From 8ebb4e8047463a258c28c61d9a45f3d63fef317e Mon Sep 17 00:00:00 2001
From: Aliaksandr Kalenik <kalenik.aliaksandr@gmail.com>
Date: Tue, 17 Oct 2023 16:52:16 +0200
Subject: [PATCH] LibWeb: Forbid sharing image requests across documents

This change addresses the bug where images unable to load when the
reload button in the UI is clicked repeatedly. Before this fix, it was
possible to use SharedImageRequests across multiple documents. However,
when the document that initiated the request is gone, tasks scheduled
on the event loop remain in the fetching state because the originating
document is no longer active. Furthermore, another reason to prohibit
the sharing of image requests across documents is that the "Origin"
header in an image request is dependent on the document.
---
 Userland/Libraries/LibWeb/DOM/Document.cpp    |  5 +++++
 Userland/Libraries/LibWeb/DOM/Document.h      |  5 +++++
 .../LibWeb/HTML/SharedImageRequest.cpp        | 22 +++++++++----------
 .../LibWeb/HTML/SharedImageRequest.h          |  4 +++-
 4 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/Userland/Libraries/LibWeb/DOM/Document.cpp b/Userland/Libraries/LibWeb/DOM/Document.cpp
index ff1eed3ac0..a68a208fc4 100644
--- a/Userland/Libraries/LibWeb/DOM/Document.cpp
+++ b/Userland/Libraries/LibWeb/DOM/Document.cpp
@@ -3555,4 +3555,9 @@ void Document::update_for_history_step_application(JS::NonnullGCPtr<HTML::Sessio
     }
 }
 
+HashMap<AK::URL, HTML::SharedImageRequest*>& Document::shared_image_requests()
+{
+    return m_shared_image_requests;
+}
+
 }
diff --git a/Userland/Libraries/LibWeb/DOM/Document.h b/Userland/Libraries/LibWeb/DOM/Document.h
index 24c2c5a7b7..a6b904d007 100644
--- a/Userland/Libraries/LibWeb/DOM/Document.h
+++ b/Userland/Libraries/LibWeb/DOM/Document.h
@@ -30,6 +30,7 @@
 #include <LibWeb/HTML/Origin.h>
 #include <LibWeb/HTML/SandboxingFlagSet.h>
 #include <LibWeb/HTML/Scripting/Environments.h>
+#include <LibWeb/HTML/SharedImageRequest.h>
 #include <LibWeb/HTML/VisibilityState.h>
 #include <LibWeb/WebIDL/ExceptionOr.h>
 
@@ -531,6 +532,8 @@ public:
 
     void update_for_history_step_application(JS::NonnullGCPtr<HTML::SessionHistoryEntry>, bool do_not_reactive, size_t script_history_length, size_t script_history_index);
 
+    HashMap<AK::URL, HTML::SharedImageRequest*>& shared_image_requests();
+
 protected:
     virtual void initialize(JS::Realm&) override;
     virtual void visit_edges(Cell::Visitor&) override;
@@ -735,6 +738,8 @@ private:
 
     // https://html.spec.whatwg.org/multipage/browsing-the-web.html#latest-entry
     JS::GCPtr<HTML::SessionHistoryEntry> m_latest_entry;
+
+    HashMap<AK::URL, HTML::SharedImageRequest*> m_shared_image_requests;
 };
 
 template<>
diff --git a/Userland/Libraries/LibWeb/HTML/SharedImageRequest.cpp b/Userland/Libraries/LibWeb/HTML/SharedImageRequest.cpp
index 2426c5dfff..3e47ba3e9c 100644
--- a/Userland/Libraries/LibWeb/HTML/SharedImageRequest.cpp
+++ b/Userland/Libraries/LibWeb/HTML/SharedImageRequest.cpp
@@ -18,36 +18,36 @@
 
 namespace Web::HTML {
 
-static HashMap<AK::URL, SharedImageRequest*>& shared_image_requests()
-{
-    static HashMap<AK::URL, SharedImageRequest*> requests;
-    return requests;
-}
-
 JS::NonnullGCPtr<SharedImageRequest> SharedImageRequest::get_or_create(JS::Realm& realm, Page& page, AK::URL const& url)
 {
-    if (auto it = shared_image_requests().find(url); it != shared_image_requests().end())
+    auto document = Bindings::host_defined_environment_settings_object(realm).responsible_document();
+    VERIFY(document);
+    auto& shared_image_requests = document->shared_image_requests();
+    if (auto it = shared_image_requests.find(url); it != shared_image_requests.end())
         return *it->value;
-    auto request = realm.heap().allocate<SharedImageRequest>(realm, page, url);
-    shared_image_requests().set(url, request);
+    auto request = realm.heap().allocate<SharedImageRequest>(realm, page, url, *document);
+    shared_image_requests.set(url, request);
     return request;
 }
 
-SharedImageRequest::SharedImageRequest(Page& page, AK::URL url)
+SharedImageRequest::SharedImageRequest(Page& page, AK::URL url, JS::NonnullGCPtr<DOM::Document> document)
     : m_page(page)
     , m_url(move(url))
+    , m_document(document)
 {
 }
 
 SharedImageRequest::~SharedImageRequest()
 {
-    shared_image_requests().remove(m_url);
+    auto& shared_image_requests = m_document->shared_image_requests();
+    shared_image_requests.remove(m_url);
 }
 
 void SharedImageRequest::visit_edges(JS::Cell::Visitor& visitor)
 {
     Base::visit_edges(visitor);
     visitor.visit(m_fetch_controller);
+    visitor.visit(m_document);
     for (auto& callback : m_callbacks) {
         visitor.visit(callback.on_finish);
         visitor.visit(callback.on_fail);
diff --git a/Userland/Libraries/LibWeb/HTML/SharedImageRequest.h b/Userland/Libraries/LibWeb/HTML/SharedImageRequest.h
index 8b2780fddd..39af3b17d8 100644
--- a/Userland/Libraries/LibWeb/HTML/SharedImageRequest.h
+++ b/Userland/Libraries/LibWeb/HTML/SharedImageRequest.h
@@ -42,7 +42,7 @@ public:
     virtual void visit_edges(JS::Cell::Visitor&) override;
 
 private:
-    explicit SharedImageRequest(Page&, AK::URL);
+    explicit SharedImageRequest(Page&, AK::URL, JS::NonnullGCPtr<DOM::Document>);
 
     void handle_successful_fetch(AK::URL const&, StringView mime_type, ByteBuffer data);
     void handle_failed_fetch();
@@ -67,6 +67,8 @@ private:
     AK::URL m_url;
     RefPtr<DecodedImageData const> m_image_data;
     JS::GCPtr<Fetch::Infrastructure::FetchController> m_fetch_controller;
+
+    JS::GCPtr<DOM::Document> m_document;
 };
 
 }