summaryrefslogtreecommitdiffstats
path: root/netwerk/protocol/http/nsHttp.cpp
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--netwerk/protocol/http/nsHttp.cpp1160
1 files changed, 1160 insertions, 0 deletions
diff --git a/netwerk/protocol/http/nsHttp.cpp b/netwerk/protocol/http/nsHttp.cpp
new file mode 100644
index 0000000000..768ad91729
--- /dev/null
+++ b/netwerk/protocol/http/nsHttp.cpp
@@ -0,0 +1,1160 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set ts=4 sw=2 sts=2 et cin: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// HttpLog.h should generally be included first
+#include "HttpLog.h"
+
+#include "nsHttp.h"
+#include "CacheControlParser.h"
+#include "PLDHashTable.h"
+#include "mozilla/DataMutex.h"
+#include "mozilla/HashFunctions.h"
+#include "mozilla/OriginAttributes.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/StaticPrefs_network.h"
+#include "nsCRT.h"
+#include "nsContentUtils.h"
+#include "nsHttpRequestHead.h"
+#include "nsHttpResponseHead.h"
+#include "nsHttpHandler.h"
+#include "nsICacheEntry.h"
+#include "nsIRequest.h"
+#include "nsIStandardURL.h"
+#include "nsJSUtils.h"
+#include "nsStandardURL.h"
+#include "sslerr.h"
+#include <errno.h>
+#include <functional>
+#include "nsLiteralString.h"
+#include <string.h>
+
+namespace mozilla {
+namespace net {
+
+const uint32_t kHttp3VersionCount = 5;
+const nsCString kHttp3Versions[] = {"h3-29"_ns, "h3-30"_ns, "h3-31"_ns,
+ "h3-32"_ns, "h3"_ns};
+
+// https://datatracker.ietf.org/doc/html/draft-ietf-webtrans-http3/#section-4.3
+constexpr uint64_t kWebTransportErrorCodeStart = 0x52e4a40fa8db;
+constexpr uint64_t kWebTransportErrorCodeEnd = 0x52e4a40fa9e2;
+
+// find out how many atoms we have
+#define HTTP_ATOM(_name, _value) Unused_##_name,
+enum {
+#include "nsHttpAtomList.h"
+ NUM_HTTP_ATOMS
+};
+#undef HTTP_ATOM
+
+static StaticDataMutex<nsTHashtable<nsCStringASCIICaseInsensitiveHashKey>>
+ sAtomTable("nsHttp::sAtomTable");
+
+// This is set to true in DestroyAtomTable so we don't try to repopulate the
+// table if ResolveAtom gets called during shutdown for some reason.
+static Atomic<bool> sTableDestroyed{false};
+
+// We put the atoms in a hash table for speedy lookup.. see ResolveAtom.
+namespace nsHttp {
+
+nsresult CreateAtomTable(
+ nsTHashtable<nsCStringASCIICaseInsensitiveHashKey>& base) {
+ if (sTableDestroyed) {
+ return NS_ERROR_ILLEGAL_DURING_SHUTDOWN;
+ }
+ // fill the table with our known atoms
+ const nsHttpAtomLiteral* atoms[] = {
+#define HTTP_ATOM(_name, _value) &(_name),
+#include "nsHttpAtomList.h"
+#undef HTTP_ATOM
+ };
+
+ if (!base.IsEmpty()) {
+ return NS_OK;
+ }
+ for (const auto* atom : atoms) {
+ Unused << base.PutEntry(atom->val(), fallible);
+ }
+
+ LOG(("Added static atoms to atomTable"));
+ return NS_OK;
+}
+
+nsresult CreateAtomTable() {
+ LOG(("CreateAtomTable"));
+ auto atomTable = sAtomTable.Lock();
+ return CreateAtomTable(atomTable.ref());
+}
+
+void DestroyAtomTable() {
+ LOG(("DestroyAtomTable"));
+ sTableDestroyed = true;
+ auto atomTable = sAtomTable.Lock();
+ atomTable.ref().Clear();
+}
+
+// this function may be called from multiple threads
+nsHttpAtom ResolveAtom(const nsACString& str) {
+ if (str.IsEmpty()) {
+ return {};
+ }
+
+ auto atomTable = sAtomTable.Lock();
+
+ if (atomTable.ref().IsEmpty()) {
+ if (sTableDestroyed) {
+ NS_WARNING("ResolveAtom called during shutdown");
+ return {};
+ }
+
+ NS_WARNING("ResolveAtom called before CreateAtomTable");
+ if (NS_FAILED(CreateAtomTable(atomTable.ref()))) {
+ return {};
+ }
+ }
+
+ // Check if we already have an entry in the table
+ auto* entry = atomTable.ref().GetEntry(str);
+ if (entry) {
+ return nsHttpAtom(entry->GetKey());
+ }
+
+ LOG(("Putting %s header into atom table", nsPromiseFlatCString(str).get()));
+ // Put the string in the table. If it works create the atom.
+ entry = atomTable.ref().PutEntry(str, fallible);
+ if (entry) {
+ return nsHttpAtom(entry->GetKey());
+ }
+ return {};
+}
+
+//
+// From section 2.2 of RFC 2616, a token is defined as:
+//
+// token = 1*<any CHAR except CTLs or separators>
+// CHAR = <any US-ASCII character (octets 0 - 127)>
+// separators = "(" | ")" | "<" | ">" | "@"
+// | "," | ";" | ":" | "\" | <">
+// | "/" | "[" | "]" | "?" | "="
+// | "{" | "}" | SP | HT
+// CTL = <any US-ASCII control character
+// (octets 0 - 31) and DEL (127)>
+// SP = <US-ASCII SP, space (32)>
+// HT = <US-ASCII HT, horizontal-tab (9)>
+//
+static const char kValidTokenMap[128] = {
+ 0, 0, 0, 0, 0, 0, 0, 0, // 0
+ 0, 0, 0, 0, 0, 0, 0, 0, // 8
+ 0, 0, 0, 0, 0, 0, 0, 0, // 16
+ 0, 0, 0, 0, 0, 0, 0, 0, // 24
+
+ 0, 1, 0, 1, 1, 1, 1, 1, // 32
+ 0, 0, 1, 1, 0, 1, 1, 0, // 40
+ 1, 1, 1, 1, 1, 1, 1, 1, // 48
+ 1, 1, 0, 0, 0, 0, 0, 0, // 56
+
+ 0, 1, 1, 1, 1, 1, 1, 1, // 64
+ 1, 1, 1, 1, 1, 1, 1, 1, // 72
+ 1, 1, 1, 1, 1, 1, 1, 1, // 80
+ 1, 1, 1, 0, 0, 0, 1, 1, // 88
+
+ 1, 1, 1, 1, 1, 1, 1, 1, // 96
+ 1, 1, 1, 1, 1, 1, 1, 1, // 104
+ 1, 1, 1, 1, 1, 1, 1, 1, // 112
+ 1, 1, 1, 0, 1, 0, 1, 0 // 120
+};
+bool IsValidToken(const char* start, const char* end) {
+ if (start == end) return false;
+
+ for (; start != end; ++start) {
+ const unsigned char idx = *start;
+ if (idx > 127 || !kValidTokenMap[idx]) return false;
+ }
+
+ return true;
+}
+
+const char* GetProtocolVersion(HttpVersion pv) {
+ switch (pv) {
+ case HttpVersion::v3_0:
+ return "h3";
+ case HttpVersion::v2_0:
+ return "h2";
+ case HttpVersion::v1_0:
+ return "http/1.0";
+ case HttpVersion::v1_1:
+ return "http/1.1";
+ default:
+ NS_WARNING(nsPrintfCString("Unkown protocol version: 0x%X. "
+ "Please file a bug",
+ static_cast<uint32_t>(pv))
+ .get());
+ return "http/1.1";
+ }
+}
+
+// static
+void TrimHTTPWhitespace(const nsACString& aSource, nsACString& aDest) {
+ nsAutoCString str(aSource);
+
+ // HTTP whitespace 0x09: '\t', 0x0A: '\n', 0x0D: '\r', 0x20: ' '
+ static const char kHTTPWhitespace[] = "\t\n\r ";
+ str.Trim(kHTTPWhitespace);
+ aDest.Assign(str);
+}
+
+// static
+bool IsReasonableHeaderValue(const nsACString& s) {
+ // Header values MUST NOT contain line-breaks. RFC 2616 technically
+ // permits CTL characters, including CR and LF, in header values provided
+ // they are quoted. However, this can lead to problems if servers do not
+ // interpret quoted strings properly. Disallowing CR and LF here seems
+ // reasonable and keeps things simple. We also disallow a null byte.
+ const nsACString::char_type* end = s.EndReading();
+ for (const nsACString::char_type* i = s.BeginReading(); i != end; ++i) {
+ if (*i == '\r' || *i == '\n' || *i == '\0') {
+ return false;
+ }
+ }
+ return true;
+}
+
+const char* FindToken(const char* input, const char* token, const char* seps) {
+ if (!input) return nullptr;
+
+ int inputLen = strlen(input);
+ int tokenLen = strlen(token);
+
+ if (inputLen < tokenLen) return nullptr;
+
+ const char* inputTop = input;
+ const char* inputEnd = input + inputLen - tokenLen;
+ for (; input <= inputEnd; ++input) {
+ if (nsCRT::strncasecmp(input, token, tokenLen) == 0) {
+ if (input > inputTop && !strchr(seps, *(input - 1))) continue;
+ if (input < inputEnd && !strchr(seps, *(input + tokenLen))) continue;
+ return input;
+ }
+ }
+
+ return nullptr;
+}
+
+bool ParseInt64(const char* input, const char** next, int64_t* r) {
+ MOZ_ASSERT(input);
+ MOZ_ASSERT(r);
+
+ char* end = nullptr;
+ errno = 0; // Clear errno to make sure its value is set by strtoll
+ int64_t value = strtoll(input, &end, /* base */ 10);
+
+ // Fail if: - the parsed number overflows.
+ // - the end points to the start of the input string.
+ // - we parsed a negative value. Consumers don't expect that.
+ if (errno != 0 || end == input || value < 0) {
+ LOG(("nsHttp::ParseInt64 value=%" PRId64 " errno=%d", value, errno));
+ return false;
+ }
+
+ if (next) {
+ *next = end;
+ }
+ *r = value;
+ return true;
+}
+
+bool IsPermanentRedirect(uint32_t httpStatus) {
+ return httpStatus == 301 || httpStatus == 308;
+}
+
+bool ValidationRequired(bool isForcedValid,
+ nsHttpResponseHead* cachedResponseHead,
+ uint32_t loadFlags, bool allowStaleCacheContent,
+ bool forceValidateCacheContent, bool isImmutable,
+ bool customConditionalRequest,
+ nsHttpRequestHead& requestHead, nsICacheEntry* entry,
+ CacheControlParser& cacheControlRequest,
+ bool fromPreviousSession,
+ bool* performBackgroundRevalidation) {
+ if (performBackgroundRevalidation) {
+ *performBackgroundRevalidation = false;
+ }
+
+ // Check isForcedValid to see if it is possible to skip validation.
+ // Don't skip validation if we have serious reason to believe that this
+ // content is invalid (it's expired).
+ // See netwerk/cache2/nsICacheEntry.idl for details
+ if (isForcedValid && (!cachedResponseHead->ExpiresInPast() ||
+ !cachedResponseHead->MustValidateIfExpired())) {
+ LOG(("NOT validating based on isForcedValid being true.\n"));
+ return false;
+ }
+
+ // If the LOAD_FROM_CACHE flag is set, any cached data can simply be used
+ if (loadFlags & nsIRequest::LOAD_FROM_CACHE || allowStaleCacheContent) {
+ LOG(("NOT validating based on LOAD_FROM_CACHE load flag\n"));
+ return false;
+ }
+
+ // If the VALIDATE_ALWAYS flag is set, any cached data won't be used until
+ // it's revalidated with the server.
+ if (((loadFlags & nsIRequest::VALIDATE_ALWAYS) ||
+ forceValidateCacheContent) &&
+ !isImmutable) {
+ LOG(("Validating based on VALIDATE_ALWAYS load flag\n"));
+ return true;
+ }
+
+ // Even if the VALIDATE_NEVER flag is set, there are still some cases in
+ // which we must validate the cached response with the server.
+ if (loadFlags & nsIRequest::VALIDATE_NEVER) {
+ LOG(("VALIDATE_NEVER set\n"));
+ // if no-store validate cached response (see bug 112564)
+ if (cachedResponseHead->NoStore()) {
+ LOG(("Validating based on no-store logic\n"));
+ return true;
+ }
+ LOG(("NOT validating based on VALIDATE_NEVER load flag\n"));
+ return false;
+ }
+
+ // check if validation is strictly required...
+ if (cachedResponseHead->MustValidate()) {
+ LOG(("Validating based on MustValidate() returning TRUE\n"));
+ return true;
+ }
+
+ // possibly serve from cache for a custom If-Match/If-Unmodified-Since
+ // conditional request
+ if (customConditionalRequest && !requestHead.HasHeader(nsHttp::If_Match) &&
+ !requestHead.HasHeader(nsHttp::If_Unmodified_Since)) {
+ LOG(("Validating based on a custom conditional request\n"));
+ return true;
+ }
+
+ // previously we also checked for a query-url w/out expiration
+ // and didn't do heuristic on it. but defacto that is allowed now.
+ //
+ // Check if the cache entry has expired...
+
+ bool doValidation = true;
+ uint32_t now = NowInSeconds();
+
+ uint32_t age = 0;
+ nsresult rv = cachedResponseHead->ComputeCurrentAge(now, now, &age);
+ if (NS_FAILED(rv)) {
+ return true;
+ }
+
+ uint32_t freshness = 0;
+ rv = cachedResponseHead->ComputeFreshnessLifetime(&freshness);
+ if (NS_FAILED(rv)) {
+ return true;
+ }
+
+ uint32_t expiration = 0;
+ rv = entry->GetExpirationTime(&expiration);
+ if (NS_FAILED(rv)) {
+ return true;
+ }
+
+ uint32_t maxAgeRequest, maxStaleRequest, minFreshRequest;
+
+ LOG((" NowInSeconds()=%u, expiration time=%u, freshness lifetime=%u, age=%u",
+ now, expiration, freshness, age));
+
+ if (cacheControlRequest.NoCache()) {
+ LOG((" validating, no-cache request"));
+ doValidation = true;
+ } else if (cacheControlRequest.MaxStale(&maxStaleRequest)) {
+ uint32_t staleTime = age > freshness ? age - freshness : 0;
+ doValidation = staleTime > maxStaleRequest;
+ LOG((" validating=%d, max-stale=%u requested", doValidation,
+ maxStaleRequest));
+ } else if (cacheControlRequest.MaxAge(&maxAgeRequest)) {
+ // The input information for age and freshness calculation are in seconds.
+ // Hence, the internal logic can't have better resolution than seconds too.
+ // To make max-age=0 case work even for requests made in less than a second
+ // after the last response has been received, we use >= for compare. This
+ // is correct because of the rounding down of the age calculated value.
+ doValidation = age >= maxAgeRequest;
+ LOG((" validating=%d, max-age=%u requested", doValidation, maxAgeRequest));
+ } else if (cacheControlRequest.MinFresh(&minFreshRequest)) {
+ uint32_t freshTime = freshness > age ? freshness - age : 0;
+ doValidation = freshTime < minFreshRequest;
+ LOG((" validating=%d, min-fresh=%u requested", doValidation,
+ minFreshRequest));
+ } else if (now < expiration) {
+ doValidation = false;
+ LOG((" not validating, expire time not in the past"));
+ } else if (cachedResponseHead->MustValidateIfExpired()) {
+ doValidation = true;
+ } else if (cachedResponseHead->StaleWhileRevalidate(now, expiration) &&
+ StaticPrefs::network_http_stale_while_revalidate_enabled()) {
+ LOG((" not validating, in the stall-while-revalidate window"));
+ doValidation = false;
+ if (performBackgroundRevalidation) {
+ *performBackgroundRevalidation = true;
+ }
+ } else if (loadFlags & nsIRequest::VALIDATE_ONCE_PER_SESSION) {
+ // If the cached response does not include expiration infor-
+ // mation, then we must validate the response, despite whether
+ // or not this is the first access this session. This behavior
+ // is consistent with existing browsers and is generally expected
+ // by web authors.
+ if (freshness == 0) {
+ doValidation = true;
+ } else {
+ doValidation = fromPreviousSession;
+ }
+ } else {
+ doValidation = true;
+ }
+
+ LOG(("%salidating based on expiration time\n", doValidation ? "V" : "Not v"));
+ return doValidation;
+}
+
+nsresult GetHttpResponseHeadFromCacheEntry(
+ nsICacheEntry* entry, nsHttpResponseHead* cachedResponseHead) {
+ nsCString buf;
+ // A "original-response-headers" metadata element holds network original
+ // headers, i.e. the headers in the form as they arrieved from the network. We
+ // need to get the network original headers first, because we need to keep
+ // them in order.
+ nsresult rv = entry->GetMetaDataElement("original-response-headers",
+ getter_Copies(buf));
+ if (NS_SUCCEEDED(rv)) {
+ rv = cachedResponseHead->ParseCachedOriginalHeaders((char*)buf.get());
+ if (NS_FAILED(rv)) {
+ LOG((" failed to parse original-response-headers\n"));
+ }
+ }
+
+ buf.Adopt(nullptr);
+ // A "response-head" metadata element holds response head, e.g. response
+ // status line and headers in the form Firefox uses them internally (no
+ // dupicate headers, etc.).
+ rv = entry->GetMetaDataElement("response-head", getter_Copies(buf));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Parse string stored in a "response-head" metadata element.
+ // These response headers will be merged with the orignal headers (i.e. the
+ // headers stored in a "original-response-headers" metadata element).
+ rv = cachedResponseHead->ParseCachedHead(buf.get());
+ NS_ENSURE_SUCCESS(rv, rv);
+ buf.Adopt(nullptr);
+
+ return NS_OK;
+}
+
+nsresult CheckPartial(nsICacheEntry* aEntry, int64_t* aSize,
+ int64_t* aContentLength,
+ nsHttpResponseHead* responseHead) {
+ nsresult rv;
+
+ rv = aEntry->GetDataSize(aSize);
+
+ if (NS_ERROR_IN_PROGRESS == rv) {
+ *aSize = -1;
+ rv = NS_OK;
+ }
+
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ if (!responseHead) {
+ return NS_ERROR_UNEXPECTED;
+ }
+
+ *aContentLength = responseHead->ContentLength();
+
+ return NS_OK;
+}
+
+void DetermineFramingAndImmutability(nsICacheEntry* entry,
+ nsHttpResponseHead* responseHead,
+ bool isHttps, bool* weaklyFramed,
+ bool* isImmutable) {
+ nsCString framedBuf;
+ nsresult rv =
+ entry->GetMetaDataElement("strongly-framed", getter_Copies(framedBuf));
+ // describe this in terms of explicitly weakly framed so as to be backwards
+ // compatible with old cache contents which dont have strongly-framed makers
+ *weaklyFramed = NS_SUCCEEDED(rv) && framedBuf.EqualsLiteral("0");
+ *isImmutable = !*weaklyFramed && isHttps && responseHead->Immutable();
+}
+
+bool IsBeforeLastActiveTabLoadOptimization(TimeStamp const& when) {
+ return gHttpHandler &&
+ gHttpHandler->IsBeforeLastActiveTabLoadOptimization(when);
+}
+
+nsCString ConvertRequestHeadToString(nsHttpRequestHead& aRequestHead,
+ bool aHasRequestBody,
+ bool aRequestBodyHasHeaders,
+ bool aUsingConnect) {
+ // Make sure that there is "Content-Length: 0" header in the requestHead
+ // in case of POST and PUT methods when there is no requestBody and
+ // requestHead doesn't contain "Transfer-Encoding" header.
+ //
+ // RFC1945 section 7.2.2:
+ // HTTP/1.0 requests containing an entity body must include a valid
+ // Content-Length header field.
+ //
+ // RFC2616 section 4.4:
+ // For compatibility with HTTP/1.0 applications, HTTP/1.1 requests
+ // containing a message-body MUST include a valid Content-Length header
+ // field unless the server is known to be HTTP/1.1 compliant.
+ if ((aRequestHead.IsPost() || aRequestHead.IsPut()) && !aHasRequestBody &&
+ !aRequestHead.HasHeader(nsHttp::Transfer_Encoding)) {
+ DebugOnly<nsresult> rv =
+ aRequestHead.SetHeader(nsHttp::Content_Length, "0"_ns);
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
+ }
+
+ nsCString reqHeaderBuf;
+ reqHeaderBuf.Truncate();
+
+ // make sure we eliminate any proxy specific headers from
+ // the request if we are using CONNECT
+ aRequestHead.Flatten(reqHeaderBuf, aUsingConnect);
+
+ if (!aRequestBodyHasHeaders || !aHasRequestBody) {
+ reqHeaderBuf.AppendLiteral("\r\n");
+ }
+
+ return reqHeaderBuf;
+}
+
+void NotifyActiveTabLoadOptimization() {
+ if (gHttpHandler) {
+ gHttpHandler->NotifyActiveTabLoadOptimization();
+ }
+}
+
+TimeStamp GetLastActiveTabLoadOptimizationHit() {
+ return gHttpHandler ? gHttpHandler->GetLastActiveTabLoadOptimizationHit()
+ : TimeStamp();
+}
+
+void SetLastActiveTabLoadOptimizationHit(TimeStamp const& when) {
+ if (gHttpHandler) {
+ gHttpHandler->SetLastActiveTabLoadOptimizationHit(when);
+ }
+}
+
+} // namespace nsHttp
+
+template <typename T>
+void localEnsureBuffer(UniquePtr<T[]>& buf, uint32_t newSize, uint32_t preserve,
+ uint32_t& objSize) {
+ if (objSize >= newSize) return;
+
+ // Leave a little slop on the new allocation - add 2KB to
+ // what we need and then round the result up to a 4KB (page)
+ // boundary.
+
+ objSize = (newSize + 2048 + 4095) & ~4095;
+
+ static_assert(sizeof(T) == 1, "sizeof(T) must be 1");
+ auto tmp = MakeUnique<T[]>(objSize);
+ if (preserve) {
+ memcpy(tmp.get(), buf.get(), preserve);
+ }
+ buf = std::move(tmp);
+}
+
+void EnsureBuffer(UniquePtr<char[]>& buf, uint32_t newSize, uint32_t preserve,
+ uint32_t& objSize) {
+ localEnsureBuffer<char>(buf, newSize, preserve, objSize);
+}
+
+void EnsureBuffer(UniquePtr<uint8_t[]>& buf, uint32_t newSize,
+ uint32_t preserve, uint32_t& objSize) {
+ localEnsureBuffer<uint8_t>(buf, newSize, preserve, objSize);
+}
+
+static bool IsTokenSymbol(signed char chr) {
+ return !(chr < 33 || chr == 127 || chr == '(' || chr == ')' || chr == '<' ||
+ chr == '>' || chr == '@' || chr == ',' || chr == ';' || chr == ':' ||
+ chr == '"' || chr == '/' || chr == '[' || chr == ']' || chr == '?' ||
+ chr == '=' || chr == '{' || chr == '}' || chr == '\\');
+}
+
+ParsedHeaderPair::ParsedHeaderPair(const char* name, int32_t nameLen,
+ const char* val, int32_t valLen,
+ bool isQuotedValue)
+ : mName(nsDependentCSubstring(nullptr, size_t(0))),
+ mValue(nsDependentCSubstring(nullptr, size_t(0))),
+ mIsQuotedValue(isQuotedValue) {
+ if (nameLen > 0) {
+ mName.Rebind(name, name + nameLen);
+ }
+ if (valLen > 0) {
+ if (mIsQuotedValue) {
+ RemoveQuotedStringEscapes(val, valLen);
+ mValue.Rebind(mUnquotedValue.BeginWriting(), mUnquotedValue.Length());
+ } else {
+ mValue.Rebind(val, val + valLen);
+ }
+ }
+}
+
+void ParsedHeaderPair::RemoveQuotedStringEscapes(const char* val,
+ int32_t valLen) {
+ mUnquotedValue.Truncate();
+ const char* c = val;
+ for (int32_t i = 0; i < valLen; ++i) {
+ if (c[i] == '\\' && c[i + 1]) {
+ ++i;
+ }
+ mUnquotedValue.Append(c[i]);
+ }
+}
+
+static void Tokenize(
+ const char* input, uint32_t inputLen, const char token,
+ const std::function<void(const char*, uint32_t)>& consumer) {
+ auto trimWhitespace = [](const char* in, uint32_t inLen, const char** out,
+ uint32_t* outLen) {
+ *out = in;
+ *outLen = inLen;
+ if (inLen == 0) {
+ return;
+ }
+
+ // Trim leading space
+ while (nsCRT::IsAsciiSpace(**out)) {
+ (*out)++;
+ --(*outLen);
+ }
+
+ // Trim tailing space
+ for (const char* i = *out + *outLen - 1; i >= *out; --i) {
+ if (!nsCRT::IsAsciiSpace(*i)) {
+ break;
+ }
+ --(*outLen);
+ }
+ };
+
+ const char* first = input;
+ bool inQuote = false;
+ const char* result = nullptr;
+ uint32_t resultLen = 0;
+ for (uint32_t index = 0; index < inputLen; ++index) {
+ if (inQuote && input[index] == '\\' && input[index + 1]) {
+ index++;
+ continue;
+ }
+ if (input[index] == '"') {
+ inQuote = !inQuote;
+ continue;
+ }
+ if (inQuote) {
+ continue;
+ }
+ if (input[index] == token) {
+ trimWhitespace(first, (input + index) - first, &result, &resultLen);
+ consumer(result, resultLen);
+ first = input + index + 1;
+ }
+ }
+
+ trimWhitespace(first, (input + inputLen) - first, &result, &resultLen);
+ consumer(result, resultLen);
+}
+
+ParsedHeaderValueList::ParsedHeaderValueList(const char* t, uint32_t len,
+ bool allowInvalidValue) {
+ if (!len) {
+ return;
+ }
+
+ ParsedHeaderValueList* self = this;
+ auto consumer = [=](const char* output, uint32_t outputLength) {
+ self->ParseNameAndValue(output, allowInvalidValue);
+ };
+
+ Tokenize(t, len, ';', consumer);
+}
+
+void ParsedHeaderValueList::ParseNameAndValue(const char* input,
+ bool allowInvalidValue) {
+ const char* nameStart = input;
+ const char* nameEnd = nullptr;
+ const char* valueStart = input;
+ const char* valueEnd = nullptr;
+ bool isQuotedString = false;
+ bool invalidValue = false;
+
+ for (; *input && *input != ';' && *input != ',' &&
+ !nsCRT::IsAsciiSpace(*input) && *input != '=';
+ input++) {
+ ;
+ }
+
+ nameEnd = input;
+
+ if (!(nameEnd - nameStart)) {
+ return;
+ }
+
+ // Check whether param name is a valid token.
+ for (const char* c = nameStart; c < nameEnd; c++) {
+ if (!IsTokenSymbol(*c)) {
+ nameEnd = c;
+ break;
+ }
+ }
+
+ if (!(nameEnd - nameStart)) {
+ return;
+ }
+
+ while (nsCRT::IsAsciiSpace(*input)) {
+ ++input;
+ }
+
+ if (!*input || *input++ != '=') {
+ mValues.AppendElement(
+ ParsedHeaderPair(nameStart, nameEnd - nameStart, nullptr, 0, false));
+ return;
+ }
+
+ while (nsCRT::IsAsciiSpace(*input)) {
+ ++input;
+ }
+
+ if (*input != '"') {
+ // The value is a token, not a quoted string.
+ valueStart = input;
+ for (valueEnd = input; *valueEnd && !nsCRT::IsAsciiSpace(*valueEnd) &&
+ *valueEnd != ';' && *valueEnd != ',';
+ valueEnd++) {
+ ;
+ }
+ if (!allowInvalidValue) {
+ for (const char* c = valueStart; c < valueEnd; c++) {
+ if (!IsTokenSymbol(*c)) {
+ valueEnd = c;
+ break;
+ }
+ }
+ }
+ } else {
+ bool foundQuotedEnd = false;
+ isQuotedString = true;
+
+ ++input;
+ valueStart = input;
+ for (valueEnd = input; *valueEnd; ++valueEnd) {
+ if (*valueEnd == '\\' && *(valueEnd + 1)) {
+ ++valueEnd;
+ } else if (*valueEnd == '"') {
+ foundQuotedEnd = true;
+ break;
+ }
+ }
+ if (!foundQuotedEnd) {
+ invalidValue = true;
+ }
+
+ input = valueEnd;
+ // *valueEnd != null means that *valueEnd is quote character.
+ if (*valueEnd) {
+ input++;
+ }
+ }
+
+ if (invalidValue) {
+ valueEnd = valueStart;
+ }
+
+ mValues.AppendElement(ParsedHeaderPair(nameStart, nameEnd - nameStart,
+ valueStart, valueEnd - valueStart,
+ isQuotedString));
+}
+
+ParsedHeaderValueListList::ParsedHeaderValueListList(
+ const nsCString& fullHeader, bool allowInvalidValue)
+ : mFull(fullHeader) {
+ auto& values = mValues;
+ auto consumer = [&values, allowInvalidValue](const char* output,
+ uint32_t outputLength) {
+ values.AppendElement(
+ ParsedHeaderValueList(output, outputLength, allowInvalidValue));
+ };
+
+ Tokenize(mFull.BeginReading(), mFull.Length(), ',', consumer);
+}
+
+Maybe<nsCString> CallingScriptLocationString() {
+ if (!LOG4_ENABLED() && !xpc::IsInAutomation()) {
+ return Nothing();
+ }
+
+ JSContext* cx = nsContentUtils::GetCurrentJSContext();
+ if (!cx) {
+ return Nothing();
+ }
+
+ nsAutoCString fileNameString;
+ uint32_t line = 0, col = 0;
+ if (!nsJSUtils::GetCallingLocation(cx, fileNameString, &line, &col)) {
+ return Nothing();
+ }
+
+ nsCString logString = ""_ns;
+ logString.AppendPrintf("%s:%u:%u", fileNameString.get(), line, col);
+ return Some(logString);
+}
+
+void LogCallingScriptLocation(void* instance) {
+ Maybe<nsCString> logLocation = CallingScriptLocationString();
+ LogCallingScriptLocation(instance, logLocation);
+}
+
+void LogCallingScriptLocation(void* instance,
+ const Maybe<nsCString>& aLogLocation) {
+ if (aLogLocation.isNothing()) {
+ return;
+ }
+
+ nsCString logString;
+ logString.AppendPrintf("%p called from script: ", instance);
+ logString.AppendPrintf("%s", aLogLocation->get());
+ LOG(("%s", logString.get()));
+}
+
+void LogHeaders(const char* lineStart) {
+ nsAutoCString buf;
+ const char* endOfLine;
+ while ((endOfLine = strstr(lineStart, "\r\n"))) {
+ buf.Assign(lineStart, endOfLine - lineStart);
+ if (StaticPrefs::network_http_sanitize_headers_in_logs() &&
+ (nsCRT::strcasestr(buf.get(), "authorization: ") ||
+ nsCRT::strcasestr(buf.get(), "proxy-authorization: "))) {
+ char* p = strchr(buf.BeginWriting(), ' ');
+ while (p && *++p) {
+ *p = '*';
+ }
+ }
+ LOG1((" %s\n", buf.get()));
+ lineStart = endOfLine + 2;
+ }
+}
+
+nsresult HttpProxyResponseToErrorCode(uint32_t aStatusCode) {
+ // In proxy CONNECT case, we treat every response code except 200 as an error.
+ // Even if the proxy server returns other 2xx codes (i.e. 206), this function
+ // still returns an error code.
+ MOZ_ASSERT(aStatusCode != 200);
+
+ nsresult rv;
+ switch (aStatusCode) {
+ case 300:
+ case 301:
+ case 302:
+ case 303:
+ case 307:
+ case 308:
+ // Bad redirect: not top-level, or it's a POST, bad/missing Location,
+ // or ProcessRedirect() failed for some other reason. Legal
+ // redirects that fail because site not available, etc., are handled
+ // elsewhere, in the regular codepath.
+ rv = NS_ERROR_CONNECTION_REFUSED;
+ break;
+ // Squid sends 404 if DNS fails (regular 404 from target is tunneled)
+ case 404: // HTTP/1.1: "Not Found"
+ // RFC 2616: "some deployed proxies are known to return 400 or
+ // 500 when DNS lookups time out." (Squid uses 500 if it runs
+ // out of sockets: so we have a conflict here).
+ case 400: // HTTP/1.1 "Bad Request"
+ case 500: // HTTP/1.1: "Internal Server Error"
+ rv = NS_ERROR_UNKNOWN_HOST;
+ break;
+ case 401:
+ rv = NS_ERROR_PROXY_UNAUTHORIZED;
+ break;
+ case 402:
+ rv = NS_ERROR_PROXY_PAYMENT_REQUIRED;
+ break;
+ case 403:
+ rv = NS_ERROR_PROXY_FORBIDDEN;
+ break;
+ case 405:
+ rv = NS_ERROR_PROXY_METHOD_NOT_ALLOWED;
+ break;
+ case 406:
+ rv = NS_ERROR_PROXY_NOT_ACCEPTABLE;
+ break;
+ case 407: // ProcessAuthentication() failed (e.g. no header)
+ rv = NS_ERROR_PROXY_AUTHENTICATION_FAILED;
+ break;
+ case 408:
+ rv = NS_ERROR_PROXY_REQUEST_TIMEOUT;
+ break;
+ case 409:
+ rv = NS_ERROR_PROXY_CONFLICT;
+ break;
+ case 410:
+ rv = NS_ERROR_PROXY_GONE;
+ break;
+ case 411:
+ rv = NS_ERROR_PROXY_LENGTH_REQUIRED;
+ break;
+ case 412:
+ rv = NS_ERROR_PROXY_PRECONDITION_FAILED;
+ break;
+ case 413:
+ rv = NS_ERROR_PROXY_REQUEST_ENTITY_TOO_LARGE;
+ break;
+ case 414:
+ rv = NS_ERROR_PROXY_REQUEST_URI_TOO_LONG;
+ break;
+ case 415:
+ rv = NS_ERROR_PROXY_UNSUPPORTED_MEDIA_TYPE;
+ break;
+ case 416:
+ rv = NS_ERROR_PROXY_REQUESTED_RANGE_NOT_SATISFIABLE;
+ break;
+ case 417:
+ rv = NS_ERROR_PROXY_EXPECTATION_FAILED;
+ break;
+ case 421:
+ rv = NS_ERROR_PROXY_MISDIRECTED_REQUEST;
+ break;
+ case 425:
+ rv = NS_ERROR_PROXY_TOO_EARLY;
+ break;
+ case 426:
+ rv = NS_ERROR_PROXY_UPGRADE_REQUIRED;
+ break;
+ case 428:
+ rv = NS_ERROR_PROXY_PRECONDITION_REQUIRED;
+ break;
+ case 429:
+ rv = NS_ERROR_PROXY_TOO_MANY_REQUESTS;
+ break;
+ case 431:
+ rv = NS_ERROR_PROXY_REQUEST_HEADER_FIELDS_TOO_LARGE;
+ break;
+ case 451:
+ rv = NS_ERROR_PROXY_UNAVAILABLE_FOR_LEGAL_REASONS;
+ break;
+ case 501:
+ rv = NS_ERROR_PROXY_NOT_IMPLEMENTED;
+ break;
+ case 502:
+ rv = NS_ERROR_PROXY_BAD_GATEWAY;
+ break;
+ case 503:
+ // Squid returns 503 if target request fails for anything but DNS.
+ /* User sees: "Failed to Connect:
+ * Firefox can't establish a connection to the server at
+ * www.foo.com. Though the site seems valid, the browser
+ * was unable to establish a connection."
+ */
+ rv = NS_ERROR_CONNECTION_REFUSED;
+ break;
+ // RFC 2616 uses 504 for both DNS and target timeout, so not clear what to
+ // do here: picking target timeout, as DNS covered by 400/404/500
+ case 504:
+ rv = NS_ERROR_PROXY_GATEWAY_TIMEOUT;
+ break;
+ case 505:
+ rv = NS_ERROR_PROXY_VERSION_NOT_SUPPORTED;
+ break;
+ case 506:
+ rv = NS_ERROR_PROXY_VARIANT_ALSO_NEGOTIATES;
+ break;
+ case 510:
+ rv = NS_ERROR_PROXY_NOT_EXTENDED;
+ break;
+ case 511:
+ rv = NS_ERROR_PROXY_NETWORK_AUTHENTICATION_REQUIRED;
+ break;
+ default:
+ rv = NS_ERROR_PROXY_CONNECTION_REFUSED;
+ break;
+ }
+
+ return rv;
+}
+
+SupportedAlpnRank H3VersionToRank(const nsACString& aVersion) {
+ for (uint32_t i = 0; i < kHttp3VersionCount; i++) {
+ if (aVersion.Equals(kHttp3Versions[i])) {
+ return static_cast<SupportedAlpnRank>(
+ static_cast<uint32_t>(SupportedAlpnRank::HTTP_3_DRAFT_29) + i);
+ }
+ }
+
+ return SupportedAlpnRank::NOT_SUPPORTED;
+}
+
+SupportedAlpnRank IsAlpnSupported(const nsACString& aAlpn) {
+ if (nsHttpHandler::IsHttp3Enabled() &&
+ gHttpHandler->IsHttp3VersionSupported(aAlpn)) {
+ return H3VersionToRank(aAlpn);
+ }
+
+ if (StaticPrefs::network_http_http2_enabled()) {
+ SpdyInformation* spdyInfo = gHttpHandler->SpdyInfo();
+ if (aAlpn.Equals(spdyInfo->VersionString)) {
+ return SupportedAlpnRank::HTTP_2;
+ }
+ }
+
+ if (aAlpn.LowerCaseEqualsASCII("http/1.1")) {
+ return SupportedAlpnRank::HTTP_1_1;
+ }
+
+ return SupportedAlpnRank::NOT_SUPPORTED;
+}
+
+// On some security error when 0RTT is used we want to restart transactions
+// without 0RTT. Some firewalls do not behave well with 0RTT and cause this
+// errors.
+bool SecurityErrorThatMayNeedRestart(nsresult aReason) {
+ return (aReason ==
+ psm::GetXPCOMFromNSSError(SSL_ERROR_PROTOCOL_VERSION_ALERT)) ||
+ (aReason == psm::GetXPCOMFromNSSError(SSL_ERROR_BAD_MAC_ALERT));
+}
+
+nsresult MakeOriginURL(const nsACString& origin, nsCOMPtr<nsIURI>& url) {
+ nsAutoCString scheme;
+ nsresult rv = net_ExtractURLScheme(origin, scheme);
+ NS_ENSURE_SUCCESS(rv, rv);
+ return MakeOriginURL(scheme, origin, url);
+}
+
+nsresult MakeOriginURL(const nsACString& scheme, const nsACString& origin,
+ nsCOMPtr<nsIURI>& url) {
+ return NS_MutateURI(new nsStandardURL::Mutator())
+ .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_AUTHORITY,
+ scheme.EqualsLiteral("http") ? NS_HTTP_DEFAULT_PORT
+ : NS_HTTPS_DEFAULT_PORT,
+ origin, nullptr, nullptr, nullptr)
+ .Finalize(url);
+}
+
+void CreatePushHashKey(const nsCString& scheme, const nsCString& hostHeader,
+ const mozilla::OriginAttributes& originAttributes,
+ uint64_t serial, const nsACString& pathInfo,
+ nsCString& outOrigin, nsCString& outKey) {
+ nsCString fullOrigin = scheme;
+ fullOrigin.AppendLiteral("://");
+ fullOrigin.Append(hostHeader);
+
+ nsCOMPtr<nsIURI> origin;
+ nsresult rv = MakeOriginURL(scheme, fullOrigin, origin);
+
+ if (NS_SUCCEEDED(rv)) {
+ rv = origin->GetAsciiSpec(outOrigin);
+ outOrigin.Trim("/", false, true, false);
+ }
+
+ if (NS_FAILED(rv)) {
+ // Fallback to plain text copy - this may end up behaving poorly
+ outOrigin = fullOrigin;
+ }
+
+ outKey = outOrigin;
+ outKey.AppendLiteral("/[");
+ nsAutoCString suffix;
+ originAttributes.CreateSuffix(suffix);
+ outKey.Append(suffix);
+ outKey.Append(']');
+ outKey.AppendLiteral("/[http2.");
+ outKey.AppendInt(serial);
+ outKey.Append(']');
+ outKey.Append(pathInfo);
+}
+
+nsresult GetNSResultFromWebTransportError(uint8_t aErrorCode) {
+ return static_cast<nsresult>((uint32_t)NS_ERROR_WEBTRANSPORT_CODE_BASE +
+ (uint32_t)aErrorCode);
+}
+
+uint8_t GetWebTransportErrorFromNSResult(nsresult aResult) {
+ if (aResult < NS_ERROR_WEBTRANSPORT_CODE_BASE ||
+ aResult > NS_ERROR_WEBTRANSPORT_CODE_END) {
+ return 0;
+ }
+
+ return static_cast<uint8_t>((uint32_t)aResult -
+ (uint32_t)NS_ERROR_WEBTRANSPORT_CODE_BASE);
+}
+
+uint64_t WebTransportErrorToHttp3Error(uint8_t aErrorCode) {
+ return kWebTransportErrorCodeStart + aErrorCode + aErrorCode / 0x1e;
+}
+
+uint8_t Http3ErrorToWebTransportError(uint64_t aErrorCode) {
+ // Ensure the code is within the valid range.
+ if (aErrorCode < kWebTransportErrorCodeStart ||
+ aErrorCode > kWebTransportErrorCodeEnd) {
+ return 0;
+ }
+
+ uint64_t shifted = aErrorCode - kWebTransportErrorCodeStart;
+ uint64_t result = shifted - shifted / 0x1f;
+
+ if (result <= std::numeric_limits<uint8_t>::max()) {
+ return (uint8_t)result;
+ }
+
+ return 0;
+}
+
+ConnectionCloseReason ToCloseReason(nsresult aErrorCode) {
+ if (NS_SUCCEEDED(aErrorCode)) {
+ return ConnectionCloseReason::OK;
+ }
+
+ if (aErrorCode == NS_ERROR_UNKNOWN_HOST) {
+ return ConnectionCloseReason::DNS_ERROR;
+ }
+ if (aErrorCode == NS_ERROR_NET_RESET) {
+ return ConnectionCloseReason::NET_RESET;
+ }
+ if (aErrorCode == NS_ERROR_CONNECTION_REFUSED) {
+ return ConnectionCloseReason::NET_REFUSED;
+ }
+ if (aErrorCode == NS_ERROR_SOCKET_ADDRESS_NOT_SUPPORTED) {
+ return ConnectionCloseReason::SOCKET_ADDRESS_NOT_SUPPORTED;
+ }
+ if (aErrorCode == NS_ERROR_NET_TIMEOUT) {
+ return ConnectionCloseReason::NET_TIMEOUT;
+ }
+ if (aErrorCode == NS_ERROR_OUT_OF_MEMORY) {
+ return ConnectionCloseReason::OUT_OF_MEMORY;
+ }
+ if (aErrorCode == NS_ERROR_SOCKET_ADDRESS_IN_USE) {
+ return ConnectionCloseReason::SOCKET_ADDRESS_IN_USE;
+ }
+ if (aErrorCode == NS_BINDING_ABORTED) {
+ return ConnectionCloseReason::BINDING_ABORTED;
+ }
+ if (aErrorCode == NS_BINDING_REDIRECTED) {
+ return ConnectionCloseReason::BINDING_REDIRECTED;
+ }
+ if (aErrorCode == NS_ERROR_ABORT) {
+ return ConnectionCloseReason::ERROR_ABORT;
+ }
+
+ int32_t code = -1 * NS_ERROR_GET_CODE(aErrorCode);
+ if (mozilla::psm::IsNSSErrorCode(code)) {
+ return ConnectionCloseReason::SECURITY_ERROR;
+ }
+
+ return ConnectionCloseReason::OTHER_NET_ERROR;
+}
+
+} // namespace net
+} // namespace mozilla