1 | /* |
2 | * Copyright (C) 2009, 2012 Ericsson AB. All rights reserved. |
3 | * Copyright (C) 2010, 2016 Apple Inc. All rights reserved. |
4 | * Copyright (C) 2011, Code Aurora Forum. All rights reserved. |
5 | * |
6 | * Redistribution and use in source and binary forms, with or without |
7 | * modification, are permitted provided that the following conditions |
8 | * are met: |
9 | * |
10 | * 1. Redistributions of source code must retain the above copyright |
11 | * notice, this list of conditions and the following disclaimer. |
12 | * 2. Redistributions in binary form must reproduce the above copyright |
13 | * notice, this list of conditions and the following disclaimer |
14 | * in the documentation and/or other materials provided with the |
15 | * distribution. |
16 | * 3. Neither the name of Ericsson nor the names of its contributors |
17 | * may be used to endorse or promote products derived from this |
18 | * software without specific prior written permission. |
19 | * |
20 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
21 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
22 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
23 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
24 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
25 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
26 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
27 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
28 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
29 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
30 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
31 | */ |
32 | |
33 | #include "config.h" |
34 | #include "EventSource.h" |
35 | |
36 | #include "CachedResourceRequestInitiators.h" |
37 | #include "ContentSecurityPolicy.h" |
38 | #include "EventNames.h" |
39 | #include "MessageEvent.h" |
40 | #include "ResourceError.h" |
41 | #include "ResourceRequest.h" |
42 | #include "ResourceResponse.h" |
43 | #include "ScriptExecutionContext.h" |
44 | #include "SecurityOrigin.h" |
45 | #include "TextResourceDecoder.h" |
46 | #include "ThreadableLoader.h" |
47 | #include <wtf/IsoMallocInlines.h> |
48 | |
49 | namespace WebCore { |
50 | |
51 | WTF_MAKE_ISO_ALLOCATED_IMPL(EventSource); |
52 | |
53 | const uint64_t EventSource::defaultReconnectDelay = 3000; |
54 | |
55 | inline EventSource::EventSource(ScriptExecutionContext& context, const URL& url, const Init& eventSourceInit) |
56 | : ActiveDOMObject(&context) |
57 | , m_url(url) |
58 | , m_withCredentials(eventSourceInit.withCredentials) |
59 | , m_decoder(TextResourceDecoder::create("text/plain"_s , "UTF-8" )) |
60 | , m_connectTimer(*this, &EventSource::connect) |
61 | { |
62 | } |
63 | |
64 | ExceptionOr<Ref<EventSource>> EventSource::create(ScriptExecutionContext& context, const String& url, const Init& eventSourceInit) |
65 | { |
66 | if (url.isEmpty()) |
67 | return Exception { SyntaxError }; |
68 | |
69 | URL fullURL = context.completeURL(url); |
70 | if (!fullURL.isValid()) |
71 | return Exception { SyntaxError }; |
72 | |
73 | // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is resolved. |
74 | if (!context.shouldBypassMainWorldContentSecurityPolicy() && !context.contentSecurityPolicy()->allowConnectToSource(fullURL)) { |
75 | // FIXME: Should this be throwing an exception? |
76 | return Exception { SecurityError }; |
77 | } |
78 | |
79 | auto source = adoptRef(*new EventSource(context, fullURL, eventSourceInit)); |
80 | source->setPendingActivity(source.get()); |
81 | source->scheduleInitialConnect(); |
82 | source->suspendIfNeeded(); |
83 | return source; |
84 | } |
85 | |
86 | EventSource::~EventSource() |
87 | { |
88 | ASSERT(m_state == CLOSED); |
89 | ASSERT(!m_requestInFlight); |
90 | } |
91 | |
92 | void EventSource::connect() |
93 | { |
94 | ASSERT(m_state == CONNECTING); |
95 | ASSERT(!m_requestInFlight); |
96 | |
97 | ResourceRequest request { m_url }; |
98 | request.setHTTPMethod("GET" ); |
99 | request.setHTTPHeaderField(HTTPHeaderName::Accept, "text/event-stream" ); |
100 | request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "no-cache" ); |
101 | if (!m_lastEventId.isEmpty()) |
102 | request.setHTTPHeaderField(HTTPHeaderName::LastEventID, m_lastEventId); |
103 | |
104 | ThreadableLoaderOptions options; |
105 | options.sendLoadCallbacks = SendCallbackPolicy::SendCallbacks; |
106 | options.credentials = m_withCredentials ? FetchOptions::Credentials::Include : FetchOptions::Credentials::SameOrigin; |
107 | options.preflightPolicy = PreflightPolicy::Prevent; |
108 | options.mode = FetchOptions::Mode::Cors; |
109 | options.cache = FetchOptions::Cache::NoStore; |
110 | options.dataBufferingPolicy = DataBufferingPolicy::DoNotBufferData; |
111 | options.contentSecurityPolicyEnforcement = scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective; |
112 | options.initiator = cachedResourceRequestInitiators().eventsource; |
113 | |
114 | ASSERT(scriptExecutionContext()); |
115 | m_loader = ThreadableLoader::create(*scriptExecutionContext(), *this, WTFMove(request), options); |
116 | |
117 | // FIXME: Can we just use m_loader for this, null it out when it's no longer in flight, and eliminate the m_requestInFlight member? |
118 | if (m_loader) |
119 | m_requestInFlight = true; |
120 | } |
121 | |
122 | void EventSource::networkRequestEnded() |
123 | { |
124 | ASSERT(m_requestInFlight); |
125 | |
126 | m_requestInFlight = false; |
127 | |
128 | if (m_state != CLOSED) |
129 | scheduleReconnect(); |
130 | else |
131 | unsetPendingActivity(*this); |
132 | } |
133 | |
134 | void EventSource::scheduleInitialConnect() |
135 | { |
136 | ASSERT(m_state == CONNECTING); |
137 | ASSERT(!m_requestInFlight); |
138 | |
139 | m_connectTimer.startOneShot(0_s); |
140 | } |
141 | |
142 | void EventSource::scheduleReconnect() |
143 | { |
144 | m_state = CONNECTING; |
145 | m_connectTimer.startOneShot(1_ms * m_reconnectDelay); |
146 | dispatchEvent(Event::create(eventNames().errorEvent, Event::CanBubble::No, Event::IsCancelable::No)); |
147 | } |
148 | |
149 | void EventSource::close() |
150 | { |
151 | if (m_state == CLOSED) { |
152 | ASSERT(!m_requestInFlight); |
153 | return; |
154 | } |
155 | |
156 | // Stop trying to connect/reconnect if EventSource was explicitly closed or if ActiveDOMObject::stop() was called. |
157 | if (m_connectTimer.isActive()) |
158 | m_connectTimer.stop(); |
159 | |
160 | if (m_requestInFlight) |
161 | m_loader->cancel(); |
162 | else { |
163 | m_state = CLOSED; |
164 | unsetPendingActivity(*this); |
165 | } |
166 | } |
167 | |
168 | bool EventSource::responseIsValid(const ResourceResponse& response) const |
169 | { |
170 | // Logs to the console as a side effect. |
171 | |
172 | // To keep the signal-to-noise ratio low, we don't log anything if the status code is not 200. |
173 | if (response.httpStatusCode() != 200) |
174 | return false; |
175 | |
176 | if (!equalLettersIgnoringASCIICase(response.mimeType(), "text/event-stream" )) { |
177 | auto message = makeString("EventSource's response has a MIME type (\"" , response.mimeType(), "\") that is not \"text/event-stream\". Aborting the connection." ); |
178 | // FIXME: Console message would be better with a source code location; where would we get that? |
179 | scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, WTFMove(message)); |
180 | return false; |
181 | } |
182 | |
183 | // If we have a charset, the only allowed value is UTF-8 (case-insensitive). |
184 | auto& charset = response.textEncodingName(); |
185 | if (!charset.isEmpty() && !equalLettersIgnoringASCIICase(charset, "utf-8" )) { |
186 | auto message = makeString("EventSource's response has a charset (\"" , charset, "\") that is not UTF-8. Aborting the connection." ); |
187 | // FIXME: Console message would be better with a source code location; where would we get that? |
188 | scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, WTFMove(message)); |
189 | return false; |
190 | } |
191 | |
192 | return true; |
193 | } |
194 | |
195 | void EventSource::didReceiveResponse(unsigned long, const ResourceResponse& response) |
196 | { |
197 | ASSERT(m_state == CONNECTING); |
198 | ASSERT(m_requestInFlight); |
199 | |
200 | if (!responseIsValid(response)) { |
201 | m_loader->cancel(); |
202 | dispatchEvent(Event::create(eventNames().errorEvent, Event::CanBubble::No, Event::IsCancelable::No)); |
203 | return; |
204 | } |
205 | |
206 | m_eventStreamOrigin = SecurityOriginData::fromURL(response.url()).toString(); |
207 | m_state = OPEN; |
208 | dispatchEvent(Event::create(eventNames().openEvent, Event::CanBubble::No, Event::IsCancelable::No)); |
209 | } |
210 | |
211 | void EventSource::didReceiveData(const char* data, int length) |
212 | { |
213 | ASSERT(m_state == OPEN); |
214 | ASSERT(m_requestInFlight); |
215 | |
216 | append(m_receiveBuffer, m_decoder->decode(data, length)); |
217 | parseEventStream(); |
218 | } |
219 | |
220 | void EventSource::didFinishLoading(unsigned long) |
221 | { |
222 | ASSERT(m_state == OPEN); |
223 | ASSERT(m_requestInFlight); |
224 | |
225 | append(m_receiveBuffer, m_decoder->flush()); |
226 | parseEventStream(); |
227 | |
228 | // Discard everything that has not been dispatched by now. |
229 | // FIXME: Why does this need to be done? |
230 | // If this is important, why isn't it important to clear other data members: m_decoder, m_lastEventId, m_loader? |
231 | m_receiveBuffer.clear(); |
232 | m_data.clear(); |
233 | m_eventName = { }; |
234 | m_currentlyParsedEventId = { }; |
235 | |
236 | networkRequestEnded(); |
237 | } |
238 | |
239 | void EventSource::didFail(const ResourceError& error) |
240 | { |
241 | ASSERT(m_state != CLOSED); |
242 | |
243 | if (error.isAccessControl()) { |
244 | abortConnectionAttempt(); |
245 | return; |
246 | } |
247 | |
248 | ASSERT(m_requestInFlight); |
249 | |
250 | if (error.isCancellation()) |
251 | m_state = CLOSED; |
252 | |
253 | // FIXME: Why don't we need to clear data members here as in didFinishLoading? |
254 | |
255 | networkRequestEnded(); |
256 | } |
257 | |
258 | void EventSource::abortConnectionAttempt() |
259 | { |
260 | ASSERT(m_state == CONNECTING); |
261 | |
262 | if (m_requestInFlight) |
263 | m_loader->cancel(); |
264 | else { |
265 | m_state = CLOSED; |
266 | unsetPendingActivity(*this); |
267 | } |
268 | |
269 | ASSERT(m_state == CLOSED); |
270 | dispatchEvent(Event::create(eventNames().errorEvent, Event::CanBubble::No, Event::IsCancelable::No)); |
271 | } |
272 | |
273 | void EventSource::parseEventStream() |
274 | { |
275 | unsigned position = 0; |
276 | unsigned size = m_receiveBuffer.size(); |
277 | while (position < size) { |
278 | if (m_discardTrailingNewline) { |
279 | if (m_receiveBuffer[position] == '\n') |
280 | ++position; |
281 | m_discardTrailingNewline = false; |
282 | } |
283 | |
284 | Optional<unsigned> lineLength; |
285 | Optional<unsigned> fieldLength; |
286 | for (unsigned i = position; !lineLength && i < size; ++i) { |
287 | switch (m_receiveBuffer[i]) { |
288 | case ':': |
289 | if (!fieldLength) |
290 | fieldLength = i - position; |
291 | break; |
292 | case '\r': |
293 | m_discardTrailingNewline = true; |
294 | FALLTHROUGH; |
295 | case '\n': |
296 | lineLength = i - position; |
297 | break; |
298 | } |
299 | } |
300 | |
301 | if (!lineLength) |
302 | break; |
303 | |
304 | parseEventStreamLine(position, fieldLength, lineLength.value()); |
305 | position += lineLength.value() + 1; |
306 | |
307 | // EventSource.close() might've been called by one of the message event handlers. |
308 | // Per spec, no further messages should be fired after that. |
309 | if (m_state == CLOSED) |
310 | break; |
311 | } |
312 | |
313 | // FIXME: The following operation makes it clear that m_receiveBuffer should be some other type, |
314 | // perhaps a Deque or a circular buffer of some sort. |
315 | if (position == size) |
316 | m_receiveBuffer.clear(); |
317 | else if (position) |
318 | m_receiveBuffer.remove(0, position); |
319 | } |
320 | |
321 | void EventSource::parseEventStreamLine(unsigned position, Optional<unsigned> fieldLength, unsigned lineLength) |
322 | { |
323 | if (!lineLength) { |
324 | if (!m_data.isEmpty()) |
325 | dispatchMessageEvent(); |
326 | m_eventName = { }; |
327 | return; |
328 | } |
329 | |
330 | if (fieldLength && !fieldLength.value()) |
331 | return; |
332 | |
333 | StringView field { &m_receiveBuffer[position], fieldLength ? fieldLength.value() : lineLength }; |
334 | |
335 | unsigned step; |
336 | if (!fieldLength) |
337 | step = lineLength; |
338 | else if (m_receiveBuffer[position + fieldLength.value() + 1] != ' ') |
339 | step = fieldLength.value() + 1; |
340 | else |
341 | step = fieldLength.value() + 2; |
342 | position += step; |
343 | unsigned valueLength = lineLength - step; |
344 | |
345 | if (field == "data" ) { |
346 | m_data.append(&m_receiveBuffer[position], valueLength); |
347 | m_data.append('\n'); |
348 | } else if (field == "event" ) |
349 | m_eventName = { &m_receiveBuffer[position], valueLength }; |
350 | else if (field == "id" ) { |
351 | StringView parsedEventId = { &m_receiveBuffer[position], valueLength }; |
352 | if (!parsedEventId.contains('\0')) |
353 | m_currentlyParsedEventId = parsedEventId.toString(); |
354 | } else if (field == "retry" ) { |
355 | if (!valueLength) |
356 | m_reconnectDelay = defaultReconnectDelay; |
357 | else { |
358 | // FIXME: Do we really want to ignore trailing garbage here? Should we be using the strict version instead? |
359 | // FIXME: If we can't parse the value, should we leave m_reconnectDelay alone or set it to defaultReconnectDelay? |
360 | bool ok; |
361 | auto reconnectDelay = charactersToUInt64(&m_receiveBuffer[position], valueLength, &ok); |
362 | if (ok) |
363 | m_reconnectDelay = reconnectDelay; |
364 | } |
365 | } |
366 | } |
367 | |
368 | void EventSource::stop() |
369 | { |
370 | close(); |
371 | } |
372 | |
373 | const char* EventSource::activeDOMObjectName() const |
374 | { |
375 | return "EventSource" ; |
376 | } |
377 | |
378 | bool EventSource::canSuspendForDocumentSuspension() const |
379 | { |
380 | // FIXME: We should return true here when we can because this object is not actually currently active. |
381 | return false; |
382 | } |
383 | |
384 | void EventSource::dispatchMessageEvent() |
385 | { |
386 | if (!m_currentlyParsedEventId.isNull()) |
387 | m_lastEventId = WTFMove(m_currentlyParsedEventId); |
388 | |
389 | auto& name = m_eventName.isEmpty() ? eventNames().messageEvent : m_eventName; |
390 | |
391 | // Omit the trailing "\n" character. |
392 | ASSERT(!m_data.isEmpty()); |
393 | unsigned size = m_data.size() - 1; |
394 | auto data = SerializedScriptValue::create({ m_data.data(), size }); |
395 | RELEASE_ASSERT(data); |
396 | m_data = { }; |
397 | |
398 | dispatchEvent(MessageEvent::create(name, data.releaseNonNull(), m_eventStreamOrigin, m_lastEventId)); |
399 | } |
400 | |
401 | } // namespace WebCore |
402 | |