1/*
2 * Copyright (C) 2009, 2012 Ericsson AB. All rights reserved.
3 * Copyright (C) 2010, 2016 Apple Inc. All rights reserved.
4 * Copyright (C) 2011, Code Aurora Forum. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer
14 * in the documentation and/or other materials provided with the
15 * distribution.
16 * 3. Neither the name of Ericsson nor the names of its contributors
17 * may be used to endorse or promote products derived from this
18 * software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33#include "config.h"
34#include "EventSource.h"
35
36#include "CachedResourceRequestInitiators.h"
37#include "ContentSecurityPolicy.h"
38#include "EventNames.h"
39#include "MessageEvent.h"
40#include "ResourceError.h"
41#include "ResourceRequest.h"
42#include "ResourceResponse.h"
43#include "ScriptExecutionContext.h"
44#include "SecurityOrigin.h"
45#include "TextResourceDecoder.h"
46#include "ThreadableLoader.h"
47#include <wtf/IsoMallocInlines.h>
48
49namespace WebCore {
50
51WTF_MAKE_ISO_ALLOCATED_IMPL(EventSource);
52
53const uint64_t EventSource::defaultReconnectDelay = 3000;
54
55inline EventSource::EventSource(ScriptExecutionContext& context, const URL& url, const Init& eventSourceInit)
56 : ActiveDOMObject(&context)
57 , m_url(url)
58 , m_withCredentials(eventSourceInit.withCredentials)
59 , m_decoder(TextResourceDecoder::create("text/plain"_s, "UTF-8"))
60 , m_connectTimer(*this, &EventSource::connect)
61{
62}
63
64ExceptionOr<Ref<EventSource>> EventSource::create(ScriptExecutionContext& context, const String& url, const Init& eventSourceInit)
65{
66 if (url.isEmpty())
67 return Exception { SyntaxError };
68
69 URL fullURL = context.completeURL(url);
70 if (!fullURL.isValid())
71 return Exception { SyntaxError };
72
73 // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is resolved.
74 if (!context.shouldBypassMainWorldContentSecurityPolicy() && !context.contentSecurityPolicy()->allowConnectToSource(fullURL)) {
75 // FIXME: Should this be throwing an exception?
76 return Exception { SecurityError };
77 }
78
79 auto source = adoptRef(*new EventSource(context, fullURL, eventSourceInit));
80 source->setPendingActivity(source.get());
81 source->scheduleInitialConnect();
82 source->suspendIfNeeded();
83 return source;
84}
85
86EventSource::~EventSource()
87{
88 ASSERT(m_state == CLOSED);
89 ASSERT(!m_requestInFlight);
90}
91
92void EventSource::connect()
93{
94 ASSERT(m_state == CONNECTING);
95 ASSERT(!m_requestInFlight);
96
97 ResourceRequest request { m_url };
98 request.setHTTPMethod("GET");
99 request.setHTTPHeaderField(HTTPHeaderName::Accept, "text/event-stream");
100 request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "no-cache");
101 if (!m_lastEventId.isEmpty())
102 request.setHTTPHeaderField(HTTPHeaderName::LastEventID, m_lastEventId);
103
104 ThreadableLoaderOptions options;
105 options.sendLoadCallbacks = SendCallbackPolicy::SendCallbacks;
106 options.credentials = m_withCredentials ? FetchOptions::Credentials::Include : FetchOptions::Credentials::SameOrigin;
107 options.preflightPolicy = PreflightPolicy::Prevent;
108 options.mode = FetchOptions::Mode::Cors;
109 options.cache = FetchOptions::Cache::NoStore;
110 options.dataBufferingPolicy = DataBufferingPolicy::DoNotBufferData;
111 options.contentSecurityPolicyEnforcement = scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective;
112 options.initiator = cachedResourceRequestInitiators().eventsource;
113
114 ASSERT(scriptExecutionContext());
115 m_loader = ThreadableLoader::create(*scriptExecutionContext(), *this, WTFMove(request), options);
116
117 // FIXME: Can we just use m_loader for this, null it out when it's no longer in flight, and eliminate the m_requestInFlight member?
118 if (m_loader)
119 m_requestInFlight = true;
120}
121
122void EventSource::networkRequestEnded()
123{
124 ASSERT(m_requestInFlight);
125
126 m_requestInFlight = false;
127
128 if (m_state != CLOSED)
129 scheduleReconnect();
130 else
131 unsetPendingActivity(*this);
132}
133
134void EventSource::scheduleInitialConnect()
135{
136 ASSERT(m_state == CONNECTING);
137 ASSERT(!m_requestInFlight);
138
139 m_connectTimer.startOneShot(0_s);
140}
141
142void EventSource::scheduleReconnect()
143{
144 m_state = CONNECTING;
145 m_connectTimer.startOneShot(1_ms * m_reconnectDelay);
146 dispatchEvent(Event::create(eventNames().errorEvent, Event::CanBubble::No, Event::IsCancelable::No));
147}
148
149void EventSource::close()
150{
151 if (m_state == CLOSED) {
152 ASSERT(!m_requestInFlight);
153 return;
154 }
155
156 // Stop trying to connect/reconnect if EventSource was explicitly closed or if ActiveDOMObject::stop() was called.
157 if (m_connectTimer.isActive())
158 m_connectTimer.stop();
159
160 if (m_requestInFlight)
161 m_loader->cancel();
162 else {
163 m_state = CLOSED;
164 unsetPendingActivity(*this);
165 }
166}
167
168bool EventSource::responseIsValid(const ResourceResponse& response) const
169{
170 // Logs to the console as a side effect.
171
172 // To keep the signal-to-noise ratio low, we don't log anything if the status code is not 200.
173 if (response.httpStatusCode() != 200)
174 return false;
175
176 if (!equalLettersIgnoringASCIICase(response.mimeType(), "text/event-stream")) {
177 auto message = makeString("EventSource's response has a MIME type (\"", response.mimeType(), "\") that is not \"text/event-stream\". Aborting the connection.");
178 // FIXME: Console message would be better with a source code location; where would we get that?
179 scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, WTFMove(message));
180 return false;
181 }
182
183 // If we have a charset, the only allowed value is UTF-8 (case-insensitive).
184 auto& charset = response.textEncodingName();
185 if (!charset.isEmpty() && !equalLettersIgnoringASCIICase(charset, "utf-8")) {
186 auto message = makeString("EventSource's response has a charset (\"", charset, "\") that is not UTF-8. Aborting the connection.");
187 // FIXME: Console message would be better with a source code location; where would we get that?
188 scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, WTFMove(message));
189 return false;
190 }
191
192 return true;
193}
194
195void EventSource::didReceiveResponse(unsigned long, const ResourceResponse& response)
196{
197 ASSERT(m_state == CONNECTING);
198 ASSERT(m_requestInFlight);
199
200 if (!responseIsValid(response)) {
201 m_loader->cancel();
202 dispatchEvent(Event::create(eventNames().errorEvent, Event::CanBubble::No, Event::IsCancelable::No));
203 return;
204 }
205
206 m_eventStreamOrigin = SecurityOriginData::fromURL(response.url()).toString();
207 m_state = OPEN;
208 dispatchEvent(Event::create(eventNames().openEvent, Event::CanBubble::No, Event::IsCancelable::No));
209}
210
211void EventSource::didReceiveData(const char* data, int length)
212{
213 ASSERT(m_state == OPEN);
214 ASSERT(m_requestInFlight);
215
216 append(m_receiveBuffer, m_decoder->decode(data, length));
217 parseEventStream();
218}
219
220void EventSource::didFinishLoading(unsigned long)
221{
222 ASSERT(m_state == OPEN);
223 ASSERT(m_requestInFlight);
224
225 append(m_receiveBuffer, m_decoder->flush());
226 parseEventStream();
227
228 // Discard everything that has not been dispatched by now.
229 // FIXME: Why does this need to be done?
230 // If this is important, why isn't it important to clear other data members: m_decoder, m_lastEventId, m_loader?
231 m_receiveBuffer.clear();
232 m_data.clear();
233 m_eventName = { };
234 m_currentlyParsedEventId = { };
235
236 networkRequestEnded();
237}
238
239void EventSource::didFail(const ResourceError& error)
240{
241 ASSERT(m_state != CLOSED);
242
243 if (error.isAccessControl()) {
244 abortConnectionAttempt();
245 return;
246 }
247
248 ASSERT(m_requestInFlight);
249
250 if (error.isCancellation())
251 m_state = CLOSED;
252
253 // FIXME: Why don't we need to clear data members here as in didFinishLoading?
254
255 networkRequestEnded();
256}
257
258void EventSource::abortConnectionAttempt()
259{
260 ASSERT(m_state == CONNECTING);
261
262 if (m_requestInFlight)
263 m_loader->cancel();
264 else {
265 m_state = CLOSED;
266 unsetPendingActivity(*this);
267 }
268
269 ASSERT(m_state == CLOSED);
270 dispatchEvent(Event::create(eventNames().errorEvent, Event::CanBubble::No, Event::IsCancelable::No));
271}
272
273void EventSource::parseEventStream()
274{
275 unsigned position = 0;
276 unsigned size = m_receiveBuffer.size();
277 while (position < size) {
278 if (m_discardTrailingNewline) {
279 if (m_receiveBuffer[position] == '\n')
280 ++position;
281 m_discardTrailingNewline = false;
282 }
283
284 Optional<unsigned> lineLength;
285 Optional<unsigned> fieldLength;
286 for (unsigned i = position; !lineLength && i < size; ++i) {
287 switch (m_receiveBuffer[i]) {
288 case ':':
289 if (!fieldLength)
290 fieldLength = i - position;
291 break;
292 case '\r':
293 m_discardTrailingNewline = true;
294 FALLTHROUGH;
295 case '\n':
296 lineLength = i - position;
297 break;
298 }
299 }
300
301 if (!lineLength)
302 break;
303
304 parseEventStreamLine(position, fieldLength, lineLength.value());
305 position += lineLength.value() + 1;
306
307 // EventSource.close() might've been called by one of the message event handlers.
308 // Per spec, no further messages should be fired after that.
309 if (m_state == CLOSED)
310 break;
311 }
312
313 // FIXME: The following operation makes it clear that m_receiveBuffer should be some other type,
314 // perhaps a Deque or a circular buffer of some sort.
315 if (position == size)
316 m_receiveBuffer.clear();
317 else if (position)
318 m_receiveBuffer.remove(0, position);
319}
320
321void EventSource::parseEventStreamLine(unsigned position, Optional<unsigned> fieldLength, unsigned lineLength)
322{
323 if (!lineLength) {
324 if (!m_data.isEmpty())
325 dispatchMessageEvent();
326 m_eventName = { };
327 return;
328 }
329
330 if (fieldLength && !fieldLength.value())
331 return;
332
333 StringView field { &m_receiveBuffer[position], fieldLength ? fieldLength.value() : lineLength };
334
335 unsigned step;
336 if (!fieldLength)
337 step = lineLength;
338 else if (m_receiveBuffer[position + fieldLength.value() + 1] != ' ')
339 step = fieldLength.value() + 1;
340 else
341 step = fieldLength.value() + 2;
342 position += step;
343 unsigned valueLength = lineLength - step;
344
345 if (field == "data") {
346 m_data.append(&m_receiveBuffer[position], valueLength);
347 m_data.append('\n');
348 } else if (field == "event")
349 m_eventName = { &m_receiveBuffer[position], valueLength };
350 else if (field == "id") {
351 StringView parsedEventId = { &m_receiveBuffer[position], valueLength };
352 if (!parsedEventId.contains('\0'))
353 m_currentlyParsedEventId = parsedEventId.toString();
354 } else if (field == "retry") {
355 if (!valueLength)
356 m_reconnectDelay = defaultReconnectDelay;
357 else {
358 // FIXME: Do we really want to ignore trailing garbage here? Should we be using the strict version instead?
359 // FIXME: If we can't parse the value, should we leave m_reconnectDelay alone or set it to defaultReconnectDelay?
360 bool ok;
361 auto reconnectDelay = charactersToUInt64(&m_receiveBuffer[position], valueLength, &ok);
362 if (ok)
363 m_reconnectDelay = reconnectDelay;
364 }
365 }
366}
367
368void EventSource::stop()
369{
370 close();
371}
372
373const char* EventSource::activeDOMObjectName() const
374{
375 return "EventSource";
376}
377
378bool EventSource::canSuspendForDocumentSuspension() const
379{
380 // FIXME: We should return true here when we can because this object is not actually currently active.
381 return false;
382}
383
384void EventSource::dispatchMessageEvent()
385{
386 if (!m_currentlyParsedEventId.isNull())
387 m_lastEventId = WTFMove(m_currentlyParsedEventId);
388
389 auto& name = m_eventName.isEmpty() ? eventNames().messageEvent : m_eventName;
390
391 // Omit the trailing "\n" character.
392 ASSERT(!m_data.isEmpty());
393 unsigned size = m_data.size() - 1;
394 auto data = SerializedScriptValue::create({ m_data.data(), size });
395 RELEASE_ASSERT(data);
396 m_data = { };
397
398 dispatchEvent(MessageEvent::create(name, data.releaseNonNull(), m_eventStreamOrigin, m_lastEventId));
399}
400
401} // namespace WebCore
402