diff options
Diffstat (limited to '')
-rw-r--r-- | netwerk/protocol/http/nsHttpResponseHead.cpp | 1220 |
1 files changed, 1220 insertions, 0 deletions
diff --git a/netwerk/protocol/http/nsHttpResponseHead.cpp b/netwerk/protocol/http/nsHttpResponseHead.cpp new file mode 100644 index 0000000000..18f7beed3a --- /dev/null +++ b/netwerk/protocol/http/nsHttpResponseHead.cpp @@ -0,0 +1,1220 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim:set ts=4 sw=2 sts=2 et cin: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// HttpLog.h should generally be included first +#include "HttpLog.h" + +#include "mozilla/dom/MimeType.h" +#include "mozilla/StaticPrefs_network.h" +#include "mozilla/TextUtils.h" +#include "mozilla/Unused.h" +#include "nsHttpResponseHead.h" +#include "nsIHttpHeaderVisitor.h" +#include "nsPrintfCString.h" +#include "prtime.h" +#include "nsCRT.h" +#include "nsURLHelper.h" +#include "CacheControlParser.h" +#include <algorithm> + +namespace mozilla { +namespace net { + +//----------------------------------------------------------------------------- +// nsHttpResponseHead <public> +//----------------------------------------------------------------------------- + +// Note that the code below MUST be synchronized with the IPC +// serialization/deserialization in PHttpChannelParams.h. +nsHttpResponseHead::nsHttpResponseHead(const nsHttpResponseHead& aOther) { + nsHttpResponseHead& other = const_cast<nsHttpResponseHead&>(aOther); + RecursiveMutexAutoLock monitor(other.mRecursiveMutex); + + mHeaders = other.mHeaders; + mVersion = other.mVersion; + mStatus = other.mStatus; + mStatusText = other.mStatusText; + mContentLength = other.mContentLength; + mContentType = other.mContentType; + mContentCharset = other.mContentCharset; + mHasCacheControl = other.mHasCacheControl; + mCacheControlPublic = other.mCacheControlPublic; + mCacheControlPrivate = other.mCacheControlPrivate; + mCacheControlNoStore = other.mCacheControlNoStore; + mCacheControlNoCache = other.mCacheControlNoCache; + mCacheControlImmutable = other.mCacheControlImmutable; + mCacheControlStaleWhileRevalidateSet = + other.mCacheControlStaleWhileRevalidateSet; + mCacheControlStaleWhileRevalidate = other.mCacheControlStaleWhileRevalidate; + mCacheControlMaxAgeSet = other.mCacheControlMaxAgeSet; + mCacheControlMaxAge = other.mCacheControlMaxAge; + mPragmaNoCache = other.mPragmaNoCache; +} + +nsHttpResponseHead& nsHttpResponseHead::operator=( + const nsHttpResponseHead& aOther) { + nsHttpResponseHead& other = const_cast<nsHttpResponseHead&>(aOther); + RecursiveMutexAutoLock monitorOther(other.mRecursiveMutex); + RecursiveMutexAutoLock monitor(mRecursiveMutex); + + mHeaders = other.mHeaders; + mVersion = other.mVersion; + mStatus = other.mStatus; + mStatusText = other.mStatusText; + mContentLength = other.mContentLength; + mContentType = other.mContentType; + mContentCharset = other.mContentCharset; + mHasCacheControl = other.mHasCacheControl; + mCacheControlPublic = other.mCacheControlPublic; + mCacheControlPrivate = other.mCacheControlPrivate; + mCacheControlNoStore = other.mCacheControlNoStore; + mCacheControlNoCache = other.mCacheControlNoCache; + mCacheControlImmutable = other.mCacheControlImmutable; + mCacheControlStaleWhileRevalidateSet = + other.mCacheControlStaleWhileRevalidateSet; + mCacheControlStaleWhileRevalidate = other.mCacheControlStaleWhileRevalidate; + mCacheControlMaxAgeSet = other.mCacheControlMaxAgeSet; + mCacheControlMaxAge = other.mCacheControlMaxAge; + mPragmaNoCache = other.mPragmaNoCache; + + return *this; +} + +HttpVersion nsHttpResponseHead::Version() { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return mVersion; +} + +uint16_t nsHttpResponseHead::Status() const { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return mStatus; +} + +void nsHttpResponseHead::StatusText(nsACString& aStatusText) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + aStatusText = mStatusText; +} + +int64_t nsHttpResponseHead::ContentLength() { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return mContentLength; +} + +void nsHttpResponseHead::ContentType(nsACString& aContentType) const { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + aContentType = mContentType; +} + +void nsHttpResponseHead::ContentCharset(nsACString& aContentCharset) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + aContentCharset = mContentCharset; +} + +bool nsHttpResponseHead::Public() { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return mCacheControlPublic; +} + +bool nsHttpResponseHead::Private() { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return mCacheControlPrivate; +} + +bool nsHttpResponseHead::NoStore() { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return mCacheControlNoStore; +} + +bool nsHttpResponseHead::NoCache() { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return NoCache_locked(); +} + +bool nsHttpResponseHead::Immutable() { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return mCacheControlImmutable; +} + +nsresult nsHttpResponseHead::SetHeader(const nsACString& hdr, + const nsACString& val, bool merge) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + + if (mInVisitHeaders) { + return NS_ERROR_FAILURE; + } + + nsHttpAtom atom = nsHttp::ResolveAtom(hdr); + if (!atom.get()) { + NS_WARNING("failed to resolve atom"); + return NS_ERROR_NOT_AVAILABLE; + } + + return SetHeader_locked(atom, hdr, val, merge); +} + +nsresult nsHttpResponseHead::SetHeader(const nsHttpAtom& hdr, + const nsACString& val, bool merge) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + + if (mInVisitHeaders) { + return NS_ERROR_FAILURE; + } + + return SetHeader_locked(hdr, ""_ns, val, merge); +} + +nsresult nsHttpResponseHead::SetHeader_locked(const nsHttpAtom& atom, + const nsACString& hdr, + const nsACString& val, + bool merge) { + nsresult rv = mHeaders.SetHeader(atom, hdr, val, merge, + nsHttpHeaderArray::eVarietyResponse); + if (NS_FAILED(rv)) return rv; + + // respond to changes in these headers. we need to reparse the entire + // header since the change may have merged in additional values. + if (atom == nsHttp::Cache_Control) { + ParseCacheControl(mHeaders.PeekHeader(atom)); + } else if (atom == nsHttp::Pragma) { + ParsePragma(mHeaders.PeekHeader(atom)); + } + + return NS_OK; +} + +nsresult nsHttpResponseHead::GetHeader(const nsHttpAtom& h, + nsACString& v) const { + v.Truncate(); + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return mHeaders.GetHeader(h, v); +} + +void nsHttpResponseHead::ClearHeader(const nsHttpAtom& h) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + mHeaders.ClearHeader(h); +} + +void nsHttpResponseHead::ClearHeaders() { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + mHeaders.Clear(); +} + +bool nsHttpResponseHead::HasHeaderValue(const nsHttpAtom& h, const char* v) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return mHeaders.HasHeaderValue(h, v); +} + +bool nsHttpResponseHead::HasHeader(const nsHttpAtom& h) const { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return mHeaders.HasHeader(h); +} + +void nsHttpResponseHead::SetContentType(const nsACString& s) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + mContentType = s; +} + +void nsHttpResponseHead::SetContentCharset(const nsACString& s) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + mContentCharset = s; +} + +void nsHttpResponseHead::SetContentLength(int64_t len) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + + mContentLength = len; + if (len < 0) { + mHeaders.ClearHeader(nsHttp::Content_Length); + } else { + DebugOnly<nsresult> rv = mHeaders.SetHeader( + nsHttp::Content_Length, nsPrintfCString("%" PRId64, len), false, + nsHttpHeaderArray::eVarietyResponse); + MOZ_ASSERT(NS_SUCCEEDED(rv)); + } +} + +void nsHttpResponseHead::Flatten(nsACString& buf, bool pruneTransients) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + if (mVersion == HttpVersion::v0_9) return; + + buf.AppendLiteral("HTTP/"); + if (mVersion == HttpVersion::v3_0) { + buf.AppendLiteral("3 "); + } else if (mVersion == HttpVersion::v2_0) { + buf.AppendLiteral("2 "); + } else if (mVersion == HttpVersion::v1_1) { + buf.AppendLiteral("1.1 "); + } else { + buf.AppendLiteral("1.0 "); + } + + buf.Append(nsPrintfCString("%u", unsigned(mStatus)) + " "_ns + mStatusText + + "\r\n"_ns); + + mHeaders.Flatten(buf, false, pruneTransients); +} + +void nsHttpResponseHead::FlattenNetworkOriginalHeaders(nsACString& buf) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + if (mVersion == HttpVersion::v0_9) { + return; + } + + mHeaders.FlattenOriginalHeader(buf); +} + +nsresult nsHttpResponseHead::ParseCachedHead(const char* block) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + LOG(("nsHttpResponseHead::ParseCachedHead [this=%p]\n", this)); + + // this command works on a buffer as prepared by Flatten, as such it is + // not very forgiving ;-) + + const char* p = strstr(block, "\r\n"); + if (!p) return NS_ERROR_UNEXPECTED; + + ParseStatusLine_locked(nsDependentCSubstring(block, p - block)); + + do { + block = p + 2; + + if (*block == 0) break; + + p = strstr(block, "\r\n"); + if (!p) return NS_ERROR_UNEXPECTED; + + Unused << ParseHeaderLine_locked(nsDependentCSubstring(block, p - block), + false); + + } while (true); + + return NS_OK; +} + +nsresult nsHttpResponseHead::ParseCachedOriginalHeaders(char* block) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + LOG(("nsHttpResponseHead::ParseCachedOriginalHeader [this=%p]\n", this)); + + // this command works on a buffer as prepared by FlattenOriginalHeader, + // as such it is not very forgiving ;-) + + if (!block) { + return NS_ERROR_UNEXPECTED; + } + + char* p = block; + nsHttpAtom hdr; + nsAutoCString headerNameOriginal; + nsAutoCString val; + nsresult rv; + + do { + block = p; + + if (*block == 0) break; + + p = strstr(block, "\r\n"); + if (!p) return NS_ERROR_UNEXPECTED; + + *p = 0; + if (NS_FAILED(nsHttpHeaderArray::ParseHeaderLine( + nsDependentCString(block, p - block), &hdr, &headerNameOriginal, + &val))) { + return NS_OK; + } + + rv = mHeaders.SetResponseHeaderFromCache( + hdr, headerNameOriginal, val, + nsHttpHeaderArray::eVarietyResponseNetOriginal); + + if (NS_FAILED(rv)) { + return rv; + } + + p = p + 2; + } while (true); + + return NS_OK; +} + +void nsHttpResponseHead::AssignDefaultStatusText() { + LOG(("response status line needs default reason phrase\n")); + + // if a http response doesn't contain a reason phrase, put one in based + // on the status code. The reason phrase is totally meaningless so its + // ok to have a default catch all here - but this makes debuggers and addons + // a little saner to use if we don't map things to "404 OK" or other nonsense. + // In particular, HTTP/2 does not use reason phrases at all so they need to + // always be injected. + + net_GetDefaultStatusTextForCode(mStatus, mStatusText); +} + +nsresult nsHttpResponseHead::ParseStatusLine(const nsACString& line) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return ParseStatusLine_locked(line); +} + +nsresult nsHttpResponseHead::ParseStatusLine_locked(const nsACString& line) { + // + // Parse Status-Line:: HTTP-Version SP Status-Code SP Reason-Phrase CRLF + // + + const char* start = line.BeginReading(); + const char* end = line.EndReading(); + + // HTTP-Version + ParseVersion(start); + + int32_t index = line.FindChar(' '); + + if ((mVersion == HttpVersion::v0_9) || (index == -1)) { + mStatus = 200; + AssignDefaultStatusText(); + } else if (StaticPrefs::network_http_strict_response_status_line_parsing()) { + // Status-Code: all ASCII digits after any whitespace + const char* p = start + index + 1; + while (p < end && NS_IsHTTPWhitespace(*p)) ++p; + if (p == end || !mozilla::IsAsciiDigit(*p)) { + return NS_ERROR_PARSING_HTTP_STATUS_LINE; + } + const char* codeStart = p; + while (p < end && mozilla::IsAsciiDigit(*p)) ++p; + + // Only accept 3 digits (including all leading zeros) + // Also if next char isn't whitespace, fail (ie, code is 0x2) + if (p - codeStart > 3 || (p < end && !NS_IsHTTPWhitespace(*p))) { + return NS_ERROR_PARSING_HTTP_STATUS_LINE; + } + + // At this point the code is between 0 and 999 inclusive + nsDependentCSubstring strCode(codeStart, p - codeStart); + nsresult rv; + mStatus = strCode.ToInteger(&rv); + if (NS_FAILED(rv)) { + return NS_ERROR_PARSING_HTTP_STATUS_LINE; + } + + // Reason-Phrase: whatever remains after any whitespace (even empty) + while (p < end && NS_IsHTTPWhitespace(*p)) ++p; + if (p != end) { + mStatusText = nsDependentCSubstring(p, end - p); + } + } else { + // Status-Code + const char* p = start + index + 1; + mStatus = (uint16_t)atoi(p); + if (mStatus == 0) { + LOG(("mal-formed response status; assuming status = 200\n")); + mStatus = 200; + } + + // Reason-Phrase is whatever is remaining of the line + index = line.FindChar(' ', p - start); + if (index == -1) { + AssignDefaultStatusText(); + } else { + p = start + index + 1; + mStatusText = nsDependentCSubstring(p, end - p); + } + } + + LOG1(("Have status line [version=%u status=%u statusText=%s]\n", + unsigned(mVersion), unsigned(mStatus), mStatusText.get())); + return NS_OK; +} + +nsresult nsHttpResponseHead::ParseHeaderLine(const nsACString& line) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return ParseHeaderLine_locked(line, true); +} + +nsresult nsHttpResponseHead::ParseHeaderLine_locked( + const nsACString& line, bool originalFromNetHeaders) { + nsHttpAtom hdr; + nsAutoCString headerNameOriginal; + nsAutoCString val; + + if (NS_FAILED(nsHttpHeaderArray::ParseHeaderLine( + line, &hdr, &headerNameOriginal, &val))) { + return NS_OK; + } + + // reject the header if there are 0x00 bytes in the value. + // (see https://github.com/httpwg/http-core/issues/215 for details). + if (StaticPrefs::network_http_reject_NULs_in_response_header_values() && + val.FindChar('\0') >= 0) { + return NS_ERROR_DOM_INVALID_HEADER_VALUE; + } + + nsresult rv; + if (originalFromNetHeaders) { + rv = mHeaders.SetHeaderFromNet(hdr, headerNameOriginal, val, true); + } else { + rv = mHeaders.SetResponseHeaderFromCache( + hdr, headerNameOriginal, val, nsHttpHeaderArray::eVarietyResponse); + } + if (NS_FAILED(rv)) { + return rv; + } + + // leading and trailing LWS has been removed from |val| + + // handle some special case headers... + if (hdr == nsHttp::Content_Length) { + rv = ParseResponseContentLength(val); + if (rv == NS_ERROR_ILLEGAL_VALUE) { + LOG(("illegal content-length! %s\n", val.get())); + return rv; + } + + if (rv == NS_ERROR_NOT_AVAILABLE) { + LOG(("content-length value ignored! %s\n", val.get())); + } + + } else if (hdr == nsHttp::Content_Type) { + if (StaticPrefs::network_standard_content_type_parsing_response_headers() && + CMimeType::Parse(val, mContentType, mContentCharset)) { + } else { + bool dummy; + net_ParseContentType(val, mContentType, mContentCharset, &dummy); + } + LOG(("ParseContentType [input=%s, type=%s, charset=%s]\n", val.get(), + mContentType.get(), mContentCharset.get())); + } else if (hdr == nsHttp::Cache_Control) { + ParseCacheControl(val.get()); + } else if (hdr == nsHttp::Pragma) { + ParsePragma(val.get()); + } + return NS_OK; +} + +// From section 13.2.3 of RFC2616, we compute the current age of a cached +// response as follows: +// +// currentAge = max(max(0, responseTime - dateValue), ageValue) +// + now - requestTime +// +// where responseTime == now +// +// This is typically a very small number. +// +nsresult nsHttpResponseHead::ComputeCurrentAge(uint32_t now, + uint32_t requestTime, + uint32_t* result) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + uint32_t dateValue; + uint32_t ageValue; + + *result = 0; + + if (requestTime > now) { + // for calculation purposes lets not allow the request to happen in the + // future + requestTime = now; + } + + if (NS_FAILED(GetDateValue_locked(&dateValue))) { + LOG( + ("nsHttpResponseHead::ComputeCurrentAge [this=%p] " + "Date response header not set!\n", + this)); + // Assume we have a fast connection and that our clock + // is in sync with the server. + dateValue = now; + } + + // Compute apparent age + if (now > dateValue) *result = now - dateValue; + + // Compute corrected received age + if (NS_SUCCEEDED(GetAgeValue_locked(&ageValue))) { + *result = std::max(*result, ageValue); + } + + // Compute current age + *result += (now - requestTime); + return NS_OK; +} + +// From section 13.2.4 of RFC2616, we compute the freshness lifetime of a cached +// response as follows: +// +// freshnessLifetime = max_age_value +// <or> +// freshnessLifetime = expires_value - date_value +// <or> +// freshnessLifetime = min(one-week, +// (date_value - last_modified_value) * 0.10) +// <or> +// freshnessLifetime = 0 +// +nsresult nsHttpResponseHead::ComputeFreshnessLifetime(uint32_t* result) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + *result = 0; + + // Try HTTP/1.1 style max-age directive... + if (NS_SUCCEEDED(GetMaxAgeValue_locked(result))) return NS_OK; + + *result = 0; + + uint32_t date = 0, date2 = 0; + if (NS_FAILED(GetDateValue_locked(&date))) { + date = NowInSeconds(); // synthesize a date header if none exists + } + + // Try HTTP/1.0 style expires header... + if (NS_SUCCEEDED(GetExpiresValue_locked(&date2))) { + if (date2 > date) *result = date2 - date; + // the Expires header can specify a date in the past. + return NS_OK; + } + + // These responses can be cached indefinitely. + if ((mStatus == 300) || (mStatus == 410) || + nsHttp::IsPermanentRedirect(mStatus)) { + LOG( + ("nsHttpResponseHead::ComputeFreshnessLifetime [this = %p] " + "Assign an infinite heuristic lifetime\n", + this)); + *result = uint32_t(-1); + return NS_OK; + } + + if (mStatus >= 400) { + LOG( + ("nsHttpResponseHead::ComputeFreshnessLifetime [this = %p] " + "Do not calculate heuristic max-age for most responses >= 400\n", + this)); + return NS_OK; + } + + // From RFC 7234 Section 4.2.2, heuristics can only be used on responses + // without explicit freshness whose status codes are defined as cacheable + // by default, and those responses without explicit freshness that have been + // marked as explicitly cacheable. + // Note that |MustValidate| handled most of non-cacheable status codes. + if ((mStatus == 302 || mStatus == 304 || mStatus == 307) && + !mCacheControlPublic && !mCacheControlPrivate) { + LOG(( + "nsHttpResponseHead::ComputeFreshnessLifetime [this = %p] " + "Do not calculate heuristic max-age for non-cacheable status code %u\n", + this, unsigned(mStatus))); + return NS_OK; + } + + // Fallback on heuristic using last modified header... + if (NS_SUCCEEDED(GetLastModifiedValue_locked(&date2))) { + LOG(("using last-modified to determine freshness-lifetime\n")); + LOG(("last-modified = %u, date = %u\n", date2, date)); + if (date2 <= date) { + // this only makes sense if last-modified is actually in the past + *result = (date - date2) / 10; + const uint32_t kOneWeek = 60 * 60 * 24 * 7; + *result = std::min(kOneWeek, *result); + return NS_OK; + } + } + + LOG( + ("nsHttpResponseHead::ComputeFreshnessLifetime [this = %p] " + "Insufficient information to compute a non-zero freshness " + "lifetime!\n", + this)); + + return NS_OK; +} + +bool nsHttpResponseHead::MustValidate() { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + LOG(("nsHttpResponseHead::MustValidate ??\n")); + + // Some response codes are cacheable, but the rest are not. This switch should + // stay in sync with the list in nsHttpChannel::ContinueProcessResponse3 + switch (mStatus) { + // Success codes + case 200: + case 203: + case 204: + case 206: + // Cacheable redirects + case 300: + case 301: + case 302: + case 304: + case 307: + case 308: + // Gone forever + case 410: + break; + // Uncacheable redirects + case 303: + case 305: + // Other known errors + case 401: + case 407: + case 412: + case 416: + case 425: + case 429: + default: // revalidate unknown error pages + LOG(("Must validate since response is an uncacheable error page\n")); + return true; + } + + // The no-cache response header indicates that we must validate this + // cached response before reusing. + if (NoCache_locked()) { + LOG(("Must validate since response contains 'no-cache' header\n")); + return true; + } + + // Likewise, if the response is no-store, then we must validate this + // cached response before reusing. NOTE: it may seem odd that a no-store + // response may be cached, but indeed all responses are cached in order + // to support File->SaveAs, View->PageSource, and other browser features. + if (mCacheControlNoStore) { + LOG(("Must validate since response contains 'no-store' header\n")); + return true; + } + + // Compare the Expires header to the Date header. If the server sent an + // Expires header with a timestamp in the past, then we must validate this + // cached response before reusing. + if (ExpiresInPast_locked()) { + LOG(("Must validate since Expires < Date\n")); + return true; + } + + LOG(("no mandatory validation requirement\n")); + return false; +} + +bool nsHttpResponseHead::MustValidateIfExpired() { + // according to RFC2616, section 14.9.4: + // + // When the must-revalidate directive is present in a response received by a + // cache, that cache MUST NOT use the entry after it becomes stale to respond + // to a subsequent request without first revalidating it with the origin + // server. + // + return HasHeaderValue(nsHttp::Cache_Control, "must-revalidate"); +} + +bool nsHttpResponseHead::StaleWhileRevalidate(uint32_t now, + uint32_t expiration) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + + if (expiration <= 0 || !mCacheControlStaleWhileRevalidateSet) { + return false; + } + + // 'expiration' is the expiration time (an absolute unit), the swr window + // extends the expiration time. + CheckedInt<uint32_t> stallValidUntil = expiration; + stallValidUntil += mCacheControlStaleWhileRevalidate; + if (!stallValidUntil.isValid()) { + // overflow means an indefinite stale window + return true; + } + + return now <= stallValidUntil.value(); +} + +bool nsHttpResponseHead::IsResumable() { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + // even though some HTTP/1.0 servers may support byte range requests, we're + // not going to bother with them, since those servers wouldn't understand + // If-Range. Also, while in theory it may be possible to resume when the + // status code is not 200, it is unlikely to be worth the trouble, especially + // for non-2xx responses. + return mStatus == 200 && mVersion >= HttpVersion::v1_1 && + mHeaders.PeekHeader(nsHttp::Content_Length) && + (mHeaders.PeekHeader(nsHttp::ETag) || + mHeaders.PeekHeader(nsHttp::Last_Modified)) && + mHeaders.HasHeaderValue(nsHttp::Accept_Ranges, "bytes"); +} + +bool nsHttpResponseHead::ExpiresInPast() { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return ExpiresInPast_locked(); +} + +bool nsHttpResponseHead::ExpiresInPast_locked() const { + uint32_t maxAgeVal, expiresVal, dateVal; + + // Bug #203271. Ensure max-age directive takes precedence over Expires + if (NS_SUCCEEDED(GetMaxAgeValue_locked(&maxAgeVal))) { + return false; + } + + return NS_SUCCEEDED(GetExpiresValue_locked(&expiresVal)) && + NS_SUCCEEDED(GetDateValue_locked(&dateVal)) && expiresVal < dateVal; +} + +void nsHttpResponseHead::UpdateHeaders(nsHttpResponseHead* aOther) { + LOG(("nsHttpResponseHead::UpdateHeaders [this=%p]\n", this)); + + RecursiveMutexAutoLock monitor(mRecursiveMutex); + RecursiveMutexAutoLock monitorOther(aOther->mRecursiveMutex); + + uint32_t i, count = aOther->mHeaders.Count(); + for (i = 0; i < count; ++i) { + nsHttpAtom header; + nsAutoCString headerNameOriginal; + + if (!aOther->mHeaders.PeekHeaderAt(i, header, headerNameOriginal)) { + continue; + } + + nsAutoCString val; + if (NS_FAILED(aOther->GetHeader(header, val))) { + continue; + } + + // Ignore any hop-by-hop headers... + if (header == nsHttp::Connection || header == nsHttp::Proxy_Connection || + header == nsHttp::Keep_Alive || header == nsHttp::Proxy_Authenticate || + header == nsHttp::Proxy_Authorization || // not a response header! + header == nsHttp::TE || header == nsHttp::Trailer || + header == nsHttp::Transfer_Encoding || header == nsHttp::Upgrade || + // Ignore any non-modifiable headers... + header == nsHttp::Content_Location || header == nsHttp::Content_MD5 || + header == nsHttp::ETag || + // Assume Cache-Control: "no-transform" + header == nsHttp::Content_Encoding || header == nsHttp::Content_Range || + header == nsHttp::Content_Type || + // Ignore wacky headers too... + // this one is for MS servers that send "Content-Length: 0" + // on 304 responses + header == nsHttp::Content_Length) { + LOG(("ignoring response header [%s: %s]\n", header.get(), val.get())); + } else { + LOG(("new response header [%s: %s]\n", header.get(), val.get())); + + // overwrite the current header value with the new value... + DebugOnly<nsresult> rv = + SetHeader_locked(header, headerNameOriginal, val); + MOZ_ASSERT(NS_SUCCEEDED(rv)); + } + } +} + +void nsHttpResponseHead::Reset() { + LOG(("nsHttpResponseHead::Reset\n")); + + RecursiveMutexAutoLock monitor(mRecursiveMutex); + + mHeaders.Clear(); + + mVersion = HttpVersion::v1_1; + mStatus = 200; + mContentLength = -1; + mHasCacheControl = false; + mCacheControlPublic = false; + mCacheControlPrivate = false; + mCacheControlNoStore = false; + mCacheControlNoCache = false; + mCacheControlImmutable = false; + mCacheControlStaleWhileRevalidateSet = false; + mCacheControlStaleWhileRevalidate = 0; + mCacheControlMaxAgeSet = false; + mCacheControlMaxAge = 0; + mPragmaNoCache = false; + mStatusText.Truncate(); + mContentType.Truncate(); + mContentCharset.Truncate(); +} + +nsresult nsHttpResponseHead::ParseDateHeader(const nsHttpAtom& header, + uint32_t* result) const { + const char* val = mHeaders.PeekHeader(header); + if (!val) return NS_ERROR_NOT_AVAILABLE; + + PRTime time; + PRStatus st = PR_ParseTimeString(val, true, &time); + if (st != PR_SUCCESS) return NS_ERROR_NOT_AVAILABLE; + + *result = PRTimeToSeconds(time); + return NS_OK; +} + +nsresult nsHttpResponseHead::GetAgeValue(uint32_t* result) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return GetAgeValue_locked(result); +} + +nsresult nsHttpResponseHead::GetAgeValue_locked(uint32_t* result) const { + const char* val = mHeaders.PeekHeader(nsHttp::Age); + if (!val) return NS_ERROR_NOT_AVAILABLE; + + *result = (uint32_t)atoi(val); + return NS_OK; +} + +// Return the value of the (HTTP 1.1) max-age directive, which itself is a +// component of the Cache-Control response header +nsresult nsHttpResponseHead::GetMaxAgeValue(uint32_t* result) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return GetMaxAgeValue_locked(result); +} + +nsresult nsHttpResponseHead::GetMaxAgeValue_locked(uint32_t* result) const { + if (!mCacheControlMaxAgeSet) { + return NS_ERROR_NOT_AVAILABLE; + } + + *result = mCacheControlMaxAge; + return NS_OK; +} + +nsresult nsHttpResponseHead::GetDateValue(uint32_t* result) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return GetDateValue_locked(result); +} + +nsresult nsHttpResponseHead::GetExpiresValue(uint32_t* result) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return GetExpiresValue_locked(result); +} + +nsresult nsHttpResponseHead::GetExpiresValue_locked(uint32_t* result) const { + const char* val = mHeaders.PeekHeader(nsHttp::Expires); + if (!val) return NS_ERROR_NOT_AVAILABLE; + + PRTime time; + PRStatus st = PR_ParseTimeString(val, true, &time); + if (st != PR_SUCCESS) { + // parsing failed... RFC 2616 section 14.21 says we should treat this + // as an expiration time in the past. + *result = 0; + return NS_OK; + } + + if (time < 0) { + *result = 0; + } else { + *result = PRTimeToSeconds(time); + } + return NS_OK; +} + +nsresult nsHttpResponseHead::GetLastModifiedValue(uint32_t* result) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return ParseDateHeader(nsHttp::Last_Modified, result); +} + +bool nsHttpResponseHead::operator==(const nsHttpResponseHead& aOther) const + MOZ_NO_THREAD_SAFETY_ANALYSIS { + nsHttpResponseHead& curr = const_cast<nsHttpResponseHead&>(*this); + nsHttpResponseHead& other = const_cast<nsHttpResponseHead&>(aOther); + RecursiveMutexAutoLock monitorOther(other.mRecursiveMutex); + RecursiveMutexAutoLock monitor(curr.mRecursiveMutex); + + return mHeaders == aOther.mHeaders && mVersion == aOther.mVersion && + mStatus == aOther.mStatus && mStatusText == aOther.mStatusText && + mContentLength == aOther.mContentLength && + mContentType == aOther.mContentType && + mContentCharset == aOther.mContentCharset && + mHasCacheControl == aOther.mHasCacheControl && + mCacheControlPublic == aOther.mCacheControlPublic && + mCacheControlPrivate == aOther.mCacheControlPrivate && + mCacheControlNoCache == aOther.mCacheControlNoCache && + mCacheControlNoStore == aOther.mCacheControlNoStore && + mCacheControlImmutable == aOther.mCacheControlImmutable && + mCacheControlStaleWhileRevalidateSet == + aOther.mCacheControlStaleWhileRevalidateSet && + mCacheControlStaleWhileRevalidate == + aOther.mCacheControlStaleWhileRevalidate && + mCacheControlMaxAgeSet == aOther.mCacheControlMaxAgeSet && + mCacheControlMaxAge == aOther.mCacheControlMaxAge && + mPragmaNoCache == aOther.mPragmaNoCache; +} + +int64_t nsHttpResponseHead::TotalEntitySize() { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + const char* contentRange = mHeaders.PeekHeader(nsHttp::Content_Range); + if (!contentRange) return mContentLength; + + // Total length is after a slash + const char* slash = strrchr(contentRange, '/'); + if (!slash) return -1; // No idea what the length is + + slash++; + if (*slash == '*') { // Server doesn't know the length + return -1; + } + + int64_t size; + if (!nsHttp::ParseInt64(slash, &size)) size = UINT64_MAX; + return size; +} + +//----------------------------------------------------------------------------- +// nsHttpResponseHead <private> +//----------------------------------------------------------------------------- + +void nsHttpResponseHead::ParseVersion(const char* str) { + // Parse HTTP-Version:: "HTTP" "/" 1*DIGIT "." 1*DIGIT + + LOG(("nsHttpResponseHead::ParseVersion [version=%s]\n", str)); + + Tokenizer t(str, nullptr, ""); + // make sure we have HTTP at the beginning + if (!t.CheckWord("HTTP")) { + if (nsCRT::strncasecmp(str, "ICY ", 4) == 0) { + // ShoutCast ICY is HTTP/1.0-like. Assume it is HTTP/1.0. + LOG(("Treating ICY as HTTP 1.0\n")); + mVersion = HttpVersion::v1_0; + return; + } + LOG(("looks like a HTTP/0.9 response\n")); + mVersion = HttpVersion::v0_9; + return; + } + + if (!t.CheckChar('/')) { + LOG(("server did not send a version number; assuming HTTP/1.0\n")); + // NCSA/1.5.2 has a bug in which it fails to send a version number + // if the request version is HTTP/1.1, so we fall back on HTTP/1.0 + mVersion = HttpVersion::v1_0; + return; + } + + uint32_t major; + if (!t.ReadInteger(&major)) { + LOG(("server did not send a correct version number; assuming HTTP/1.0")); + mVersion = HttpVersion::v1_0; + return; + } + + if (major == 3) { + mVersion = HttpVersion::v3_0; + return; + } + + if (major == 2) { + mVersion = HttpVersion::v2_0; + return; + } + + if (major != 1) { + LOG(("server did not send a correct version number; assuming HTTP/1.0")); + mVersion = HttpVersion::v1_0; + return; + } + + if (!t.CheckChar('.')) { + LOG(("mal-formed server version; assuming HTTP/1.0\n")); + mVersion = HttpVersion::v1_0; + return; + } + + uint32_t minor; + if (!t.ReadInteger(&minor)) { + LOG(("server did not send a correct version number; assuming HTTP/1.0")); + mVersion = HttpVersion::v1_0; + return; + } + + if (minor >= 1) { + // at least HTTP/1.1 + mVersion = HttpVersion::v1_1; + } else { + // treat anything else as version 1.0 + mVersion = HttpVersion::v1_0; + } +} + +void nsHttpResponseHead::ParseCacheControl(const char* val) { + if (!(val && *val)) { + // clear flags + mHasCacheControl = false; + mCacheControlPublic = false; + mCacheControlPrivate = false; + mCacheControlNoCache = false; + mCacheControlNoStore = false; + mCacheControlImmutable = false; + mCacheControlStaleWhileRevalidateSet = false; + mCacheControlStaleWhileRevalidate = 0; + mCacheControlMaxAgeSet = false; + mCacheControlMaxAge = 0; + return; + } + + nsDependentCString cacheControlRequestHeader(val); + CacheControlParser cacheControlRequest(cacheControlRequestHeader); + + mHasCacheControl = true; + mCacheControlPublic = cacheControlRequest.Public(); + mCacheControlPrivate = cacheControlRequest.Private(); + mCacheControlNoCache = cacheControlRequest.NoCache(); + mCacheControlNoStore = cacheControlRequest.NoStore(); + mCacheControlImmutable = cacheControlRequest.Immutable(); + mCacheControlStaleWhileRevalidateSet = + cacheControlRequest.StaleWhileRevalidate( + &mCacheControlStaleWhileRevalidate); + mCacheControlMaxAgeSet = cacheControlRequest.MaxAge(&mCacheControlMaxAge); +} + +void nsHttpResponseHead::ParsePragma(const char* val) { + LOG(("nsHttpResponseHead::ParsePragma [val=%s]\n", val)); + + if (!(val && *val)) { + // clear no-cache flag + mPragmaNoCache = false; + return; + } + + // Although 'Pragma: no-cache' is not a standard HTTP response header (it's a + // request header), caching is inhibited when this header is present so as to + // match existing Navigator behavior. + mPragmaNoCache = nsHttp::FindToken(val, "no-cache", HTTP_HEADER_VALUE_SEPS); +} + +nsresult nsHttpResponseHead::ParseResponseContentLength( + const nsACString& aHeaderStr) { + int64_t contentLength = 0; + // Ref: https://fetch.spec.whatwg.org/#content-length-header + // Step 1. Let values be the result of getting, decoding, and splitting + // `Content - Length` from headers. + // Step 1 is done by the caller + // Step 2. If values is null, then return null. + if (aHeaderStr.IsEmpty()) { + return NS_ERROR_NOT_AVAILABLE; + } + + // Step 3 Let candidateValue be null. + Maybe<nsAutoCString> candidateValue; + // Step 4 For each value of values + for (const nsACString& token : + nsCCharSeparatedTokenizerTemplate< + NS_IsAsciiWhitespace, nsTokenizerFlags::IncludeEmptyTokenAtEnd>( + aHeaderStr, ',') + .ToRange()) { + // Step 4.1 If candidateValue is null, then set candidateValue to value. + if (candidateValue.isNothing()) { + candidateValue.emplace(token); + } + // Step 4.2 Otherwise, if value is not candidateValue, return failure. + if (candidateValue.value() != token) { + return NS_ERROR_ILLEGAL_VALUE; + } + } + // Step 5 If candidateValue is the empty string or has a code point that is + // not an ASCII digit, then return null. + if (candidateValue.isNothing()) { + return NS_ERROR_NOT_AVAILABLE; + } + + // Step 6 Return candidateValue, interpreted as decimal number contentLength + const char* end = nullptr; + if (!net::nsHttp::ParseInt64(candidateValue->get(), &end, &contentLength)) { + return NS_ERROR_NOT_AVAILABLE; + } + + if (*end != '\0') { + // a number was parsed by ParseInt64 but candidateValue contains non-numeric + // characters + return NS_ERROR_NOT_AVAILABLE; + } + + mContentLength = contentLength; + return NS_OK; +} + +nsresult nsHttpResponseHead::VisitHeaders( + nsIHttpHeaderVisitor* visitor, nsHttpHeaderArray::VisitorFilter filter) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + mInVisitHeaders = true; + nsresult rv = mHeaders.VisitHeaders(visitor, filter); + mInVisitHeaders = false; + return rv; +} + +namespace { +class ContentTypeOptionsVisitor final : public nsIHttpHeaderVisitor { + public: + NS_DECL_ISUPPORTS + + ContentTypeOptionsVisitor() = default; + + NS_IMETHOD + VisitHeader(const nsACString& aHeader, const nsACString& aValue) override { + if (!mHeaderPresent) { + mHeaderPresent = true; + } else { + // multiple XCTO headers in response, merge them + mContentTypeOptionsHeader.Append(", "_ns); + } + mContentTypeOptionsHeader.Append(aValue); + return NS_OK; + } + + void GetMergedHeader(nsACString& aValue) { + aValue = mContentTypeOptionsHeader; + } + + private: + ~ContentTypeOptionsVisitor() = default; + bool mHeaderPresent{false}; + nsAutoCString mContentTypeOptionsHeader; +}; + +NS_IMPL_ISUPPORTS(ContentTypeOptionsVisitor, nsIHttpHeaderVisitor) +} // namespace + +nsresult nsHttpResponseHead::GetOriginalHeader(const nsHttpAtom& aHeader, + nsIHttpHeaderVisitor* aVisitor) { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + mInVisitHeaders = true; + nsresult rv = mHeaders.GetOriginalHeader(aHeader, aVisitor); + mInVisitHeaders = false; + return rv; +} + +bool nsHttpResponseHead::HasContentType() const { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return !mContentType.IsEmpty(); +} + +bool nsHttpResponseHead::HasContentCharset() { + RecursiveMutexAutoLock monitor(mRecursiveMutex); + return !mContentCharset.IsEmpty(); +} + +bool nsHttpResponseHead::GetContentTypeOptionsHeader(nsACString& aOutput) { + aOutput.Truncate(); + + nsAutoCString contentTypeOptionsHeader; + // We need to fetch original headers and manually merge them because empty + // header values are not retrieved with GetHeader. Ref - Bug 1819642 + RefPtr<ContentTypeOptionsVisitor> visitor = new ContentTypeOptionsVisitor(); + Unused << GetOriginalHeader(nsHttp::X_Content_Type_Options, visitor); + visitor->GetMergedHeader(contentTypeOptionsHeader); + if (contentTypeOptionsHeader.IsEmpty()) { + // if there is no XCTO header, then there is nothing to do. + return false; + } + + // XCTO header might contain multiple values which are comma separated, so: + // a) let's skip all subsequent values + // e.g. " NoSniFF , foo " will be " NoSniFF " + int32_t idx = contentTypeOptionsHeader.Find(","); + if (idx >= 0) { + contentTypeOptionsHeader = Substring(contentTypeOptionsHeader, 0, idx); + } + // b) let's trim all surrounding whitespace + // e.g. " NoSniFF " -> "NoSniFF" + nsHttp::TrimHTTPWhitespace(contentTypeOptionsHeader, + contentTypeOptionsHeader); + + aOutput.Assign(contentTypeOptionsHeader); + return true; +} + +} // namespace net +} // namespace mozilla |