1 | /* |
2 | * Copyright (C) 2006-2018 Apple Inc. All rights reserved. |
3 | * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
4 | * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/) |
5 | * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
6 | * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
7 | * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
8 | * Copyright (C) 2011 Google Inc. All rights reserved. |
9 | * |
10 | * Redistribution and use in source and binary forms, with or without |
11 | * modification, are permitted provided that the following conditions |
12 | * are met: |
13 | * |
14 | * 1. Redistributions of source code must retain the above copyright |
15 | * notice, this list of conditions and the following disclaimer. |
16 | * 2. Redistributions in binary form must reproduce the above copyright |
17 | * notice, this list of conditions and the following disclaimer in the |
18 | * documentation and/or other materials provided with the distribution. |
19 | * 3. Neither the name of Apple Inc. ("Apple") nor the names of |
20 | * its contributors may be used to endorse or promote products derived |
21 | * from this software without specific prior written permission. |
22 | * |
23 | * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY |
24 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
25 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
26 | * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY |
27 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
28 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
29 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
30 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
31 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
32 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
33 | */ |
34 | |
35 | #include "config.h" |
36 | #include "FrameLoader.h" |
37 | |
38 | #include "AXObjectCache.h" |
39 | #include "ApplicationCacheHost.h" |
40 | #include "BackForwardController.h" |
41 | #include "BeforeUnloadEvent.h" |
42 | #include "CachedPage.h" |
43 | #include "CachedResourceLoader.h" |
44 | #include "Chrome.h" |
45 | #include "ChromeClient.h" |
46 | #include "CommonVM.h" |
47 | #include "ContentFilter.h" |
48 | #include "ContentRuleListResults.h" |
49 | #include "ContentSecurityPolicy.h" |
50 | #include "CustomHeaderFields.h" |
51 | #include "DOMWindow.h" |
52 | #include "DatabaseManager.h" |
53 | #include "DiagnosticLoggingClient.h" |
54 | #include "DiagnosticLoggingKeys.h" |
55 | #include "Document.h" |
56 | #include "DocumentLoader.h" |
57 | #include "Editor.h" |
58 | #include "EditorClient.h" |
59 | #include "Element.h" |
60 | #include "Event.h" |
61 | #include "EventHandler.h" |
62 | #include "EventNames.h" |
63 | #include "FloatRect.h" |
64 | #include "FormState.h" |
65 | #include "FormSubmission.h" |
66 | #include "Frame.h" |
67 | #include "FrameLoadRequest.h" |
68 | #include "FrameLoaderClient.h" |
69 | #include "FrameNetworkingContext.h" |
70 | #include "FrameTree.h" |
71 | #include "FrameView.h" |
72 | #include "GCController.h" |
73 | #include "HTMLFormElement.h" |
74 | #include "HTMLInputElement.h" |
75 | #include "HTMLNames.h" |
76 | #include "HTMLObjectElement.h" |
77 | #include "HTMLParserIdioms.h" |
78 | #include "HTTPHeaderNames.h" |
79 | #include "HTTPParsers.h" |
80 | #include "HistoryController.h" |
81 | #include "HistoryItem.h" |
82 | #include "IgnoreOpensDuringUnloadCountIncrementer.h" |
83 | #include "InspectorController.h" |
84 | #include "InspectorInstrumentation.h" |
85 | #include "LinkLoader.h" |
86 | #include "LoadTiming.h" |
87 | #include "LoaderStrategy.h" |
88 | #include "Logging.h" |
89 | #include "MemoryCache.h" |
90 | #include "MemoryRelease.h" |
91 | #include "NavigationDisabler.h" |
92 | #include "NavigationScheduler.h" |
93 | #include "Node.h" |
94 | #include "Page.h" |
95 | #include "PageCache.h" |
96 | #include "PageTransitionEvent.h" |
97 | #include "PerformanceLogging.h" |
98 | #include "PlatformStrategies.h" |
99 | #include "PluginData.h" |
100 | #include "PluginDocument.h" |
101 | #include "PolicyChecker.h" |
102 | #include "ProgressTracker.h" |
103 | #include "ResourceHandle.h" |
104 | #include "ResourceLoadInfo.h" |
105 | #include "ResourceLoadObserver.h" |
106 | #include "ResourceRequest.h" |
107 | #include "SVGDocument.h" |
108 | #include "SVGLocatable.h" |
109 | #include "SVGNames.h" |
110 | #include "SVGViewElement.h" |
111 | #include "SVGViewSpec.h" |
112 | #include "ScriptController.h" |
113 | #include "ScriptSourceCode.h" |
114 | #include "ScrollAnimator.h" |
115 | #include "SecurityOrigin.h" |
116 | #include "SecurityPolicy.h" |
117 | #include "SegmentedString.h" |
118 | #include "SerializedScriptValue.h" |
119 | #include "Settings.h" |
120 | #include "ShouldTreatAsContinuingLoad.h" |
121 | #include "SubframeLoader.h" |
122 | #include "SubresourceLoader.h" |
123 | #include "TextResourceDecoder.h" |
124 | #include "UserContentController.h" |
125 | #include "UserGestureIndicator.h" |
126 | #include "WindowFeatures.h" |
127 | #include "XMLDocumentParser.h" |
128 | #include <dom/ScriptDisallowedScope.h> |
129 | #include <wtf/CompletionHandler.h> |
130 | #include <wtf/URL.h> |
131 | #include <wtf/Ref.h> |
132 | #include <wtf/SetForScope.h> |
133 | #include <wtf/StdLibExtras.h> |
134 | #include <wtf/SystemTracing.h> |
135 | #include <wtf/text/CString.h> |
136 | #include <wtf/text/WTFString.h> |
137 | |
138 | #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML) |
139 | #include "Archive.h" |
140 | #endif |
141 | |
142 | #if ENABLE(DATA_DETECTION) |
143 | #include "DataDetection.h" |
144 | #endif |
145 | |
146 | #if PLATFORM(IOS_FAMILY) |
147 | #include "DocumentType.h" |
148 | #include "ResourceLoader.h" |
149 | #include "RuntimeApplicationChecks.h" |
150 | #endif |
151 | |
152 | #define RELEASE_LOG_IF_ALLOWED(fmt, ...) RELEASE_LOG_IF(isAlwaysOnLoggingAllowed(), Network, "%p - FrameLoader::" fmt, this, ##__VA_ARGS__) |
153 | |
154 | namespace WebCore { |
155 | |
156 | using namespace HTMLNames; |
157 | using namespace SVGNames; |
158 | |
159 | static const char [] = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" ; |
160 | |
161 | bool isBackForwardLoadType(FrameLoadType type) |
162 | { |
163 | switch (type) { |
164 | case FrameLoadType::Standard: |
165 | case FrameLoadType::Reload: |
166 | case FrameLoadType::ReloadFromOrigin: |
167 | case FrameLoadType::ReloadExpiredOnly: |
168 | case FrameLoadType::Same: |
169 | case FrameLoadType::RedirectWithLockedBackForwardList: |
170 | case FrameLoadType::Replace: |
171 | return false; |
172 | case FrameLoadType::Back: |
173 | case FrameLoadType::Forward: |
174 | case FrameLoadType::IndexedBackForward: |
175 | return true; |
176 | } |
177 | ASSERT_NOT_REACHED(); |
178 | return false; |
179 | } |
180 | |
181 | bool isReload(FrameLoadType type) |
182 | { |
183 | switch (type) { |
184 | case FrameLoadType::Reload: |
185 | case FrameLoadType::ReloadFromOrigin: |
186 | case FrameLoadType::ReloadExpiredOnly: |
187 | return true; |
188 | case FrameLoadType::Standard: |
189 | case FrameLoadType::Same: |
190 | case FrameLoadType::RedirectWithLockedBackForwardList: |
191 | case FrameLoadType::Replace: |
192 | case FrameLoadType::Back: |
193 | case FrameLoadType::Forward: |
194 | case FrameLoadType::IndexedBackForward: |
195 | return false; |
196 | } |
197 | ASSERT_NOT_REACHED(); |
198 | return false; |
199 | } |
200 | |
201 | // This is not in the FrameLoader class to emphasize that it does not depend on |
202 | // private FrameLoader data, and to avoid increasing the number of public functions |
203 | // with access to private data. Since only this .cpp file needs it, making it |
204 | // non-member lets us exclude it from the header file, thus keeping FrameLoader.h's |
205 | // API simpler. |
206 | // |
207 | static bool isDocumentSandboxed(Frame& frame, SandboxFlags mask) |
208 | { |
209 | return frame.document() && frame.document()->isSandboxed(mask); |
210 | } |
211 | |
212 | struct ForbidPromptsScope { |
213 | ForbidPromptsScope(Page* page) : m_page(page) |
214 | { |
215 | if (!m_page) |
216 | return; |
217 | m_page->forbidPrompts(); |
218 | } |
219 | |
220 | ~ForbidPromptsScope() |
221 | { |
222 | if (!m_page) |
223 | return; |
224 | m_page->allowPrompts(); |
225 | } |
226 | |
227 | Page* m_page; |
228 | }; |
229 | |
230 | class FrameLoader::FrameProgressTracker { |
231 | WTF_MAKE_FAST_ALLOCATED; |
232 | public: |
233 | explicit FrameProgressTracker(Frame& frame) |
234 | : m_frame(frame) |
235 | , m_inProgress(false) |
236 | { |
237 | } |
238 | |
239 | ~FrameProgressTracker() |
240 | { |
241 | if (m_inProgress && m_frame.page()) |
242 | m_frame.page()->progress().progressCompleted(m_frame); |
243 | } |
244 | |
245 | void progressStarted() |
246 | { |
247 | ASSERT(m_frame.page()); |
248 | if (!m_inProgress) |
249 | m_frame.page()->progress().progressStarted(m_frame); |
250 | m_inProgress = true; |
251 | } |
252 | |
253 | void progressCompleted() |
254 | { |
255 | ASSERT(m_inProgress); |
256 | ASSERT(m_frame.page()); |
257 | m_inProgress = false; |
258 | m_frame.page()->progress().progressCompleted(m_frame); |
259 | |
260 | if (auto pageID = m_frame.loader().client().pageID()) |
261 | platformStrategies()->loaderStrategy()->pageLoadCompleted(pageID.value()); |
262 | } |
263 | |
264 | private: |
265 | Frame& m_frame; |
266 | bool m_inProgress; |
267 | }; |
268 | |
269 | FrameLoader::FrameLoader(Frame& frame, FrameLoaderClient& client) |
270 | : m_frame(frame) |
271 | , m_client(client) |
272 | , m_policyChecker(std::make_unique<PolicyChecker>(frame)) |
273 | , m_history(std::make_unique<HistoryController>(frame)) |
274 | , m_notifier(frame) |
275 | , m_subframeLoader(std::make_unique<SubframeLoader>(frame)) |
276 | , m_mixedContentChecker(frame) |
277 | , m_state(FrameStateProvisional) |
278 | , m_loadType(FrameLoadType::Standard) |
279 | , m_quickRedirectComing(false) |
280 | , m_sentRedirectNotification(false) |
281 | , m_inStopAllLoaders(false) |
282 | , m_isExecutingJavaScriptFormAction(false) |
283 | , m_didCallImplicitClose(true) |
284 | , m_wasUnloadEventEmitted(false) |
285 | , m_isComplete(false) |
286 | , m_needsClear(false) |
287 | , m_checkTimer(*this, &FrameLoader::checkTimerFired) |
288 | , m_shouldCallCheckCompleted(false) |
289 | , m_shouldCallCheckLoadComplete(false) |
290 | , m_opener(nullptr) |
291 | , m_loadingFromCachedPage(false) |
292 | , m_currentNavigationHasShownBeforeUnloadConfirmPanel(false) |
293 | , m_loadsSynchronously(false) |
294 | , m_forcedSandboxFlags(SandboxNone) |
295 | { |
296 | } |
297 | |
298 | FrameLoader::~FrameLoader() |
299 | { |
300 | setOpener(nullptr); |
301 | |
302 | for (auto& frame : m_openedFrames) |
303 | frame->loader().m_opener = nullptr; |
304 | |
305 | m_client.frameLoaderDestroyed(); |
306 | |
307 | if (m_networkingContext) |
308 | m_networkingContext->invalidate(); |
309 | } |
310 | |
311 | void FrameLoader::init() |
312 | { |
313 | // This somewhat odd set of steps gives the frame an initial empty document. |
314 | setPolicyDocumentLoader(m_client.createDocumentLoader(ResourceRequest(URL({ }, emptyString())), SubstituteData()).ptr()); |
315 | setProvisionalDocumentLoader(m_policyDocumentLoader.get()); |
316 | m_provisionalDocumentLoader->startLoadingMainResource(); |
317 | |
318 | Ref<Frame> protect(m_frame); |
319 | m_frame.document()->cancelParsing(); |
320 | m_stateMachine.advanceTo(FrameLoaderStateMachine::DisplayingInitialEmptyDocument); |
321 | |
322 | m_networkingContext = m_client.createNetworkingContext(); |
323 | m_progressTracker = std::make_unique<FrameProgressTracker>(m_frame); |
324 | } |
325 | |
326 | void FrameLoader::initForSynthesizedDocument(const URL&) |
327 | { |
328 | // FIXME: We need to initialize the document URL to the specified URL. Currently the URL is empty and hence |
329 | // FrameLoader::checkCompleted() will overwrite the URL of the document to be activeDocumentLoader()->documentURL(). |
330 | |
331 | auto loader = m_client.createDocumentLoader(ResourceRequest(URL({ }, emptyString())), SubstituteData()); |
332 | loader->attachToFrame(m_frame); |
333 | loader->setResponse(ResourceResponse(URL(), "text/html"_s , 0, String())); |
334 | loader->setCommitted(true); |
335 | setDocumentLoader(loader.ptr()); |
336 | |
337 | m_stateMachine.advanceTo(FrameLoaderStateMachine::DisplayingInitialEmptyDocument); |
338 | m_stateMachine.advanceTo(FrameLoaderStateMachine::DisplayingInitialEmptyDocumentPostCommit); |
339 | m_stateMachine.advanceTo(FrameLoaderStateMachine::CommittedFirstRealLoad); |
340 | m_client.transitionToCommittedForNewPage(); |
341 | |
342 | m_didCallImplicitClose = true; |
343 | m_isComplete = true; |
344 | m_state = FrameStateComplete; |
345 | m_needsClear = true; |
346 | |
347 | m_networkingContext = m_client.createNetworkingContext(); |
348 | m_progressTracker = std::make_unique<FrameProgressTracker>(m_frame); |
349 | } |
350 | |
351 | void FrameLoader::setDefersLoading(bool defers) |
352 | { |
353 | if (m_documentLoader) |
354 | m_documentLoader->setDefersLoading(defers); |
355 | if (m_provisionalDocumentLoader) |
356 | m_provisionalDocumentLoader->setDefersLoading(defers); |
357 | if (m_policyDocumentLoader) |
358 | m_policyDocumentLoader->setDefersLoading(defers); |
359 | history().setDefersLoading(defers); |
360 | |
361 | if (!defers) { |
362 | m_frame.navigationScheduler().startTimer(); |
363 | startCheckCompleteTimer(); |
364 | } |
365 | } |
366 | |
367 | void FrameLoader::checkContentPolicy(const ResourceResponse& response, PolicyCheckIdentifier identifier, ContentPolicyDecisionFunction&& function) |
368 | { |
369 | if (!activeDocumentLoader()) { |
370 | // Load was cancelled |
371 | function(PolicyAction::Ignore, identifier); |
372 | return; |
373 | } |
374 | |
375 | // FIXME: Validate the policy check identifier. |
376 | client().dispatchDecidePolicyForResponse(response, activeDocumentLoader()->request(), identifier, activeDocumentLoader()->downloadAttribute(), WTFMove(function)); |
377 | } |
378 | |
379 | void FrameLoader::changeLocation(FrameLoadRequest&& request) |
380 | { |
381 | urlSelected(WTFMove(request), nullptr); |
382 | } |
383 | |
384 | void FrameLoader::urlSelected(const URL& url, const String& passedTarget, Event* triggeringEvent, LockHistory lockHistory, LockBackForwardList lockBackForwardList, ShouldSendReferrer shouldSendReferrer, ShouldOpenExternalURLsPolicy shouldOpenExternalURLsPolicy, Optional<NewFrameOpenerPolicy> openerPolicy, const AtomString& downloadAttribute, const SystemPreviewInfo& systemPreviewInfo, Optional<AdClickAttribution>&& adClickAttribution) |
385 | { |
386 | auto* frame = lexicalFrameFromCommonVM(); |
387 | auto initiatedByMainFrame = frame && frame->isMainFrame() ? InitiatedByMainFrame::Yes : InitiatedByMainFrame::Unknown; |
388 | |
389 | NewFrameOpenerPolicy newFrameOpenerPolicy = openerPolicy.valueOr(shouldSendReferrer == NeverSendReferrer ? NewFrameOpenerPolicy::Suppress : NewFrameOpenerPolicy::Allow); |
390 | urlSelected(FrameLoadRequest(*m_frame.document(), m_frame.document()->securityOrigin(), { url }, passedTarget, lockHistory, lockBackForwardList, shouldSendReferrer, AllowNavigationToInvalidURL::Yes, newFrameOpenerPolicy, shouldOpenExternalURLsPolicy, initiatedByMainFrame, DoNotReplaceDocumentIfJavaScriptURL, downloadAttribute, systemPreviewInfo), triggeringEvent, WTFMove(adClickAttribution)); |
391 | } |
392 | |
393 | void FrameLoader::urlSelected(FrameLoadRequest&& frameRequest, Event* triggeringEvent, Optional<AdClickAttribution>&& adClickAttribution) |
394 | { |
395 | RELEASE_LOG_IF_ALLOWED("urlSelected: frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
396 | |
397 | Ref<Frame> protect(m_frame); |
398 | |
399 | if (m_frame.script().executeIfJavaScriptURL(frameRequest.resourceRequest().url(), frameRequest.shouldReplaceDocumentIfJavaScriptURL())) |
400 | return; |
401 | |
402 | if (frameRequest.frameName().isEmpty()) |
403 | frameRequest.setFrameName(m_frame.document()->baseTarget()); |
404 | |
405 | addHTTPOriginIfNeeded(frameRequest.resourceRequest(), outgoingOrigin()); |
406 | m_frame.document()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(frameRequest.resourceRequest(), ContentSecurityPolicy::InsecureRequestType::Navigation); |
407 | |
408 | loadFrameRequest(WTFMove(frameRequest), triggeringEvent, { }, WTFMove(adClickAttribution)); |
409 | } |
410 | |
411 | void FrameLoader::submitForm(Ref<FormSubmission>&& submission) |
412 | { |
413 | ASSERT(submission->method() == FormSubmission::Method::Post || submission->method() == FormSubmission::Method::Get); |
414 | |
415 | // FIXME: Find a good spot for these. |
416 | ASSERT(!submission->state().sourceDocument().frame() || submission->state().sourceDocument().frame() == &m_frame); |
417 | |
418 | if (!m_frame.page()) |
419 | return; |
420 | |
421 | if (submission->action().isEmpty()) |
422 | return; |
423 | |
424 | if (isDocumentSandboxed(m_frame, SandboxForms)) { |
425 | // FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists. |
426 | m_frame.document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Blocked form submission to '" + submission->action().stringCenterEllipsizedToLength() + "' because the form's frame is sandboxed and the 'allow-forms' permission is not set." ); |
427 | return; |
428 | } |
429 | |
430 | if (WTF::protocolIsJavaScript(submission->action())) { |
431 | if (!m_frame.document()->contentSecurityPolicy()->allowFormAction(URL(submission->action()))) |
432 | return; |
433 | m_isExecutingJavaScriptFormAction = true; |
434 | Ref<Frame> protect(m_frame); |
435 | m_frame.script().executeIfJavaScriptURL(submission->action(), DoNotReplaceDocumentIfJavaScriptURL); |
436 | m_isExecutingJavaScriptFormAction = false; |
437 | return; |
438 | } |
439 | |
440 | Frame* targetFrame = findFrameForNavigation(submission->target(), &submission->state().sourceDocument()); |
441 | if (!targetFrame) { |
442 | if (!DOMWindow::allowPopUp(m_frame) && !UserGestureIndicator::processingUserGesture()) |
443 | return; |
444 | |
445 | // FIXME: targetFrame can be null for two distinct reasons: |
446 | // 1. The frame was not found by name, so we should try opening a new window. |
447 | // 2. The frame was found, but navigating it was not allowed, e.g. by HTML5 sandbox or by origin checks. |
448 | // Continuing form submission makes no sense in the latter case. |
449 | // There is a repeat check after timer fires, so this is not a correctness issue. |
450 | |
451 | targetFrame = &m_frame; |
452 | } else |
453 | submission->clearTarget(); |
454 | |
455 | if (!targetFrame->page()) |
456 | return; |
457 | |
458 | // FIXME: We'd like to remove this altogether and fix the multiple form submission issue another way. |
459 | |
460 | // We do not want to submit more than one form from the same page, nor do we want to submit a single |
461 | // form more than once. This flag prevents these from happening; not sure how other browsers prevent this. |
462 | // The flag is reset in each time we start dispatching a new mouse or key down event, and |
463 | // also in setView since this part may get reused for a page from the back/forward cache. |
464 | // The form multi-submit logic here is only needed when we are submitting a form that affects this frame. |
465 | |
466 | // FIXME: Frame targeting is only one of the ways the submission could end up doing something other |
467 | // than replacing this frame's content, so this check is flawed. On the other hand, the check is hardly |
468 | // needed any more now that we reset m_submittedFormURL on each mouse or key down event. |
469 | |
470 | if (m_frame.tree().isDescendantOf(targetFrame)) { |
471 | if (m_submittedFormURL == submission->requestURL()) |
472 | return; |
473 | m_submittedFormURL = submission->requestURL(); |
474 | } |
475 | |
476 | submission->data().generateFiles(m_frame.document()); |
477 | submission->setReferrer(outgoingReferrer()); |
478 | submission->setOrigin(outgoingOrigin()); |
479 | |
480 | targetFrame->navigationScheduler().scheduleFormSubmission(WTFMove(submission)); |
481 | } |
482 | |
483 | void FrameLoader::stopLoading(UnloadEventPolicy unloadEventPolicy) |
484 | { |
485 | if (m_frame.document() && m_frame.document()->parser()) |
486 | m_frame.document()->parser()->stopParsing(); |
487 | |
488 | if (unloadEventPolicy != UnloadEventPolicyNone) |
489 | dispatchUnloadEvents(unloadEventPolicy); |
490 | |
491 | m_isComplete = true; // to avoid calling completed() in finishedParsing() |
492 | m_didCallImplicitClose = true; // don't want that one either |
493 | |
494 | if (m_frame.document() && m_frame.document()->parsing()) { |
495 | finishedParsing(); |
496 | m_frame.document()->setParsing(false); |
497 | } |
498 | |
499 | if (auto* document = m_frame.document()) { |
500 | // FIXME: HTML5 doesn't tell us to set the state to complete when aborting, but we do anyway to match legacy behavior. |
501 | // http://www.w3.org/Bugs/Public/show_bug.cgi?id=10537 |
502 | document->setReadyState(Document::Complete); |
503 | |
504 | // FIXME: Should the DatabaseManager watch for something like ActiveDOMObject::stop() rather than being special-cased here? |
505 | DatabaseManager::singleton().stopDatabases(*document, nullptr); |
506 | } |
507 | |
508 | policyChecker().stopCheck(); |
509 | |
510 | // FIXME: This will cancel redirection timer, which really needs to be restarted when restoring the frame from b/f cache. |
511 | m_frame.navigationScheduler().cancel(); |
512 | } |
513 | |
514 | void FrameLoader::stop() |
515 | { |
516 | // http://bugs.webkit.org/show_bug.cgi?id=10854 |
517 | // The frame's last ref may be removed and it will be deleted by checkCompleted(). |
518 | Ref<Frame> protect(m_frame); |
519 | |
520 | if (DocumentParser* parser = m_frame.document()->parser()) { |
521 | parser->stopParsing(); |
522 | parser->finish(); |
523 | } |
524 | } |
525 | |
526 | void FrameLoader::willTransitionToCommitted() |
527 | { |
528 | // This function is called when a frame is still fully in place (not cached, not detached), but will be replaced. |
529 | |
530 | if (m_frame.editor().hasComposition()) { |
531 | // The text was already present in DOM, so it's better to confirm than to cancel the composition. |
532 | m_frame.editor().confirmComposition(); |
533 | if (EditorClient* editorClient = m_frame.editor().client()) { |
534 | editorClient->respondToChangedSelection(&m_frame); |
535 | editorClient->discardedComposition(&m_frame); |
536 | } |
537 | } |
538 | } |
539 | |
540 | bool FrameLoader::closeURL() |
541 | { |
542 | history().saveDocumentState(); |
543 | |
544 | Document* currentDocument = m_frame.document(); |
545 | UnloadEventPolicy unloadEventPolicy; |
546 | if (m_frame.page() && m_frame.page()->chrome().client().isSVGImageChromeClient()) { |
547 | // If this is the SVGDocument of an SVGImage, no need to dispatch events or recalcStyle. |
548 | unloadEventPolicy = UnloadEventPolicyNone; |
549 | } else { |
550 | // Should only send the pagehide event here if the current document exists and has not been placed in the page cache. |
551 | unloadEventPolicy = currentDocument && currentDocument->pageCacheState() == Document::NotInPageCache ? UnloadEventPolicyUnloadAndPageHide : UnloadEventPolicyUnloadOnly; |
552 | } |
553 | |
554 | stopLoading(unloadEventPolicy); |
555 | |
556 | m_frame.editor().clearUndoRedoOperations(); |
557 | return true; |
558 | } |
559 | |
560 | bool FrameLoader::didOpenURL() |
561 | { |
562 | if (m_frame.navigationScheduler().redirectScheduledDuringLoad()) { |
563 | // A redirect was scheduled before the document was created. |
564 | // This can happen when one frame changes another frame's location. |
565 | return false; |
566 | } |
567 | |
568 | m_frame.navigationScheduler().cancel(); |
569 | m_frame.editor().clearLastEditCommand(); |
570 | |
571 | m_isComplete = false; |
572 | m_didCallImplicitClose = false; |
573 | |
574 | // If we are still in the process of initializing an empty document then |
575 | // its frame is not in a consistent state for rendering, so avoid setJSStatusBarText |
576 | // since it may cause clients to attempt to render the frame. |
577 | if (!m_stateMachine.creatingInitialEmptyDocument()) { |
578 | DOMWindow* window = m_frame.document()->domWindow(); |
579 | window->setStatus(String()); |
580 | window->setDefaultStatus(String()); |
581 | } |
582 | |
583 | started(); |
584 | |
585 | return true; |
586 | } |
587 | |
588 | void FrameLoader::didExplicitOpen() |
589 | { |
590 | m_isComplete = false; |
591 | m_didCallImplicitClose = false; |
592 | |
593 | // Calling document.open counts as committing the first real document load. |
594 | if (!m_stateMachine.committedFirstRealDocumentLoad()) |
595 | m_stateMachine.advanceTo(FrameLoaderStateMachine::DisplayingInitialEmptyDocumentPostCommit); |
596 | |
597 | m_client.dispatchDidExplicitOpen(m_frame.document() ? m_frame.document()->url() : URL()); |
598 | |
599 | // Prevent window.open(url) -- eg window.open("about:blank") -- from blowing away results |
600 | // from a subsequent window.document.open / window.document.write call. |
601 | // Canceling redirection here works for all cases because document.open |
602 | // implicitly precedes document.write. |
603 | m_frame.navigationScheduler().cancel(); |
604 | } |
605 | |
606 | |
607 | void FrameLoader::cancelAndClear() |
608 | { |
609 | m_frame.navigationScheduler().cancel(); |
610 | |
611 | if (!m_isComplete) |
612 | closeURL(); |
613 | |
614 | clear(m_frame.document(), false); |
615 | m_frame.script().updatePlatformScriptObjects(); |
616 | } |
617 | |
618 | static inline bool shouldClearWindowName(const Frame& frame, const Document& newDocument) |
619 | { |
620 | if (!frame.isMainFrame()) |
621 | return false; |
622 | |
623 | if (frame.loader().opener()) |
624 | return false; |
625 | |
626 | return !newDocument.securityOrigin().isSameOriginAs(frame.document()->securityOrigin()); |
627 | } |
628 | |
629 | void FrameLoader::clear(Document* newDocument, bool clearWindowProperties, bool clearScriptObjects, bool clearFrameView) |
630 | { |
631 | m_frame.editor().clear(); |
632 | |
633 | if (!m_needsClear) |
634 | return; |
635 | m_needsClear = false; |
636 | |
637 | if (m_frame.document()->pageCacheState() != Document::InPageCache) { |
638 | m_frame.document()->cancelParsing(); |
639 | m_frame.document()->stopActiveDOMObjects(); |
640 | bool hadLivingRenderTree = m_frame.document()->hasLivingRenderTree(); |
641 | m_frame.document()->prepareForDestruction(); |
642 | if (hadLivingRenderTree) |
643 | m_frame.document()->adjustFocusedNodeOnNodeRemoval(*m_frame.document()); |
644 | } |
645 | |
646 | // Do this after detaching the document so that the unload event works. |
647 | if (clearWindowProperties) { |
648 | InspectorInstrumentation::frameWindowDiscarded(m_frame, m_frame.document()->domWindow()); |
649 | m_frame.document()->domWindow()->resetUnlessSuspendedForDocumentSuspension(); |
650 | m_frame.windowProxy().clearJSWindowProxiesNotMatchingDOMWindow(newDocument->domWindow(), m_frame.document()->pageCacheState() == Document::AboutToEnterPageCache); |
651 | |
652 | if (shouldClearWindowName(m_frame, *newDocument)) |
653 | m_frame.tree().setName(nullAtom()); |
654 | } |
655 | |
656 | m_frame.selection().prepareForDestruction(); |
657 | m_frame.eventHandler().clear(); |
658 | |
659 | if (clearFrameView && m_frame.view()) |
660 | m_frame.view()->clear(); |
661 | |
662 | // Do not drop the document before the ScriptController and view are cleared |
663 | // as some destructors might still try to access the document. |
664 | m_frame.setDocument(nullptr); |
665 | |
666 | subframeLoader().clear(); |
667 | |
668 | if (clearWindowProperties) |
669 | m_frame.windowProxy().setDOMWindow(newDocument->domWindow()); |
670 | |
671 | if (clearScriptObjects) |
672 | m_frame.script().clearScriptObjects(); |
673 | |
674 | m_frame.script().enableEval(); |
675 | |
676 | m_frame.navigationScheduler().clear(); |
677 | |
678 | m_checkTimer.stop(); |
679 | m_shouldCallCheckCompleted = false; |
680 | m_shouldCallCheckLoadComplete = false; |
681 | |
682 | if (m_stateMachine.isDisplayingInitialEmptyDocument() && m_stateMachine.committedFirstRealDocumentLoad()) |
683 | m_stateMachine.advanceTo(FrameLoaderStateMachine::CommittedFirstRealLoad); |
684 | } |
685 | |
686 | void FrameLoader::receivedFirstData() |
687 | { |
688 | dispatchDidCommitLoad(WTF::nullopt); |
689 | dispatchDidClearWindowObjectsInAllWorlds(); |
690 | dispatchGlobalObjectAvailableInAllWorlds(); |
691 | |
692 | if (!m_documentLoader) |
693 | return; |
694 | |
695 | auto& documentLoader = *m_documentLoader; |
696 | auto& title = documentLoader.title(); |
697 | if (!title.string.isNull()) |
698 | m_client.dispatchDidReceiveTitle(title); |
699 | |
700 | ASSERT(m_frame.document()); |
701 | auto& document = *m_frame.document(); |
702 | |
703 | LinkLoader::loadLinksFromHeader(documentLoader.response().httpHeaderField(HTTPHeaderName::Link), document.url(), document, LinkLoader::MediaAttributeCheck::MediaAttributeEmpty); |
704 | |
705 | double delay; |
706 | String urlString; |
707 | if (!parseHTTPRefresh(documentLoader.response().httpHeaderField(HTTPHeaderName::Refresh), delay, urlString)) |
708 | return; |
709 | auto completedURL = urlString.isEmpty() ? document.url() : document.completeURL(urlString); |
710 | if (!WTF::protocolIsJavaScript(completedURL)) |
711 | m_frame.navigationScheduler().scheduleRedirect(document, delay, completedURL); |
712 | else { |
713 | auto message = "Refused to refresh " + document.url().stringCenterEllipsizedToLength() + " to a javascript: URL" ; |
714 | document.addConsoleMessage(MessageSource::Security, MessageLevel::Error, message); |
715 | } |
716 | } |
717 | |
718 | void FrameLoader::setOutgoingReferrer(const URL& url) |
719 | { |
720 | m_outgoingReferrer = url.strippedForUseAsReferrer(); |
721 | } |
722 | |
723 | void FrameLoader::didBeginDocument(bool dispatch, ContentSecurityPolicy* previousPolicy) |
724 | { |
725 | m_needsClear = true; |
726 | m_isComplete = false; |
727 | m_didCallImplicitClose = false; |
728 | m_frame.document()->setReadyState(Document::Loading); |
729 | |
730 | if (m_pendingStateObject) { |
731 | m_frame.document()->statePopped(*m_pendingStateObject); |
732 | m_pendingStateObject = nullptr; |
733 | } |
734 | |
735 | if (dispatch) |
736 | dispatchDidClearWindowObjectsInAllWorlds(); |
737 | |
738 | updateFirstPartyForCookies(); |
739 | m_frame.document()->initContentSecurityPolicy(previousPolicy); |
740 | |
741 | const Settings& settings = m_frame.settings(); |
742 | m_frame.document()->cachedResourceLoader().setImagesEnabled(settings.areImagesEnabled()); |
743 | m_frame.document()->cachedResourceLoader().setAutoLoadImages(settings.loadsImagesAutomatically()); |
744 | |
745 | if (m_documentLoader) { |
746 | String dnsPrefetchControl = m_documentLoader->response().httpHeaderField(HTTPHeaderName::XDNSPrefetchControl); |
747 | if (!dnsPrefetchControl.isEmpty()) |
748 | m_frame.document()->parseDNSPrefetchControlHeader(dnsPrefetchControl); |
749 | |
750 | m_frame.document()->contentSecurityPolicy()->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(m_documentLoader->response()), referrer(), ContentSecurityPolicy::ReportParsingErrors::No); |
751 | |
752 | String referrerPolicy = m_documentLoader->response().httpHeaderField(HTTPHeaderName::ReferrerPolicy); |
753 | if (!referrerPolicy.isNull()) |
754 | m_frame.document()->processReferrerPolicy(referrerPolicy, ReferrerPolicySource::HTTPHeader); |
755 | |
756 | String = m_documentLoader->response().httpHeaderField(HTTPHeaderName::ContentLanguage); |
757 | if (!headerContentLanguage.isEmpty()) { |
758 | size_t commaIndex = headerContentLanguage.find(','); |
759 | headerContentLanguage.truncate(commaIndex); // notFound == -1 == don't truncate |
760 | headerContentLanguage = stripLeadingAndTrailingHTMLSpaces(headerContentLanguage); |
761 | if (!headerContentLanguage.isEmpty()) |
762 | m_frame.document()->setContentLanguage(headerContentLanguage); |
763 | } |
764 | } |
765 | |
766 | history().restoreDocumentState(); |
767 | } |
768 | |
769 | void FrameLoader::finishedParsing() |
770 | { |
771 | LOG(Loading, "WebCoreLoading %s: Finished parsing" , m_frame.tree().uniqueName().string().utf8().data()); |
772 | |
773 | m_frame.injectUserScripts(InjectAtDocumentEnd); |
774 | |
775 | if (m_stateMachine.creatingInitialEmptyDocument()) |
776 | return; |
777 | |
778 | // This can be called from the Frame's destructor, in which case we shouldn't protect ourselves |
779 | // because doing so will cause us to re-enter the destructor when protector goes out of scope. |
780 | // Null-checking the FrameView indicates whether or not we're in the destructor. |
781 | RefPtr<Frame> protector = m_frame.view() ? &m_frame : 0; |
782 | |
783 | m_client.dispatchDidFinishDocumentLoad(); |
784 | |
785 | scrollToFragmentWithParentBoundary(m_frame.document()->url()); |
786 | |
787 | checkCompleted(); |
788 | |
789 | if (!m_frame.view()) |
790 | return; // We are being destroyed by something checkCompleted called. |
791 | |
792 | // Check if the scrollbars are really needed for the content. |
793 | // If not, remove them, relayout, and repaint. |
794 | m_frame.view()->restoreScrollbar(); |
795 | } |
796 | |
797 | void FrameLoader::loadDone(LoadCompletionType type) |
798 | { |
799 | if (type == LoadCompletionType::Finish) |
800 | checkCompleted(); |
801 | else |
802 | scheduleCheckCompleted(); |
803 | } |
804 | |
805 | void FrameLoader::subresourceLoadDone(LoadCompletionType type) |
806 | { |
807 | if (type == LoadCompletionType::Finish) |
808 | checkLoadComplete(); |
809 | else |
810 | scheduleCheckLoadComplete(); |
811 | } |
812 | |
813 | bool FrameLoader::allChildrenAreComplete() const |
814 | { |
815 | for (Frame* child = m_frame.tree().firstChild(); child; child = child->tree().nextSibling()) { |
816 | if (!child->loader().m_isComplete) |
817 | return false; |
818 | } |
819 | return true; |
820 | } |
821 | |
822 | bool FrameLoader::allAncestorsAreComplete() const |
823 | { |
824 | for (Frame* ancestor = &m_frame; ancestor; ancestor = ancestor->tree().parent()) { |
825 | if (!ancestor->loader().m_isComplete) |
826 | return false; |
827 | } |
828 | return true; |
829 | } |
830 | |
831 | void FrameLoader::checkCompleted() |
832 | { |
833 | RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(ScriptDisallowedScope::InMainThread::isScriptAllowed()); |
834 | m_shouldCallCheckCompleted = false; |
835 | |
836 | // Have we completed before? |
837 | if (m_isComplete) |
838 | return; |
839 | |
840 | #if ENABLE(VIDEO) |
841 | // FIXME: Remove this code once https://webkit.org/b/185284 is fixed. |
842 | if (HTMLMediaElement::isRunningDestructor()) { |
843 | ASSERT_NOT_REACHED(); |
844 | scheduleCheckCompleted(); |
845 | return; |
846 | } |
847 | #endif |
848 | |
849 | // FIXME: It would be better if resource loads were kicked off after render tree update (or didn't complete synchronously). |
850 | // https://bugs.webkit.org/show_bug.cgi?id=171729 |
851 | if (m_frame.document()->inRenderTreeUpdate()) { |
852 | scheduleCheckCompleted(); |
853 | return; |
854 | } |
855 | |
856 | // Are we still parsing? |
857 | if (m_frame.document()->parsing()) |
858 | return; |
859 | |
860 | // Still waiting for images/scripts? |
861 | if (m_frame.document()->cachedResourceLoader().requestCount()) |
862 | return; |
863 | |
864 | // Still waiting for elements that don't go through a FrameLoader? |
865 | if (m_frame.document()->isDelayingLoadEvent()) |
866 | return; |
867 | |
868 | auto* scriptableParser = m_frame.document()->scriptableDocumentParser(); |
869 | if (scriptableParser && scriptableParser->hasScriptsWaitingForStylesheets()) |
870 | return; |
871 | |
872 | // Any frame that hasn't completed yet? |
873 | if (!allChildrenAreComplete()) |
874 | return; |
875 | |
876 | // Important not to protect earlier in this function, because earlier parts |
877 | // of this function can be called in the frame's destructor, and it's not legal |
878 | // to ref an object while it's being destroyed. |
879 | Ref<Frame> protect(m_frame); |
880 | |
881 | // OK, completed. |
882 | m_isComplete = true; |
883 | m_requestedHistoryItem = nullptr; |
884 | m_frame.document()->setReadyState(Document::Complete); |
885 | |
886 | #if PLATFORM(IOS_FAMILY) |
887 | if (m_frame.document()->url().isEmpty()) { |
888 | // We need to update the document URL of a PDF document to be non-empty so that both back/forward history navigation |
889 | // between PDF pages and fragment navigation works. See <rdar://problem/9544769> for more details. |
890 | // FIXME: Is there a better place for this code, say DocumentLoader? Also, we should explicitly only update the URL |
891 | // of the document when it's a PDFDocument object instead of assuming that a Document object with an empty URL is a PDFDocument. |
892 | // FIXME: This code is incorrect for a synthesized document (which also has an empty URL). The URL for a synthesized |
893 | // document should be the URL specified to FrameLoader::initForSynthesizedDocument(). |
894 | m_frame.document()->setURL(activeDocumentLoader()->documentURL()); |
895 | } |
896 | #endif |
897 | |
898 | checkCallImplicitClose(); // if we didn't do it before |
899 | |
900 | m_frame.navigationScheduler().startTimer(); |
901 | |
902 | completed(); |
903 | if (m_frame.page()) |
904 | checkLoadComplete(); |
905 | } |
906 | |
907 | void FrameLoader::checkTimerFired() |
908 | { |
909 | checkCompletenessNow(); |
910 | } |
911 | |
912 | void FrameLoader::checkCompletenessNow() |
913 | { |
914 | Ref<Frame> protect(m_frame); |
915 | |
916 | if (Page* page = m_frame.page()) { |
917 | if (page->defersLoading()) |
918 | return; |
919 | } |
920 | if (m_shouldCallCheckCompleted) |
921 | checkCompleted(); |
922 | if (m_shouldCallCheckLoadComplete) |
923 | checkLoadComplete(); |
924 | } |
925 | |
926 | void FrameLoader::startCheckCompleteTimer() |
927 | { |
928 | if (!(m_shouldCallCheckCompleted || m_shouldCallCheckLoadComplete)) |
929 | return; |
930 | if (m_checkTimer.isActive()) |
931 | return; |
932 | m_checkTimer.startOneShot(0_s); |
933 | } |
934 | |
935 | void FrameLoader::scheduleCheckCompleted() |
936 | { |
937 | m_shouldCallCheckCompleted = true; |
938 | startCheckCompleteTimer(); |
939 | } |
940 | |
941 | void FrameLoader::scheduleCheckLoadComplete() |
942 | { |
943 | m_shouldCallCheckLoadComplete = true; |
944 | startCheckCompleteTimer(); |
945 | } |
946 | |
947 | void FrameLoader::checkCallImplicitClose() |
948 | { |
949 | if (m_didCallImplicitClose || m_frame.document()->parsing() || m_frame.document()->isDelayingLoadEvent()) |
950 | return; |
951 | |
952 | if (!allChildrenAreComplete()) |
953 | return; // still got a frame running -> too early |
954 | |
955 | m_didCallImplicitClose = true; |
956 | m_wasUnloadEventEmitted = false; |
957 | m_frame.document()->implicitClose(); |
958 | } |
959 | |
960 | void FrameLoader::loadURLIntoChildFrame(const URL& url, const String& referer, Frame* childFrame) |
961 | { |
962 | RELEASE_LOG_IF_ALLOWED("loadURLIntoChildFrame: frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
963 | |
964 | ASSERT(childFrame); |
965 | |
966 | #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML) |
967 | if (auto activeLoader = activeDocumentLoader()) { |
968 | if (auto subframeArchive = activeLoader->popArchiveForSubframe(childFrame->tree().uniqueName(), url)) { |
969 | childFrame->loader().loadArchive(RefPtr<Archive> { subframeArchive }.releaseNonNull()); |
970 | return; |
971 | } |
972 | } |
973 | #endif |
974 | |
975 | // If we're moving in the back/forward list, we might want to replace the content |
976 | // of this child frame with whatever was there at that point. |
977 | auto* parentItem = history().currentItem(); |
978 | if (parentItem && parentItem->children().size() && isBackForwardLoadType(loadType()) && !m_frame.document()->loadEventFinished()) { |
979 | if (auto* childItem = parentItem->childItemWithTarget(childFrame->tree().uniqueName())) { |
980 | childFrame->loader().m_requestedHistoryItem = childItem; |
981 | childFrame->loader().loadDifferentDocumentItem(*childItem, nullptr, loadType(), MayAttemptCacheOnlyLoadForFormSubmissionItem, ShouldTreatAsContinuingLoad::No); |
982 | return; |
983 | } |
984 | } |
985 | |
986 | auto* lexicalFrame = lexicalFrameFromCommonVM(); |
987 | auto initiatedByMainFrame = lexicalFrame && lexicalFrame->isMainFrame() ? InitiatedByMainFrame::Yes : InitiatedByMainFrame::Unknown; |
988 | |
989 | FrameLoadRequest frameLoadRequest { *m_frame.document(), m_frame.document()->securityOrigin(), { url }, "_self"_s , LockHistory::No, LockBackForwardList::Yes, ShouldSendReferrer::MaybeSendReferrer, AllowNavigationToInvalidURL::Yes, NewFrameOpenerPolicy::Suppress, ShouldOpenExternalURLsPolicy::ShouldNotAllow, initiatedByMainFrame }; |
990 | childFrame->loader().loadURL(WTFMove(frameLoadRequest), referer, FrameLoadType::RedirectWithLockedBackForwardList, nullptr, { }, WTF::nullopt, [] { }); |
991 | } |
992 | |
993 | #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML) |
994 | |
995 | void FrameLoader::loadArchive(Ref<Archive>&& archive) |
996 | { |
997 | RELEASE_LOG_IF_ALLOWED("loadArchive: frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
998 | |
999 | ArchiveResource* mainResource = archive->mainResource(); |
1000 | ASSERT(mainResource); |
1001 | if (!mainResource) |
1002 | return; |
1003 | |
1004 | ResourceResponse response(URL(), mainResource->mimeType(), mainResource->data().size(), mainResource->textEncoding()); |
1005 | SubstituteData substituteData(&mainResource->data(), URL(), response, SubstituteData::SessionHistoryVisibility::Hidden); |
1006 | |
1007 | ResourceRequest request(mainResource->url()); |
1008 | |
1009 | auto documentLoader = m_client.createDocumentLoader(request, substituteData); |
1010 | documentLoader->setArchive(WTFMove(archive)); |
1011 | load(documentLoader.get()); |
1012 | } |
1013 | |
1014 | #endif // ENABLE(WEB_ARCHIVE) || ENABLE(MHTML) |
1015 | |
1016 | String FrameLoader::outgoingReferrer() const |
1017 | { |
1018 | // See http://www.whatwg.org/specs/web-apps/current-work/#fetching-resources |
1019 | // for why we walk the parent chain for srcdoc documents. |
1020 | Frame* frame = &m_frame; |
1021 | while (frame && frame->document()->isSrcdocDocument()) { |
1022 | frame = frame->tree().parent(); |
1023 | // Srcdoc documents cannot be top-level documents, by definition, |
1024 | // because they need to be contained in iframes with the srcdoc. |
1025 | ASSERT(frame); |
1026 | } |
1027 | if (!frame) |
1028 | return emptyString(); |
1029 | return frame->loader().m_outgoingReferrer; |
1030 | } |
1031 | |
1032 | String FrameLoader::outgoingOrigin() const |
1033 | { |
1034 | return m_frame.document()->securityOrigin().toString(); |
1035 | } |
1036 | |
1037 | bool FrameLoader::checkIfFormActionAllowedByCSP(const URL& url, bool didReceiveRedirectResponse) const |
1038 | { |
1039 | if (m_submittedFormURL.isEmpty()) |
1040 | return true; |
1041 | |
1042 | auto redirectResponseReceived = didReceiveRedirectResponse ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No; |
1043 | return m_frame.document()->contentSecurityPolicy()->allowFormAction(url, redirectResponseReceived); |
1044 | } |
1045 | |
1046 | Frame* FrameLoader::opener() |
1047 | { |
1048 | return m_opener; |
1049 | } |
1050 | |
1051 | void FrameLoader::setOpener(Frame* opener) |
1052 | { |
1053 | if (m_opener && !opener) |
1054 | m_client.didDisownOpener(); |
1055 | |
1056 | if (m_opener) { |
1057 | // When setOpener is called in ~FrameLoader, opener's m_frameLoader is already cleared. |
1058 | auto& openerFrameLoader = m_opener == &m_frame ? *this : m_opener->loader(); |
1059 | openerFrameLoader.m_openedFrames.remove(&m_frame); |
1060 | } |
1061 | if (opener) { |
1062 | opener->loader().m_openedFrames.add(&m_frame); |
1063 | if (auto* page = m_frame.page()) |
1064 | page->setOpenedByDOMWithOpener(); |
1065 | } |
1066 | m_opener = opener; |
1067 | |
1068 | if (m_frame.document()) |
1069 | m_frame.document()->initSecurityContext(); |
1070 | } |
1071 | |
1072 | // FIXME: This does not belong in FrameLoader! |
1073 | void FrameLoader::handleFallbackContent() |
1074 | { |
1075 | HTMLFrameOwnerElement* owner = m_frame.ownerElement(); |
1076 | if (!is<HTMLObjectElement>(owner)) |
1077 | return; |
1078 | downcast<HTMLObjectElement>(*owner).renderFallbackContent(); |
1079 | } |
1080 | |
1081 | void FrameLoader::provisionalLoadStarted() |
1082 | { |
1083 | if (m_stateMachine.firstLayoutDone()) |
1084 | m_stateMachine.advanceTo(FrameLoaderStateMachine::CommittedFirstRealLoad); |
1085 | m_frame.navigationScheduler().cancel(NewLoadInProgress::Yes); |
1086 | m_client.provisionalLoadStarted(); |
1087 | |
1088 | if (m_frame.isMainFrame()) { |
1089 | tracePoint(MainResourceLoadDidStartProvisional); |
1090 | |
1091 | if (auto* page = m_frame.page()) |
1092 | page->didStartProvisionalLoad(); |
1093 | } |
1094 | } |
1095 | |
1096 | void FrameLoader::resetMultipleFormSubmissionProtection() |
1097 | { |
1098 | m_submittedFormURL = URL(); |
1099 | } |
1100 | |
1101 | void FrameLoader::updateFirstPartyForCookies() |
1102 | { |
1103 | if (m_frame.tree().parent()) |
1104 | setFirstPartyForCookies(m_frame.tree().parent()->document()->firstPartyForCookies()); |
1105 | else |
1106 | setFirstPartyForCookies(m_frame.document()->url()); |
1107 | } |
1108 | |
1109 | void FrameLoader::setFirstPartyForCookies(const URL& url) |
1110 | { |
1111 | for (Frame* frame = &m_frame; frame; frame = frame->tree().traverseNext(&m_frame)) |
1112 | frame->document()->setFirstPartyForCookies(url); |
1113 | |
1114 | RegistrableDomain registrableDomain(url); |
1115 | for (Frame* frame = &m_frame; frame; frame = frame->tree().traverseNext(&m_frame)) { |
1116 | if (SecurityPolicy::shouldInheritSecurityOriginFromOwner(frame->document()->url()) || registrableDomain.matches(frame->document()->url())) |
1117 | frame->document()->setSiteForCookies(url); |
1118 | } |
1119 | } |
1120 | |
1121 | // This does the same kind of work that didOpenURL does, except it relies on the fact |
1122 | // that a higher level already checked that the URLs match and the scrolling is the right thing to do. |
1123 | void FrameLoader::loadInSameDocument(const URL& url, SerializedScriptValue* stateObject, bool isNewNavigation) |
1124 | { |
1125 | RELEASE_LOG_IF_ALLOWED("loadInSameDocument: frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
1126 | |
1127 | // If we have a state object, we cannot also be a new navigation. |
1128 | ASSERT(!stateObject || (stateObject && !isNewNavigation)); |
1129 | |
1130 | // Update the data source's request with the new URL to fake the URL change |
1131 | URL oldURL = m_frame.document()->url(); |
1132 | m_frame.document()->setURL(url); |
1133 | setOutgoingReferrer(url); |
1134 | documentLoader()->replaceRequestURLForSameDocumentNavigation(url); |
1135 | if (isNewNavigation && !shouldTreatURLAsSameAsCurrent(url) && !stateObject) { |
1136 | // NB: must happen after replaceRequestURLForSameDocumentNavigation(), since we add |
1137 | // based on the current request. Must also happen before we openURL and displace the |
1138 | // scroll position, since adding the BF item will save away scroll state. |
1139 | |
1140 | // NB2: If we were loading a long, slow doc, and the user fragment navigated before |
1141 | // it was done, currItem is now set the that slow doc, and prevItem is whatever was |
1142 | // before it. Adding the b/f item will bump the slow doc down to prevItem, even |
1143 | // though its load is not yet done. I think this all works out OK, for one because |
1144 | // we have already saved away the scroll and doc state for the long slow load, |
1145 | // but it's not an obvious case. |
1146 | |
1147 | history().updateBackForwardListForFragmentScroll(); |
1148 | } |
1149 | |
1150 | bool hashChange = equalIgnoringFragmentIdentifier(url, oldURL) && url.fragmentIdentifier() != oldURL.fragmentIdentifier(); |
1151 | |
1152 | history().updateForSameDocumentNavigation(); |
1153 | |
1154 | // If we were in the autoscroll/panScroll mode we want to stop it before following the link to the anchor |
1155 | if (hashChange) |
1156 | m_frame.eventHandler().stopAutoscrollTimer(); |
1157 | |
1158 | // It's important to model this as a load that starts and immediately finishes. |
1159 | // Otherwise, the parent frame may think we never finished loading. |
1160 | started(); |
1161 | |
1162 | if (auto* ownerElement = m_frame.ownerElement()) { |
1163 | auto* ownerRenderer = ownerElement->renderer(); |
1164 | auto* view = m_frame.view(); |
1165 | if (is<RenderWidget>(ownerRenderer) && view) |
1166 | downcast<RenderWidget>(*ownerRenderer).setWidget(view); |
1167 | } |
1168 | |
1169 | // We need to scroll to the fragment whether or not a hash change occurred, since |
1170 | // the user might have scrolled since the previous navigation. |
1171 | scrollToFragmentWithParentBoundary(url, isNewNavigation); |
1172 | |
1173 | m_isComplete = false; |
1174 | checkCompleted(); |
1175 | |
1176 | if (isNewNavigation) { |
1177 | // This will clear previousItem from the rest of the frame tree that didn't |
1178 | // doing any loading. We need to make a pass on this now, since for fragment |
1179 | // navigation we'll not go through a real load and reach Completed state. |
1180 | checkLoadComplete(); |
1181 | } |
1182 | |
1183 | m_client.dispatchDidNavigateWithinPage(); |
1184 | |
1185 | m_frame.document()->statePopped(stateObject ? Ref<SerializedScriptValue> { *stateObject } : SerializedScriptValue::nullValue()); |
1186 | m_client.dispatchDidPopStateWithinPage(); |
1187 | |
1188 | if (hashChange) { |
1189 | m_frame.document()->enqueueHashchangeEvent(oldURL, url); |
1190 | m_client.dispatchDidChangeLocationWithinPage(); |
1191 | } |
1192 | |
1193 | // FrameLoaderClient::didFinishLoad() tells the internal load delegate the load finished with no error |
1194 | m_client.didFinishLoad(); |
1195 | } |
1196 | |
1197 | bool FrameLoader::isComplete() const |
1198 | { |
1199 | return m_isComplete; |
1200 | } |
1201 | |
1202 | void FrameLoader::completed() |
1203 | { |
1204 | Ref<Frame> protect(m_frame); |
1205 | |
1206 | for (Frame* descendant = m_frame.tree().traverseNext(&m_frame); descendant; descendant = descendant->tree().traverseNext(&m_frame)) |
1207 | descendant->navigationScheduler().startTimer(); |
1208 | |
1209 | if (Frame* parent = m_frame.tree().parent()) |
1210 | parent->loader().checkCompleted(); |
1211 | |
1212 | if (m_frame.view()) |
1213 | m_frame.view()->maintainScrollPositionAtAnchor(nullptr); |
1214 | } |
1215 | |
1216 | void FrameLoader::started() |
1217 | { |
1218 | for (Frame* frame = &m_frame; frame; frame = frame->tree().parent()) |
1219 | frame->loader().m_isComplete = false; |
1220 | } |
1221 | |
1222 | void FrameLoader::prepareForLoadStart() |
1223 | { |
1224 | RELEASE_LOG_IF_ALLOWED("prepareForLoadStart: Starting frame load (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
1225 | |
1226 | m_progressTracker->progressStarted(); |
1227 | m_client.dispatchDidStartProvisionalLoad(); |
1228 | |
1229 | if (AXObjectCache::accessibilityEnabled()) { |
1230 | if (AXObjectCache* cache = m_frame.document()->existingAXObjectCache()) { |
1231 | AXObjectCache::AXLoadingEvent loadingEvent = loadType() == FrameLoadType::Reload ? AXObjectCache::AXLoadingReloaded : AXObjectCache::AXLoadingStarted; |
1232 | cache->frameLoadingEventNotification(&m_frame, loadingEvent); |
1233 | } |
1234 | } |
1235 | } |
1236 | |
1237 | void FrameLoader::setupForReplace() |
1238 | { |
1239 | m_client.revertToProvisionalState(m_documentLoader.get()); |
1240 | setState(FrameStateProvisional); |
1241 | m_provisionalDocumentLoader = m_documentLoader; |
1242 | m_documentLoader = nullptr; |
1243 | detachChildren(); |
1244 | } |
1245 | |
1246 | void FrameLoader::loadFrameRequest(FrameLoadRequest&& request, Event* event, RefPtr<FormState>&& formState, Optional<AdClickAttribution>&& adClickAttribution) |
1247 | { |
1248 | RELEASE_LOG_IF_ALLOWED("loadFrameRequest: frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
1249 | |
1250 | // Protect frame from getting blown away inside dispatchBeforeLoadEvent in loadWithDocumentLoader. |
1251 | auto protectFrame = makeRef(m_frame); |
1252 | |
1253 | URL url = request.resourceRequest().url(); |
1254 | |
1255 | ASSERT(m_frame.document()); |
1256 | if (!request.requesterSecurityOrigin().canDisplay(url)) { |
1257 | reportLocalLoadFailed(&m_frame, url.stringCenterEllipsizedToLength()); |
1258 | return; |
1259 | } |
1260 | |
1261 | String argsReferrer = request.resourceRequest().httpReferrer(); |
1262 | if (argsReferrer.isEmpty()) |
1263 | argsReferrer = outgoingReferrer(); |
1264 | |
1265 | String referrer = SecurityPolicy::generateReferrerHeader(m_frame.document()->referrerPolicy(), url, argsReferrer); |
1266 | if (request.shouldSendReferrer() == NeverSendReferrer) |
1267 | referrer = String(); |
1268 | |
1269 | FrameLoadType loadType; |
1270 | if (request.resourceRequest().cachePolicy() == ResourceRequestCachePolicy::ReloadIgnoringCacheData) |
1271 | loadType = FrameLoadType::Reload; |
1272 | else if (request.lockBackForwardList() == LockBackForwardList::Yes) |
1273 | loadType = FrameLoadType::RedirectWithLockedBackForwardList; |
1274 | else |
1275 | loadType = FrameLoadType::Standard; |
1276 | |
1277 | auto completionHandler = [this, protectedFrame = makeRef(m_frame), formState = makeWeakPtr(formState.get()), frameName = request.frameName()] { |
1278 | // FIXME: It's possible this targetFrame will not be the same frame that was targeted by the actual |
1279 | // load if frame names have changed. |
1280 | Frame* sourceFrame = formState ? formState->sourceDocument().frame() : &m_frame; |
1281 | if (!sourceFrame) |
1282 | sourceFrame = &m_frame; |
1283 | Frame* targetFrame = sourceFrame->loader().findFrameForNavigation(frameName); |
1284 | if (targetFrame && targetFrame != sourceFrame) { |
1285 | if (Page* page = targetFrame->page()) |
1286 | page->chrome().focus(); |
1287 | } |
1288 | }; |
1289 | |
1290 | if (request.resourceRequest().httpMethod() == "POST" ) |
1291 | loadPostRequest(WTFMove(request), referrer, loadType, event, WTFMove(formState), WTFMove(completionHandler)); |
1292 | else |
1293 | loadURL(WTFMove(request), referrer, loadType, event, WTFMove(formState), WTFMove(adClickAttribution), WTFMove(completionHandler)); |
1294 | } |
1295 | |
1296 | static ShouldOpenExternalURLsPolicy shouldOpenExternalURLsPolicyToApply(Frame& currentFrame, InitiatedByMainFrame initiatedByMainFrame, ShouldOpenExternalURLsPolicy propagatedPolicy) |
1297 | { |
1298 | if (UserGestureIndicator::processingUserGesture()) |
1299 | return ShouldOpenExternalURLsPolicy::ShouldAllow; |
1300 | |
1301 | if (initiatedByMainFrame == InitiatedByMainFrame::Yes) |
1302 | return propagatedPolicy; |
1303 | |
1304 | if (!currentFrame.isMainFrame()) |
1305 | return ShouldOpenExternalURLsPolicy::ShouldNotAllow; |
1306 | |
1307 | return propagatedPolicy; |
1308 | } |
1309 | |
1310 | static ShouldOpenExternalURLsPolicy shouldOpenExternalURLsPolicyToApply(Frame& currentFrame, const FrameLoadRequest& frameLoadRequest) |
1311 | { |
1312 | return shouldOpenExternalURLsPolicyToApply(currentFrame, frameLoadRequest.initiatedByMainFrame(), frameLoadRequest.shouldOpenExternalURLsPolicy()); |
1313 | } |
1314 | |
1315 | static void applyShouldOpenExternalURLsPolicyToNewDocumentLoader(Frame& frame, DocumentLoader& documentLoader, InitiatedByMainFrame initiatedByMainFrame, ShouldOpenExternalURLsPolicy propagatedPolicy) |
1316 | { |
1317 | documentLoader.setShouldOpenExternalURLsPolicy(shouldOpenExternalURLsPolicyToApply(frame, initiatedByMainFrame, propagatedPolicy)); |
1318 | } |
1319 | |
1320 | static void applyShouldOpenExternalURLsPolicyToNewDocumentLoader(Frame& frame, DocumentLoader& documentLoader, const FrameLoadRequest& frameLoadRequest) |
1321 | { |
1322 | documentLoader.setShouldOpenExternalURLsPolicy(shouldOpenExternalURLsPolicyToApply(frame, frameLoadRequest)); |
1323 | } |
1324 | |
1325 | bool FrameLoader::isNavigationAllowed() const |
1326 | { |
1327 | return m_pageDismissalEventBeingDispatched == PageDismissalType::None && NavigationDisabler::isNavigationAllowed(m_frame); |
1328 | } |
1329 | |
1330 | bool FrameLoader::isStopLoadingAllowed() const |
1331 | { |
1332 | return m_pageDismissalEventBeingDispatched == PageDismissalType::None; |
1333 | } |
1334 | |
1335 | void FrameLoader::loadURL(FrameLoadRequest&& frameLoadRequest, const String& referrer, FrameLoadType newLoadType, Event* event, RefPtr<FormState>&& formState, Optional<AdClickAttribution>&& adClickAttribution, CompletionHandler<void()>&& completionHandler) |
1336 | { |
1337 | RELEASE_LOG_IF_ALLOWED("loadURL: frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
1338 | |
1339 | CompletionHandlerCallingScope completionHandlerCaller(WTFMove(completionHandler)); |
1340 | if (m_inStopAllLoaders || m_inClearProvisionalLoadForPolicyCheck) |
1341 | return; |
1342 | |
1343 | Ref<Frame> protect(m_frame); |
1344 | |
1345 | // Anchor target is ignored when the download attribute is set since it will download the hyperlink rather than follow it. |
1346 | String effectiveFrameName = frameLoadRequest.downloadAttribute().isNull() ? frameLoadRequest.frameName() : String(); |
1347 | AllowNavigationToInvalidURL allowNavigationToInvalidURL = frameLoadRequest.allowNavigationToInvalidURL(); |
1348 | NewFrameOpenerPolicy openerPolicy = frameLoadRequest.newFrameOpenerPolicy(); |
1349 | LockHistory lockHistory = frameLoadRequest.lockHistory(); |
1350 | bool isFormSubmission = formState; |
1351 | |
1352 | const URL& newURL = frameLoadRequest.resourceRequest().url(); |
1353 | ResourceRequest request(newURL); |
1354 | if (!referrer.isEmpty()) { |
1355 | request.setHTTPReferrer(referrer); |
1356 | auto referrerOrigin = SecurityOrigin::createFromString(referrer); |
1357 | addHTTPOriginIfNeeded(request, referrerOrigin->toString()); |
1358 | } |
1359 | if (&m_frame.tree().top() != &m_frame) |
1360 | request.setDomainForCachePartition(m_frame.tree().top().document()->domainForCachePartition()); |
1361 | |
1362 | addExtraFieldsToRequest(request, newLoadType, true); |
1363 | if (isReload(newLoadType)) |
1364 | request.setCachePolicy(ResourceRequestCachePolicy::ReloadIgnoringCacheData); |
1365 | |
1366 | ASSERT(newLoadType != FrameLoadType::Same); |
1367 | |
1368 | // The search for a target frame is done earlier in the case of form submission. |
1369 | Frame* targetFrame = isFormSubmission ? nullptr : findFrameForNavigation(effectiveFrameName); |
1370 | if (targetFrame && targetFrame != &m_frame) { |
1371 | frameLoadRequest.setFrameName("_self" ); |
1372 | targetFrame->loader().loadURL(WTFMove(frameLoadRequest), referrer, newLoadType, event, WTFMove(formState), WTFMove(adClickAttribution), completionHandlerCaller.release()); |
1373 | return; |
1374 | } |
1375 | |
1376 | if (!isNavigationAllowed()) |
1377 | return; |
1378 | |
1379 | NavigationAction action { frameLoadRequest.requester(), request, frameLoadRequest.initiatedByMainFrame(), newLoadType, isFormSubmission, event, frameLoadRequest.shouldOpenExternalURLsPolicy(), frameLoadRequest.downloadAttribute() }; |
1380 | action.setLockHistory(lockHistory); |
1381 | action.setLockBackForwardList(frameLoadRequest.lockBackForwardList()); |
1382 | if (adClickAttribution && m_frame.isMainFrame()) |
1383 | action.setAdClickAttribution(WTFMove(*adClickAttribution)); |
1384 | |
1385 | if (!targetFrame && !effectiveFrameName.isEmpty()) { |
1386 | action = action.copyWithShouldOpenExternalURLsPolicy(shouldOpenExternalURLsPolicyToApply(m_frame, frameLoadRequest)); |
1387 | policyChecker().checkNewWindowPolicy(WTFMove(action), WTFMove(request), WTFMove(formState), effectiveFrameName, [this, allowNavigationToInvalidURL, openerPolicy, completionHandler = completionHandlerCaller.release()] (const ResourceRequest& request, WeakPtr<FormState>&& formState, const String& frameName, const NavigationAction& action, ShouldContinue shouldContinue) mutable { |
1388 | continueLoadAfterNewWindowPolicy(request, formState.get(), frameName, action, shouldContinue, allowNavigationToInvalidURL, openerPolicy); |
1389 | completionHandler(); |
1390 | }); |
1391 | return; |
1392 | } |
1393 | |
1394 | RefPtr<DocumentLoader> oldDocumentLoader = m_documentLoader; |
1395 | |
1396 | bool sameURL = shouldTreatURLAsSameAsCurrent(newURL); |
1397 | const String& httpMethod = request.httpMethod(); |
1398 | |
1399 | // Make sure to do scroll to fragment processing even if the URL is |
1400 | // exactly the same so pages with '#' links and DHTML side effects |
1401 | // work properly. |
1402 | if (shouldPerformFragmentNavigation(isFormSubmission, httpMethod, newLoadType, newURL)) { |
1403 | oldDocumentLoader->setTriggeringAction(WTFMove(action)); |
1404 | oldDocumentLoader->setLastCheckedRequest(ResourceRequest()); |
1405 | policyChecker().stopCheck(); |
1406 | policyChecker().setLoadType(newLoadType); |
1407 | RELEASE_ASSERT(!isBackForwardLoadType(newLoadType) || history().provisionalItem()); |
1408 | policyChecker().checkNavigationPolicy(WTFMove(request), ResourceResponse { } /* redirectResponse */, oldDocumentLoader.get(), WTFMove(formState), [this, protectedFrame = makeRef(m_frame)] (const ResourceRequest& request, WeakPtr<FormState>&&, NavigationPolicyDecision navigationPolicyDecision) { |
1409 | continueFragmentScrollAfterNavigationPolicy(request, navigationPolicyDecision == NavigationPolicyDecision::ContinueLoad); |
1410 | }, PolicyDecisionMode::Synchronous); |
1411 | return; |
1412 | } |
1413 | |
1414 | // Must grab this now, since this load may stop the previous load and clear this flag. |
1415 | bool isRedirect = m_quickRedirectComing; |
1416 | #if USE(SYSTEM_PREVIEW) |
1417 | bool isSystemPreview = frameLoadRequest.isSystemPreview(); |
1418 | request.setSystemPreview(isSystemPreview); |
1419 | if (isSystemPreview) |
1420 | request.setSystemPreviewRect(frameLoadRequest.systemPreviewRect()); |
1421 | #endif |
1422 | loadWithNavigationAction(request, WTFMove(action), lockHistory, newLoadType, WTFMove(formState), allowNavigationToInvalidURL, frameLoadRequest.downloadAttribute(), [this, isRedirect, sameURL, newLoadType, protectedFrame = makeRef(m_frame), completionHandler = completionHandlerCaller.release()] () mutable { |
1423 | if (isRedirect) { |
1424 | m_quickRedirectComing = false; |
1425 | if (m_provisionalDocumentLoader) |
1426 | m_provisionalDocumentLoader->setIsClientRedirect(true); |
1427 | else if (m_policyDocumentLoader) |
1428 | m_policyDocumentLoader->setIsClientRedirect(true); |
1429 | } else if (sameURL && !isReload(newLoadType)) { |
1430 | // Example of this case are sites that reload the same URL with a different cookie |
1431 | // driving the generated content, or a master frame with links that drive a target |
1432 | // frame, where the user has clicked on the same link repeatedly. |
1433 | m_loadType = FrameLoadType::Same; |
1434 | } |
1435 | completionHandler(); |
1436 | }); |
1437 | } |
1438 | |
1439 | SubstituteData FrameLoader::defaultSubstituteDataForURL(const URL& url) |
1440 | { |
1441 | if (!shouldTreatURLAsSrcdocDocument(url)) |
1442 | return SubstituteData(); |
1443 | auto& srcdoc = m_frame.ownerElement()->attributeWithoutSynchronization(srcdocAttr); |
1444 | ASSERT(!srcdoc.isNull()); |
1445 | CString encodedSrcdoc = srcdoc.string().utf8(); |
1446 | |
1447 | ResourceResponse response(URL(), "text/html"_s , encodedSrcdoc.length(), "UTF-8"_s ); |
1448 | return SubstituteData(SharedBuffer::create(encodedSrcdoc.data(), encodedSrcdoc.length()), URL(), response, SubstituteData::SessionHistoryVisibility::Hidden); |
1449 | } |
1450 | |
1451 | void FrameLoader::load(FrameLoadRequest&& request) |
1452 | { |
1453 | RELEASE_LOG_IF_ALLOWED("load (FrameLoadRequest): frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
1454 | |
1455 | if (m_inStopAllLoaders || m_inClearProvisionalLoadForPolicyCheck) |
1456 | return; |
1457 | |
1458 | if (!request.frameName().isEmpty()) { |
1459 | Frame* frame = findFrameForNavigation(request.frameName()); |
1460 | if (frame) { |
1461 | request.setShouldCheckNewWindowPolicy(false); |
1462 | if (&frame->loader() != this) { |
1463 | frame->loader().load(WTFMove(request)); |
1464 | return; |
1465 | } |
1466 | } |
1467 | } |
1468 | |
1469 | if (request.shouldCheckNewWindowPolicy()) { |
1470 | NavigationAction action { request.requester(), request.resourceRequest(), InitiatedByMainFrame::Unknown, NavigationType::Other, request.shouldOpenExternalURLsPolicy() }; |
1471 | policyChecker().checkNewWindowPolicy(WTFMove(action), WTFMove(request.resourceRequest()), { }, request.frameName(), [this] (const ResourceRequest& request, WeakPtr<FormState>&& formState, const String& frameName, const NavigationAction& action, ShouldContinue shouldContinue) { |
1472 | continueLoadAfterNewWindowPolicy(request, formState.get(), frameName, action, shouldContinue, AllowNavigationToInvalidURL::Yes, NewFrameOpenerPolicy::Suppress); |
1473 | }); |
1474 | |
1475 | return; |
1476 | } |
1477 | |
1478 | if (!request.hasSubstituteData()) |
1479 | request.setSubstituteData(defaultSubstituteDataForURL(request.resourceRequest().url())); |
1480 | |
1481 | Ref<DocumentLoader> loader = m_client.createDocumentLoader(request.resourceRequest(), request.substituteData()); |
1482 | loader->setAllowsWebArchiveForMainFrame(request.isRequestFromClientOrUserInput()); |
1483 | addSameSiteInfoToRequestIfNeeded(loader->request()); |
1484 | applyShouldOpenExternalURLsPolicyToNewDocumentLoader(m_frame, loader, request); |
1485 | |
1486 | if (request.shouldTreatAsContinuingLoad()) { |
1487 | loader->setClientRedirectSourceForHistory(request.clientRedirectSourceForHistory()); |
1488 | if (request.lockBackForwardList() == LockBackForwardList::Yes) { |
1489 | loader->setIsClientRedirect(true); |
1490 | m_loadType = FrameLoadType::RedirectWithLockedBackForwardList; |
1491 | } |
1492 | } |
1493 | |
1494 | SetForScope<LoadContinuingState> continuingLoadGuard(m_currentLoadContinuingState, request.shouldTreatAsContinuingLoad() ? LoadContinuingState::ContinuingWithRequest : LoadContinuingState::NotContinuing); |
1495 | load(loader.get()); |
1496 | } |
1497 | |
1498 | void FrameLoader::loadWithNavigationAction(const ResourceRequest& request, NavigationAction&& action, LockHistory lockHistory, FrameLoadType type, RefPtr<FormState>&& formState, AllowNavigationToInvalidURL allowNavigationToInvalidURL, const String& downloadAttribute, CompletionHandler<void()>&& completionHandler) |
1499 | { |
1500 | RELEASE_LOG_IF_ALLOWED("loadWithNavigationAction: frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
1501 | |
1502 | Ref<DocumentLoader> loader = m_client.createDocumentLoader(request, defaultSubstituteDataForURL(request.url())); |
1503 | loader->setDownloadAttribute(downloadAttribute); |
1504 | applyShouldOpenExternalURLsPolicyToNewDocumentLoader(m_frame, loader, action.initiatedByMainFrame(), action.shouldOpenExternalURLsPolicy()); |
1505 | |
1506 | if (lockHistory == LockHistory::Yes && m_documentLoader) |
1507 | loader->setClientRedirectSourceForHistory(m_documentLoader->didCreateGlobalHistoryEntry() ? m_documentLoader->urlForHistory().string() : m_documentLoader->clientRedirectSourceForHistory()); |
1508 | |
1509 | loader->setTriggeringAction(WTFMove(action)); |
1510 | if (m_documentLoader) |
1511 | loader->setOverrideEncoding(m_documentLoader->overrideEncoding()); |
1512 | |
1513 | loadWithDocumentLoader(loader.ptr(), type, WTFMove(formState), allowNavigationToInvalidURL, ShouldTreatAsContinuingLoad::No, WTFMove(completionHandler)); |
1514 | } |
1515 | |
1516 | void FrameLoader::load(DocumentLoader& newDocumentLoader) |
1517 | { |
1518 | RELEASE_LOG_IF_ALLOWED("load (DocumentLoader): frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
1519 | |
1520 | ResourceRequest& r = newDocumentLoader.request(); |
1521 | addExtraFieldsToMainResourceRequest(r); |
1522 | FrameLoadType type; |
1523 | |
1524 | if (shouldTreatURLAsSameAsCurrent(newDocumentLoader.originalRequest().url())) { |
1525 | r.setCachePolicy(ResourceRequestCachePolicy::ReloadIgnoringCacheData); |
1526 | type = FrameLoadType::Same; |
1527 | } else if (shouldTreatURLAsSameAsCurrent(newDocumentLoader.unreachableURL()) && isReload(m_loadType)) |
1528 | type = m_loadType; |
1529 | else if (m_loadType == FrameLoadType::RedirectWithLockedBackForwardList && ((!newDocumentLoader.unreachableURL().isEmpty() && newDocumentLoader.substituteData().isValid()) || shouldTreatCurrentLoadAsContinuingLoad())) |
1530 | type = FrameLoadType::RedirectWithLockedBackForwardList; |
1531 | else |
1532 | type = FrameLoadType::Standard; |
1533 | |
1534 | if (m_documentLoader) |
1535 | newDocumentLoader.setOverrideEncoding(m_documentLoader->overrideEncoding()); |
1536 | |
1537 | // When we loading alternate content for an unreachable URL that we're |
1538 | // visiting in the history list, we treat it as a reload so the history list |
1539 | // is appropriately maintained. |
1540 | // |
1541 | // FIXME: This seems like a dangerous overloading of the meaning of "FrameLoadType::Reload" ... |
1542 | // shouldn't a more explicit type of reload be defined, that means roughly |
1543 | // "load without affecting history" ? |
1544 | if (shouldReloadToHandleUnreachableURL(newDocumentLoader)) { |
1545 | // shouldReloadToHandleUnreachableURL returns true only when the original load type is back-forward. |
1546 | // In this case we should save the document state now. Otherwise the state can be lost because load type is |
1547 | // changed and updateForBackForwardNavigation() will not be called when loading is committed. |
1548 | history().saveDocumentAndScrollState(); |
1549 | |
1550 | ASSERT(type == FrameLoadType::Standard); |
1551 | type = FrameLoadType::Reload; |
1552 | } |
1553 | |
1554 | loadWithDocumentLoader(&newDocumentLoader, type, nullptr, AllowNavigationToInvalidURL::Yes, ShouldTreatAsContinuingLoad::No); |
1555 | } |
1556 | |
1557 | void FrameLoader::loadWithDocumentLoader(DocumentLoader* loader, FrameLoadType type, RefPtr<FormState>&& formState, AllowNavigationToInvalidURL allowNavigationToInvalidURL, ShouldTreatAsContinuingLoad, CompletionHandler<void()>&& completionHandler) |
1558 | { |
1559 | RELEASE_LOG_IF_ALLOWED("loadWithDocumentLoader: frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
1560 | |
1561 | // Retain because dispatchBeforeLoadEvent may release the last reference to it. |
1562 | Ref<Frame> protect(m_frame); |
1563 | |
1564 | CompletionHandlerCallingScope completionHandlerCaller(WTFMove(completionHandler)); |
1565 | |
1566 | ASSERT(m_client.hasWebView()); |
1567 | |
1568 | // Unfortunately the view must be non-nil, this is ultimately due |
1569 | // to parser requiring a FrameView. We should fix this dependency. |
1570 | |
1571 | ASSERT(m_frame.view()); |
1572 | |
1573 | if (!isNavigationAllowed()) |
1574 | return; |
1575 | |
1576 | if (m_frame.document()) |
1577 | m_previousURL = m_frame.document()->url(); |
1578 | |
1579 | const URL& newURL = loader->request().url(); |
1580 | |
1581 | // Only the first iframe navigation or the first iframe navigation after about:blank should be reported. |
1582 | // https://www.w3.org/TR/resource-timing-2/#resources-included-in-the-performanceresourcetiming-interface |
1583 | if (m_shouldReportResourceTimingToParentFrame && !m_previousURL.isNull() && m_previousURL != WTF::blankURL()) |
1584 | m_shouldReportResourceTimingToParentFrame = false; |
1585 | |
1586 | // Log main frame navigation types. |
1587 | if (m_frame.isMainFrame()) { |
1588 | if (auto* page = m_frame.page()) { |
1589 | RELEASE_LOG_IF_ALLOWED("loadWithDocumentLoader: main frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
1590 | page->mainFrameLoadStarted(newURL, type); |
1591 | page->performanceLogging().didReachPointOfInterest(PerformanceLogging::MainFrameLoadStarted); |
1592 | } |
1593 | } |
1594 | |
1595 | policyChecker().setLoadType(type); |
1596 | RELEASE_ASSERT(!isBackForwardLoadType(type) || history().provisionalItem()); |
1597 | bool isFormSubmission = formState; |
1598 | |
1599 | const String& httpMethod = loader->request().httpMethod(); |
1600 | |
1601 | if (shouldPerformFragmentNavigation(isFormSubmission, httpMethod, policyChecker().loadType(), newURL)) { |
1602 | RefPtr<DocumentLoader> oldDocumentLoader = m_documentLoader; |
1603 | NavigationAction action { *m_frame.document(), loader->request(), InitiatedByMainFrame::Unknown, policyChecker().loadType(), isFormSubmission }; |
1604 | |
1605 | oldDocumentLoader->setTriggeringAction(WTFMove(action)); |
1606 | oldDocumentLoader->setLastCheckedRequest(ResourceRequest()); |
1607 | policyChecker().stopCheck(); |
1608 | RELEASE_ASSERT(!isBackForwardLoadType(policyChecker().loadType()) || history().provisionalItem()); |
1609 | policyChecker().checkNavigationPolicy(ResourceRequest(loader->request()), ResourceResponse { } /* redirectResponse */, oldDocumentLoader.get(), WTFMove(formState), [this, protectedFrame = makeRef(m_frame)] (const ResourceRequest& request, WeakPtr<FormState>&&, NavigationPolicyDecision navigationPolicyDecision) { |
1610 | continueFragmentScrollAfterNavigationPolicy(request, navigationPolicyDecision == NavigationPolicyDecision::ContinueLoad); |
1611 | }, PolicyDecisionMode::Synchronous); |
1612 | return; |
1613 | } |
1614 | |
1615 | if (Frame* parent = m_frame.tree().parent()) |
1616 | loader->setOverrideEncoding(parent->loader().documentLoader()->overrideEncoding()); |
1617 | |
1618 | policyChecker().stopCheck(); |
1619 | setPolicyDocumentLoader(loader); |
1620 | if (loader->triggeringAction().isEmpty()) |
1621 | loader->setTriggeringAction({ *m_frame.document(), loader->request(), InitiatedByMainFrame::Unknown, policyChecker().loadType(), isFormSubmission }); |
1622 | |
1623 | if (Element* ownerElement = m_frame.ownerElement()) { |
1624 | // We skip dispatching the beforeload event if we've already |
1625 | // committed a real document load because the event would leak |
1626 | // subsequent activity by the frame which the parent frame isn't |
1627 | // supposed to learn. For example, if the child frame navigated to |
1628 | // a new URL, the parent frame shouldn't learn the URL. |
1629 | if (!m_stateMachine.committedFirstRealDocumentLoad() |
1630 | && !ownerElement->dispatchBeforeLoadEvent(loader->request().url().string())) { |
1631 | continueLoadAfterNavigationPolicy(loader->request(), formState.get(), NavigationPolicyDecision::IgnoreLoad, allowNavigationToInvalidURL); |
1632 | return; |
1633 | } |
1634 | } |
1635 | |
1636 | m_frame.navigationScheduler().cancel(NewLoadInProgress::Yes); |
1637 | |
1638 | if (shouldTreatCurrentLoadAsContinuingLoad()) { |
1639 | continueLoadAfterNavigationPolicy(loader->request(), formState.get(), NavigationPolicyDecision::ContinueLoad, allowNavigationToInvalidURL); |
1640 | return; |
1641 | } |
1642 | |
1643 | RELEASE_ASSERT(!isBackForwardLoadType(policyChecker().loadType()) || history().provisionalItem()); |
1644 | policyChecker().checkNavigationPolicy(ResourceRequest(loader->request()), ResourceResponse { } /* redirectResponse */, loader, WTFMove(formState), [this, protectedFrame = makeRef(m_frame), allowNavigationToInvalidURL, completionHandler = completionHandlerCaller.release()] (const ResourceRequest& request, WeakPtr<FormState>&& formState, NavigationPolicyDecision navigationPolicyDecision) mutable { |
1645 | continueLoadAfterNavigationPolicy(request, formState.get(), navigationPolicyDecision, allowNavigationToInvalidURL); |
1646 | completionHandler(); |
1647 | }, PolicyDecisionMode::Asynchronous); |
1648 | } |
1649 | |
1650 | void FrameLoader::clearProvisionalLoadForPolicyCheck() |
1651 | { |
1652 | if (!m_policyDocumentLoader || !m_provisionalDocumentLoader || m_inClearProvisionalLoadForPolicyCheck) |
1653 | return; |
1654 | |
1655 | SetForScope<bool> change(m_inClearProvisionalLoadForPolicyCheck, true); |
1656 | m_provisionalDocumentLoader->stopLoading(); |
1657 | setProvisionalDocumentLoader(nullptr); |
1658 | } |
1659 | |
1660 | void FrameLoader::reportLocalLoadFailed(Frame* frame, const String& url) |
1661 | { |
1662 | ASSERT(!url.isEmpty()); |
1663 | if (!frame) |
1664 | return; |
1665 | |
1666 | frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Not allowed to load local resource: " + url); |
1667 | } |
1668 | |
1669 | void FrameLoader::reportBlockedPortFailed(Frame* frame, const String& url) |
1670 | { |
1671 | ASSERT(!url.isEmpty()); |
1672 | if (!frame) |
1673 | return; |
1674 | |
1675 | frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Not allowed to use restricted network port: " + url); |
1676 | } |
1677 | |
1678 | void FrameLoader::reportAuthenticationChallengeBlocked(Frame* frame, const URL& url, const String& reason) |
1679 | { |
1680 | if (!frame) |
1681 | return; |
1682 | |
1683 | frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, makeString("Blocked " , url.stringCenterEllipsizedToLength(), " from asking for credentials because " , reason, '.')); |
1684 | } |
1685 | |
1686 | const ResourceRequest& FrameLoader::initialRequest() const |
1687 | { |
1688 | return activeDocumentLoader()->originalRequest(); |
1689 | } |
1690 | |
1691 | bool FrameLoader::willLoadMediaElementURL(URL& url, Node& initiatorNode) |
1692 | { |
1693 | #if PLATFORM(IOS_FAMILY) |
1694 | // MobileStore depends on the iOS 4.0 era client delegate method because webView:resource:willSendRequest:redirectResponse:fromDataSource |
1695 | // doesn't let them tell when a load request is coming from a media element. See <rdar://problem/8266916> for more details. |
1696 | if (IOSApplication::isMobileStore()) |
1697 | return m_client.shouldLoadMediaElementURL(url); |
1698 | #endif |
1699 | |
1700 | ResourceRequest request(url); |
1701 | request.setInspectorInitiatorNodeIdentifier(InspectorInstrumentation::identifierForNode(initiatorNode)); |
1702 | |
1703 | unsigned long identifier; |
1704 | ResourceError error; |
1705 | requestFromDelegate(request, identifier, error); |
1706 | notifier().sendRemainingDelegateMessages(m_documentLoader.get(), identifier, request, ResourceResponse(url, String(), -1, String()), 0, -1, -1, error); |
1707 | |
1708 | url = request.url(); |
1709 | |
1710 | return error.isNull(); |
1711 | } |
1712 | |
1713 | bool FrameLoader::shouldReloadToHandleUnreachableURL(DocumentLoader& docLoader) |
1714 | { |
1715 | URL unreachableURL = docLoader.unreachableURL(); |
1716 | |
1717 | if (unreachableURL.isEmpty()) |
1718 | return false; |
1719 | |
1720 | if (!isBackForwardLoadType(policyChecker().loadType())) |
1721 | return false; |
1722 | |
1723 | // We only treat unreachableURLs specially during the delegate callbacks |
1724 | // for provisional load errors and navigation policy decisions. The former |
1725 | // case handles well-formed URLs that can't be loaded, and the latter |
1726 | // case handles malformed URLs and unknown schemes. Loading alternate content |
1727 | // at other times behaves like a standard load. |
1728 | if (policyChecker().delegateIsDecidingNavigationPolicy() || policyChecker().delegateIsHandlingUnimplementablePolicy()) |
1729 | return m_policyDocumentLoader && unreachableURL == m_policyDocumentLoader->request().url(); |
1730 | |
1731 | return unreachableURL == m_provisionalLoadErrorBeingHandledURL; |
1732 | } |
1733 | |
1734 | void FrameLoader::reloadWithOverrideEncoding(const String& encoding) |
1735 | { |
1736 | if (!m_documentLoader) |
1737 | return; |
1738 | |
1739 | RELEASE_LOG_IF_ALLOWED("reloadWithOverrideEncoding: frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
1740 | |
1741 | ResourceRequest request = m_documentLoader->request(); |
1742 | URL unreachableURL = m_documentLoader->unreachableURL(); |
1743 | if (!unreachableURL.isEmpty()) |
1744 | request.setURL(unreachableURL); |
1745 | |
1746 | // FIXME: If the resource is a result of form submission and is not cached, the form will be silently resubmitted. |
1747 | // We should ask the user for confirmation in this case. |
1748 | request.setCachePolicy(ResourceRequestCachePolicy::ReturnCacheDataElseLoad); |
1749 | |
1750 | Ref<DocumentLoader> loader = m_client.createDocumentLoader(request, defaultSubstituteDataForURL(request.url())); |
1751 | applyShouldOpenExternalURLsPolicyToNewDocumentLoader(m_frame, loader, InitiatedByMainFrame::Unknown, m_documentLoader->shouldOpenExternalURLsPolicyToPropagate()); |
1752 | |
1753 | setPolicyDocumentLoader(loader.ptr()); |
1754 | |
1755 | loader->setOverrideEncoding(encoding); |
1756 | |
1757 | loadWithDocumentLoader(loader.ptr(), FrameLoadType::Reload, { }, AllowNavigationToInvalidURL::Yes, ShouldTreatAsContinuingLoad::No); |
1758 | } |
1759 | |
1760 | void FrameLoader::reload(OptionSet<ReloadOption> options) |
1761 | { |
1762 | if (!m_documentLoader) |
1763 | return; |
1764 | |
1765 | // If a window is created by javascript, its main frame can have an empty but non-nil URL. |
1766 | // Reloading in this case will lose the current contents (see 4151001). |
1767 | if (m_documentLoader->request().url().isEmpty()) |
1768 | return; |
1769 | |
1770 | RELEASE_LOG_IF_ALLOWED("reload: frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
1771 | |
1772 | // Replace error-page URL with the URL we were trying to reach. |
1773 | ResourceRequest initialRequest = m_documentLoader->request(); |
1774 | URL unreachableURL = m_documentLoader->unreachableURL(); |
1775 | if (!unreachableURL.isEmpty()) |
1776 | initialRequest.setURL(unreachableURL); |
1777 | |
1778 | // Create a new document loader for the reload, this will become m_documentLoader eventually, |
1779 | // but first it has to be the "policy" document loader, and then the "provisional" document loader. |
1780 | Ref<DocumentLoader> loader = m_client.createDocumentLoader(initialRequest, defaultSubstituteDataForURL(initialRequest.url())); |
1781 | loader->setAllowsWebArchiveForMainFrame(m_documentLoader->allowsWebArchiveForMainFrame()); |
1782 | applyShouldOpenExternalURLsPolicyToNewDocumentLoader(m_frame, loader, InitiatedByMainFrame::Unknown, m_documentLoader->shouldOpenExternalURLsPolicyToPropagate()); |
1783 | |
1784 | loader->setUserContentExtensionsEnabled(!options.contains(ReloadOption::DisableContentBlockers)); |
1785 | |
1786 | ResourceRequest& request = loader->request(); |
1787 | |
1788 | // FIXME: We don't have a mechanism to revalidate the main resource without reloading at the moment. |
1789 | request.setCachePolicy(ResourceRequestCachePolicy::ReloadIgnoringCacheData); |
1790 | |
1791 | addSameSiteInfoToRequestIfNeeded(request); |
1792 | |
1793 | // If we're about to re-post, set up action so the application can warn the user. |
1794 | if (request.httpMethod() == "POST" ) |
1795 | loader->setTriggeringAction({ *m_frame.document(), request, InitiatedByMainFrame::Unknown, NavigationType::FormResubmitted }); |
1796 | |
1797 | loader->setOverrideEncoding(m_documentLoader->overrideEncoding()); |
1798 | |
1799 | auto frameLoadTypeForReloadOptions = [] (auto options) { |
1800 | if (options & ReloadOption::FromOrigin) |
1801 | return FrameLoadType::ReloadFromOrigin; |
1802 | if (options & ReloadOption::ExpiredOnly) |
1803 | return FrameLoadType::ReloadExpiredOnly; |
1804 | return FrameLoadType::Reload; |
1805 | }; |
1806 | |
1807 | loadWithDocumentLoader(loader.ptr(), frameLoadTypeForReloadOptions(options), { }, AllowNavigationToInvalidURL::Yes, ShouldTreatAsContinuingLoad::No); |
1808 | } |
1809 | |
1810 | void FrameLoader::stopAllLoaders(ClearProvisionalItemPolicy clearProvisionalItemPolicy) |
1811 | { |
1812 | if (m_frame.document() && m_frame.document()->pageCacheState() == Document::InPageCache) |
1813 | return; |
1814 | |
1815 | if (!isStopLoadingAllowed()) |
1816 | return; |
1817 | |
1818 | // If this method is called from within this method, infinite recursion can occur (3442218). Avoid this. |
1819 | if (m_inStopAllLoaders) |
1820 | return; |
1821 | |
1822 | // This method might dispatch events. |
1823 | RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(ScriptDisallowedScope::InMainThread::isScriptAllowed()); |
1824 | |
1825 | // Calling stopLoading() on the provisional document loader can blow away |
1826 | // the frame from underneath. |
1827 | Ref<Frame> protect(m_frame); |
1828 | |
1829 | m_inStopAllLoaders = true; |
1830 | |
1831 | policyChecker().stopCheck(); |
1832 | |
1833 | // If no new load is in progress, we should clear the provisional item from history |
1834 | // before we call stopLoading. |
1835 | if (clearProvisionalItemPolicy == ShouldClearProvisionalItem) |
1836 | history().setProvisionalItem(nullptr); |
1837 | |
1838 | for (RefPtr<Frame> child = m_frame.tree().firstChild(); child; child = child->tree().nextSibling()) |
1839 | child->loader().stopAllLoaders(clearProvisionalItemPolicy); |
1840 | if (m_provisionalDocumentLoader) |
1841 | m_provisionalDocumentLoader->stopLoading(); |
1842 | if (m_documentLoader) |
1843 | m_documentLoader->stopLoading(); |
1844 | |
1845 | setProvisionalDocumentLoader(nullptr); |
1846 | |
1847 | m_inStopAllLoaders = false; |
1848 | } |
1849 | |
1850 | void FrameLoader::stopAllLoadersAndCheckCompleteness() |
1851 | { |
1852 | stopAllLoaders(); |
1853 | |
1854 | if (!m_checkTimer.isActive()) |
1855 | return; |
1856 | |
1857 | m_checkTimer.stop(); |
1858 | m_checkingLoadCompleteForDetachment = true; |
1859 | checkCompletenessNow(); |
1860 | m_checkingLoadCompleteForDetachment = false; |
1861 | } |
1862 | |
1863 | void FrameLoader::stopForUserCancel(bool deferCheckLoadComplete) |
1864 | { |
1865 | // Calling stopAllLoaders can cause the frame to be deallocated, including the frame loader. |
1866 | Ref<Frame> protectedFrame(m_frame); |
1867 | |
1868 | stopAllLoaders(); |
1869 | |
1870 | #if PLATFORM(IOS_FAMILY) |
1871 | // Lay out immediately when stopping to immediately clear the old page if we just committed this one |
1872 | // but haven't laid out/painted yet. |
1873 | // FIXME: Is this behavior specific to iOS? Or should we expose a setting to toggle this behavior? |
1874 | if (m_frame.view() && !m_frame.view()->didFirstLayout()) |
1875 | m_frame.view()->layoutContext().layout(); |
1876 | #endif |
1877 | |
1878 | if (deferCheckLoadComplete) |
1879 | scheduleCheckLoadComplete(); |
1880 | else if (m_frame.page()) |
1881 | checkLoadComplete(); |
1882 | } |
1883 | |
1884 | DocumentLoader* FrameLoader::activeDocumentLoader() const |
1885 | { |
1886 | if (m_state == FrameStateProvisional) |
1887 | return m_provisionalDocumentLoader.get(); |
1888 | return m_documentLoader.get(); |
1889 | } |
1890 | |
1891 | bool FrameLoader::isLoading() const |
1892 | { |
1893 | DocumentLoader* docLoader = activeDocumentLoader(); |
1894 | if (!docLoader) |
1895 | return false; |
1896 | return docLoader->isLoading(); |
1897 | } |
1898 | |
1899 | bool FrameLoader::frameHasLoaded() const |
1900 | { |
1901 | return m_stateMachine.committedFirstRealDocumentLoad() || (m_provisionalDocumentLoader && !m_stateMachine.creatingInitialEmptyDocument()); |
1902 | } |
1903 | |
1904 | void FrameLoader::setDocumentLoader(DocumentLoader* loader) |
1905 | { |
1906 | if (!loader && !m_documentLoader) |
1907 | return; |
1908 | |
1909 | if (loader == m_documentLoader) |
1910 | return; |
1911 | |
1912 | ASSERT(loader != m_documentLoader); |
1913 | ASSERT(!loader || loader->frameLoader() == this); |
1914 | |
1915 | m_client.prepareForDataSourceReplacement(); |
1916 | detachChildren(); |
1917 | |
1918 | // detachChildren() can trigger this frame's unload event, and therefore |
1919 | // script can run and do just about anything. For example, an unload event that calls |
1920 | // document.write("") on its parent frame can lead to a recursive detachChildren() |
1921 | // invocation for this frame. In that case, we can end up at this point with a |
1922 | // loader that hasn't been deleted but has been detached from its frame. Such a |
1923 | // DocumentLoader has been sufficiently detached that we'll end up in an inconsistent |
1924 | // state if we try to use it. |
1925 | if (loader && !loader->frame()) |
1926 | return; |
1927 | |
1928 | if (m_documentLoader) |
1929 | m_documentLoader->detachFromFrame(); |
1930 | |
1931 | m_documentLoader = loader; |
1932 | } |
1933 | |
1934 | void FrameLoader::setPolicyDocumentLoader(DocumentLoader* loader) |
1935 | { |
1936 | if (m_policyDocumentLoader == loader) |
1937 | return; |
1938 | |
1939 | if (loader) |
1940 | loader->attachToFrame(m_frame); |
1941 | if (m_policyDocumentLoader |
1942 | && m_policyDocumentLoader != m_provisionalDocumentLoader |
1943 | && m_policyDocumentLoader != m_documentLoader) |
1944 | m_policyDocumentLoader->detachFromFrame(); |
1945 | |
1946 | m_policyDocumentLoader = loader; |
1947 | } |
1948 | |
1949 | void FrameLoader::setProvisionalDocumentLoader(DocumentLoader* loader) |
1950 | { |
1951 | ASSERT(!loader || !m_provisionalDocumentLoader); |
1952 | ASSERT(!loader || loader->frameLoader() == this); |
1953 | |
1954 | if (m_provisionalDocumentLoader && m_provisionalDocumentLoader != m_documentLoader) |
1955 | m_provisionalDocumentLoader->detachFromFrame(); |
1956 | |
1957 | m_provisionalDocumentLoader = loader; |
1958 | } |
1959 | |
1960 | void FrameLoader::setState(FrameState newState) |
1961 | { |
1962 | FrameState oldState = m_state; |
1963 | m_state = newState; |
1964 | |
1965 | if (newState == FrameStateProvisional) |
1966 | provisionalLoadStarted(); |
1967 | else if (newState == FrameStateComplete) { |
1968 | frameLoadCompleted(); |
1969 | if (m_documentLoader) |
1970 | m_documentLoader->stopRecordingResponses(); |
1971 | if (m_frame.isMainFrame() && oldState != newState) { |
1972 | RELEASE_LOG_IF_ALLOWED("setState: main frame load completed (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
1973 | m_frame.page()->performanceLogging().didReachPointOfInterest(PerformanceLogging::MainFrameLoadCompleted); |
1974 | } |
1975 | } |
1976 | } |
1977 | |
1978 | void FrameLoader::clearProvisionalLoad() |
1979 | { |
1980 | setProvisionalDocumentLoader(nullptr); |
1981 | m_progressTracker->progressCompleted(); |
1982 | setState(FrameStateComplete); |
1983 | } |
1984 | |
1985 | void FrameLoader::commitProvisionalLoad() |
1986 | { |
1987 | RefPtr<DocumentLoader> pdl = m_provisionalDocumentLoader; |
1988 | Ref<Frame> protect(m_frame); |
1989 | |
1990 | std::unique_ptr<CachedPage> cachedPage; |
1991 | if (m_loadingFromCachedPage && history().provisionalItem()) |
1992 | cachedPage = PageCache::singleton().take(*history().provisionalItem(), m_frame.page()); |
1993 | |
1994 | LOG(PageCache, "WebCoreLoading %s: About to commit provisional load from previous URL '%s' to new URL '%s' with cached page %p" , m_frame.tree().uniqueName().string().utf8().data(), |
1995 | m_frame.document() ? m_frame.document()->url().stringCenterEllipsizedToLength().utf8().data() : "" , |
1996 | pdl ? pdl->url().stringCenterEllipsizedToLength().utf8().data() : "<no provisional DocumentLoader>" , cachedPage.get()); |
1997 | |
1998 | willTransitionToCommitted(); |
1999 | |
2000 | if (!m_frame.tree().parent() && history().currentItem() && history().currentItem() != history().provisionalItem()) { |
2001 | // Check to see if we need to cache the page we are navigating away from into the back/forward cache. |
2002 | // We are doing this here because we know for sure that a new page is about to be loaded. |
2003 | PageCache::singleton().addIfCacheable(*history().currentItem(), m_frame.page()); |
2004 | |
2005 | WebCore::jettisonExpensiveObjectsOnTopLevelNavigation(); |
2006 | } |
2007 | |
2008 | if (m_loadType != FrameLoadType::Replace) |
2009 | closeOldDataSources(); |
2010 | |
2011 | if (!cachedPage && !m_stateMachine.creatingInitialEmptyDocument()) |
2012 | m_client.makeRepresentation(pdl.get()); |
2013 | |
2014 | transitionToCommitted(cachedPage.get()); |
2015 | |
2016 | if (pdl && m_documentLoader) { |
2017 | // Check if the destination page is allowed to access the previous page's timing information. |
2018 | Ref<SecurityOrigin> securityOrigin(SecurityOrigin::create(pdl->request().url())); |
2019 | m_documentLoader->timing().setHasSameOriginAsPreviousDocument(securityOrigin.get().canRequest(m_previousURL)); |
2020 | } |
2021 | |
2022 | // Call clientRedirectCancelledOrFinished() here so that the frame load delegate is notified that the redirect's |
2023 | // status has changed, if there was a redirect. The frame load delegate may have saved some state about |
2024 | // the redirect in its -webView:willPerformClientRedirectToURL:delay:fireDate:forFrame:. Since we are |
2025 | // just about to commit a new page, there cannot possibly be a pending redirect at this point. |
2026 | if (m_sentRedirectNotification) |
2027 | clientRedirectCancelledOrFinished(NewLoadInProgress::No); |
2028 | |
2029 | if (cachedPage && cachedPage->document()) { |
2030 | #if PLATFORM(IOS_FAMILY) |
2031 | // FIXME: CachedPage::restore() would dispatch viewport change notification. However UIKit expects load |
2032 | // commit to happen before any changes to viewport arguments and dealing with this there is difficult. |
2033 | m_frame.page()->chrome().setDispatchViewportDataDidChangeSuppressed(true); |
2034 | #endif |
2035 | willRestoreFromCachedPage(); |
2036 | |
2037 | // Start request for the main resource and dispatch didReceiveResponse before the load is committed for |
2038 | // consistency with all other loads. See https://bugs.webkit.org/show_bug.cgi?id=150927. |
2039 | ResourceError mainResouceError; |
2040 | unsigned long mainResourceIdentifier; |
2041 | ResourceRequest mainResourceRequest(cachedPage->documentLoader()->request()); |
2042 | requestFromDelegate(mainResourceRequest, mainResourceIdentifier, mainResouceError); |
2043 | notifier().dispatchDidReceiveResponse(cachedPage->documentLoader(), mainResourceIdentifier, cachedPage->documentLoader()->response()); |
2044 | |
2045 | Optional<HasInsecureContent> hasInsecureContent = cachedPage->cachedMainFrame()->hasInsecureContent(); |
2046 | |
2047 | dispatchDidCommitLoad(hasInsecureContent); |
2048 | |
2049 | // FIXME: This API should be turned around so that we ground CachedPage into the Page. |
2050 | cachedPage->restore(*m_frame.page()); |
2051 | |
2052 | #if PLATFORM(IOS_FAMILY) |
2053 | m_frame.page()->chrome().setDispatchViewportDataDidChangeSuppressed(false); |
2054 | m_frame.page()->chrome().dispatchViewportPropertiesDidChange(m_frame.page()->viewportArguments()); |
2055 | #endif |
2056 | m_frame.page()->chrome().dispatchDisabledAdaptationsDidChange(m_frame.page()->disabledAdaptations()); |
2057 | |
2058 | auto& title = m_documentLoader->title(); |
2059 | if (!title.string.isNull()) |
2060 | m_client.dispatchDidReceiveTitle(title); |
2061 | |
2062 | // Send remaining notifications for the main resource. |
2063 | notifier().sendRemainingDelegateMessages(m_documentLoader.get(), mainResourceIdentifier, mainResourceRequest, ResourceResponse(), |
2064 | nullptr, static_cast<int>(m_documentLoader->response().expectedContentLength()), 0, mainResouceError); |
2065 | |
2066 | checkCompleted(); |
2067 | } else |
2068 | didOpenURL(); |
2069 | |
2070 | LOG(Loading, "WebCoreLoading %s: Finished committing provisional load to URL %s" , m_frame.tree().uniqueName().string().utf8().data(), |
2071 | m_frame.document() ? m_frame.document()->url().stringCenterEllipsizedToLength().utf8().data() : "" ); |
2072 | |
2073 | if (m_loadType == FrameLoadType::Standard && m_documentLoader && m_documentLoader->isClientRedirect()) |
2074 | history().updateForClientRedirect(); |
2075 | |
2076 | if (m_loadingFromCachedPage) { |
2077 | // Note, didReceiveDocType is expected to be called for cached pages. See <rdar://problem/5906758> for more details. |
2078 | if (auto* page = m_frame.page()) |
2079 | page->chrome().didReceiveDocType(m_frame); |
2080 | m_frame.document()->resume(ReasonForSuspension::PageCache); |
2081 | |
2082 | // Force a layout to update view size and thereby update scrollbars. |
2083 | #if PLATFORM(IOS_FAMILY) |
2084 | if (!m_client.forceLayoutOnRestoreFromPageCache()) |
2085 | m_frame.view()->forceLayout(); |
2086 | #else |
2087 | m_frame.view()->forceLayout(); |
2088 | #endif |
2089 | |
2090 | // Main resource delegates were already sent, so we skip the first response here. |
2091 | for (unsigned i = 1; i < m_documentLoader->responses().size(); ++i) { |
2092 | const auto& response = m_documentLoader->responses()[i]; |
2093 | // FIXME: If the WebKit client changes or cancels the request, this is not respected. |
2094 | ResourceError error; |
2095 | unsigned long identifier; |
2096 | ResourceRequest request(response.url()); |
2097 | requestFromDelegate(request, identifier, error); |
2098 | // FIXME: If we get a resource with more than 2B bytes, this code won't do the right thing. |
2099 | // However, with today's computers and networking speeds, this won't happen in practice. |
2100 | // Could be an issue with a giant local file. |
2101 | notifier().sendRemainingDelegateMessages(m_documentLoader.get(), identifier, request, response, 0, static_cast<int>(response.expectedContentLength()), 0, error); |
2102 | } |
2103 | |
2104 | // FIXME: Why only this frame and not parent frames? |
2105 | checkLoadCompleteForThisFrame(); |
2106 | } |
2107 | } |
2108 | |
2109 | void FrameLoader::transitionToCommitted(CachedPage* cachedPage) |
2110 | { |
2111 | ASSERT(m_client.hasWebView()); |
2112 | ASSERT(m_state == FrameStateProvisional); |
2113 | |
2114 | if (m_state != FrameStateProvisional) |
2115 | return; |
2116 | |
2117 | if (FrameView* view = m_frame.view()) { |
2118 | if (ScrollAnimator* scrollAnimator = view->existingScrollAnimator()) |
2119 | scrollAnimator->cancelAnimations(); |
2120 | } |
2121 | |
2122 | m_client.setCopiesOnScroll(); |
2123 | history().updateForCommit(); |
2124 | |
2125 | // The call to closeURL() invokes the unload event handler, which can execute arbitrary |
2126 | // JavaScript. If the script initiates a new load, we need to abandon the current load, |
2127 | // or the two will stomp each other. |
2128 | DocumentLoader* pdl = m_provisionalDocumentLoader.get(); |
2129 | if (m_documentLoader) |
2130 | closeURL(); |
2131 | if (pdl != m_provisionalDocumentLoader) |
2132 | return; |
2133 | |
2134 | if (m_documentLoader) |
2135 | m_documentLoader->stopLoadingSubresources(); |
2136 | if (m_documentLoader) |
2137 | m_documentLoader->stopLoadingPlugIns(); |
2138 | |
2139 | // Setting our document loader invokes the unload event handler of our child frames. |
2140 | // Script can do anything. If the script initiates a new load, we need to abandon the |
2141 | // current load or the two will stomp each other. |
2142 | setDocumentLoader(m_provisionalDocumentLoader.get()); |
2143 | if (pdl != m_provisionalDocumentLoader) |
2144 | return; |
2145 | setProvisionalDocumentLoader(nullptr); |
2146 | |
2147 | // Nothing else can interrupt this commit - set the Provisional->Committed transition in stone |
2148 | setState(FrameStateCommittedPage); |
2149 | |
2150 | // Handle adding the URL to the back/forward list. |
2151 | DocumentLoader* dl = m_documentLoader.get(); |
2152 | |
2153 | switch (m_loadType) { |
2154 | case FrameLoadType::Forward: |
2155 | case FrameLoadType::Back: |
2156 | case FrameLoadType::IndexedBackForward: |
2157 | if (m_frame.page()) { |
2158 | // If the first load within a frame is a navigation within a back/forward list that was attached |
2159 | // without any of the items being loaded then we need to update the history in a similar manner as |
2160 | // for a standard load with the exception of updating the back/forward list (<rdar://problem/8091103>). |
2161 | if (!m_stateMachine.committedFirstRealDocumentLoad() && m_frame.isMainFrame()) |
2162 | history().updateForStandardLoad(HistoryController::UpdateAllExceptBackForwardList); |
2163 | |
2164 | history().updateForBackForwardNavigation(); |
2165 | |
2166 | // For cached pages, CachedFrame::restore will take care of firing the popstate event with the history item's state object |
2167 | if (history().currentItem() && !cachedPage) |
2168 | m_pendingStateObject = history().currentItem()->stateObject(); |
2169 | |
2170 | // Create a document view for this document, or used the cached view. |
2171 | if (cachedPage) { |
2172 | DocumentLoader* cachedDocumentLoader = cachedPage->documentLoader(); |
2173 | ASSERT(cachedDocumentLoader); |
2174 | cachedDocumentLoader->attachToFrame(m_frame); |
2175 | m_client.transitionToCommittedFromCachedFrame(cachedPage->cachedMainFrame()); |
2176 | } else |
2177 | m_client.transitionToCommittedForNewPage(); |
2178 | } |
2179 | break; |
2180 | |
2181 | case FrameLoadType::Reload: |
2182 | case FrameLoadType::ReloadFromOrigin: |
2183 | case FrameLoadType::ReloadExpiredOnly: |
2184 | case FrameLoadType::Same: |
2185 | case FrameLoadType::Replace: |
2186 | history().updateForReload(); |
2187 | m_client.transitionToCommittedForNewPage(); |
2188 | break; |
2189 | |
2190 | case FrameLoadType::Standard: |
2191 | history().updateForStandardLoad(); |
2192 | if (m_frame.view()) |
2193 | m_frame.view()->setScrollbarsSuppressed(true); |
2194 | m_client.transitionToCommittedForNewPage(); |
2195 | break; |
2196 | |
2197 | case FrameLoadType::RedirectWithLockedBackForwardList: |
2198 | history().updateForRedirectWithLockedBackForwardList(); |
2199 | m_client.transitionToCommittedForNewPage(); |
2200 | break; |
2201 | } |
2202 | |
2203 | m_documentLoader->writer().setMIMEType(dl->responseMIMEType()); |
2204 | |
2205 | // Tell the client we've committed this URL. |
2206 | ASSERT(m_frame.view()); |
2207 | |
2208 | if (m_stateMachine.creatingInitialEmptyDocument()) |
2209 | return; |
2210 | |
2211 | if (!m_stateMachine.committedFirstRealDocumentLoad()) |
2212 | m_stateMachine.advanceTo(FrameLoaderStateMachine::DisplayingInitialEmptyDocumentPostCommit); |
2213 | } |
2214 | |
2215 | void FrameLoader::clientRedirectCancelledOrFinished(NewLoadInProgress newLoadInProgress) |
2216 | { |
2217 | // Note that -webView:didCancelClientRedirectForFrame: is called on the frame load delegate even if |
2218 | // the redirect succeeded. We should either rename this API, or add a new method, like |
2219 | // -webView:didFinishClientRedirectForFrame: |
2220 | m_client.dispatchDidCancelClientRedirect(); |
2221 | |
2222 | if (newLoadInProgress == NewLoadInProgress::No) |
2223 | m_quickRedirectComing = false; |
2224 | |
2225 | m_sentRedirectNotification = false; |
2226 | } |
2227 | |
2228 | void FrameLoader::clientRedirected(const URL& url, double seconds, WallTime fireDate, LockBackForwardList lockBackForwardList) |
2229 | { |
2230 | m_client.dispatchWillPerformClientRedirect(url, seconds, fireDate, lockBackForwardList); |
2231 | |
2232 | // Remember that we sent a redirect notification to the frame load delegate so that when we commit |
2233 | // the next provisional load, we can send a corresponding -webView:didCancelClientRedirectForFrame: |
2234 | m_sentRedirectNotification = true; |
2235 | |
2236 | // If a "quick" redirect comes in, we set a special mode so we treat the next |
2237 | // load as part of the original navigation. If we don't have a document loader, we have |
2238 | // no "original" load on which to base a redirect, so we treat the redirect as a normal load. |
2239 | // Loads triggered by JavaScript form submissions never count as quick redirects. |
2240 | m_quickRedirectComing = (lockBackForwardList == LockBackForwardList::Yes || history().currentItemShouldBeReplaced()) && m_documentLoader && !m_isExecutingJavaScriptFormAction; |
2241 | } |
2242 | |
2243 | bool FrameLoader::shouldReload(const URL& currentURL, const URL& destinationURL) |
2244 | { |
2245 | // This function implements the rule: "Don't reload if navigating by fragment within |
2246 | // the same URL, but do reload if going to a new URL or to the same URL with no |
2247 | // fragment identifier at all." |
2248 | if (!destinationURL.hasFragmentIdentifier()) |
2249 | return true; |
2250 | return !equalIgnoringFragmentIdentifier(currentURL, destinationURL); |
2251 | } |
2252 | |
2253 | void FrameLoader::closeOldDataSources() |
2254 | { |
2255 | // FIXME: Is it important for this traversal to be postorder instead of preorder? |
2256 | // If so, add helpers for postorder traversal, and use them. If not, then lets not |
2257 | // use a recursive algorithm here. |
2258 | for (Frame* child = m_frame.tree().firstChild(); child; child = child->tree().nextSibling()) |
2259 | child->loader().closeOldDataSources(); |
2260 | |
2261 | if (m_documentLoader) |
2262 | m_client.dispatchWillClose(); |
2263 | |
2264 | m_client.setMainFrameDocumentReady(false); // stop giving out the actual DOMDocument to observers |
2265 | } |
2266 | |
2267 | void FrameLoader::willRestoreFromCachedPage() |
2268 | { |
2269 | ASSERT(!m_frame.tree().parent()); |
2270 | ASSERT(m_frame.page()); |
2271 | ASSERT(m_frame.isMainFrame()); |
2272 | |
2273 | m_frame.navigationScheduler().cancel(); |
2274 | |
2275 | // We still have to close the previous part page. |
2276 | closeURL(); |
2277 | |
2278 | // Delete old status bar messages (if it _was_ activated on last URL). |
2279 | if (m_frame.script().canExecuteScripts(NotAboutToExecuteScript)) { |
2280 | DOMWindow* window = m_frame.document()->domWindow(); |
2281 | window->setStatus(String()); |
2282 | window->setDefaultStatus(String()); |
2283 | } |
2284 | } |
2285 | |
2286 | void FrameLoader::open(CachedFrameBase& cachedFrame) |
2287 | { |
2288 | m_isComplete = false; |
2289 | |
2290 | // Don't re-emit the load event. |
2291 | m_didCallImplicitClose = true; |
2292 | |
2293 | URL url = cachedFrame.url(); |
2294 | |
2295 | // FIXME: I suspect this block of code doesn't do anything. |
2296 | if (url.protocolIsInHTTPFamily() && !url.host().isEmpty() && url.path().isEmpty()) |
2297 | url.setPath("/" ); |
2298 | |
2299 | started(); |
2300 | Document* document = cachedFrame.document(); |
2301 | ASSERT(document); |
2302 | ASSERT(document->domWindow()); |
2303 | |
2304 | clear(document, true, true, cachedFrame.isMainFrame()); |
2305 | |
2306 | document->setPageCacheState(Document::NotInPageCache); |
2307 | |
2308 | m_needsClear = true; |
2309 | m_isComplete = false; |
2310 | m_didCallImplicitClose = false; |
2311 | m_outgoingReferrer = url.string(); |
2312 | |
2313 | FrameView* view = cachedFrame.view(); |
2314 | |
2315 | // When navigating to a CachedFrame its FrameView should never be null. If it is we'll crash in creative ways downstream. |
2316 | ASSERT(view); |
2317 | view->setWasScrolledByUser(false); |
2318 | |
2319 | Optional<IntRect> previousViewFrameRect = m_frame.view() ? m_frame.view()->frameRect() : Optional<IntRect>(WTF::nullopt); |
2320 | m_frame.setView(view); |
2321 | |
2322 | // Use the previous ScrollView's frame rect. |
2323 | if (previousViewFrameRect) |
2324 | view->setFrameRect(previousViewFrameRect.value()); |
2325 | |
2326 | { |
2327 | // Setting the document builds the render tree and runs post style resolution callbacks that can do anything, |
2328 | // including loading a child frame before its been re-attached to the frame tree as part of this restore. |
2329 | // For example, the HTML object element may load its content into a frame in a post style resolution callback. |
2330 | NavigationDisabler disableNavigation { &m_frame }; |
2331 | m_frame.setDocument(document); |
2332 | } |
2333 | |
2334 | document->domWindow()->resumeFromPageCache(); |
2335 | |
2336 | updateFirstPartyForCookies(); |
2337 | |
2338 | cachedFrame.restore(); |
2339 | } |
2340 | |
2341 | bool FrameLoader::isHostedByObjectElement() const |
2342 | { |
2343 | HTMLFrameOwnerElement* owner = m_frame.ownerElement(); |
2344 | return owner && owner->hasTagName(objectTag); |
2345 | } |
2346 | |
2347 | bool FrameLoader::isReplacing() const |
2348 | { |
2349 | return m_loadType == FrameLoadType::Replace; |
2350 | } |
2351 | |
2352 | void FrameLoader::setReplacing() |
2353 | { |
2354 | m_loadType = FrameLoadType::Replace; |
2355 | } |
2356 | |
2357 | bool FrameLoader::subframeIsLoading() const |
2358 | { |
2359 | // It's most likely that the last added frame is the last to load so we walk backwards. |
2360 | for (Frame* child = m_frame.tree().lastChild(); child; child = child->tree().previousSibling()) { |
2361 | FrameLoader& childLoader = child->loader(); |
2362 | DocumentLoader* documentLoader = childLoader.documentLoader(); |
2363 | if (documentLoader && documentLoader->isLoadingInAPISense()) |
2364 | return true; |
2365 | documentLoader = childLoader.provisionalDocumentLoader(); |
2366 | if (documentLoader && documentLoader->isLoadingInAPISense()) |
2367 | return true; |
2368 | documentLoader = childLoader.policyDocumentLoader(); |
2369 | if (documentLoader) |
2370 | return true; |
2371 | } |
2372 | return false; |
2373 | } |
2374 | |
2375 | void FrameLoader::willChangeTitle(DocumentLoader* loader) |
2376 | { |
2377 | m_client.willChangeTitle(loader); |
2378 | } |
2379 | |
2380 | FrameLoadType FrameLoader::loadType() const |
2381 | { |
2382 | return m_loadType; |
2383 | } |
2384 | |
2385 | CachePolicy FrameLoader::subresourceCachePolicy(const URL& url) const |
2386 | { |
2387 | if (Page* page = m_frame.page()) { |
2388 | if (page->isResourceCachingDisabled()) |
2389 | return CachePolicyReload; |
2390 | } |
2391 | |
2392 | if (m_isComplete) |
2393 | return CachePolicyVerify; |
2394 | |
2395 | if (m_loadType == FrameLoadType::ReloadFromOrigin) |
2396 | return CachePolicyReload; |
2397 | |
2398 | if (Frame* parentFrame = m_frame.tree().parent()) { |
2399 | CachePolicy parentCachePolicy = parentFrame->loader().subresourceCachePolicy(url); |
2400 | if (parentCachePolicy != CachePolicyVerify) |
2401 | return parentCachePolicy; |
2402 | } |
2403 | |
2404 | switch (m_loadType) { |
2405 | case FrameLoadType::Reload: |
2406 | return CachePolicyRevalidate; |
2407 | case FrameLoadType::Back: |
2408 | case FrameLoadType::Forward: |
2409 | case FrameLoadType::IndexedBackForward: |
2410 | return CachePolicyHistoryBuffer; |
2411 | case FrameLoadType::ReloadFromOrigin: |
2412 | ASSERT_NOT_REACHED(); // Already handled above. |
2413 | return CachePolicyReload; |
2414 | case FrameLoadType::RedirectWithLockedBackForwardList: |
2415 | case FrameLoadType::Replace: |
2416 | case FrameLoadType::Same: |
2417 | case FrameLoadType::Standard: |
2418 | return CachePolicyVerify; |
2419 | case FrameLoadType::ReloadExpiredOnly: |
2420 | // We know about expiration for HTTP and data. Do a normal reload otherwise. |
2421 | if (!url.protocolIsInHTTPFamily() && !url.protocolIsData()) |
2422 | return CachePolicyReload; |
2423 | return CachePolicyVerify; |
2424 | } |
2425 | |
2426 | RELEASE_ASSERT_NOT_REACHED(); |
2427 | return CachePolicyVerify; |
2428 | } |
2429 | |
2430 | void FrameLoader::dispatchDidFailProvisionalLoad(DocumentLoader& provisionalDocumentLoader, const ResourceError& error) |
2431 | { |
2432 | m_provisionalLoadErrorBeingHandledURL = provisionalDocumentLoader.url(); |
2433 | |
2434 | #if ENABLE(CONTENT_FILTERING) |
2435 | auto contentFilter = provisionalDocumentLoader.contentFilter(); |
2436 | auto contentFilterWillContinueLoading = false; |
2437 | #endif |
2438 | |
2439 | auto willContinueLoading = WillContinueLoading::No; |
2440 | if (history().provisionalItem()) |
2441 | willContinueLoading = WillContinueLoading::Yes; |
2442 | #if ENABLE(CONTENT_FILTERING) |
2443 | if (contentFilter && contentFilter->willHandleProvisionalLoadFailure(error)) { |
2444 | willContinueLoading = WillContinueLoading::Yes; |
2445 | contentFilterWillContinueLoading = true; |
2446 | } |
2447 | #endif |
2448 | |
2449 | m_client.dispatchDidFailProvisionalLoad(error, willContinueLoading); |
2450 | |
2451 | #if ENABLE(CONTENT_FILTERING) |
2452 | if (contentFilterWillContinueLoading) |
2453 | contentFilter->handleProvisionalLoadFailure(error); |
2454 | #endif |
2455 | |
2456 | m_provisionalLoadErrorBeingHandledURL = { }; |
2457 | } |
2458 | |
2459 | void FrameLoader::checkLoadCompleteForThisFrame() |
2460 | { |
2461 | ASSERT(m_client.hasWebView()); |
2462 | |
2463 | // FIXME: Should this check be done in checkLoadComplete instead of here? |
2464 | // FIXME: Why does this one check need to be repeated here, and not the many others from checkCompleted? |
2465 | if (m_frame.document()->isDelayingLoadEvent()) |
2466 | return; |
2467 | |
2468 | switch (m_state) { |
2469 | case FrameStateProvisional: { |
2470 | // FIXME: Prohibiting any provisional load failures from being sent to clients |
2471 | // while handling provisional load failures is too heavy. For example, the current |
2472 | // load will fail to cancel another ongoing load. That might prevent clients' page |
2473 | // load state being handled properly. |
2474 | if (!m_provisionalLoadErrorBeingHandledURL.isEmpty()) |
2475 | return; |
2476 | |
2477 | RefPtr<DocumentLoader> pdl = m_provisionalDocumentLoader; |
2478 | if (!pdl) |
2479 | return; |
2480 | |
2481 | // If we've received any errors we may be stuck in the provisional state and actually complete. |
2482 | const ResourceError& error = pdl->mainDocumentError(); |
2483 | if (error.isNull()) |
2484 | return; |
2485 | |
2486 | // Check all children first. |
2487 | RefPtr<HistoryItem> item; |
2488 | if (Page* page = m_frame.page()) |
2489 | if (isBackForwardLoadType(loadType())) |
2490 | // Reset the back forward list to the last committed history item at the top level. |
2491 | item = page->mainFrame().loader().history().currentItem(); |
2492 | |
2493 | // Only reset if we aren't already going to a new provisional item. |
2494 | bool shouldReset = !history().provisionalItem(); |
2495 | if (!pdl->isLoadingInAPISense() || pdl->isStopping()) { |
2496 | RELEASE_LOG_IF_ALLOWED("checkLoadCompleteForThisFrame: Failed provisional load (frame = %p, main = %d, isTimeout = %d, isCancellation = %d, errorCode = %d)" , &m_frame, m_frame.isMainFrame(), error.isTimeout(), error.isCancellation(), error.errorCode()); |
2497 | |
2498 | dispatchDidFailProvisionalLoad(*pdl, error); |
2499 | ASSERT(!pdl->isLoading()); |
2500 | |
2501 | // If we're in the middle of loading multipart data, we need to restore the document loader. |
2502 | if (isReplacing() && !m_documentLoader.get()) |
2503 | setDocumentLoader(m_provisionalDocumentLoader.get()); |
2504 | |
2505 | // Finish resetting the load state, but only if another load hasn't been started by the |
2506 | // delegate callback. |
2507 | if (pdl == m_provisionalDocumentLoader) |
2508 | clearProvisionalLoad(); |
2509 | else if (activeDocumentLoader()) { |
2510 | URL unreachableURL = activeDocumentLoader()->unreachableURL(); |
2511 | if (!unreachableURL.isEmpty() && unreachableURL == pdl->request().url()) |
2512 | shouldReset = false; |
2513 | } |
2514 | } |
2515 | if (shouldReset && item) |
2516 | if (Page* page = m_frame.page()) { |
2517 | page->backForward().setCurrentItem(*item); |
2518 | } |
2519 | return; |
2520 | } |
2521 | |
2522 | case FrameStateCommittedPage: { |
2523 | if (!m_documentLoader) |
2524 | return; |
2525 | if (m_documentLoader->isLoadingInAPISense() && !m_documentLoader->isStopping() && !m_checkingLoadCompleteForDetachment) |
2526 | return; |
2527 | |
2528 | setState(FrameStateComplete); |
2529 | |
2530 | // FIXME: Is this subsequent work important if we already navigated away? |
2531 | // Maybe there are bugs because of that, or extra work we can skip because |
2532 | // the new page is ready. |
2533 | |
2534 | m_client.forceLayoutForNonHTML(); |
2535 | |
2536 | // If the user had a scroll point, scroll to it, overriding the anchor point if any. |
2537 | if (m_frame.page()) { |
2538 | if (isBackForwardLoadType(m_loadType) || isReload(m_loadType)) |
2539 | history().restoreScrollPositionAndViewState(); |
2540 | } |
2541 | |
2542 | if (m_stateMachine.creatingInitialEmptyDocument() || !m_stateMachine.committedFirstRealDocumentLoad()) |
2543 | return; |
2544 | |
2545 | m_progressTracker->progressCompleted(); |
2546 | Page* page = m_frame.page(); |
2547 | if (page) { |
2548 | if (m_frame.isMainFrame()) { |
2549 | tracePoint(MainResourceLoadDidEnd); |
2550 | page->didFinishLoad(); |
2551 | } |
2552 | } |
2553 | |
2554 | const ResourceError& error = m_documentLoader->mainDocumentError(); |
2555 | |
2556 | AXObjectCache::AXLoadingEvent loadingEvent; |
2557 | if (!error.isNull()) { |
2558 | RELEASE_LOG_IF_ALLOWED("checkLoadCompleteForThisFrame: Finished frame load with error (frame = %p, main = %d, isTimeout = %d, isCancellation = %d, errorCode = %d)" , &m_frame, m_frame.isMainFrame(), error.isTimeout(), error.isCancellation(), error.errorCode()); |
2559 | m_client.dispatchDidFailLoad(error); |
2560 | loadingEvent = AXObjectCache::AXLoadingFailed; |
2561 | } else { |
2562 | RELEASE_LOG_IF_ALLOWED("checkLoadCompleteForThisFrame: Finished frame load (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
2563 | #if ENABLE(DATA_DETECTION) |
2564 | auto* document = m_frame.document(); |
2565 | if (m_frame.settings().dataDetectorTypes() != DataDetectorTypeNone && document) { |
2566 | if (auto* documentElement = document->documentElement()) { |
2567 | RefPtr<Range> documentRange = makeRange(firstPositionInNode(documentElement), lastPositionInNode(documentElement)); |
2568 | m_frame.setDataDetectionResults(DataDetection::detectContentInRange(documentRange, m_frame.settings().dataDetectorTypes(), m_client.dataDetectionContext())); |
2569 | if (m_frame.isMainFrame()) |
2570 | m_client.dispatchDidFinishDataDetection(m_frame.dataDetectionResults()); |
2571 | } |
2572 | } |
2573 | #endif |
2574 | m_client.dispatchDidFinishLoad(); |
2575 | loadingEvent = AXObjectCache::AXLoadingFinished; |
2576 | } |
2577 | |
2578 | // Notify accessibility. |
2579 | if (auto* document = m_frame.document()) { |
2580 | if (AXObjectCache* cache = document->existingAXObjectCache()) |
2581 | cache->frameLoadingEventNotification(&m_frame, loadingEvent); |
2582 | } |
2583 | |
2584 | // The above calls to dispatchDidFinishLoad() might have detached the Frame |
2585 | // from its Page and also might have caused Page to be deleted. |
2586 | // Don't assume 'page' is still available to use. |
2587 | if (m_frame.isMainFrame() && m_frame.page()) { |
2588 | ASSERT(&m_frame.page()->mainFrame() == &m_frame); |
2589 | m_frame.page()->diagnosticLoggingClient().logDiagnosticMessageWithResult(DiagnosticLoggingKeys::pageLoadedKey(), emptyString(), error.isNull() ? DiagnosticLoggingResultPass : DiagnosticLoggingResultFail, ShouldSample::Yes); |
2590 | } |
2591 | |
2592 | return; |
2593 | } |
2594 | |
2595 | case FrameStateComplete: |
2596 | m_loadType = FrameLoadType::Standard; |
2597 | frameLoadCompleted(); |
2598 | return; |
2599 | } |
2600 | |
2601 | ASSERT_NOT_REACHED(); |
2602 | } |
2603 | |
2604 | void FrameLoader::setOriginalURLForDownloadRequest(ResourceRequest& request) |
2605 | { |
2606 | // FIXME: Rename firstPartyForCookies back to mainDocumentURL. It was a mistake to think that it was only used for cookies. |
2607 | // The originalURL is defined as the URL of the page where the download was initiated. |
2608 | URL originalURL; |
2609 | auto* initiator = m_frame.document(); |
2610 | if (initiator) { |
2611 | originalURL = initiator->firstPartyForCookies(); |
2612 | // If there is no main document URL, it means that this document is newly opened and just for download purpose. |
2613 | // In this case, we need to set the originalURL to this document's opener's main document URL. |
2614 | if (originalURL.isEmpty() && opener() && opener()->document()) { |
2615 | originalURL = opener()->document()->firstPartyForCookies(); |
2616 | initiator = opener()->document(); |
2617 | } |
2618 | } |
2619 | // If the originalURL is the same as the requested URL, we are processing a download |
2620 | // initiated directly without a page and do not need to specify the originalURL. |
2621 | if (originalURL == request.url()) |
2622 | request.setFirstPartyForCookies(URL()); |
2623 | else |
2624 | request.setFirstPartyForCookies(originalURL); |
2625 | addSameSiteInfoToRequestIfNeeded(request, initiator); |
2626 | } |
2627 | |
2628 | void FrameLoader::didReachLayoutMilestone(OptionSet<LayoutMilestone> milestones) |
2629 | { |
2630 | ASSERT(m_frame.isMainFrame()); |
2631 | |
2632 | m_client.dispatchDidReachLayoutMilestone(milestones); |
2633 | } |
2634 | |
2635 | void FrameLoader::didFirstLayout() |
2636 | { |
2637 | #if PLATFORM(IOS_FAMILY) |
2638 | // Only send layout-related delegate callbacks synchronously for the main frame to |
2639 | // avoid reentering layout for the main frame while delivering a layout-related delegate |
2640 | // callback for a subframe. |
2641 | if (&m_frame != &m_frame.page()->mainFrame()) |
2642 | return; |
2643 | #endif |
2644 | if (m_frame.page() && isBackForwardLoadType(m_loadType)) |
2645 | history().restoreScrollPositionAndViewState(); |
2646 | |
2647 | if (m_stateMachine.committedFirstRealDocumentLoad() && !m_stateMachine.isDisplayingInitialEmptyDocument() && !m_stateMachine.firstLayoutDone()) |
2648 | m_stateMachine.advanceTo(FrameLoaderStateMachine::FirstLayoutDone); |
2649 | } |
2650 | |
2651 | void FrameLoader::frameLoadCompleted() |
2652 | { |
2653 | // Note: Can be called multiple times. |
2654 | |
2655 | m_client.frameLoadCompleted(); |
2656 | |
2657 | history().updateForFrameLoadCompleted(); |
2658 | |
2659 | // After a canceled provisional load, firstLayoutDone is false. |
2660 | // Reset it to true if we're displaying a page. |
2661 | if (m_documentLoader && m_stateMachine.committedFirstRealDocumentLoad() && !m_stateMachine.isDisplayingInitialEmptyDocument() && !m_stateMachine.firstLayoutDone()) |
2662 | m_stateMachine.advanceTo(FrameLoaderStateMachine::FirstLayoutDone); |
2663 | } |
2664 | |
2665 | void FrameLoader::detachChildren() |
2666 | { |
2667 | // detachChildren() will fire the unload event in each subframe and the |
2668 | // HTML specification states that the parent document's ignore-opens-during-unload counter while |
2669 | // this event is being fired in its subframes: |
2670 | // https://html.spec.whatwg.org/multipage/browsers.html#unload-a-document |
2671 | IgnoreOpensDuringUnloadCountIncrementer ignoreOpensDuringUnloadCountIncrementer(m_frame.document()); |
2672 | |
2673 | // Any subframe inserted by unload event handlers executed in the loop below will not get unloaded |
2674 | // because we create a copy of the subframes list before looping. Therefore, it would be unsafe to |
2675 | // allow loading of subframes at this point. |
2676 | SubframeLoadingDisabler subframeLoadingDisabler(m_frame.document()); |
2677 | |
2678 | Vector<Ref<Frame>, 16> childrenToDetach; |
2679 | childrenToDetach.reserveInitialCapacity(m_frame.tree().childCount()); |
2680 | for (Frame* child = m_frame.tree().lastChild(); child; child = child->tree().previousSibling()) |
2681 | childrenToDetach.uncheckedAppend(*child); |
2682 | for (auto& child : childrenToDetach) |
2683 | child->loader().detachFromParent(); |
2684 | } |
2685 | |
2686 | void FrameLoader::closeAndRemoveChild(Frame& child) |
2687 | { |
2688 | child.tree().detachFromParent(); |
2689 | |
2690 | child.setView(nullptr); |
2691 | if (child.ownerElement() && child.page()) |
2692 | child.page()->decrementSubframeCount(); |
2693 | child.willDetachPage(); |
2694 | child.detachFromPage(); |
2695 | |
2696 | m_frame.tree().removeChild(child); |
2697 | } |
2698 | |
2699 | // Called every time a resource is completely loaded or an error is received. |
2700 | void FrameLoader::checkLoadComplete() |
2701 | { |
2702 | m_shouldCallCheckLoadComplete = false; |
2703 | |
2704 | if (!m_frame.page()) |
2705 | return; |
2706 | |
2707 | ASSERT(m_client.hasWebView()); |
2708 | |
2709 | // FIXME: Always traversing the entire frame tree is a bit inefficient, but |
2710 | // is currently needed in order to null out the previous history item for all frames. |
2711 | Vector<Ref<Frame>, 16> frames; |
2712 | for (Frame* frame = &m_frame.mainFrame(); frame; frame = frame->tree().traverseNext()) |
2713 | frames.append(*frame); |
2714 | |
2715 | // To process children before their parents, iterate the vector backwards. |
2716 | for (auto frame = frames.rbegin(); frame != frames.rend(); ++frame) { |
2717 | if ((*frame)->page()) |
2718 | (*frame)->loader().checkLoadCompleteForThisFrame(); |
2719 | } |
2720 | } |
2721 | |
2722 | int FrameLoader::numPendingOrLoadingRequests(bool recurse) const |
2723 | { |
2724 | if (!recurse) |
2725 | return m_frame.document()->cachedResourceLoader().requestCount(); |
2726 | |
2727 | int count = 0; |
2728 | for (Frame* frame = &m_frame; frame; frame = frame->tree().traverseNext(&m_frame)) |
2729 | count += frame->document()->cachedResourceLoader().requestCount(); |
2730 | return count; |
2731 | } |
2732 | |
2733 | String FrameLoader::userAgent(const URL& url) const |
2734 | { |
2735 | String userAgent; |
2736 | |
2737 | if (auto* documentLoader = m_frame.mainFrame().loader().activeDocumentLoader()) |
2738 | userAgent = documentLoader->customUserAgent(); |
2739 | |
2740 | InspectorInstrumentation::applyUserAgentOverride(m_frame, userAgent); |
2741 | |
2742 | if (!userAgent.isEmpty()) |
2743 | return userAgent; |
2744 | |
2745 | return m_client.userAgent(url); |
2746 | } |
2747 | |
2748 | String FrameLoader::userAgentForJavaScript(const URL& url) const |
2749 | { |
2750 | String userAgent; |
2751 | |
2752 | if (auto* documentLoader = m_frame.mainFrame().loader().activeDocumentLoader()) { |
2753 | if (m_frame.settings().needsSiteSpecificQuirks()) |
2754 | userAgent = documentLoader->customJavaScriptUserAgentAsSiteSpecificQuirks(); |
2755 | if (userAgent.isEmpty()) |
2756 | userAgent = documentLoader->customUserAgent(); |
2757 | } |
2758 | |
2759 | InspectorInstrumentation::applyUserAgentOverride(m_frame, userAgent); |
2760 | |
2761 | if (!userAgent.isEmpty()) |
2762 | return userAgent; |
2763 | |
2764 | return m_client.userAgent(url); |
2765 | } |
2766 | |
2767 | String FrameLoader::navigatorPlatform() const |
2768 | { |
2769 | if (auto* documentLoader = m_frame.mainFrame().loader().activeDocumentLoader()) { |
2770 | auto& customNavigatorPlatform = documentLoader->customNavigatorPlatform(); |
2771 | if (!customNavigatorPlatform.isEmpty()) |
2772 | return customNavigatorPlatform; |
2773 | } |
2774 | return String(); |
2775 | } |
2776 | |
2777 | void FrameLoader::dispatchOnloadEvents() |
2778 | { |
2779 | m_client.dispatchDidDispatchOnloadEvents(); |
2780 | |
2781 | if (documentLoader()) |
2782 | documentLoader()->dispatchOnloadEvents(); |
2783 | } |
2784 | |
2785 | void FrameLoader::frameDetached() |
2786 | { |
2787 | // Calling stopAllLoadersAndCheckCompleteness() can cause the frame to be deallocated, including the frame loader. |
2788 | Ref<Frame> protectedFrame(m_frame); |
2789 | |
2790 | if (m_checkTimer.isActive()) { |
2791 | m_checkTimer.stop(); |
2792 | checkCompletenessNow(); |
2793 | } |
2794 | |
2795 | if (m_frame.document()->pageCacheState() != Document::InPageCache) { |
2796 | stopAllLoadersAndCheckCompleteness(); |
2797 | m_frame.document()->stopActiveDOMObjects(); |
2798 | } |
2799 | |
2800 | detachFromParent(); |
2801 | } |
2802 | |
2803 | void FrameLoader::detachFromParent() |
2804 | { |
2805 | // Calling stopAllLoaders() can cause the frame to be deallocated, including the frame loader. |
2806 | Ref<Frame> protect(m_frame); |
2807 | |
2808 | closeURL(); |
2809 | history().saveScrollPositionAndViewStateToItem(history().currentItem()); |
2810 | detachChildren(); |
2811 | if (m_frame.document()->pageCacheState() != Document::InPageCache) { |
2812 | // stopAllLoaders() needs to be called after detachChildren() if the document is not in the page cache, |
2813 | // because detachedChildren() will trigger the unload event handlers of any child frames, and those event |
2814 | // handlers might start a new subresource load in this frame. |
2815 | stopAllLoaders(); |
2816 | } |
2817 | |
2818 | InspectorInstrumentation::frameDetachedFromParent(m_frame); |
2819 | |
2820 | detachViewsAndDocumentLoader(); |
2821 | |
2822 | m_progressTracker = nullptr; |
2823 | |
2824 | if (Frame* parent = m_frame.tree().parent()) { |
2825 | parent->loader().closeAndRemoveChild(m_frame); |
2826 | parent->loader().scheduleCheckCompleted(); |
2827 | parent->loader().scheduleCheckLoadComplete(); |
2828 | } else { |
2829 | m_frame.setView(nullptr); |
2830 | m_frame.willDetachPage(); |
2831 | m_frame.detachFromPage(); |
2832 | } |
2833 | } |
2834 | |
2835 | void FrameLoader::detachViewsAndDocumentLoader() |
2836 | { |
2837 | m_client.detachedFromParent2(); |
2838 | setDocumentLoader(nullptr); |
2839 | m_client.detachedFromParent3(); |
2840 | } |
2841 | |
2842 | void FrameLoader::(ResourceRequest& request) |
2843 | { |
2844 | addExtraFieldsToRequest(request, m_loadType, false); |
2845 | } |
2846 | |
2847 | void FrameLoader::addExtraFieldsToMainResourceRequest(ResourceRequest& request) |
2848 | { |
2849 | // FIXME: Using m_loadType seems wrong for some callers. |
2850 | // If we are only preparing to load the main resource, that is previous load's load type! |
2851 | addExtraFieldsToRequest(request, m_loadType, true); |
2852 | |
2853 | // Upgrade-Insecure-Requests should only be added to main resource requests |
2854 | addHTTPUpgradeInsecureRequestsIfNeeded(request); |
2855 | } |
2856 | |
2857 | ResourceRequestCachePolicy FrameLoader::defaultRequestCachingPolicy(const ResourceRequest& request, FrameLoadType loadType, bool isMainResource) |
2858 | { |
2859 | if (m_overrideCachePolicyForTesting) |
2860 | return m_overrideCachePolicyForTesting.value(); |
2861 | |
2862 | if (isMainResource) { |
2863 | if (isReload(loadType) || request.isConditional()) |
2864 | return ResourceRequestCachePolicy::ReloadIgnoringCacheData; |
2865 | |
2866 | return ResourceRequestCachePolicy::UseProtocolCachePolicy; |
2867 | } |
2868 | |
2869 | if (request.isConditional()) |
2870 | return ResourceRequestCachePolicy::ReloadIgnoringCacheData; |
2871 | |
2872 | if (documentLoader()->isLoadingInAPISense()) { |
2873 | // If we inherit cache policy from a main resource, we use the DocumentLoader's |
2874 | // original request cache policy for two reasons: |
2875 | // 1. For POST requests, we mutate the cache policy for the main resource, |
2876 | // but we do not want this to apply to subresources |
2877 | // 2. Delegates that modify the cache policy using willSendRequest: should |
2878 | // not affect any other resources. Such changes need to be done |
2879 | // per request. |
2880 | ResourceRequestCachePolicy mainDocumentOriginalCachePolicy = documentLoader()->originalRequest().cachePolicy(); |
2881 | // Back-forward navigations try to load main resource from cache only to avoid re-submitting form data, and start over (with a warning dialog) if that fails. |
2882 | // This policy is set on initial request too, but should not be inherited. |
2883 | return (mainDocumentOriginalCachePolicy == ResourceRequestCachePolicy::ReturnCacheDataDontLoad) ? ResourceRequestCachePolicy::ReturnCacheDataElseLoad : mainDocumentOriginalCachePolicy; |
2884 | } |
2885 | |
2886 | return ResourceRequestCachePolicy::UseProtocolCachePolicy; |
2887 | } |
2888 | |
2889 | void FrameLoader::(ResourceRequest& request, FrameLoadType loadType, bool isMainResource) |
2890 | { |
2891 | // If the request came from a previous process due to process-swap-on-navigation then we should not modify the request. |
2892 | if (m_currentLoadContinuingState == LoadContinuingState::ContinuingWithRequest) |
2893 | return; |
2894 | |
2895 | // Don't set the cookie policy URL if it's already been set. |
2896 | // But make sure to set it on all requests regardless of protocol, as it has significance beyond the cookie policy (<rdar://problem/6616664>). |
2897 | bool isMainFrameMainResource = isMainResource && m_frame.isMainFrame(); |
2898 | if (request.firstPartyForCookies().isEmpty()) { |
2899 | if (isMainFrameMainResource) |
2900 | request.setFirstPartyForCookies(request.url()); |
2901 | else if (Document* document = m_frame.document()) |
2902 | request.setFirstPartyForCookies(document->firstPartyForCookies()); |
2903 | } |
2904 | |
2905 | if (request.isSameSiteUnspecified()) { |
2906 | auto* initiator = m_frame.document(); |
2907 | if (isMainResource) { |
2908 | auto* ownerFrame = m_frame.tree().parent(); |
2909 | if (!ownerFrame && m_stateMachine.isDisplayingInitialEmptyDocument()) |
2910 | ownerFrame = m_opener; |
2911 | if (ownerFrame) |
2912 | initiator = ownerFrame->document(); |
2913 | ASSERT(ownerFrame || m_frame.isMainFrame()); |
2914 | } |
2915 | addSameSiteInfoToRequestIfNeeded(request, initiator); |
2916 | } |
2917 | request.setIsTopSite(isMainFrameMainResource); |
2918 | |
2919 | Page* page = frame().page(); |
2920 | bool hasSpecificCachePolicy = request.cachePolicy() != ResourceRequestCachePolicy::UseProtocolCachePolicy; |
2921 | |
2922 | if (page && page->isResourceCachingDisabled()) { |
2923 | request.setCachePolicy(ResourceRequestCachePolicy::ReloadIgnoringCacheData); |
2924 | loadType = FrameLoadType::ReloadFromOrigin; |
2925 | } else if (!hasSpecificCachePolicy) |
2926 | request.setCachePolicy(defaultRequestCachingPolicy(request, loadType, isMainResource)); |
2927 | |
2928 | // The remaining modifications are only necessary for HTTP and HTTPS. |
2929 | if (!request.url().isEmpty() && !request.url().protocolIsInHTTPFamily()) |
2930 | return; |
2931 | |
2932 | if (!hasSpecificCachePolicy && request.cachePolicy() == ResourceRequestCachePolicy::ReloadIgnoringCacheData) { |
2933 | if (loadType == FrameLoadType::Reload) |
2934 | request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "max-age=0" ); |
2935 | else if (loadType == FrameLoadType::ReloadFromOrigin) { |
2936 | request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "no-cache" ); |
2937 | request.setHTTPHeaderField(HTTPHeaderName::Pragma, "no-cache" ); |
2938 | } |
2939 | } |
2940 | |
2941 | if (m_overrideResourceLoadPriorityForTesting) |
2942 | request.setPriority(m_overrideResourceLoadPriorityForTesting.value()); |
2943 | |
2944 | applyUserAgentIfNeeded(request); |
2945 | |
2946 | if (isMainResource) |
2947 | request.setHTTPAccept(defaultAcceptHeader); |
2948 | |
2949 | // Make sure we send the Origin header. |
2950 | addHTTPOriginIfNeeded(request, String()); |
2951 | |
2952 | // Only set fallback array if it's still empty (later attempts may be incorrect, see bug 117818). |
2953 | if (request.responseContentDispositionEncodingFallbackArray().isEmpty()) { |
2954 | // Always try UTF-8. If that fails, try frame encoding (if any) and then the default. |
2955 | request.setResponseContentDispositionEncodingFallbackArray("UTF-8" , m_frame.document()->encoding(), m_frame.settings().defaultTextEncodingName()); |
2956 | } |
2957 | } |
2958 | |
2959 | void FrameLoader::addHTTPOriginIfNeeded(ResourceRequest& request, const String& origin) |
2960 | { |
2961 | if (!request.httpOrigin().isEmpty()) |
2962 | return; // Request already has an Origin header. |
2963 | |
2964 | // Don't send an Origin header for GET or HEAD to avoid privacy issues. |
2965 | // For example, if an intranet page has a hyperlink to an external web |
2966 | // site, we don't want to include the Origin of the request because it |
2967 | // will leak the internal host name. Similar privacy concerns have lead |
2968 | // to the widespread suppression of the Referer header at the network |
2969 | // layer. |
2970 | if (request.httpMethod() == "GET" || request.httpMethod() == "HEAD" ) |
2971 | return; |
2972 | |
2973 | // For non-GET and non-HEAD methods, always send an Origin header so the |
2974 | // server knows we support this feature. |
2975 | |
2976 | if (origin.isEmpty()) { |
2977 | // If we don't know what origin header to attach, we attach the value |
2978 | // for an empty origin. |
2979 | request.setHTTPOrigin(SecurityOrigin::createUnique()->toString()); |
2980 | return; |
2981 | } |
2982 | |
2983 | request.setHTTPOrigin(origin); |
2984 | } |
2985 | |
2986 | // Implements the "'Same-site' and 'cross-site' Requests" algorithm from <https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00#section-2.1>. |
2987 | // The algorithm is ammended to treat URLs that inherit their security origin from their owner (e.g. about:blank) |
2988 | // as same-site. This matches the behavior of Chrome and Firefox. |
2989 | void FrameLoader::addSameSiteInfoToRequestIfNeeded(ResourceRequest& request, const Document* initiator) |
2990 | { |
2991 | if (!request.isSameSiteUnspecified()) |
2992 | return; |
2993 | if (!initiator) { |
2994 | request.setIsSameSite(true); |
2995 | return; |
2996 | } |
2997 | if (SecurityPolicy::shouldInheritSecurityOriginFromOwner(request.url())) { |
2998 | request.setIsSameSite(true); |
2999 | return; |
3000 | } |
3001 | request.setIsSameSite(areRegistrableDomainsEqual(initiator->siteForCookies(), request.url())); |
3002 | } |
3003 | |
3004 | void FrameLoader::addHTTPUpgradeInsecureRequestsIfNeeded(ResourceRequest& request) |
3005 | { |
3006 | if (request.url().protocolIs("https" )) { |
3007 | // FIXME: Identify HSTS cases and avoid adding the header. <https://bugs.webkit.org/show_bug.cgi?id=157885> |
3008 | return; |
3009 | } |
3010 | |
3011 | request.setHTTPHeaderField(HTTPHeaderName::UpgradeInsecureRequests, "1"_s ); |
3012 | } |
3013 | |
3014 | void FrameLoader::loadPostRequest(FrameLoadRequest&& request, const String& referrer, FrameLoadType loadType, Event* event, RefPtr<FormState>&& formState, CompletionHandler<void()>&& completionHandler) |
3015 | { |
3016 | RELEASE_LOG_IF_ALLOWED("loadPostRequest: frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
3017 | |
3018 | String frameName = request.frameName(); |
3019 | LockHistory lockHistory = request.lockHistory(); |
3020 | AllowNavigationToInvalidURL allowNavigationToInvalidURL = request.allowNavigationToInvalidURL(); |
3021 | NewFrameOpenerPolicy openerPolicy = request.newFrameOpenerPolicy(); |
3022 | |
3023 | const ResourceRequest& inRequest = request.resourceRequest(); |
3024 | const URL& url = inRequest.url(); |
3025 | const String& contentType = inRequest.httpContentType(); |
3026 | String origin = inRequest.httpOrigin(); |
3027 | |
3028 | ResourceRequest workingResourceRequest(url); |
3029 | |
3030 | if (!referrer.isEmpty()) |
3031 | workingResourceRequest.setHTTPReferrer(referrer); |
3032 | workingResourceRequest.setHTTPOrigin(origin); |
3033 | workingResourceRequest.setHTTPMethod("POST" ); |
3034 | workingResourceRequest.setHTTPBody(inRequest.httpBody()); |
3035 | workingResourceRequest.setHTTPContentType(contentType); |
3036 | addExtraFieldsToRequest(workingResourceRequest, loadType, true); |
3037 | |
3038 | if (Document* document = m_frame.document()) |
3039 | document->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(workingResourceRequest, ContentSecurityPolicy::InsecureRequestType::Load); |
3040 | |
3041 | NavigationAction action { request.requester(), workingResourceRequest, request.initiatedByMainFrame(), loadType, true, event, request.shouldOpenExternalURLsPolicy(), request.downloadAttribute() }; |
3042 | |
3043 | if (!frameName.isEmpty()) { |
3044 | // The search for a target frame is done earlier in the case of form submission. |
3045 | if (auto* targetFrame = formState ? nullptr : findFrameForNavigation(frameName)) { |
3046 | targetFrame->loader().loadWithNavigationAction(workingResourceRequest, WTFMove(action), lockHistory, loadType, WTFMove(formState), allowNavigationToInvalidURL, { }, WTFMove(completionHandler)); |
3047 | return; |
3048 | } |
3049 | |
3050 | policyChecker().checkNewWindowPolicy(WTFMove(action), WTFMove(workingResourceRequest), WTFMove(formState), frameName, [this, allowNavigationToInvalidURL, openerPolicy, completionHandler = WTFMove(completionHandler)] (const ResourceRequest& request, WeakPtr<FormState>&& formState, const String& frameName, const NavigationAction& action, ShouldContinue shouldContinue) mutable { |
3051 | continueLoadAfterNewWindowPolicy(request, formState.get(), frameName, action, shouldContinue, allowNavigationToInvalidURL, openerPolicy); |
3052 | completionHandler(); |
3053 | }); |
3054 | return; |
3055 | } |
3056 | |
3057 | // must grab this now, since this load may stop the previous load and clear this flag |
3058 | bool isRedirect = m_quickRedirectComing; |
3059 | loadWithNavigationAction(workingResourceRequest, WTFMove(action), lockHistory, loadType, WTFMove(formState), allowNavigationToInvalidURL, { }, [this, isRedirect, protectedFrame = makeRef(m_frame), completionHandler = WTFMove(completionHandler)] () mutable { |
3060 | if (isRedirect) { |
3061 | m_quickRedirectComing = false; |
3062 | if (m_provisionalDocumentLoader) |
3063 | m_provisionalDocumentLoader->setIsClientRedirect(true); |
3064 | else if (m_policyDocumentLoader) |
3065 | m_policyDocumentLoader->setIsClientRedirect(true); |
3066 | } |
3067 | completionHandler(); |
3068 | }); |
3069 | } |
3070 | |
3071 | unsigned long FrameLoader::(const ResourceRequest& request, ClientCredentialPolicy clientCredentialPolicy, const FetchOptions& options, const HTTPHeaderMap& , ResourceError& error, ResourceResponse& response, RefPtr<SharedBuffer>& data) |
3072 | { |
3073 | ASSERT(m_frame.document()); |
3074 | String referrer = SecurityPolicy::generateReferrerHeader(m_frame.document()->referrerPolicy(), request.url(), outgoingReferrer()); |
3075 | |
3076 | ResourceRequest initialRequest = request; |
3077 | initialRequest.setTimeoutInterval(10); |
3078 | |
3079 | if (!referrer.isEmpty()) |
3080 | initialRequest.setHTTPReferrer(referrer); |
3081 | addHTTPOriginIfNeeded(initialRequest, outgoingOrigin()); |
3082 | |
3083 | initialRequest.setFirstPartyForCookies(m_frame.mainFrame().loader().documentLoader()->request().url()); |
3084 | |
3085 | addExtraFieldsToSubresourceRequest(initialRequest); |
3086 | |
3087 | unsigned long identifier = 0; |
3088 | ResourceRequest newRequest(initialRequest); |
3089 | requestFromDelegate(newRequest, identifier, error); |
3090 | |
3091 | #if ENABLE(CONTENT_EXTENSIONS) |
3092 | if (error.isNull()) { |
3093 | if (auto* page = m_frame.page()) { |
3094 | if (m_documentLoader) { |
3095 | auto results = page->userContentProvider().processContentRuleListsForLoad(newRequest.url(), ContentExtensions::ResourceType::Raw, *m_documentLoader); |
3096 | bool blockedLoad = results.summary.blockedLoad; |
3097 | ContentExtensions::applyResultsToRequest(WTFMove(results), page, newRequest); |
3098 | if (blockedLoad) { |
3099 | newRequest = { }; |
3100 | error = ResourceError(errorDomainWebKitInternal, 0, initialRequest.url(), emptyString()); |
3101 | response = { }; |
3102 | data = nullptr; |
3103 | } |
3104 | } |
3105 | } |
3106 | } |
3107 | #endif |
3108 | |
3109 | m_frame.document()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(newRequest, ContentSecurityPolicy::InsecureRequestType::Load); |
3110 | |
3111 | if (error.isNull()) { |
3112 | ASSERT(!newRequest.isNull()); |
3113 | |
3114 | if (!documentLoader()->applicationCacheHost().maybeLoadSynchronously(newRequest, error, response, data)) { |
3115 | Vector<char> buffer; |
3116 | platformStrategies()->loaderStrategy()->loadResourceSynchronously(*this, identifier, newRequest, clientCredentialPolicy, options, originalRequestHeaders, error, response, buffer); |
3117 | data = SharedBuffer::create(WTFMove(buffer)); |
3118 | documentLoader()->applicationCacheHost().maybeLoadFallbackSynchronously(newRequest, error, response, data); |
3119 | ResourceLoadObserver::shared().logSubresourceLoading(&m_frame, newRequest, response); |
3120 | } |
3121 | } |
3122 | notifier().sendRemainingDelegateMessages(m_documentLoader.get(), identifier, request, response, data ? data->data() : nullptr, data ? data->size() : 0, -1, error); |
3123 | return identifier; |
3124 | } |
3125 | |
3126 | const ResourceRequest& FrameLoader::originalRequest() const |
3127 | { |
3128 | return activeDocumentLoader()->originalRequestCopy(); |
3129 | } |
3130 | |
3131 | void FrameLoader::receivedMainResourceError(const ResourceError& error) |
3132 | { |
3133 | // Retain because the stop may release the last reference to it. |
3134 | Ref<Frame> protect(m_frame); |
3135 | |
3136 | RefPtr<DocumentLoader> loader = activeDocumentLoader(); |
3137 | // FIXME: Don't want to do this if an entirely new load is going, so should check |
3138 | // that both data sources on the frame are either this or nil. |
3139 | stop(); |
3140 | if (m_client.shouldFallBack(error)) |
3141 | handleFallbackContent(); |
3142 | |
3143 | if (m_state == FrameStateProvisional && m_provisionalDocumentLoader) { |
3144 | if (m_submittedFormURL == m_provisionalDocumentLoader->originalRequestCopy().url()) |
3145 | m_submittedFormURL = URL(); |
3146 | |
3147 | // We might have made a page cache item, but now we're bailing out due to an error before we ever |
3148 | // transitioned to the new page (before WebFrameState == commit). The goal here is to restore any state |
3149 | // so that the existing view (that wenever got far enough to replace) can continue being used. |
3150 | history().invalidateCurrentItemCachedPage(); |
3151 | |
3152 | // Call clientRedirectCancelledOrFinished here so that the frame load delegate is notified that the redirect's |
3153 | // status has changed, if there was a redirect. The frame load delegate may have saved some state about |
3154 | // the redirect in its -webView:willPerformClientRedirectToURL:delay:fireDate:forFrame:. Since we are definitely |
3155 | // not going to use this provisional resource, as it was cancelled, notify the frame load delegate that the redirect |
3156 | // has ended. |
3157 | if (m_sentRedirectNotification) |
3158 | clientRedirectCancelledOrFinished(NewLoadInProgress::No); |
3159 | } |
3160 | |
3161 | checkCompleted(); |
3162 | if (m_frame.page()) |
3163 | checkLoadComplete(); |
3164 | } |
3165 | |
3166 | void FrameLoader::continueFragmentScrollAfterNavigationPolicy(const ResourceRequest& request, bool shouldContinue) |
3167 | { |
3168 | m_quickRedirectComing = false; |
3169 | |
3170 | if (!shouldContinue) |
3171 | return; |
3172 | |
3173 | // Calling stopLoading() on the provisional document loader can cause the underlying |
3174 | // frame to be deallocated. |
3175 | Ref<Frame> protectedFrame(m_frame); |
3176 | |
3177 | // If we have a provisional request for a different document, a fragment scroll should cancel it. |
3178 | if (m_provisionalDocumentLoader && !equalIgnoringFragmentIdentifier(m_provisionalDocumentLoader->request().url(), request.url())) { |
3179 | m_provisionalDocumentLoader->stopLoading(); |
3180 | setProvisionalDocumentLoader(nullptr); |
3181 | } |
3182 | |
3183 | bool isRedirect = m_quickRedirectComing || policyChecker().loadType() == FrameLoadType::RedirectWithLockedBackForwardList; |
3184 | loadInSameDocument(request.url(), 0, !isRedirect); |
3185 | } |
3186 | |
3187 | bool FrameLoader::shouldPerformFragmentNavigation(bool isFormSubmission, const String& httpMethod, FrameLoadType loadType, const URL& url) |
3188 | { |
3189 | // We don't do this if we are submitting a form with method other than "GET", explicitly reloading, |
3190 | // currently displaying a frameset, or if the URL does not have a fragment. |
3191 | // These rules were originally based on what KHTML was doing in KHTMLPart::openURL. |
3192 | |
3193 | // FIXME: What about load types other than Standard and Reload? |
3194 | |
3195 | return (!isFormSubmission || equalLettersIgnoringASCIICase(httpMethod, "get" )) |
3196 | && !isReload(loadType) |
3197 | && loadType != FrameLoadType::Same |
3198 | && m_frame.document()->pageCacheState() != Document::InPageCache |
3199 | && !shouldReload(m_frame.document()->url(), url) |
3200 | // We don't want to just scroll if a link from within a |
3201 | // frameset is trying to reload the frameset into _top. |
3202 | && !m_frame.document()->isFrameSet(); |
3203 | } |
3204 | |
3205 | static bool itemAllowsScrollRestoration(HistoryItem* historyItem) |
3206 | { |
3207 | return !historyItem || historyItem->shouldRestoreScrollPosition(); |
3208 | } |
3209 | |
3210 | static bool isSameDocumentReload(bool isNewNavigation, FrameLoadType loadType) |
3211 | { |
3212 | return !isNewNavigation && !isBackForwardLoadType(loadType); |
3213 | } |
3214 | |
3215 | void FrameLoader::scrollToFragmentWithParentBoundary(const URL& url, bool isNewNavigation) |
3216 | { |
3217 | FrameView* view = m_frame.view(); |
3218 | if (!view) |
3219 | return; |
3220 | |
3221 | if (isSameDocumentReload(isNewNavigation, m_loadType) || itemAllowsScrollRestoration(history().currentItem())) |
3222 | view->scrollToFragment(url); |
3223 | } |
3224 | |
3225 | bool FrameLoader::shouldClose() |
3226 | { |
3227 | Page* page = m_frame.page(); |
3228 | if (!page) |
3229 | return true; |
3230 | if (!page->chrome().canRunBeforeUnloadConfirmPanel()) |
3231 | return true; |
3232 | |
3233 | // Store all references to each subframe in advance since beforeunload's event handler may modify frame |
3234 | Vector<Ref<Frame>, 16> targetFrames; |
3235 | targetFrames.append(m_frame); |
3236 | for (Frame* child = m_frame.tree().firstChild(); child; child = child->tree().traverseNext(&m_frame)) |
3237 | targetFrames.append(*child); |
3238 | |
3239 | bool shouldClose = false; |
3240 | { |
3241 | NavigationDisabler navigationDisabler(&m_frame); |
3242 | IgnoreOpensDuringUnloadCountIncrementer ignoreOpensDuringUnloadCountIncrementer(m_frame.document()); |
3243 | size_t i; |
3244 | |
3245 | for (i = 0; i < targetFrames.size(); i++) { |
3246 | if (!targetFrames[i]->tree().isDescendantOf(&m_frame)) |
3247 | continue; |
3248 | if (!targetFrames[i]->loader().dispatchBeforeUnloadEvent(page->chrome(), this)) |
3249 | break; |
3250 | } |
3251 | |
3252 | if (i == targetFrames.size()) |
3253 | shouldClose = true; |
3254 | } |
3255 | |
3256 | if (!shouldClose) |
3257 | m_submittedFormURL = URL(); |
3258 | |
3259 | m_currentNavigationHasShownBeforeUnloadConfirmPanel = false; |
3260 | return shouldClose; |
3261 | } |
3262 | |
3263 | void FrameLoader::dispatchUnloadEvents(UnloadEventPolicy unloadEventPolicy) |
3264 | { |
3265 | if (!m_frame.document()) |
3266 | return; |
3267 | |
3268 | // We store the frame's page in a local variable because the frame might get detached inside dispatchEvent. |
3269 | ForbidPromptsScope forbidPrompts(m_frame.page()); |
3270 | IgnoreOpensDuringUnloadCountIncrementer ignoreOpensDuringUnloadCountIncrementer(m_frame.document()); |
3271 | |
3272 | if (m_didCallImplicitClose && !m_wasUnloadEventEmitted) { |
3273 | auto* currentFocusedElement = m_frame.document()->focusedElement(); |
3274 | if (is<HTMLInputElement>(currentFocusedElement)) |
3275 | downcast<HTMLInputElement>(*currentFocusedElement).endEditing(); |
3276 | if (m_pageDismissalEventBeingDispatched == PageDismissalType::None) { |
3277 | if (unloadEventPolicy == UnloadEventPolicyUnloadAndPageHide) { |
3278 | m_pageDismissalEventBeingDispatched = PageDismissalType::PageHide; |
3279 | m_frame.document()->domWindow()->dispatchEvent(PageTransitionEvent::create(eventNames().pagehideEvent, m_frame.document()->pageCacheState() == Document::AboutToEnterPageCache), m_frame.document()); |
3280 | } |
3281 | |
3282 | // FIXME: update Page Visibility state here. |
3283 | // https://bugs.webkit.org/show_bug.cgi?id=116770 |
3284 | |
3285 | if (m_frame.document()->pageCacheState() == Document::NotInPageCache) { |
3286 | Ref<Event> unloadEvent(Event::create(eventNames().unloadEvent, Event::CanBubble::No, Event::IsCancelable::No)); |
3287 | // The DocumentLoader (and thus its LoadTiming) might get destroyed |
3288 | // while dispatching the event, so protect it to prevent writing the end |
3289 | // time into freed memory. |
3290 | RefPtr<DocumentLoader> documentLoader = m_provisionalDocumentLoader; |
3291 | m_pageDismissalEventBeingDispatched = PageDismissalType::Unload; |
3292 | if (documentLoader && documentLoader->timing().startTime() && !documentLoader->timing().unloadEventStart() && !documentLoader->timing().unloadEventEnd()) { |
3293 | auto& timing = documentLoader->timing(); |
3294 | timing.markUnloadEventStart(); |
3295 | m_frame.document()->domWindow()->dispatchEvent(unloadEvent, m_frame.document()); |
3296 | timing.markUnloadEventEnd(); |
3297 | } else |
3298 | m_frame.document()->domWindow()->dispatchEvent(unloadEvent, m_frame.document()); |
3299 | } |
3300 | } |
3301 | m_pageDismissalEventBeingDispatched = PageDismissalType::None; |
3302 | m_wasUnloadEventEmitted = true; |
3303 | } |
3304 | |
3305 | // Dispatching the unload event could have made m_frame.document() null. |
3306 | if (!m_frame.document()) |
3307 | return; |
3308 | |
3309 | if (m_frame.document()->pageCacheState() != Document::NotInPageCache) |
3310 | return; |
3311 | |
3312 | // Don't remove event listeners from a transitional empty document (see bug 28716 for more information). |
3313 | bool keepEventListeners = m_stateMachine.isDisplayingInitialEmptyDocument() && m_provisionalDocumentLoader |
3314 | && m_frame.document()->isSecureTransitionTo(m_provisionalDocumentLoader->url()); |
3315 | |
3316 | if (!keepEventListeners) |
3317 | m_frame.document()->removeAllEventListeners(); |
3318 | } |
3319 | |
3320 | static bool shouldAskForNavigationConfirmation(Document& document, const BeforeUnloadEvent& event) |
3321 | { |
3322 | // Confirmation dialog should not be displayed when the allow-modals flag is not set. |
3323 | if (document.isSandboxed(SandboxModals)) |
3324 | return false; |
3325 | |
3326 | bool userDidInteractWithPage = document.topDocument().userDidInteractWithPage(); |
3327 | // Web pages can request we ask for confirmation before navigating by: |
3328 | // - Cancelling the BeforeUnloadEvent (modern way) |
3329 | // - Setting the returnValue attribute on the BeforeUnloadEvent to a non-empty string. |
3330 | // - Returning a non-empty string from the event handler, which is then set as returnValue |
3331 | // attribute on the BeforeUnloadEvent. |
3332 | return userDidInteractWithPage && (event.defaultPrevented() || !event.returnValue().isEmpty()); |
3333 | } |
3334 | |
3335 | bool FrameLoader::dispatchBeforeUnloadEvent(Chrome& chrome, FrameLoader* frameLoaderBeingNavigated) |
3336 | { |
3337 | DOMWindow* domWindow = m_frame.document()->domWindow(); |
3338 | if (!domWindow) |
3339 | return true; |
3340 | |
3341 | RefPtr<Document> document = m_frame.document(); |
3342 | if (!document->bodyOrFrameset()) |
3343 | return true; |
3344 | |
3345 | Ref<BeforeUnloadEvent> beforeUnloadEvent = BeforeUnloadEvent::create(); |
3346 | m_pageDismissalEventBeingDispatched = PageDismissalType::BeforeUnload; |
3347 | |
3348 | { |
3349 | ForbidPromptsScope forbidPrompts(m_frame.page()); |
3350 | domWindow->dispatchEvent(beforeUnloadEvent, domWindow->document()); |
3351 | } |
3352 | |
3353 | m_pageDismissalEventBeingDispatched = PageDismissalType::None; |
3354 | |
3355 | if (!beforeUnloadEvent->defaultPrevented()) |
3356 | document->defaultEventHandler(beforeUnloadEvent.get()); |
3357 | |
3358 | if (!shouldAskForNavigationConfirmation(*document, beforeUnloadEvent)) |
3359 | return true; |
3360 | |
3361 | // If the navigating FrameLoader has already shown a beforeunload confirmation panel for the current navigation attempt, |
3362 | // this frame is not allowed to cause another one to be shown. |
3363 | if (frameLoaderBeingNavigated->m_currentNavigationHasShownBeforeUnloadConfirmPanel) { |
3364 | document->addConsoleMessage(MessageSource::JS, MessageLevel::Error, "Blocked attempt to show multiple beforeunload confirmation dialogs for the same navigation."_s ); |
3365 | return true; |
3366 | } |
3367 | |
3368 | // We should only display the beforeunload dialog for an iframe if its SecurityOrigin matches all |
3369 | // ancestor frame SecurityOrigins up through the navigating FrameLoader. |
3370 | if (frameLoaderBeingNavigated != this) { |
3371 | Frame* parentFrame = m_frame.tree().parent(); |
3372 | while (parentFrame) { |
3373 | Document* parentDocument = parentFrame->document(); |
3374 | if (!parentDocument) |
3375 | return true; |
3376 | if (!m_frame.document() || !m_frame.document()->securityOrigin().canAccess(parentDocument->securityOrigin())) { |
3377 | document->addConsoleMessage(MessageSource::JS, MessageLevel::Error, "Blocked attempt to show beforeunload confirmation dialog on behalf of a frame with different security origin. Protocols, domains, and ports must match."_s ); |
3378 | return true; |
3379 | } |
3380 | |
3381 | if (&parentFrame->loader() == frameLoaderBeingNavigated) |
3382 | break; |
3383 | |
3384 | parentFrame = parentFrame->tree().parent(); |
3385 | } |
3386 | |
3387 | // The navigatingFrameLoader should always be in our ancestory. |
3388 | ASSERT(parentFrame); |
3389 | ASSERT(&parentFrame->loader() == frameLoaderBeingNavigated); |
3390 | } |
3391 | |
3392 | frameLoaderBeingNavigated->m_currentNavigationHasShownBeforeUnloadConfirmPanel = true; |
3393 | |
3394 | String text = document->displayStringModifiedByEncoding(beforeUnloadEvent->returnValue()); |
3395 | return chrome.runBeforeUnloadConfirmPanel(text, m_frame); |
3396 | } |
3397 | |
3398 | void FrameLoader::continueLoadAfterNavigationPolicy(const ResourceRequest& request, FormState* formState, NavigationPolicyDecision navigationPolicyDecision, AllowNavigationToInvalidURL allowNavigationToInvalidURL) |
3399 | { |
3400 | // If we loaded an alternate page to replace an unreachableURL, we'll get in here with a |
3401 | // nil policyDataSource because loading the alternate page will have passed |
3402 | // through this method already, nested; otherwise, policyDataSource should still be set. |
3403 | ASSERT(m_policyDocumentLoader || !m_provisionalDocumentLoader->unreachableURL().isEmpty()); |
3404 | |
3405 | bool isTargetItem = history().provisionalItem() ? history().provisionalItem()->isTargetItem() : false; |
3406 | |
3407 | bool urlIsDisallowed = allowNavigationToInvalidURL == AllowNavigationToInvalidURL::No && !request.url().isValid(); |
3408 | bool canContinue = navigationPolicyDecision == NavigationPolicyDecision::ContinueLoad && shouldClose() && !urlIsDisallowed; |
3409 | |
3410 | if (!canContinue) { |
3411 | RELEASE_LOG_IF_ALLOWED("continueLoadAfterNavigationPolicy: can't continue loading frame due to the following reasons (" |
3412 | "frame = %p, " |
3413 | "main = %d, " |
3414 | "allowNavigationToInvalidURL = %d, " |
3415 | "requestURLIsValid = %d, " |
3416 | "navigationPolicyDecision = %d)" , |
3417 | &m_frame, |
3418 | m_frame.isMainFrame(), |
3419 | static_cast<int>(allowNavigationToInvalidURL), |
3420 | request.url().isValid(), |
3421 | static_cast<int>(navigationPolicyDecision)); |
3422 | |
3423 | // If we were waiting for a quick redirect, but the policy delegate decided to ignore it, then we |
3424 | // need to report that the client redirect was cancelled. |
3425 | // FIXME: The client should be told about ignored non-quick redirects, too. |
3426 | if (m_quickRedirectComing) |
3427 | clientRedirectCancelledOrFinished(NewLoadInProgress::No); |
3428 | |
3429 | if (navigationPolicyDecision == NavigationPolicyDecision::StopAllLoads) { |
3430 | stopAllLoaders(); |
3431 | m_checkTimer.stop(); |
3432 | } |
3433 | |
3434 | setPolicyDocumentLoader(nullptr); |
3435 | checkCompleted(); |
3436 | |
3437 | if (navigationPolicyDecision != NavigationPolicyDecision::StopAllLoads) |
3438 | checkLoadComplete(); |
3439 | |
3440 | // If the navigation request came from the back/forward menu, and we punt on it, we have the |
3441 | // problem that we have optimistically moved the b/f cursor already, so move it back. For sanity, |
3442 | // we only do this when punting a navigation for the target frame or top-level frame. |
3443 | if ((isTargetItem || m_frame.isMainFrame()) && isBackForwardLoadType(policyChecker().loadType())) { |
3444 | if (Page* page = m_frame.page()) { |
3445 | if (HistoryItem* resetItem = m_frame.mainFrame().loader().history().currentItem()) |
3446 | page->backForward().setCurrentItem(*resetItem); |
3447 | } |
3448 | } |
3449 | return; |
3450 | } |
3451 | |
3452 | FrameLoadType type = policyChecker().loadType(); |
3453 | // A new navigation is in progress, so don't clear the history's provisional item. |
3454 | stopAllLoaders(ShouldNotClearProvisionalItem); |
3455 | |
3456 | // <rdar://problem/6250856> - In certain circumstances on pages with multiple frames, stopAllLoaders() |
3457 | // might detach the current FrameLoader, in which case we should bail on this newly defunct load. |
3458 | if (!m_frame.page()) { |
3459 | RELEASE_LOG_IF_ALLOWED("continueLoadAfterNavigationPolicy: can't continue loading frame because it became defunct (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
3460 | return; |
3461 | } |
3462 | |
3463 | setProvisionalDocumentLoader(m_policyDocumentLoader.get()); |
3464 | m_loadType = type; |
3465 | setState(FrameStateProvisional); |
3466 | |
3467 | setPolicyDocumentLoader(nullptr); |
3468 | |
3469 | if (isBackForwardLoadType(type)) { |
3470 | auto& diagnosticLoggingClient = m_frame.page()->diagnosticLoggingClient(); |
3471 | if (history().provisionalItem()->isInPageCache()) { |
3472 | diagnosticLoggingClient.logDiagnosticMessageWithResult(DiagnosticLoggingKeys::pageCacheKey(), DiagnosticLoggingKeys::retrievalKey(), DiagnosticLoggingResultPass, ShouldSample::Yes); |
3473 | loadProvisionalItemFromCachedPage(); |
3474 | RELEASE_LOG_IF_ALLOWED("continueLoadAfterNavigationPolicy: can't continue loading frame because it will be loaded from cache (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
3475 | return; |
3476 | } |
3477 | diagnosticLoggingClient.logDiagnosticMessageWithResult(DiagnosticLoggingKeys::pageCacheKey(), DiagnosticLoggingKeys::retrievalKey(), DiagnosticLoggingResultFail, ShouldSample::Yes); |
3478 | } |
3479 | |
3480 | CompletionHandler<void()> completionHandler = [this, protectedFrame = makeRef(m_frame)] () mutable { |
3481 | if (!m_provisionalDocumentLoader) { |
3482 | RELEASE_LOG_IF_ALLOWED("continueLoadAfterNavigationPolicy completionHandler: Frame load canceled #1 (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
3483 | return; |
3484 | } |
3485 | |
3486 | prepareForLoadStart(); |
3487 | |
3488 | // The load might be cancelled inside of prepareForLoadStart(), nulling out the m_provisionalDocumentLoader, |
3489 | // so we need to null check it again. |
3490 | if (!m_provisionalDocumentLoader) { |
3491 | RELEASE_LOG_IF_ALLOWED("prepareForLoadStart completionHandler: Frame load canceled #2 (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
3492 | return; |
3493 | } |
3494 | |
3495 | DocumentLoader* activeDocLoader = activeDocumentLoader(); |
3496 | if (activeDocLoader && activeDocLoader->isLoadingMainResource()) { |
3497 | RELEASE_LOG_IF_ALLOWED("prepareForLoadStart completionHandler: Main frame already being loaded (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
3498 | return; |
3499 | } |
3500 | |
3501 | m_loadingFromCachedPage = false; |
3502 | |
3503 | m_provisionalDocumentLoader->startLoadingMainResource(); |
3504 | }; |
3505 | |
3506 | if (!formState) { |
3507 | completionHandler(); |
3508 | return; |
3509 | } |
3510 | |
3511 | m_client.dispatchWillSubmitForm(*formState, WTFMove(completionHandler)); |
3512 | } |
3513 | |
3514 | void FrameLoader::continueLoadAfterNewWindowPolicy(const ResourceRequest& request, |
3515 | FormState* formState, const String& frameName, const NavigationAction& action, ShouldContinue shouldContinue, AllowNavigationToInvalidURL allowNavigationToInvalidURL, NewFrameOpenerPolicy openerPolicy) |
3516 | { |
3517 | if (shouldContinue != ShouldContinue::Yes) |
3518 | return; |
3519 | |
3520 | Ref<Frame> frame(m_frame); |
3521 | RefPtr<Frame> mainFrame = m_client.dispatchCreatePage(action); |
3522 | if (!mainFrame) |
3523 | return; |
3524 | |
3525 | SandboxFlags sandboxFlags = frame->loader().effectiveSandboxFlags(); |
3526 | if (sandboxFlags & SandboxPropagatesToAuxiliaryBrowsingContexts) |
3527 | mainFrame->loader().forceSandboxFlags(sandboxFlags); |
3528 | |
3529 | if (!equalIgnoringASCIICase(frameName, "_blank" )) |
3530 | mainFrame->tree().setName(frameName); |
3531 | |
3532 | mainFrame->page()->setOpenedByDOM(); |
3533 | mainFrame->loader().m_client.dispatchShow(); |
3534 | if (openerPolicy == NewFrameOpenerPolicy::Allow) { |
3535 | mainFrame->loader().setOpener(frame.ptr()); |
3536 | mainFrame->document()->setReferrerPolicy(frame->document()->referrerPolicy()); |
3537 | } |
3538 | |
3539 | NavigationAction newAction { *frame->document(), request, InitiatedByMainFrame::Unknown, NavigationType::Other, action.shouldOpenExternalURLsPolicy(), nullptr, action.downloadAttribute() }; |
3540 | mainFrame->loader().loadWithNavigationAction(request, WTFMove(newAction), LockHistory::No, FrameLoadType::Standard, formState, allowNavigationToInvalidURL); |
3541 | } |
3542 | |
3543 | void FrameLoader::requestFromDelegate(ResourceRequest& request, unsigned long& identifier, ResourceError& error) |
3544 | { |
3545 | ASSERT(!request.isNull()); |
3546 | |
3547 | identifier = 0; |
3548 | if (Page* page = m_frame.page()) { |
3549 | identifier = page->progress().createUniqueIdentifier(); |
3550 | notifier().assignIdentifierToInitialRequest(identifier, m_documentLoader.get(), request); |
3551 | } |
3552 | |
3553 | ResourceRequest newRequest(request); |
3554 | notifier().dispatchWillSendRequest(m_documentLoader.get(), identifier, newRequest, ResourceResponse()); |
3555 | |
3556 | if (newRequest.isNull()) |
3557 | error = cancelledError(request); |
3558 | else |
3559 | error = ResourceError(); |
3560 | |
3561 | request = newRequest; |
3562 | } |
3563 | |
3564 | void FrameLoader::loadedResourceFromMemoryCache(CachedResource& resource, ResourceRequest& newRequest, ResourceError& error) |
3565 | { |
3566 | Page* page = m_frame.page(); |
3567 | if (!page) |
3568 | return; |
3569 | |
3570 | if (!resource.shouldSendResourceLoadCallbacks() || m_documentLoader->haveToldClientAboutLoad(resource.url())) |
3571 | return; |
3572 | |
3573 | // Main resource delegate messages are synthesized in MainResourceLoader, so we must not send them here. |
3574 | if (resource.type() == CachedResource::Type::MainResource) |
3575 | return; |
3576 | |
3577 | if (!page->areMemoryCacheClientCallsEnabled()) { |
3578 | InspectorInstrumentation::didLoadResourceFromMemoryCache(*page, m_documentLoader.get(), &resource); |
3579 | m_documentLoader->recordMemoryCacheLoadForFutureClientNotification(resource.resourceRequest()); |
3580 | m_documentLoader->didTellClientAboutLoad(resource.url()); |
3581 | return; |
3582 | } |
3583 | |
3584 | if (m_client.dispatchDidLoadResourceFromMemoryCache(m_documentLoader.get(), newRequest, resource.response(), resource.encodedSize())) { |
3585 | InspectorInstrumentation::didLoadResourceFromMemoryCache(*page, m_documentLoader.get(), &resource); |
3586 | m_documentLoader->didTellClientAboutLoad(resource.url()); |
3587 | return; |
3588 | } |
3589 | |
3590 | unsigned long identifier; |
3591 | requestFromDelegate(newRequest, identifier, error); |
3592 | |
3593 | ResourceResponse response = resource.response(); |
3594 | response.setSource(ResourceResponse::Source::MemoryCache); |
3595 | notifier().sendRemainingDelegateMessages(m_documentLoader.get(), identifier, newRequest, response, 0, resource.encodedSize(), 0, error); |
3596 | } |
3597 | |
3598 | void FrameLoader::applyUserAgentIfNeeded(ResourceRequest& request) |
3599 | { |
3600 | if (!request.hasHTTPHeaderField(HTTPHeaderName::UserAgent)) { |
3601 | String userAgent = this->userAgent(request.url()); |
3602 | ASSERT(!userAgent.isNull()); |
3603 | request.setHTTPUserAgent(userAgent); |
3604 | } |
3605 | } |
3606 | |
3607 | bool FrameLoader::shouldInterruptLoadForXFrameOptions(const String& content, const URL& url, unsigned long requestIdentifier) |
3608 | { |
3609 | Frame& topFrame = m_frame.tree().top(); |
3610 | if (&m_frame == &topFrame) |
3611 | return false; |
3612 | |
3613 | XFrameOptionsDisposition disposition = parseXFrameOptionsHeader(content); |
3614 | |
3615 | switch (disposition) { |
3616 | case XFrameOptionsSameOrigin: { |
3617 | auto origin = SecurityOrigin::create(url); |
3618 | if (!origin->isSameSchemeHostPort(topFrame.document()->securityOrigin())) |
3619 | return true; |
3620 | for (Frame* frame = m_frame.tree().parent(); frame; frame = frame->tree().parent()) { |
3621 | if (!origin->isSameSchemeHostPort(frame->document()->securityOrigin())) |
3622 | return true; |
3623 | } |
3624 | return false; |
3625 | } |
3626 | case XFrameOptionsDeny: |
3627 | return true; |
3628 | case XFrameOptionsAllowAll: |
3629 | return false; |
3630 | case XFrameOptionsConflict: |
3631 | m_frame.document()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, "Multiple 'X-Frame-Options' headers with conflicting values ('" + content + "') encountered when loading '" + url.stringCenterEllipsizedToLength() + "'. Falling back to 'DENY'." , requestIdentifier); |
3632 | return true; |
3633 | case XFrameOptionsInvalid: |
3634 | m_frame.document()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, "Invalid 'X-Frame-Options' header encountered when loading '" + url.stringCenterEllipsizedToLength() + "': '" + content + "' is not a recognized directive. The header will be ignored." , requestIdentifier); |
3635 | return false; |
3636 | case XFrameOptionsNone: |
3637 | return false; |
3638 | } |
3639 | ASSERT_NOT_REACHED(); |
3640 | return false; |
3641 | } |
3642 | |
3643 | void FrameLoader::loadProvisionalItemFromCachedPage() |
3644 | { |
3645 | DocumentLoader* provisionalLoader = provisionalDocumentLoader(); |
3646 | LOG(PageCache, "WebCorePageCache: Loading provisional DocumentLoader %p with URL '%s' from CachedPage" , provisionalDocumentLoader(), provisionalDocumentLoader()->url().stringCenterEllipsizedToLength().utf8().data()); |
3647 | |
3648 | prepareForLoadStart(); |
3649 | |
3650 | m_loadingFromCachedPage = true; |
3651 | |
3652 | // Should have timing data from previous time(s) the page was shown. |
3653 | ASSERT(provisionalLoader->timing().startTime()); |
3654 | provisionalLoader->resetTiming(); |
3655 | provisionalLoader->timing().markStartTime(); |
3656 | |
3657 | provisionalLoader->setCommitted(true); |
3658 | commitProvisionalLoad(); |
3659 | } |
3660 | |
3661 | bool FrameLoader::shouldTreatURLAsSameAsCurrent(const URL& url) const |
3662 | { |
3663 | if (!history().currentItem()) |
3664 | return false; |
3665 | return url == history().currentItem()->url() || url == history().currentItem()->originalURL(); |
3666 | } |
3667 | |
3668 | bool FrameLoader::shouldTreatURLAsSrcdocDocument(const URL& url) const |
3669 | { |
3670 | if (!equalLettersIgnoringASCIICase(url.string(), "about:srcdoc" )) |
3671 | return false; |
3672 | HTMLFrameOwnerElement* ownerElement = m_frame.ownerElement(); |
3673 | if (!ownerElement) |
3674 | return false; |
3675 | if (!ownerElement->hasTagName(iframeTag)) |
3676 | return false; |
3677 | return ownerElement->hasAttributeWithoutSynchronization(srcdocAttr); |
3678 | } |
3679 | |
3680 | Frame* FrameLoader::findFrameForNavigation(const AtomString& name, Document* activeDocument) |
3681 | { |
3682 | // FIXME: Eventually all callers should supply the actual activeDocument so we can call canNavigate with the right document. |
3683 | if (!activeDocument) |
3684 | activeDocument = m_frame.document(); |
3685 | |
3686 | auto* frame = m_frame.tree().find(name, activeDocument->frame() ? *activeDocument->frame() : m_frame); |
3687 | |
3688 | if (!activeDocument->canNavigate(frame)) |
3689 | return nullptr; |
3690 | |
3691 | return frame; |
3692 | } |
3693 | |
3694 | void FrameLoader::loadSameDocumentItem(HistoryItem& item) |
3695 | { |
3696 | ASSERT(item.documentSequenceNumber() == history().currentItem()->documentSequenceNumber()); |
3697 | |
3698 | Ref<Frame> protect(m_frame); |
3699 | |
3700 | // Save user view state to the current history item here since we don't do a normal load. |
3701 | // FIXME: Does form state need to be saved here too? |
3702 | history().saveScrollPositionAndViewStateToItem(history().currentItem()); |
3703 | if (FrameView* view = m_frame.view()) |
3704 | view->setWasScrolledByUser(false); |
3705 | |
3706 | history().setCurrentItem(item); |
3707 | |
3708 | // loadInSameDocument() actually changes the URL and notifies load delegates of a "fake" load |
3709 | loadInSameDocument(item.url(), item.stateObject(), false); |
3710 | |
3711 | // Restore user view state from the current history item here since we don't do a normal load. |
3712 | history().restoreScrollPositionAndViewState(); |
3713 | } |
3714 | |
3715 | // FIXME: This function should really be split into a couple pieces, some of |
3716 | // which should be methods of HistoryController and some of which should be |
3717 | // methods of FrameLoader. |
3718 | void FrameLoader::loadDifferentDocumentItem(HistoryItem& item, HistoryItem* fromItem, FrameLoadType loadType, FormSubmissionCacheLoadPolicy cacheLoadPolicy, ShouldTreatAsContinuingLoad shouldTreatAsContinuingLoad) |
3719 | { |
3720 | RELEASE_LOG_IF_ALLOWED("loadDifferentDocumentItem: frame load started (frame = %p, main = %d)" , &m_frame, m_frame.isMainFrame()); |
3721 | |
3722 | Ref<Frame> protectedFrame(m_frame); |
3723 | |
3724 | // History items should not be reported to the parent. |
3725 | m_shouldReportResourceTimingToParentFrame = false; |
3726 | |
3727 | // Remember this item so we can traverse any child items as child frames load |
3728 | history().setProvisionalItem(&item); |
3729 | |
3730 | auto initiatedByMainFrame = InitiatedByMainFrame::Unknown; |
3731 | |
3732 | SetForScope<LoadContinuingState> continuingLoadGuard(m_currentLoadContinuingState, shouldTreatAsContinuingLoad == ShouldTreatAsContinuingLoad::Yes ? LoadContinuingState::ContinuingWithHistoryItem : LoadContinuingState::NotContinuing); |
3733 | |
3734 | if (CachedPage* cachedPage = PageCache::singleton().get(item, m_frame.page())) { |
3735 | auto documentLoader = cachedPage->documentLoader(); |
3736 | m_client.updateCachedDocumentLoader(*documentLoader); |
3737 | |
3738 | auto action = NavigationAction { *m_frame.document(), documentLoader->request(), initiatedByMainFrame, loadType, false }; |
3739 | action.setTargetBackForwardItem(item); |
3740 | action.setSourceBackForwardItem(fromItem); |
3741 | documentLoader->setTriggeringAction(WTFMove(action)); |
3742 | |
3743 | documentLoader->setLastCheckedRequest(ResourceRequest()); |
3744 | loadWithDocumentLoader(documentLoader, loadType, { }, AllowNavigationToInvalidURL::Yes, shouldTreatAsContinuingLoad); |
3745 | return; |
3746 | } |
3747 | |
3748 | URL itemURL = item.url(); |
3749 | URL itemOriginalURL = item.originalURL(); |
3750 | URL currentURL; |
3751 | if (documentLoader()) |
3752 | currentURL = documentLoader()->url(); |
3753 | RefPtr<FormData> formData = item.formData(); |
3754 | |
3755 | ResourceRequest request(itemURL); |
3756 | |
3757 | if (!item.referrer().isNull()) |
3758 | request.setHTTPReferrer(item.referrer()); |
3759 | |
3760 | ShouldOpenExternalURLsPolicy shouldOpenExternalURLsPolicy = shouldOpenExternalURLsPolicyToApply(m_frame, initiatedByMainFrame, item.shouldOpenExternalURLsPolicy()); |
3761 | bool isFormSubmission = false; |
3762 | Event* event = nullptr; |
3763 | |
3764 | // If this was a repost that failed the page cache, we might try to repost the form. |
3765 | NavigationAction action; |
3766 | if (formData) { |
3767 | formData->generateFiles(m_frame.document()); |
3768 | |
3769 | request.setHTTPMethod("POST" ); |
3770 | request.setHTTPBody(WTFMove(formData)); |
3771 | request.setHTTPContentType(item.formContentType()); |
3772 | auto securityOrigin = SecurityOrigin::createFromString(item.referrer()); |
3773 | addHTTPOriginIfNeeded(request, securityOrigin->toString()); |
3774 | addHTTPUpgradeInsecureRequestsIfNeeded(request); |
3775 | |
3776 | // Make sure to add extra fields to the request after the Origin header is added for the FormData case. |
3777 | // See https://bugs.webkit.org/show_bug.cgi?id=22194 for more discussion. |
3778 | addExtraFieldsToRequest(request, loadType, true); |
3779 | |
3780 | // FIXME: Slight hack to test if the NSURL cache contains the page we're going to. |
3781 | // We want to know this before talking to the policy delegate, since it affects whether |
3782 | // we show the DoYouReallyWantToRepost nag. |
3783 | // |
3784 | // This trick has a small bug (3123893) where we might find a cache hit, but then |
3785 | // have the item vanish when we try to use it in the ensuing nav. This should be |
3786 | // extremely rare, but in that case the user will get an error on the navigation. |
3787 | |
3788 | if (cacheLoadPolicy == MayAttemptCacheOnlyLoadForFormSubmissionItem) { |
3789 | request.setCachePolicy(ResourceRequestCachePolicy::ReturnCacheDataDontLoad); |
3790 | action = { *m_frame.document(), request, initiatedByMainFrame, loadType, isFormSubmission, event, shouldOpenExternalURLsPolicy }; |
3791 | } else { |
3792 | request.setCachePolicy(ResourceRequestCachePolicy::ReturnCacheDataElseLoad); |
3793 | action = { *m_frame.document(), request, initiatedByMainFrame, NavigationType::FormResubmitted, shouldOpenExternalURLsPolicy, event }; |
3794 | } |
3795 | } else { |
3796 | switch (loadType) { |
3797 | case FrameLoadType::Reload: |
3798 | case FrameLoadType::ReloadFromOrigin: |
3799 | case FrameLoadType::ReloadExpiredOnly: |
3800 | request.setCachePolicy(ResourceRequestCachePolicy::ReloadIgnoringCacheData); |
3801 | break; |
3802 | case FrameLoadType::Back: |
3803 | case FrameLoadType::Forward: |
3804 | case FrameLoadType::IndexedBackForward: { |
3805 | #if PLATFORM(COCOA) |
3806 | bool allowStaleData = true; |
3807 | #else |
3808 | bool allowStaleData = !item.wasRestoredFromSession(); |
3809 | #endif |
3810 | if (allowStaleData) |
3811 | request.setCachePolicy(ResourceRequestCachePolicy::ReturnCacheDataElseLoad); |
3812 | item.setWasRestoredFromSession(false); |
3813 | break; |
3814 | } |
3815 | case FrameLoadType::Standard: |
3816 | case FrameLoadType::RedirectWithLockedBackForwardList: |
3817 | break; |
3818 | case FrameLoadType::Same: |
3819 | case FrameLoadType::Replace: |
3820 | ASSERT_NOT_REACHED(); |
3821 | } |
3822 | |
3823 | addExtraFieldsToRequest(request, loadType, true); |
3824 | |
3825 | ResourceRequest requestForOriginalURL(request); |
3826 | requestForOriginalURL.setURL(itemOriginalURL); |
3827 | action = { *m_frame.document(), requestForOriginalURL, initiatedByMainFrame, loadType, isFormSubmission, event, shouldOpenExternalURLsPolicy }; |
3828 | } |
3829 | |
3830 | action.setTargetBackForwardItem(item); |
3831 | action.setSourceBackForwardItem(fromItem); |
3832 | |
3833 | loadWithNavigationAction(request, WTFMove(action), LockHistory::No, loadType, { }, AllowNavigationToInvalidURL::Yes); |
3834 | } |
3835 | |
3836 | // Loads content into this frame, as specified by history item |
3837 | void FrameLoader::loadItem(HistoryItem& item, HistoryItem* fromItem, FrameLoadType loadType, ShouldTreatAsContinuingLoad shouldTreatAsContinuingLoad) |
3838 | { |
3839 | m_requestedHistoryItem = &item; |
3840 | HistoryItem* currentItem = history().currentItem(); |
3841 | bool sameDocumentNavigation = currentItem && item.shouldDoSameDocumentNavigationTo(*currentItem); |
3842 | |
3843 | if (sameDocumentNavigation) |
3844 | loadSameDocumentItem(item); |
3845 | else |
3846 | loadDifferentDocumentItem(item, fromItem, loadType, MayAttemptCacheOnlyLoadForFormSubmissionItem, shouldTreatAsContinuingLoad); |
3847 | } |
3848 | |
3849 | void FrameLoader::retryAfterFailedCacheOnlyMainResourceLoad() |
3850 | { |
3851 | ASSERT(m_state == FrameStateProvisional); |
3852 | ASSERT(!m_loadingFromCachedPage); |
3853 | ASSERT(history().provisionalItem()); |
3854 | ASSERT(history().provisionalItem()->formData()); |
3855 | ASSERT(history().provisionalItem() == m_requestedHistoryItem.get()); |
3856 | |
3857 | FrameLoadType loadType = m_loadType; |
3858 | HistoryItem& item = *history().provisionalItem(); |
3859 | |
3860 | stopAllLoaders(ShouldNotClearProvisionalItem); |
3861 | loadDifferentDocumentItem(item, history().currentItem(), loadType, MayNotAttemptCacheOnlyLoadForFormSubmissionItem, ShouldTreatAsContinuingLoad::No); |
3862 | } |
3863 | |
3864 | ResourceError FrameLoader::cancelledError(const ResourceRequest& request) const |
3865 | { |
3866 | ResourceError error = m_client.cancelledError(request); |
3867 | error.setType(ResourceError::Type::Cancellation); |
3868 | return error; |
3869 | } |
3870 | |
3871 | ResourceError FrameLoader::blockedByContentBlockerError(const ResourceRequest& request) const |
3872 | { |
3873 | return m_client.blockedByContentBlockerError(request); |
3874 | } |
3875 | |
3876 | ResourceError FrameLoader::blockedError(const ResourceRequest& request) const |
3877 | { |
3878 | ResourceError error = m_client.blockedError(request); |
3879 | error.setType(ResourceError::Type::Cancellation); |
3880 | return error; |
3881 | } |
3882 | |
3883 | #if ENABLE(CONTENT_FILTERING) |
3884 | ResourceError FrameLoader::blockedByContentFilterError(const ResourceRequest& request) const |
3885 | { |
3886 | ResourceError error = m_client.blockedByContentFilterError(request); |
3887 | error.setType(ResourceError::Type::General); |
3888 | return error; |
3889 | } |
3890 | #endif |
3891 | |
3892 | #if PLATFORM(IOS_FAMILY) |
3893 | RetainPtr<CFDictionaryRef> FrameLoader::connectionProperties(ResourceLoader* loader) |
3894 | { |
3895 | return m_client.connectionProperties(loader->documentLoader(), loader->identifier()); |
3896 | } |
3897 | #endif |
3898 | |
3899 | ReferrerPolicy FrameLoader::effectiveReferrerPolicy() const |
3900 | { |
3901 | if (auto* parentFrame = m_frame.tree().parent()) |
3902 | return parentFrame->document()->referrerPolicy(); |
3903 | if (m_opener) |
3904 | return m_opener->document()->referrerPolicy(); |
3905 | return ReferrerPolicy::NoReferrerWhenDowngrade; |
3906 | } |
3907 | |
3908 | String FrameLoader::referrer() const |
3909 | { |
3910 | return m_documentLoader ? m_documentLoader->request().httpReferrer() : emptyString(); |
3911 | } |
3912 | |
3913 | void FrameLoader::dispatchDidClearWindowObjectsInAllWorlds() |
3914 | { |
3915 | if (!m_frame.script().canExecuteScripts(NotAboutToExecuteScript)) |
3916 | return; |
3917 | |
3918 | Vector<Ref<DOMWrapperWorld>> worlds; |
3919 | ScriptController::getAllWorlds(worlds); |
3920 | for (auto& world : worlds) |
3921 | dispatchDidClearWindowObjectInWorld(world); |
3922 | } |
3923 | |
3924 | void FrameLoader::dispatchDidClearWindowObjectInWorld(DOMWrapperWorld& world) |
3925 | { |
3926 | if (!m_frame.script().canExecuteScripts(NotAboutToExecuteScript) || !m_frame.windowProxy().existingJSWindowProxy(world)) |
3927 | return; |
3928 | |
3929 | m_client.dispatchDidClearWindowObjectInWorld(world); |
3930 | |
3931 | if (Page* page = m_frame.page()) |
3932 | page->inspectorController().didClearWindowObjectInWorld(m_frame, world); |
3933 | |
3934 | InspectorInstrumentation::didClearWindowObjectInWorld(m_frame, world); |
3935 | } |
3936 | |
3937 | void FrameLoader::dispatchGlobalObjectAvailableInAllWorlds() |
3938 | { |
3939 | Vector<Ref<DOMWrapperWorld>> worlds; |
3940 | ScriptController::getAllWorlds(worlds); |
3941 | for (auto& world : worlds) |
3942 | m_client.dispatchGlobalObjectAvailable(world); |
3943 | } |
3944 | |
3945 | SandboxFlags FrameLoader::effectiveSandboxFlags() const |
3946 | { |
3947 | SandboxFlags flags = m_forcedSandboxFlags; |
3948 | if (Frame* parentFrame = m_frame.tree().parent()) |
3949 | flags |= parentFrame->document()->sandboxFlags(); |
3950 | if (HTMLFrameOwnerElement* ownerElement = m_frame.ownerElement()) |
3951 | flags |= ownerElement->sandboxFlags(); |
3952 | return flags; |
3953 | } |
3954 | |
3955 | void FrameLoader::didChangeTitle(DocumentLoader* loader) |
3956 | { |
3957 | m_client.didChangeTitle(loader); |
3958 | |
3959 | if (loader == m_documentLoader) { |
3960 | // Must update the entries in the back-forward list too. |
3961 | history().setCurrentItemTitle(loader->title()); |
3962 | // This must go through the WebFrame because it has the right notion of the current b/f item. |
3963 | m_client.setTitle(loader->title(), loader->urlForHistory()); |
3964 | m_client.setMainFrameDocumentReady(true); // update observers with new DOMDocument |
3965 | m_client.dispatchDidReceiveTitle(loader->title()); |
3966 | } |
3967 | |
3968 | #if ENABLE(REMOTE_INSPECTOR) |
3969 | if (m_frame.isMainFrame()) |
3970 | m_frame.page()->remoteInspectorInformationDidChange(); |
3971 | #endif |
3972 | } |
3973 | |
3974 | void FrameLoader::dispatchDidCommitLoad(Optional<HasInsecureContent> initialHasInsecureContent) |
3975 | { |
3976 | if (m_stateMachine.creatingInitialEmptyDocument()) |
3977 | return; |
3978 | |
3979 | m_client.dispatchDidCommitLoad(initialHasInsecureContent); |
3980 | |
3981 | if (m_frame.isMainFrame()) { |
3982 | m_frame.page()->resetSeenPlugins(); |
3983 | m_frame.page()->resetSeenMediaEngines(); |
3984 | } |
3985 | |
3986 | InspectorInstrumentation::didCommitLoad(m_frame, m_documentLoader.get()); |
3987 | |
3988 | #if ENABLE(REMOTE_INSPECTOR) |
3989 | if (m_frame.isMainFrame()) |
3990 | m_frame.page()->remoteInspectorInformationDidChange(); |
3991 | #endif |
3992 | } |
3993 | |
3994 | void FrameLoader::tellClientAboutPastMemoryCacheLoads() |
3995 | { |
3996 | ASSERT(m_frame.page()); |
3997 | ASSERT(m_frame.page()->areMemoryCacheClientCallsEnabled()); |
3998 | |
3999 | if (!m_documentLoader) |
4000 | return; |
4001 | |
4002 | Vector<ResourceRequest> pastLoads; |
4003 | m_documentLoader->takeMemoryCacheLoadsForClientNotification(pastLoads); |
4004 | |
4005 | for (auto& pastLoad : pastLoads) { |
4006 | CachedResource* resource = MemoryCache::singleton().resourceForRequest(pastLoad, m_frame.page()->sessionID()); |
4007 | |
4008 | // FIXME: These loads, loaded from cache, but now gone from the cache by the time |
4009 | // Page::setMemoryCacheClientCallsEnabled(true) is called, will not be seen by the client. |
4010 | // Consider if there's some efficient way of remembering enough to deliver this client call. |
4011 | // We have the URL, but not the rest of the response or the length. |
4012 | if (!resource) |
4013 | continue; |
4014 | |
4015 | ResourceRequest request(resource->url()); |
4016 | m_client.dispatchDidLoadResourceFromMemoryCache(m_documentLoader.get(), request, resource->response(), resource->encodedSize()); |
4017 | } |
4018 | } |
4019 | |
4020 | NetworkingContext* FrameLoader::networkingContext() const |
4021 | { |
4022 | return m_networkingContext.get(); |
4023 | } |
4024 | |
4025 | void FrameLoader::loadProgressingStatusChanged() |
4026 | { |
4027 | if (auto* view = m_frame.mainFrame().view()) |
4028 | view->loadProgressingStatusChanged(); |
4029 | } |
4030 | |
4031 | void FrameLoader::forcePageTransitionIfNeeded() |
4032 | { |
4033 | m_client.forcePageTransitionIfNeeded(); |
4034 | } |
4035 | |
4036 | void FrameLoader::clearTestingOverrides() |
4037 | { |
4038 | m_overrideCachePolicyForTesting = WTF::nullopt; |
4039 | m_overrideResourceLoadPriorityForTesting = WTF::nullopt; |
4040 | m_isStrictRawResourceValidationPolicyDisabledForTesting = false; |
4041 | } |
4042 | |
4043 | bool FrameLoader::isAlwaysOnLoggingAllowed() const |
4044 | { |
4045 | return frame().isAlwaysOnLoggingAllowed(); |
4046 | } |
4047 | |
4048 | bool FrameLoaderClient::hasHTMLView() const |
4049 | { |
4050 | return true; |
4051 | } |
4052 | |
4053 | RefPtr<Frame> createWindow(Frame& openerFrame, Frame& lookupFrame, FrameLoadRequest&& request, const WindowFeatures& features, bool& created) |
4054 | { |
4055 | ASSERT(!features.dialog || request.frameName().isEmpty()); |
4056 | |
4057 | created = false; |
4058 | |
4059 | // FIXME: Provide line number information with respect to the opener's document. |
4060 | if (WTF::protocolIsJavaScript(request.resourceRequest().url()) && !openerFrame.document()->contentSecurityPolicy()->allowJavaScriptURLs(openerFrame.document()->url(), { })) |
4061 | return nullptr; |
4062 | |
4063 | if (!request.frameName().isEmpty() && !equalIgnoringASCIICase(request.frameName(), "_blank" )) { |
4064 | if (RefPtr<Frame> frame = lookupFrame.loader().findFrameForNavigation(request.frameName(), openerFrame.document())) { |
4065 | if (!equalIgnoringASCIICase(request.frameName(), "_self" )) { |
4066 | if (Page* page = frame->page()) |
4067 | page->chrome().focus(); |
4068 | } |
4069 | return frame; |
4070 | } |
4071 | } |
4072 | |
4073 | // Sandboxed frames cannot open new auxiliary browsing contexts. |
4074 | if (isDocumentSandboxed(openerFrame, SandboxPopups)) { |
4075 | // FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists. |
4076 | openerFrame.document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Blocked opening '" + request.resourceRequest().url().stringCenterEllipsizedToLength() + "' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set." ); |
4077 | return nullptr; |
4078 | } |
4079 | |
4080 | // FIXME: Setting the referrer should be the caller's responsibility. |
4081 | String referrer = SecurityPolicy::generateReferrerHeader(openerFrame.document()->referrerPolicy(), request.resourceRequest().url(), openerFrame.loader().outgoingReferrer()); |
4082 | if (!referrer.isEmpty()) |
4083 | request.resourceRequest().setHTTPReferrer(referrer); |
4084 | FrameLoader::addHTTPOriginIfNeeded(request.resourceRequest(), openerFrame.loader().outgoingOrigin()); |
4085 | FrameLoader::addHTTPUpgradeInsecureRequestsIfNeeded(request.resourceRequest()); |
4086 | FrameLoader::addSameSiteInfoToRequestIfNeeded(request.resourceRequest(), openerFrame.document()); |
4087 | |
4088 | Page* oldPage = openerFrame.page(); |
4089 | if (!oldPage) |
4090 | return nullptr; |
4091 | |
4092 | ShouldOpenExternalURLsPolicy shouldOpenExternalURLsPolicy = shouldOpenExternalURLsPolicyToApply(openerFrame, request); |
4093 | NavigationAction action { request.requester(), request.resourceRequest(), request.initiatedByMainFrame(), NavigationType::Other, shouldOpenExternalURLsPolicy }; |
4094 | Page* page = oldPage->chrome().createWindow(openerFrame, request, features, action); |
4095 | if (!page) |
4096 | return nullptr; |
4097 | |
4098 | RefPtr<Frame> frame = &page->mainFrame(); |
4099 | |
4100 | if (isDocumentSandboxed(openerFrame, SandboxPropagatesToAuxiliaryBrowsingContexts)) |
4101 | frame->loader().forceSandboxFlags(openerFrame.document()->sandboxFlags()); |
4102 | |
4103 | if (!equalIgnoringASCIICase(request.frameName(), "_blank" )) |
4104 | frame->tree().setName(request.frameName()); |
4105 | |
4106 | page->chrome().setToolbarsVisible(features.toolBarVisible || features.locationBarVisible); |
4107 | |
4108 | if (!frame->page()) |
4109 | return nullptr; |
4110 | page->chrome().setStatusbarVisible(features.statusBarVisible); |
4111 | |
4112 | if (!frame->page()) |
4113 | return nullptr; |
4114 | page->chrome().setScrollbarsVisible(features.scrollbarsVisible); |
4115 | |
4116 | if (!frame->page()) |
4117 | return nullptr; |
4118 | page->chrome().setMenubarVisible(features.menuBarVisible); |
4119 | |
4120 | if (!frame->page()) |
4121 | return nullptr; |
4122 | page->chrome().setResizable(features.resizable); |
4123 | |
4124 | // 'x' and 'y' specify the location of the window, while 'width' and 'height' |
4125 | // specify the size of the viewport. We can only resize the window, so adjust |
4126 | // for the difference between the window size and the viewport size. |
4127 | |
4128 | // FIXME: We should reconcile the initialization of viewport arguments between iOS and non-IOS. |
4129 | #if !PLATFORM(IOS_FAMILY) |
4130 | FloatSize viewportSize = page->chrome().pageRect().size(); |
4131 | FloatRect windowRect = page->chrome().windowRect(); |
4132 | if (features.x) |
4133 | windowRect.setX(*features.x); |
4134 | if (features.y) |
4135 | windowRect.setY(*features.y); |
4136 | // Zero width and height mean using default size, not minumum one. |
4137 | if (features.width && *features.width) |
4138 | windowRect.setWidth(*features.width + (windowRect.width() - viewportSize.width())); |
4139 | if (features.height && *features.height) |
4140 | windowRect.setHeight(*features.height + (windowRect.height() - viewportSize.height())); |
4141 | |
4142 | // Ensure non-NaN values, minimum size as well as being within valid screen area. |
4143 | FloatRect newWindowRect = DOMWindow::adjustWindowRect(*page, windowRect); |
4144 | |
4145 | if (!frame->page()) |
4146 | return nullptr; |
4147 | page->chrome().setWindowRect(newWindowRect); |
4148 | #else |
4149 | // On iOS, width and height refer to the viewport dimensions. |
4150 | ViewportArguments arguments; |
4151 | // Zero width and height mean using default size, not minimum one. |
4152 | if (features.width && *features.width) |
4153 | arguments.width = *features.width; |
4154 | if (features.height && *features.height) |
4155 | arguments.height = *features.height; |
4156 | frame->setViewportArguments(arguments); |
4157 | #endif |
4158 | |
4159 | if (!frame->page()) |
4160 | return nullptr; |
4161 | page->chrome().show(); |
4162 | |
4163 | created = true; |
4164 | return frame; |
4165 | } |
4166 | |
4167 | bool FrameLoader::shouldSuppressTextInputFromEditing() const |
4168 | { |
4169 | return m_frame.settings().shouldSuppressTextInputFromEditingDuringProvisionalNavigation() && m_state == FrameStateProvisional; |
4170 | } |
4171 | |
4172 | } // namespace WebCore |
4173 | |