/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* vim:set ts=4 sw=2 sts=2 et cin: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
// HttpLog.h should generally be included first #include"HttpLog.h"
// Note that the code below MUST be synchronized with the IPC // serialization/deserialization in PHttpChannelParams.h.
nsHttpResponseHead::nsHttpResponseHead(const nsHttpResponseHead& aOther) {
nsHttpResponseHead& other = const_cast<nsHttpResponseHead&>(aOther);
RecursiveMutexAutoLock monitor(other.mRecursiveMutex);
// respond to changes in these headers. we need to reparse the entire // header since the change may have merged in additional values. if (atom == nsHttp::Cache_Control) {
ParseCacheControl(mHeaders.PeekHeader(atom));
} elseif (atom == nsHttp::Pragma) {
ParsePragma(mHeaders.PeekHeader(atom));
}
void nsHttpResponseHead::AssignDefaultStatusText() {
LOG(("response status line needs default reason phrase\n"));
// if a http response doesn't contain a reason phrase, put one in based // on the status code. The reason phrase is totally meaningless so its // ok to have a default catch all here - but this makes debuggers and addons // a little saner to use if we don't map things to "404 OK" or other nonsense. // In particular, HTTP/2 does not use reason phrases at all so they need to // always be injected.
constchar* start = line.BeginReading(); constchar* end = line.EndReading();
// HTTP-Version
ParseVersion(start);
int32_t index = line.FindChar(' ');
if (mVersion == HttpVersion::v0_9 || index == -1) {
mStatus = 200;
AssignDefaultStatusText();
LOG1(("Have status line [version=%u status=%u statusText=%s]\n", unsigned(mVersion), unsigned(mStatus), mStatusText.get())); return NS_OK;
}
// Status-Code: all ASCII digits after any whitespace constchar* p = start + index + 1; while (p < end && NS_IsHTTPWhitespace(*p)) ++p; if (p == end || !mozilla::IsAsciiDigit(*p)) { return NS_ERROR_PARSING_HTTP_STATUS_LINE;
} constchar* codeStart = p; while (p < end && mozilla::IsAsciiDigit(*p)) ++p;
// Only accept 3 digits (including all leading zeros) // Also if next char isn't whitespace, fail (ie, code is 0x2) if (p - codeStart > 3 || (p < end && !NS_IsHTTPWhitespace(*p))) { return NS_ERROR_PARSING_HTTP_STATUS_LINE;
}
// At this point the code is between 0 and 999 inclusive
nsDependentCSubstring strCode(codeStart, p - codeStart);
nsresult rv;
mStatus = strCode.ToInteger(&rv); if (NS_FAILED(rv)) { return NS_ERROR_PARSING_HTTP_STATUS_LINE;
}
// Reason-Phrase: whatever remains after any whitespace (even empty) while (p < end && NS_IsHTTPWhitespace(*p)) ++p; if (p != end) {
mStatusText = nsDependentCSubstring(p, end - p);
}
LOG1(("Have status line [version=%u status=%u statusText=%s]\n", unsigned(mVersion), unsigned(mStatus), mStatusText.get())); return NS_OK;
}
if (NS_FAILED(nsHttpHeaderArray::ParseHeaderLine(
line, &hdr, &headerNameOriginal, &val))) { return NS_OK;
}
// reject the header if there are 0x00 bytes in the value. // (see https://github.com/httpwg/http-core/issues/215 for details). if (val.FindChar('\0') >= 0) { return NS_ERROR_DOM_INVALID_HEADER_VALUE;
}
// From section 13.2.3 of RFC2616, we compute the current age of a cached // response as follows: // // currentAge = max(max(0, responseTime - dateValue), ageValue) // + now - requestTime // // where responseTime == now // // This is typically a very small number. //
nsresult nsHttpResponseHead::ComputeCurrentAge(uint32_t now,
uint32_t requestTime,
uint32_t* result) {
RecursiveMutexAutoLock monitor(mRecursiveMutex);
uint32_t dateValue;
uint32_t ageValue;
*result = 0;
if (requestTime > now) { // for calculation purposes lets not allow the request to happen in the // future
requestTime = now;
}
if (NS_FAILED(GetDateValue_locked(&dateValue))) {
LOG(
("nsHttpResponseHead::ComputeCurrentAge [this=%p] " "Date response header not set!\n", this)); // Assume we have a fast connection and that our clock // is in sync with the server.
dateValue = now;
}
// Compute apparent age if (now > dateValue) *result = now - dateValue;
// Compute corrected received age if (NS_SUCCEEDED(GetAgeValue_locked(&ageValue))) {
*result = std::max(*result, ageValue);
}
// Compute current age
*result += (now - requestTime); return NS_OK;
}
// From section 13.2.4 of RFC2616, we compute the freshness lifetime of a cached // response as follows: // // freshnessLifetime = max_age_value // <or> // freshnessLifetime = expires_value - date_value // <or> // freshnessLifetime = min(one-week, // (date_value - last_modified_value) * 0.10) // <or> // freshnessLifetime = 0 //
nsresult nsHttpResponseHead::ComputeFreshnessLifetime(uint32_t* result) {
RecursiveMutexAutoLock monitor(mRecursiveMutex);
*result = 0;
// Try HTTP/1.1 style max-age directive... if (NS_SUCCEEDED(GetMaxAgeValue_locked(result))) return NS_OK;
*result = 0;
uint32_t date = 0, date2 = 0; if (NS_FAILED(GetDateValue_locked(&date))) {
date = NowInSeconds(); // synthesize a date header if none exists
}
// Try HTTP/1.0 style expires header... if (NS_SUCCEEDED(GetExpiresValue_locked(&date2))) { if (date2 > date) *result = date2 - date; // the Expires header can specify a date in the past. return NS_OK;
}
// These responses can be cached indefinitely. if ((mStatus == 300) || (mStatus == 410) ||
nsHttp::IsPermanentRedirect(mStatus)) {
LOG(
("nsHttpResponseHead::ComputeFreshnessLifetime [this = %p] " "Assign an infinite heuristic lifetime\n", this));
*result = uint32_t(-1); return NS_OK;
}
if (mStatus >= 400) {
LOG(
("nsHttpResponseHead::ComputeFreshnessLifetime [this = %p] " "Do not calculate heuristic max-age for most responses >= 400\n", this)); return NS_OK;
}
// From RFC 7234 Section 4.2.2, heuristics can only be used on responses // without explicit freshness whose status codes are defined as cacheable // by default, and those responses without explicit freshness that have been // marked as explicitly cacheable. // Note that |MustValidate| handled most of non-cacheable status codes. if ((mStatus == 302 || mStatus == 304 || mStatus == 307) &&
!mCacheControlPublic && !mCacheControlPrivate) {
LOG(( "nsHttpResponseHead::ComputeFreshnessLifetime [this = %p] " "Do not calculate heuristic max-age for non-cacheable status code %u\n", this, unsigned(mStatus))); return NS_OK;
}
// Fallback on heuristic using last modified header... if (NS_SUCCEEDED(GetLastModifiedValue_locked(&date2))) {
LOG(("using last-modified to determine freshness-lifetime\n"));
LOG(("last-modified = %u, date = %u\n", date2, date)); if (date2 <= date) { // this only makes sense if last-modified is actually in the past
*result = (date - date2) / 10; const uint32_t kOneWeek = 60 * 60 * 24 * 7;
*result = std::min(kOneWeek, *result); return NS_OK;
}
}
LOG(
("nsHttpResponseHead::ComputeFreshnessLifetime [this = %p] " "Insufficient information to compute a non-zero freshness " "lifetime!\n", this));
// Some response codes are cacheable, but the rest are not. This switch should // stay in sync with the list in nsHttpChannel::ContinueProcessResponse3 switch (mStatus) { // Success codes case 200: case 203: case 204: case 206: // Cacheable redirects case 300: case 301: case 302: case 304: case 307: case 308: // Gone forever case 410: break; // Uncacheable redirects case 303: case 305: // Other known errors case 401: case 407: case 412: case 416: case 425: case 429: default: // revalidate unknown error pages
LOG(("Must validate since response is an uncacheable error page\n")); returntrue;
}
// The no-cache response header indicates that we must validate this // cached response before reusing. if (NoCache_locked()) {
LOG(("Must validate since response contains 'no-cache' header\n")); returntrue;
}
// Likewise, if the response is no-store, then we must validate this // cached response before reusing. NOTE: it may seem odd that a no-store // response may be cached, but indeed all responses are cached in order // to support File->SaveAs, View->PageSource, and other browser features. if (mCacheControlNoStore) {
LOG(("Must validate since response contains 'no-store' header\n")); returntrue;
}
// Compare the Expires header to the Date header. If the server sent an // Expires header with a timestamp in the past, then we must validate this // cached response before reusing. if (ExpiresInPast_locked()) {
LOG(("Must validate since Expires < Date\n")); returntrue;
}
bool nsHttpResponseHead::MustValidateIfExpired() { // according to RFC2616, section 14.9.4: // // When the must-revalidate directive is present in a response received by a // cache, that cache MUST NOT use the entry after it becomes stale to respond // to a subsequent request without first revalidating it with the origin // server. // return HasHeaderValue(nsHttp::Cache_Control, "must-revalidate");
}
if (expiration <= 0 || !mCacheControlStaleWhileRevalidateSet) { returnfalse;
}
// 'expiration' is the expiration time (an absolute unit), the swr window // extends the expiration time.
CheckedInt<uint32_t> stallValidUntil = expiration;
stallValidUntil += mCacheControlStaleWhileRevalidate; if (!stallValidUntil.isValid()) { // overflow means an indefinite stale window returntrue;
}
return now <= stallValidUntil.value();
}
bool nsHttpResponseHead::IsResumable() {
RecursiveMutexAutoLock monitor(mRecursiveMutex); // even though some HTTP/1.0 servers may support byte range requests, we're // not going to bother with them, since those servers wouldn't understand // If-Range. Also, while in theory it may be possible to resume when the // status code is not 200, it is unlikely to be worth the trouble, especially // for non-2xx responses. return mStatus == 200 && mVersion >= HttpVersion::v1_1 &&
mHeaders.PeekHeader(nsHttp::Content_Length) &&
(mHeaders.PeekHeader(nsHttp::ETag) ||
mHeaders.PeekHeader(nsHttp::Last_Modified)) &&
mHeaders.HasHeaderValue(nsHttp::Accept_Ranges, "bytes");
}
// overwrite the current header value with the new value...
DebugOnly<nsresult> rv =
SetHeader_locked(header, headerNameOriginal, val);
MOZ_ASSERT(NS_SUCCEEDED(rv));
}
}
}
nsresult nsHttpResponseHead::GetAgeValue_locked(uint32_t* result) const { constchar* val = mHeaders.PeekHeader(nsHttp::Age); if (!val) return NS_ERROR_NOT_AVAILABLE;
*result = (uint32_t)atoi(val); return NS_OK;
}
// Return the value of the (HTTP 1.1) max-age directive, which itself is a // component of the Cache-Control response header
nsresult nsHttpResponseHead::GetMaxAgeValue(uint32_t* result) {
RecursiveMutexAutoLock monitor(mRecursiveMutex); return GetMaxAgeValue_locked(result);
}
nsresult nsHttpResponseHead::GetExpiresValue_locked(uint32_t* result) const { constchar* val = mHeaders.PeekHeader(nsHttp::Expires); if (!val) return NS_ERROR_NOT_AVAILABLE;
PRTime time;
PRStatus st = PR_ParseTimeString(val, true, &time); if (st != PR_SUCCESS) { // parsing failed... RFC 2616 section 14.21 says we should treat this // as an expiration time in the past.
*result = 0; return NS_OK;
}
Tokenizer t(str, nullptr, ""); // make sure we have HTTP at the beginning if (!t.CheckWord("HTTP")) { if (nsCRT::strncasecmp(str, "ICY ", 4) == 0) { // ShoutCast ICY is HTTP/1.0-like. Assume it is HTTP/1.0.
LOG(("Treating ICY as HTTP 1.0\n"));
mVersion = HttpVersion::v1_0; return;
}
LOG(("looks like a HTTP/0.9 response\n"));
mVersion = HttpVersion::v0_9; return;
}
if (!t.CheckChar('/')) {
LOG(("server did not send a version number; assuming HTTP/1.0\n")); // NCSA/1.5.2 has a bug in which it fails to send a version number // if the request version is HTTP/1.1, so we fall back on HTTP/1.0
mVersion = HttpVersion::v1_0; return;
}
uint32_t major; if (!t.ReadInteger(&major)) {
LOG(("server did not send a correct version number; assuming HTTP/1.0"));
mVersion = HttpVersion::v1_0; return;
}
if (major == 3) {
mVersion = HttpVersion::v3_0; return;
}
if (major == 2) {
mVersion = HttpVersion::v2_0; return;
}
if (major != 1) {
LOG(("server did not send a correct version number; assuming HTTP/1.0"));
mVersion = HttpVersion::v1_0; return;
}
if (!t.CheckChar('.')) {
LOG(("mal-formed server version; assuming HTTP/1.0\n"));
mVersion = HttpVersion::v1_0; return;
}
uint32_t minor; if (!t.ReadInteger(&minor)) {
LOG(("server did not send a correct version number; assuming HTTP/1.0"));
mVersion = HttpVersion::v1_0; return;
}
if (minor >= 1) { // at least HTTP/1.1
mVersion = HttpVersion::v1_1;
} else { // treat anything else as version 1.0
mVersion = HttpVersion::v1_0;
}
}
if (!(val && *val)) { // clear no-cache flag
mPragmaNoCache = false; return;
}
// Although 'Pragma: no-cache' is not a standard HTTP response header (it's a // request header), caching is inhibited when this header is present so as to // match existing Navigator behavior.
mPragmaNoCache = nsHttp::FindToken(val, "no-cache", HTTP_HEADER_VALUE_SEPS);
}
nsresult nsHttpResponseHead::ParseResponseContentLength( const nsACString& aHeaderStr) {
int64_t contentLength = 0; // Ref: https://fetch.spec.whatwg.org/#content-length-header // Step 1. Let values be the result of getting, decoding, and splitting // `Content - Length` from headers. // Step 1 is done by the caller // Step 2. If values is null, then return null. if (aHeaderStr.IsEmpty()) { return NS_ERROR_NOT_AVAILABLE;
}
// Step 3 Let candidateValue be null.
Maybe<nsAutoCString> candidateValue; // Step 4 For each value of values for (const nsACString& token :
nsCCharSeparatedTokenizerTemplate<
NS_IsAsciiWhitespace, nsTokenizerFlags::IncludeEmptyTokenAtEnd>(
aHeaderStr, ',')
.ToRange()) { // Step 4.1 If candidateValue is null, then set candidateValue to value. if (candidateValue.isNothing()) {
candidateValue.emplace(token);
} // Step 4.2 Otherwise, if value is not candidateValue, return failure. if (candidateValue.value() != token) { return NS_ERROR_ILLEGAL_VALUE;
}
} // Step 5 If candidateValue is the empty string or has a code point that is // not an ASCII digit, then return null. if (candidateValue.isNothing()) { return NS_ERROR_NOT_AVAILABLE;
}
// Step 6 Return candidateValue, interpreted as decimal number contentLength constchar* end = nullptr; if (!net::nsHttp::ParseInt64(candidateValue->get(), &end, &contentLength)) { return NS_ERROR_NOT_AVAILABLE;
}
if (*end != '\0') { // a number was parsed by ParseInt64 but candidateValue contains non-numeric // characters return NS_ERROR_NOT_AVAILABLE;
}
nsAutoCString contentTypeOptionsHeader; // We need to fetch original headers and manually merge them because empty // header values are not retrieved with GetHeader. Ref - Bug 1819642
RefPtr<ContentTypeOptionsVisitor> visitor = new ContentTypeOptionsVisitor();
Unused << GetOriginalHeader(nsHttp::X_Content_Type_Options, visitor);
visitor->GetMergedHeader(contentTypeOptionsHeader); if (contentTypeOptionsHeader.IsEmpty()) { // if there is no XCTO header, then there is nothing to do. returnfalse;
}
// XCTO header might contain multiple values which are comma separated, so: // a) let's skip all subsequent values // e.g. " NoSniFF , foo " will be " NoSniFF "
int32_t idx = contentTypeOptionsHeader.Find(","); if (idx >= 0) {
contentTypeOptionsHeader = Substring(contentTypeOptionsHeader, 0, idx);
} // b) let's trim all surrounding whitespace // e.g. " NoSniFF " -> "NoSniFF"
nsHttp::TrimHTTPWhitespace(contentTypeOptionsHeader,
contentTypeOptionsHeader);
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
