search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1882465 - Update .hg-annotate-ignore-revs and .git-blame-ignore-revs to reflect...
[gecko.git] / dom / fetch / InternalHeaders.cpp
blob6a6c3c230095324c27f20bf08d59ab7cffffb53a
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "mozilla/dom/InternalHeaders.h"
8
9 #include "FetchUtil.h"
10 #include "mozilla/dom/FetchTypes.h"
11 #include "mozilla/ErrorResult.h"
12
13 #include "nsCharSeparatedTokenizer.h"
14 #include "nsContentUtils.h"
15 #include "nsIHttpChannel.h"
16 #include "nsIHttpHeaderVisitor.h"
17 #include "nsNetUtil.h"
18 #include "nsReadableUtils.h"
19
20 namespace mozilla::dom {
21
22 InternalHeaders::InternalHeaders(nsTArray<Entry>&& aHeaders,
23 HeadersGuardEnum aGuard)
24 : mGuard(aGuard), mList(std::move(aHeaders)), mListDirty(true) {}
25
26 InternalHeaders::InternalHeaders(
27 const nsTArray<HeadersEntry>& aHeadersEntryList, HeadersGuardEnum aGuard)
28 : mGuard(aGuard), mListDirty(true) {
29 for (const HeadersEntry& headersEntry : aHeadersEntryList) {
30 mList.AppendElement(Entry(headersEntry.name(), headersEntry.value()));
31 }
32 }
33
34 void InternalHeaders::ToIPC(nsTArray<HeadersEntry>& aIPCHeaders,
35 HeadersGuardEnum& aGuard) {
36 aGuard = mGuard;
37
38 aIPCHeaders.Clear();
39 for (Entry& entry : mList) {
40 aIPCHeaders.AppendElement(HeadersEntry(entry.mName, entry.mValue));
41 }
42 }
43
44 bool InternalHeaders::IsValidHeaderValue(const nsCString& aLowerName,
45 const nsCString& aNormalizedValue,
46 ErrorResult& aRv) {
47 // Steps 2 to 6 for ::Set() and ::Append() in the spec.
48
49 // Step 2
50 if (IsInvalidName(aLowerName, aRv) || IsInvalidValue(aNormalizedValue, aRv)) {
51 return false;
52 }
53
54 // Step 3
55 if (IsImmutable(aRv)) {
56 return false;
57 }
58
59 // Step 4
60 if (mGuard == HeadersGuardEnum::Request) {
61 if (IsForbiddenRequestHeader(aLowerName, aNormalizedValue)) {
62 return false;
63 }
64 }
65 // Step 5
66 if (mGuard == HeadersGuardEnum::Request_no_cors) {
67 nsAutoCString tempValue;
68 Get(aLowerName, tempValue, aRv);
69
70 if (tempValue.IsVoid()) {
71 tempValue = aNormalizedValue;
72 } else {
73 tempValue.Append(", ");
74 tempValue.Append(aNormalizedValue);
75 }
76
77 if (!nsContentUtils::IsCORSSafelistedRequestHeader(aLowerName, tempValue)) {
78 return false;
79 }
80 }
81
82 // Step 6
83 else if (IsForbiddenResponseHeader(aLowerName)) {
84 return false;
85 }
86
87 return true;
88 }
89
90 void InternalHeaders::Append(const nsACString& aName, const nsACString& aValue,
91 ErrorResult& aRv) {
92 // Step 1
93 nsAutoCString trimValue;
94 NS_TrimHTTPWhitespace(aValue, trimValue);
95
96 // Steps 2 to 6
97 nsAutoCString lowerName;
98 ToLowerCase(aName, lowerName);
99 if (!IsValidHeaderValue(lowerName, trimValue, aRv)) {
100 return;
101 }
102
103 // Step 7
104 nsAutoCString name(aName);
105 ReuseExistingNameIfExists(name);
106 SetListDirty();
107 mList.AppendElement(Entry(name, trimValue));
108
109 // Step 8
110 if (mGuard == HeadersGuardEnum::Request_no_cors) {
111 RemovePrivilegedNoCorsRequestHeaders();
112 }
113 }
114
115 void InternalHeaders::RemovePrivilegedNoCorsRequestHeaders() {
116 bool dirty = false;
117
118 // remove in reverse order to minimize copying
119 for (int32_t i = mList.Length() - 1; i >= 0; --i) {
120 if (IsPrivilegedNoCorsRequestHeaderName(mList[i].mName)) {
121 mList.RemoveElementAt(i);
122 dirty = true;
123 }
124 }
125
126 if (dirty) {
127 SetListDirty();
128 }
129 }
130
131 bool InternalHeaders::DeleteInternal(const nsCString& aLowerName,
132 ErrorResult& aRv) {
133 bool dirty = false;
134
135 // remove in reverse order to minimize copying
136 for (int32_t i = mList.Length() - 1; i >= 0; --i) {
137 if (mList[i].mName.EqualsIgnoreCase(aLowerName.get())) {
138 mList.RemoveElementAt(i);
139 dirty = true;
140 }
141 }
142
143 if (dirty) {
144 SetListDirty();
145 }
146
147 return dirty;
148 }
149
150 void InternalHeaders::Delete(const nsACString& aName, ErrorResult& aRv) {
151 // See https://fetch.spec.whatwg.org/#dom-headers-delete
152 nsAutoCString lowerName;
153 ToLowerCase(aName, lowerName);
154
155 // Step 1
156 if (IsInvalidName(lowerName, aRv)) {
157 return;
158 }
159
160 if (IsImmutable(aRv)) {
161 return;
162 }
163
164 nsAutoCString value;
165 GetInternal(lowerName, value, aRv);
166 if (IsForbiddenRequestHeader(lowerName, value)) {
167 return;
168 }
169
170 // Step 2
171 if (mGuard == HeadersGuardEnum::Request_no_cors &&
172 !IsNoCorsSafelistedRequestHeaderName(lowerName) &&
173 !IsPrivilegedNoCorsRequestHeaderName(lowerName)) {
174 return;
175 }
176
177 if (IsForbiddenResponseHeader(lowerName)) {
178 return;
179 }
180
181 // Steps 3, 4, and 5
182 if (!DeleteInternal(lowerName, aRv)) {
183 return;
184 }
185
186 // Step 6
187 if (mGuard == HeadersGuardEnum::Request_no_cors) {
188 RemovePrivilegedNoCorsRequestHeaders();
189 }
190 }
191
192 void InternalHeaders::Get(const nsACString& aName, nsACString& aValue,
193 ErrorResult& aRv) const {
194 nsAutoCString lowerName;
195 ToLowerCase(aName, lowerName);
196
197 if (IsInvalidName(lowerName, aRv)) {
198 return;
199 }
200
201 GetInternal(lowerName, aValue, aRv);
202 }
203
204 void InternalHeaders::GetInternal(const nsCString& aLowerName,
205 nsACString& aValue, ErrorResult& aRv) const {
206 const char* delimiter = ", ";
207 bool firstValueFound = false;
208
209 for (uint32_t i = 0; i < mList.Length(); ++i) {
210 if (mList[i].mName.EqualsIgnoreCase(aLowerName.get())) {
211 if (firstValueFound) {
212 aValue += delimiter;
213 }
214 aValue += mList[i].mValue;
215 firstValueFound = true;
216 }
217 }
218
219 // No value found, so return null to content
220 if (!firstValueFound) {
221 aValue.SetIsVoid(true);
222 }
223 }
224
225 void InternalHeaders::GetSetCookie(nsTArray<nsCString>& aValues) const {
226 for (uint32_t i = 0; i < mList.Length(); ++i) {
227 if (mList[i].mName.EqualsIgnoreCase("Set-Cookie")) {
228 aValues.AppendElement(mList[i].mValue);
229 }
230 }
231 }
232
233 void InternalHeaders::GetFirst(const nsACString& aName, nsACString& aValue,
234 ErrorResult& aRv) const {
235 nsAutoCString lowerName;
236 ToLowerCase(aName, lowerName);
237
238 if (IsInvalidName(lowerName, aRv)) {
239 return;
240 }
241
242 for (uint32_t i = 0; i < mList.Length(); ++i) {
243 if (mList[i].mName.EqualsIgnoreCase(lowerName.get())) {
244 aValue = mList[i].mValue;
245 return;
246 }
247 }
248
249 // No value found, so return null to content
250 aValue.SetIsVoid(true);
251 }
252
253 bool InternalHeaders::Has(const nsACString& aName, ErrorResult& aRv) const {
254 nsAutoCString lowerName;
255 ToLowerCase(aName, lowerName);
256
257 if (IsInvalidName(lowerName, aRv)) {
258 return false;
259 }
260
261 for (uint32_t i = 0; i < mList.Length(); ++i) {
262 if (mList[i].mName.EqualsIgnoreCase(lowerName.get())) {
263 return true;
264 }
265 }
266 return false;
267 }
268
269 void InternalHeaders::Set(const nsACString& aName, const nsACString& aValue,
270 ErrorResult& aRv) {
271 // Step 1
272 nsAutoCString trimValue;
273 NS_TrimHTTPWhitespace(aValue, trimValue);
274
275 // Steps 2 to 6
276 nsAutoCString lowerName;
277 ToLowerCase(aName, lowerName);
278 if (!IsValidHeaderValue(lowerName, trimValue, aRv)) {
279 return;
280 }
281
282 // Step 7
283 SetListDirty();
284
285 int32_t firstIndex = INT32_MAX;
286
287 // remove in reverse order to minimize copying
288 for (int32_t i = mList.Length() - 1; i >= 0; --i) {
289 if (mList[i].mName.EqualsIgnoreCase(lowerName.get())) {
290 firstIndex = std::min(firstIndex, i);
291 mList.RemoveElementAt(i);
292 }
293 }
294
295 if (firstIndex < INT32_MAX) {
296 Entry* entry = mList.InsertElementAt(firstIndex);
297 entry->mName = aName;
298 entry->mValue = trimValue;
299 } else {
300 mList.AppendElement(Entry(aName, trimValue));
301 }
302
303 // Step 8
304 if (mGuard == HeadersGuardEnum::Request_no_cors) {
305 RemovePrivilegedNoCorsRequestHeaders();
306 }
307 }
308
309 void InternalHeaders::Clear() {
310 SetListDirty();
311 mList.Clear();
312 }
313
314 void InternalHeaders::SetGuard(HeadersGuardEnum aGuard, ErrorResult& aRv) {
315 // The guard is only checked during ::Set() and ::Append() in the spec. It
316 // does not require revalidating headers already set.
317 mGuard = aGuard;
318 }
319
320 InternalHeaders::~InternalHeaders() = default;
321
322 // static
323 bool InternalHeaders::IsNoCorsSafelistedRequestHeaderName(
324 const nsCString& aName) {
325 return aName.EqualsIgnoreCase("accept") ||
326 aName.EqualsIgnoreCase("accept-language") ||
327 aName.EqualsIgnoreCase("content-language") ||
328 aName.EqualsIgnoreCase("content-type");
329 }
330
331 // static
332 bool InternalHeaders::IsPrivilegedNoCorsRequestHeaderName(
333 const nsCString& aName) {
334 return aName.EqualsIgnoreCase("range");
335 }
336
337 // static
338 bool InternalHeaders::IsRevalidationHeader(const nsCString& aName) {
339 return aName.EqualsIgnoreCase("if-modified-since") ||
340 aName.EqualsIgnoreCase("if-none-match") ||
341 aName.EqualsIgnoreCase("if-unmodified-since") ||
342 aName.EqualsIgnoreCase("if-match") ||
343 aName.EqualsIgnoreCase("if-range");
344 }
345
346 // static
347 bool InternalHeaders::IsInvalidName(const nsACString& aName, ErrorResult& aRv) {
348 if (!NS_IsValidHTTPToken(aName)) {
349 aRv.ThrowTypeError<MSG_INVALID_HEADER_NAME>(aName);
350 return true;
351 }
352
353 return false;
354 }
355
356 // static
357 bool InternalHeaders::IsInvalidValue(const nsACString& aValue,
358 ErrorResult& aRv) {
359 if (!NS_IsReasonableHTTPHeaderValue(aValue)) {
360 aRv.ThrowTypeError<MSG_INVALID_HEADER_VALUE>(aValue);
361 return true;
362 }
363 return false;
364 }
365
366 bool InternalHeaders::IsImmutable(ErrorResult& aRv) const {
367 if (mGuard == HeadersGuardEnum::Immutable) {
368 aRv.ThrowTypeError("Headers are immutable and cannot be modified.");
369 return true;
370 }
371 return false;
372 }
373
374 bool InternalHeaders::IsForbiddenRequestHeader(const nsCString& aName,
375 const nsACString& aValue) const {
376 return mGuard == HeadersGuardEnum::Request &&
377 nsContentUtils::IsForbiddenRequestHeader(aName, aValue);
378 }
379
380 bool InternalHeaders::IsForbiddenRequestNoCorsHeader(
381 const nsCString& aName) const {
382 return mGuard == HeadersGuardEnum::Request_no_cors &&
383 !nsContentUtils::IsCORSSafelistedRequestHeader(aName, ""_ns);
384 }
385
386 bool InternalHeaders::IsForbiddenRequestNoCorsHeader(
387 const nsCString& aName, const nsACString& aValue) const {
388 return mGuard == HeadersGuardEnum::Request_no_cors &&
389 !nsContentUtils::IsCORSSafelistedRequestHeader(aName, aValue);
390 }
391
392 bool InternalHeaders::IsForbiddenResponseHeader(const nsCString& aName) const {
393 return mGuard == HeadersGuardEnum::Response &&
394 nsContentUtils::IsForbiddenResponseHeader(aName);
395 }
396
397 void InternalHeaders::Fill(const InternalHeaders& aInit, ErrorResult& aRv) {
398 const nsTArray<Entry>& list = aInit.mList;
399 for (uint32_t i = 0; i < list.Length() && !aRv.Failed(); ++i) {
400 const Entry& entry = list[i];
401 Append(entry.mName, entry.mValue, aRv);
402 }
403 }
404
405 void InternalHeaders::Fill(const Sequence<Sequence<nsCString>>& aInit,
406 ErrorResult& aRv) {
407 for (uint32_t i = 0; i < aInit.Length() && !aRv.Failed(); ++i) {
408 const Sequence<nsCString>& tuple = aInit[i];
409 if (tuple.Length() != 2) {
410 aRv.ThrowTypeError(
411 "Headers require name/value tuples when being initialized by a "
412 "sequence.");
413 return;
414 }
415 Append(tuple[0], tuple[1], aRv);
416 }
417 }
418
419 void InternalHeaders::Fill(const Record<nsCString, nsCString>& aInit,
420 ErrorResult& aRv) {
421 for (auto& entry : aInit.Entries()) {
422 Append(entry.mKey, entry.mValue, aRv);
423 if (aRv.Failed()) {
424 return;
425 }
426 }
427 }
428
429 namespace {
430
431 class FillHeaders final : public nsIHttpHeaderVisitor {
432 RefPtr<InternalHeaders> mInternalHeaders;
433
434 ~FillHeaders() = default;
435
436 public:
437 NS_DECL_ISUPPORTS
438
439 explicit FillHeaders(InternalHeaders* aInternalHeaders)
440 : mInternalHeaders(aInternalHeaders) {
441 MOZ_DIAGNOSTIC_ASSERT(mInternalHeaders);
442 }
443
444 NS_IMETHOD
445 VisitHeader(const nsACString& aHeader, const nsACString& aValue) override {
446 mInternalHeaders->Append(aHeader, aValue, IgnoreErrors());
447 return NS_OK;
448 }
449 };
450
451 NS_IMPL_ISUPPORTS(FillHeaders, nsIHttpHeaderVisitor)
452
453 } // namespace
454
455 void InternalHeaders::FillResponseHeaders(nsIRequest* aRequest) {
456 nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aRequest);
457 if (!httpChannel) {
458 return;
459 }
460
461 RefPtr<FillHeaders> visitor = new FillHeaders(this);
462 nsresult rv = httpChannel->VisitResponseHeaders(visitor);
463 if (NS_FAILED(rv)) {
464 NS_WARNING("failed to fill headers");
465 }
466 }
467
468 bool InternalHeaders::HasOnlySimpleHeaders() const {
469 for (uint32_t i = 0; i < mList.Length(); ++i) {
470 if (!nsContentUtils::IsCORSSafelistedRequestHeader(mList[i].mName,
471 mList[i].mValue)) {
472 return false;
473 }
474 }
475
476 return true;
477 }
478
479 bool InternalHeaders::HasRevalidationHeaders() const {
480 for (uint32_t i = 0; i < mList.Length(); ++i) {
481 if (IsRevalidationHeader(mList[i].mName)) {
482 return true;
483 }
484 }
485
486 return false;
487 }
488
489 // static
490 already_AddRefed<InternalHeaders> InternalHeaders::BasicHeaders(
491 InternalHeaders* aHeaders) {
492 RefPtr<InternalHeaders> basic = new InternalHeaders(*aHeaders);
493 ErrorResult result;
494 // The Set-Cookie headers cannot be invalid mutable headers, so the Delete
495 // must succeed.
496 basic->Delete("Set-Cookie"_ns, result);
497 MOZ_ASSERT(!result.Failed());
498 basic->Delete("Set-Cookie2"_ns, result);
499 MOZ_ASSERT(!result.Failed());
500 return basic.forget();
501 }
502
503 // static
504 already_AddRefed<InternalHeaders> InternalHeaders::CORSHeaders(
505 InternalHeaders* aHeaders, RequestCredentials aCredentialsMode) {
506 RefPtr<InternalHeaders> cors = new InternalHeaders(aHeaders->mGuard);
507 ErrorResult result;
508
509 nsAutoCString acExposedNames;
510 aHeaders->Get("Access-Control-Expose-Headers"_ns, acExposedNames, result);
511 MOZ_ASSERT(!result.Failed());
512
513 bool allowAllHeaders = false;
514 AutoTArray<nsCString, 5> exposeNamesArray;
515 for (const nsACString& token :
516 nsCCharSeparatedTokenizer(acExposedNames, ',').ToRange()) {
517 if (token.IsEmpty()) {
518 continue;
519 }
520
521 if (!NS_IsValidHTTPToken(token)) {
522 NS_WARNING(
523 "Got invalid HTTP token in Access-Control-Expose-Headers. Header "
524 "value is:");
525 NS_WARNING(acExposedNames.get());
526 exposeNamesArray.Clear();
527 break;
528 }
529
530 if (token.EqualsLiteral("*") &&
531 aCredentialsMode != RequestCredentials::Include) {
532 allowAllHeaders = true;
533 }
534
535 exposeNamesArray.AppendElement(token);
536 }
537
538 nsCaseInsensitiveCStringArrayComparator comp;
539 for (uint32_t i = 0; i < aHeaders->mList.Length(); ++i) {
540 const Entry& entry = aHeaders->mList[i];
541 if (allowAllHeaders) {
542 cors->Append(entry.mName, entry.mValue, result);
543 MOZ_ASSERT(!result.Failed());
544 } else if (entry.mName.EqualsIgnoreCase("cache-control") ||
545 entry.mName.EqualsIgnoreCase("content-language") ||
546 entry.mName.EqualsIgnoreCase("content-type") ||
547 entry.mName.EqualsIgnoreCase("content-length") ||
548 entry.mName.EqualsIgnoreCase("expires") ||
549 entry.mName.EqualsIgnoreCase("last-modified") ||
550 entry.mName.EqualsIgnoreCase("pragma") ||
551 exposeNamesArray.Contains(entry.mName, comp)) {
552 cors->Append(entry.mName, entry.mValue, result);
553 MOZ_ASSERT(!result.Failed());
554 }
555 }
556
557 return cors.forget();
558 }
559
560 void InternalHeaders::GetEntries(
561 nsTArray<InternalHeaders::Entry>& aEntries) const {
562 MOZ_ASSERT(aEntries.IsEmpty());
563 aEntries.AppendElements(mList);
564 }
565
566 void InternalHeaders::GetUnsafeHeaders(nsTArray<nsCString>& aNames) const {
567 MOZ_ASSERT(aNames.IsEmpty());
568 for (uint32_t i = 0; i < mList.Length(); ++i) {
569 const Entry& header = mList[i];
570 if (!nsContentUtils::IsCORSSafelistedRequestHeader(header.mName,
571 header.mValue)) {
572 aNames.AppendElement(header.mName);
573 }
574 }
575 }
576
577 void InternalHeaders::MaybeSortList() {
578 class Comparator {
579 public:
580 bool Equals(const Entry& aA, const Entry& aB) const {
581 return aA.mName == aB.mName;
582 }
583
584 bool LessThan(const Entry& aA, const Entry& aB) const {
585 return aA.mName < aB.mName;
586 }
587 };
588
589 if (!mListDirty) {
590 return;
591 }
592
593 mListDirty = false;
594
595 Comparator comparator;
596
597 mSortedList.Clear();
598 for (const Entry& entry : mList) {
599 bool found = false;
600
601 // We combine every header but Set-Cookie.
602 if (!entry.mName.EqualsIgnoreCase("Set-Cookie")) {
603 for (Entry& sortedEntry : mSortedList) {
604 if (sortedEntry.mName.EqualsIgnoreCase(entry.mName.get())) {
605 sortedEntry.mValue += ", ";
606 sortedEntry.mValue += entry.mValue;
607 found = true;
608 break;
609 }
610 }
611 }
612
613 if (!found) {
614 Entry newEntry = entry;
615 ToLowerCase(newEntry.mName);
616 mSortedList.InsertElementSorted(newEntry, comparator);
617 }
618 }
619 }
620
621 void InternalHeaders::SetListDirty() {
622 mSortedList.Clear();
623 mListDirty = true;
624 }
625
626 void InternalHeaders::ReuseExistingNameIfExists(nsCString& aName) const {
627 for (const Entry& entry : mList) {
628 if (entry.mName.EqualsIgnoreCase(aName.get())) {
629 aName = entry.mName;
630 break;
631 }
632 }
633 }
634
635 } // namespace mozilla::dom