeType;
135 auto fetchBody = FetchBody::extract(document, WTFMove(body.value()), mimeType);
136
137 if (fetchBody.hasReadableStream())
138 return Exception { TypeError, "Beacons cannot send ReadableStream body"_s };
139
140 request.setHTTPBody(fetchBody.bodyAsFormData(document));
141 if (!mimeType.isEmpty()) {
142 request.setHTTPContentType(mimeType);
143 if (isCrossOriginSafeRequestHeader(HTTPHeaderName::ContentType, mimeType))
144 options.mode = FetchOptions::Mode::NoCors;
145 }
146 }
147
148 auto cachedResource = document.cachedResourceLoader().requestBeaconResource({ WTFMove(request), options });
149 if (!cachedResource) {
150 logError(cachedResource.error());
151 return false;
152 }
153
154 ASSERT(!m_inflightBeacons.contains(cachedResource.value().get()));
155 m_inflightBeacons.append(cachedResource.value().get());
156 cachedResource.value()->addClient(*this);
157 return true;
158}
159
160ExceptionOr<bool> NavigatorBeacon::sendBeacon(Navigator& navigator, Document& document, const String& url, Optional<FetchBody::Init>&& body)
161{
162 return NavigatorBeacon::from(navigator)->sendBeacon(document, url, WTFMove(body));
163}
164
165}
166
167