search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1700051: part 26) Correct typo in comment of `mozInlineSpellWordUtil::BuildSoftTe...
[gecko.git] / dom / fetch / InternalHeaders.cpp
blob37a5e0fadcaaae418bc72ab46ae98c6129642a57
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "mozilla/dom/InternalHeaders.h"
8
9 #include "mozilla/dom/FetchTypes.h"
10 #include "mozilla/ErrorResult.h"
11
12 #include "nsCharSeparatedTokenizer.h"
13 #include "nsContentUtils.h"
14 #include "nsIHttpChannel.h"
15 #include "nsIHttpHeaderVisitor.h"
16 #include "nsNetUtil.h"
17 #include "nsReadableUtils.h"
18
19 namespace mozilla::dom {
20
21 InternalHeaders::InternalHeaders(nsTArray<Entry>&& aHeaders,
22 HeadersGuardEnum aGuard)
23 : mGuard(aGuard), mList(std::move(aHeaders)), mListDirty(true) {}
24
25 InternalHeaders::InternalHeaders(
26 const nsTArray<HeadersEntry>& aHeadersEntryList, HeadersGuardEnum aGuard)
27 : mGuard(aGuard), mListDirty(true) {
28 for (const HeadersEntry& headersEntry : aHeadersEntryList) {
29 mList.AppendElement(Entry(headersEntry.name(), headersEntry.value()));
30 }
31 }
32
33 void InternalHeaders::ToIPC(nsTArray<HeadersEntry>& aIPCHeaders,
34 HeadersGuardEnum& aGuard) {
35 aGuard = mGuard;
36
37 aIPCHeaders.Clear();
38 for (Entry& entry : mList) {
39 aIPCHeaders.AppendElement(HeadersEntry(entry.mName, entry.mValue));
40 }
41 }
42
43 bool InternalHeaders::IsValidHeaderValue(const nsCString& aLowerName,
44 const nsCString& aNormalizedValue,
45 ErrorResult& aRv) {
46 // Steps 2 to 6 for ::Set() and ::Append() in the spec.
47
48 // Step 2
49 if (IsInvalidName(aLowerName, aRv) || IsInvalidValue(aNormalizedValue, aRv)) {
50 return false;
51 }
52
53 // Step 3
54 if (IsImmutable(aRv)) {
55 return false;
56 }
57
58 // Step 4
59 if (mGuard == HeadersGuardEnum::Request &&
60 IsForbiddenRequestHeader(aLowerName)) {
61 return false;
62 }
63
64 // Step 5
65 if (mGuard == HeadersGuardEnum::Request_no_cors) {
66 nsAutoCString tempValue;
67 Get(aLowerName, tempValue, aRv);
68
69 if (tempValue.IsVoid()) {
70 tempValue = aNormalizedValue;
71 } else {
72 tempValue.Append(", ");
73 tempValue.Append(aNormalizedValue);
74 }
75
76 if (!nsContentUtils::IsCORSSafelistedRequestHeader(aLowerName, tempValue)) {
77 return false;
78 }
79 }
80
81 // Step 6
82 else if (IsForbiddenResponseHeader(aLowerName)) {
83 return false;
84 }
85
86 return true;
87 }
88
89 void InternalHeaders::Append(const nsACString& aName, const nsACString& aValue,
90 ErrorResult& aRv) {
91 // Step 1
92 nsAutoCString trimValue;
93 NS_TrimHTTPWhitespace(aValue, trimValue);
94
95 // Steps 2 to 6
96 nsAutoCString lowerName;
97 ToLowerCase(aName, lowerName);
98 if (!IsValidHeaderValue(lowerName, trimValue, aRv)) {
99 return;
100 }
101
102 // Step 7
103 nsAutoCString name(aName);
104 ReuseExistingNameIfExists(name);
105 SetListDirty();
106 mList.AppendElement(Entry(name, trimValue));
107
108 // Step 8
109 if (mGuard == HeadersGuardEnum::Request_no_cors) {
110 RemovePrivilegedNoCorsRequestHeaders();
111 }
112 }
113
114 void InternalHeaders::RemovePrivilegedNoCorsRequestHeaders() {
115 bool dirty = false;
116
117 // remove in reverse order to minimize copying
118 for (int32_t i = mList.Length() - 1; i >= 0; --i) {
119 if (IsPrivilegedNoCorsRequestHeaderName(mList[i].mName)) {
120 mList.RemoveElementAt(i);
121 dirty = true;
122 }
123 }
124
125 if (dirty) {
126 SetListDirty();
127 }
128 }
129
130 bool InternalHeaders::DeleteInternal(const nsCString& aLowerName,
131 ErrorResult& aRv) {
132 bool dirty = false;
133
134 // remove in reverse order to minimize copying
135 for (int32_t i = mList.Length() - 1; i >= 0; --i) {
136 if (mList[i].mName.EqualsIgnoreCase(aLowerName.get())) {
137 mList.RemoveElementAt(i);
138 dirty = true;
139 }
140 }
141
142 if (dirty) {
143 SetListDirty();
144 }
145
146 return dirty;
147 }
148
149 void InternalHeaders::Delete(const nsACString& aName, ErrorResult& aRv) {
150 nsAutoCString lowerName;
151 ToLowerCase(aName, lowerName);
152
153 // Step 1
154 if (IsInvalidName(lowerName, aRv)) {
155 return;
156 }
157
158 // Step 2
159 if (IsImmutable(aRv)) {
160 return;
161 }
162
163 // Step 3
164 if (IsForbiddenRequestHeader(lowerName)) {
165 return;
166 }
167
168 // Step 4
169 if (mGuard == HeadersGuardEnum::Request_no_cors &&
170 !IsNoCorsSafelistedRequestHeaderName(lowerName) &&
171 !IsPrivilegedNoCorsRequestHeaderName(lowerName)) {
172 return;
173 }
174
175 // Step 5
176 if (IsForbiddenResponseHeader(lowerName)) {
177 return;
178 }
179
180 // Steps 6 and 7
181 if (!DeleteInternal(lowerName, aRv)) {
182 return;
183 }
184
185 // Step 8
186 if (mGuard == HeadersGuardEnum::Request_no_cors) {
187 RemovePrivilegedNoCorsRequestHeaders();
188 }
189 }
190
191 void InternalHeaders::Get(const nsACString& aName, nsACString& aValue,
192 ErrorResult& aRv) const {
193 nsAutoCString lowerName;
194 ToLowerCase(aName, lowerName);
195
196 if (IsInvalidName(lowerName, aRv)) {
197 return;
198 }
199
200 GetInternal(lowerName, aValue, aRv);
201 }
202
203 void InternalHeaders::GetInternal(const nsCString& aLowerName,
204 nsACString& aValue, ErrorResult& aRv) const {
205 const char* delimiter = ", ";
206 bool firstValueFound = false;
207
208 for (uint32_t i = 0; i < mList.Length(); ++i) {
209 if (mList[i].mName.EqualsIgnoreCase(aLowerName.get())) {
210 if (firstValueFound) {
211 aValue += delimiter;
212 }
213 aValue += mList[i].mValue;
214 firstValueFound = true;
215 }
216 }
217
218 // No value found, so return null to content
219 if (!firstValueFound) {
220 aValue.SetIsVoid(true);
221 }
222 }
223
224 void InternalHeaders::GetFirst(const nsACString& aName, nsACString& aValue,
225 ErrorResult& aRv) const {
226 nsAutoCString lowerName;
227 ToLowerCase(aName, lowerName);
228
229 if (IsInvalidName(lowerName, aRv)) {
230 return;
231 }
232
233 for (uint32_t i = 0; i < mList.Length(); ++i) {
234 if (mList[i].mName.EqualsIgnoreCase(lowerName.get())) {
235 aValue = mList[i].mValue;
236 return;
237 }
238 }
239
240 // No value found, so return null to content
241 aValue.SetIsVoid(true);
242 }
243
244 bool InternalHeaders::Has(const nsACString& aName, ErrorResult& aRv) const {
245 nsAutoCString lowerName;
246 ToLowerCase(aName, lowerName);
247
248 if (IsInvalidName(lowerName, aRv)) {
249 return false;
250 }
251
252 for (uint32_t i = 0; i < mList.Length(); ++i) {
253 if (mList[i].mName.EqualsIgnoreCase(lowerName.get())) {
254 return true;
255 }
256 }
257 return false;
258 }
259
260 void InternalHeaders::Set(const nsACString& aName, const nsACString& aValue,
261 ErrorResult& aRv) {
262 // Step 1
263 nsAutoCString trimValue;
264 NS_TrimHTTPWhitespace(aValue, trimValue);
265
266 // Steps 2 to 6
267 nsAutoCString lowerName;
268 ToLowerCase(aName, lowerName);
269 if (!IsValidHeaderValue(lowerName, trimValue, aRv)) {
270 return;
271 }
272
273 // Step 7
274 SetListDirty();
275
276 int32_t firstIndex = INT32_MAX;
277
278 // remove in reverse order to minimize copying
279 for (int32_t i = mList.Length() - 1; i >= 0; --i) {
280 if (mList[i].mName.EqualsIgnoreCase(lowerName.get())) {
281 firstIndex = std::min(firstIndex, i);
282 mList.RemoveElementAt(i);
283 }
284 }
285
286 if (firstIndex < INT32_MAX) {
287 Entry* entry = mList.InsertElementAt(firstIndex);
288 entry->mName = aName;
289 entry->mValue = trimValue;
290 } else {
291 mList.AppendElement(Entry(aName, trimValue));
292 }
293
294 // Step 8
295 if (mGuard == HeadersGuardEnum::Request_no_cors) {
296 RemovePrivilegedNoCorsRequestHeaders();
297 }
298 }
299
300 void InternalHeaders::Clear() {
301 SetListDirty();
302 mList.Clear();
303 }
304
305 void InternalHeaders::SetGuard(HeadersGuardEnum aGuard, ErrorResult& aRv) {
306 // The guard is only checked during ::Set() and ::Append() in the spec. It
307 // does not require revalidating headers already set.
308 mGuard = aGuard;
309 }
310
311 InternalHeaders::~InternalHeaders() = default;
312
313 // static
314 bool InternalHeaders::IsNoCorsSafelistedRequestHeaderName(
315 const nsCString& aName) {
316 return aName.EqualsIgnoreCase("accept") ||
317 aName.EqualsIgnoreCase("accept-language") ||
318 aName.EqualsIgnoreCase("content-language") ||
319 aName.EqualsIgnoreCase("content-type");
320 }
321
322 // static
323 bool InternalHeaders::IsPrivilegedNoCorsRequestHeaderName(
324 const nsCString& aName) {
325 return aName.EqualsIgnoreCase("range");
326 }
327
328 // static
329 bool InternalHeaders::IsSimpleHeader(const nsCString& aName,
330 const nsACString& aValue) {
331 if (aValue.Length() > 128) {
332 return false;
333 }
334 // Note, we must allow a null content-type value here to support
335 // get("content-type"), but the IsInvalidValue() check will prevent null
336 // from being set or appended.
337 return (aName.EqualsIgnoreCase("accept") &&
338 nsContentUtils::IsAllowedNonCorsAccept(aValue)) ||
339 (aName.EqualsIgnoreCase("accept-language") &&
340 nsContentUtils::IsAllowedNonCorsLanguage(aValue)) ||
341 (aName.EqualsIgnoreCase("content-language") &&
342 nsContentUtils::IsAllowedNonCorsLanguage(aValue)) ||
343 (aName.EqualsIgnoreCase("content-type") &&
344 nsContentUtils::IsAllowedNonCorsContentType(aValue));
345 }
346
347 // static
348 bool InternalHeaders::IsRevalidationHeader(const nsCString& aName) {
349 return aName.EqualsIgnoreCase("if-modified-since") ||
350 aName.EqualsIgnoreCase("if-none-match") ||
351 aName.EqualsIgnoreCase("if-unmodified-since") ||
352 aName.EqualsIgnoreCase("if-match") ||
353 aName.EqualsIgnoreCase("if-range");
354 }
355
356 // static
357 bool InternalHeaders::IsInvalidName(const nsACString& aName, ErrorResult& aRv) {
358 if (!NS_IsValidHTTPToken(aName)) {
359 aRv.ThrowTypeError<MSG_INVALID_HEADER_NAME>(aName);
360 return true;
361 }
362
363 return false;
364 }
365
366 // static
367 bool InternalHeaders::IsInvalidValue(const nsACString& aValue,
368 ErrorResult& aRv) {
369 if (!NS_IsReasonableHTTPHeaderValue(aValue)) {
370 aRv.ThrowTypeError<MSG_INVALID_HEADER_VALUE>(aValue);
371 return true;
372 }
373 return false;
374 }
375
376 bool InternalHeaders::IsImmutable(ErrorResult& aRv) const {
377 if (mGuard == HeadersGuardEnum::Immutable) {
378 aRv.ThrowTypeError("Headers are immutable and cannot be modified.");
379 return true;
380 }
381 return false;
382 }
383
384 bool InternalHeaders::IsForbiddenRequestHeader(const nsCString& aName) const {
385 return mGuard == HeadersGuardEnum::Request &&
386 nsContentUtils::IsForbiddenRequestHeader(aName);
387 }
388
389 bool InternalHeaders::IsForbiddenRequestNoCorsHeader(
390 const nsCString& aName) const {
391 return mGuard == HeadersGuardEnum::Request_no_cors &&
392 !IsSimpleHeader(aName, ""_ns);
393 }
394
395 bool InternalHeaders::IsForbiddenRequestNoCorsHeader(
396 const nsCString& aName, const nsACString& aValue) const {
397 return mGuard == HeadersGuardEnum::Request_no_cors &&
398 !IsSimpleHeader(aName, aValue);
399 }
400
401 bool InternalHeaders::IsForbiddenResponseHeader(const nsCString& aName) const {
402 return mGuard == HeadersGuardEnum::Response &&
403 nsContentUtils::IsForbiddenResponseHeader(aName);
404 }
405
406 void InternalHeaders::Fill(const InternalHeaders& aInit, ErrorResult& aRv) {
407 const nsTArray<Entry>& list = aInit.mList;
408 for (uint32_t i = 0; i < list.Length() && !aRv.Failed(); ++i) {
409 const Entry& entry = list[i];
410 Append(entry.mName, entry.mValue, aRv);
411 }
412 }
413
414 void InternalHeaders::Fill(const Sequence<Sequence<nsCString>>& aInit,
415 ErrorResult& aRv) {
416 for (uint32_t i = 0; i < aInit.Length() && !aRv.Failed(); ++i) {
417 const Sequence<nsCString>& tuple = aInit[i];
418 if (tuple.Length() != 2) {
419 aRv.ThrowTypeError(
420 "Headers require name/value tuples when being initialized by a "
421 "sequence.");
422 return;
423 }
424 Append(tuple[0], tuple[1], aRv);
425 }
426 }
427
428 void InternalHeaders::Fill(const Record<nsCString, nsCString>& aInit,
429 ErrorResult& aRv) {
430 for (auto& entry : aInit.Entries()) {
431 Append(entry.mKey, entry.mValue, aRv);
432 if (aRv.Failed()) {
433 return;
434 }
435 }
436 }
437
438 namespace {
439
440 class FillHeaders final : public nsIHttpHeaderVisitor {
441 RefPtr<InternalHeaders> mInternalHeaders;
442
443 ~FillHeaders() = default;
444
445 public:
446 NS_DECL_ISUPPORTS
447
448 explicit FillHeaders(InternalHeaders* aInternalHeaders)
449 : mInternalHeaders(aInternalHeaders) {
450 MOZ_DIAGNOSTIC_ASSERT(mInternalHeaders);
451 }
452
453 NS_IMETHOD
454 VisitHeader(const nsACString& aHeader, const nsACString& aValue) override {
455 mInternalHeaders->Append(aHeader, aValue, IgnoreErrors());
456 return NS_OK;
457 }
458 };
459
460 NS_IMPL_ISUPPORTS(FillHeaders, nsIHttpHeaderVisitor)
461
462 } // namespace
463
464 void InternalHeaders::FillResponseHeaders(nsIRequest* aRequest) {
465 nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aRequest);
466 if (!httpChannel) {
467 return;
468 }
469
470 RefPtr<FillHeaders> visitor = new FillHeaders(this);
471 nsresult rv = httpChannel->VisitResponseHeaders(visitor);
472 if (NS_FAILED(rv)) {
473 NS_WARNING("failed to fill headers");
474 }
475 }
476
477 bool InternalHeaders::HasOnlySimpleHeaders() const {
478 for (uint32_t i = 0; i < mList.Length(); ++i) {
479 if (!IsSimpleHeader(mList[i].mName, mList[i].mValue)) {
480 return false;
481 }
482 }
483
484 return true;
485 }
486
487 bool InternalHeaders::HasRevalidationHeaders() const {
488 for (uint32_t i = 0; i < mList.Length(); ++i) {
489 if (IsRevalidationHeader(mList[i].mName)) {
490 return true;
491 }
492 }
493
494 return false;
495 }
496
497 // static
498 already_AddRefed<InternalHeaders> InternalHeaders::BasicHeaders(
499 InternalHeaders* aHeaders) {
500 RefPtr<InternalHeaders> basic = new InternalHeaders(*aHeaders);
501 ErrorResult result;
502 // The Set-Cookie headers cannot be invalid mutable headers, so the Delete
503 // must succeed.
504 basic->Delete("Set-Cookie"_ns, result);
505 MOZ_ASSERT(!result.Failed());
506 basic->Delete("Set-Cookie2"_ns, result);
507 MOZ_ASSERT(!result.Failed());
508 return basic.forget();
509 }
510
511 // static
512 already_AddRefed<InternalHeaders> InternalHeaders::CORSHeaders(
513 InternalHeaders* aHeaders, RequestCredentials aCredentialsMode) {
514 RefPtr<InternalHeaders> cors = new InternalHeaders(aHeaders->mGuard);
515 ErrorResult result;
516
517 nsAutoCString acExposedNames;
518 aHeaders->Get("Access-Control-Expose-Headers"_ns, acExposedNames, result);
519 MOZ_ASSERT(!result.Failed());
520
521 bool allowAllHeaders = false;
522 AutoTArray<nsCString, 5> exposeNamesArray;
523 for (const nsACString& token :
524 nsCCharSeparatedTokenizer(acExposedNames, ',').ToRange()) {
525 if (token.IsEmpty()) {
526 continue;
527 }
528
529 if (!NS_IsValidHTTPToken(token)) {
530 NS_WARNING(
531 "Got invalid HTTP token in Access-Control-Expose-Headers. Header "
532 "value is:");
533 NS_WARNING(acExposedNames.get());
534 exposeNamesArray.Clear();
535 break;
536 }
537
538 if (token.EqualsLiteral("*") &&
539 aCredentialsMode != RequestCredentials::Include) {
540 allowAllHeaders = true;
541 }
542
543 exposeNamesArray.AppendElement(token);
544 }
545
546 nsCaseInsensitiveCStringArrayComparator comp;
547 for (uint32_t i = 0; i < aHeaders->mList.Length(); ++i) {
548 const Entry& entry = aHeaders->mList[i];
549 if (allowAllHeaders) {
550 cors->Append(entry.mName, entry.mValue, result);
551 MOZ_ASSERT(!result.Failed());
552 } else if (entry.mName.EqualsIgnoreCase("cache-control") ||
553 entry.mName.EqualsIgnoreCase("content-language") ||
554 entry.mName.EqualsIgnoreCase("content-type") ||
555 entry.mName.EqualsIgnoreCase("content-length") ||
556 entry.mName.EqualsIgnoreCase("expires") ||
557 entry.mName.EqualsIgnoreCase("last-modified") ||
558 entry.mName.EqualsIgnoreCase("pragma") ||
559 exposeNamesArray.Contains(entry.mName, comp)) {
560 cors->Append(entry.mName, entry.mValue, result);
561 MOZ_ASSERT(!result.Failed());
562 }
563 }
564
565 return cors.forget();
566 }
567
568 void InternalHeaders::GetEntries(
569 nsTArray<InternalHeaders::Entry>& aEntries) const {
570 MOZ_ASSERT(aEntries.IsEmpty());
571 aEntries.AppendElements(mList);
572 }
573
574 void InternalHeaders::GetUnsafeHeaders(nsTArray<nsCString>& aNames) const {
575 MOZ_ASSERT(aNames.IsEmpty());
576 for (uint32_t i = 0; i < mList.Length(); ++i) {
577 const Entry& header = mList[i];
578 if (!InternalHeaders::IsSimpleHeader(header.mName, header.mValue)) {
579 aNames.AppendElement(header.mName);
580 }
581 }
582 }
583
584 void InternalHeaders::MaybeSortList() {
585 class Comparator {
586 public:
587 bool Equals(const Entry& aA, const Entry& aB) const {
588 return aA.mName == aB.mName;
589 }
590
591 bool LessThan(const Entry& aA, const Entry& aB) const {
592 return aA.mName < aB.mName;
593 }
594 };
595
596 if (!mListDirty) {
597 return;
598 }
599
600 mListDirty = false;
601
602 Comparator comparator;
603
604 mSortedList.Clear();
605 for (const Entry& entry : mList) {
606 bool found = false;
607 for (Entry& sortedEntry : mSortedList) {
608 if (sortedEntry.mName.EqualsIgnoreCase(entry.mName.get())) {
609 sortedEntry.mValue += ", ";
610 sortedEntry.mValue += entry.mValue;
611 found = true;
612 break;
613 }
614 }
615
616 if (!found) {
617 Entry newEntry = entry;
618 ToLowerCase(newEntry.mName);
619 mSortedList.InsertElementSorted(newEntry, comparator);
620 }
621 }
622 }
623
624 void InternalHeaders::SetListDirty() {
625 mSortedList.Clear();
626 mListDirty = true;
627 }
628
629 void InternalHeaders::ReuseExistingNameIfExists(nsCString& aName) const {
630 for (const Entry& entry : mList) {
631 if (entry.mName.EqualsIgnoreCase(aName.get())) {
632 aName = entry.mName;
633 break;
634 }
635 }
636 }
637
638 } // namespace mozilla::dom