1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-25 04:12:32 +00:00
Commit graph

31 commits

Author SHA1 Message Date
Simon McMahon
2ce416a676 LibWeb: Parse header value lists for some CORS headers
This adds a simple and incomplete implementation for extracting some
specific CORS headers that are used by fetch. This unifies the existing
ad-hoc parsing that already existed for Access-Control-Allow-Headers
and Access-Control-Allow-Methods, as well as adding
Access-control-Expose-Headers.
2023-08-02 00:52:23 +01:00
Simon McMahon
3a1f510af0 LibWeb: Support for Access-Control-Expose-Headers in Fetch
This adds the headers named in Access-Control-Expose-Headers to the
response's CORS-exposed header-name list which allows those headers to
be accessed from JS.
2023-08-02 00:52:23 +01:00
Timothy Flynn
29d90ccf3b LibWeb: Implement the legacy extracting an encoding AO 2023-05-12 05:47:36 +02:00
Andreas Kling
a504ac3e2a Everywhere: Rename equals_ignoring_case => equals_ignoring_ascii_case
Let's make it clear that these functions deal with ASCII case only.
2023-03-10 13:15:44 +01:00
Luke Wilde
cfbd0bbe0a LibWeb/Fetch: Implement Header's "extract a length" function
Required by XHR's reliance on Fetch.
2023-03-07 11:51:12 +00:00
Linus Groh
ad4b4046f4 LibWeb/Fetch: Propagate OOM errors from HeaderList::extract_mime_type() 2023-03-03 11:02:21 +00:00
Linus Groh
2d7ce38ee2 LibWeb/MimeSniff: Port MimeType to new String 2023-03-03 11:02:21 +00:00
Linus Groh
fabea2a6a7 LibWeb/MimeSniff: Rename MimeType::from_string() to MimeType::parse()
This matches the spec's "parse a MIME type".
2023-03-03 11:02:21 +00:00
Linus Groh
11023a3c53 LibWeb/Fetch: Port infrastructure to new String 2023-03-03 09:25:34 +00:00
Linus Groh
ee68eba0ac LibWeb: Implement Headers.getSetCookie()
This is a normative change in the Fetch spec.
See: e4d3480

This also implements the changes to the 'sort and combine' algorithm,
which now treats "set-cookie" headers differently, and is exposed to JS
via the Headers' iterator.

Passes all 21 WPT tests :^)
http://wpt.live/fetch/api/headers/header-setcookie.any.html
2023-02-11 13:14:26 +00:00
Linus Groh
6bce48e99b LibWeb: Fix UAF in convert_header_names_to_a_sorted_lowercase_set()
We can't keep a span (ReadonlyBytes) to a move()'d ByteBuffer
in the header_names_seen HashTable - copy the original name span instead
which works the same thanks to CaseInsensitiveBytesTraits.

This would sporadically fail the contains() check due to garbage data,
later leading to a VERIFY() crash in the OrderedHashTable append loop.
2023-02-11 13:14:26 +00:00
Luke Wilde
237df9df5c LibWeb: Make extract_header_list_values differentiate parsing failures
Previously, parsing failures and the header not existing made
extract_header_list_values return an empty Optional, making it
impossible to differentiate between the two.

Required for implementing CORS-preflight, where parsing failures for
the headers makes it fail, but not having them doesn't make it fail in
all cases.
2023-02-10 22:18:19 +00:00
Linus Groh
6e7459322d AK: Remove StringBuilder::build() in favor of to_deprecated_string()
Having an alias function that only wraps another one is silly, and
keeping the more obvious name should flush out more uses of deprecated
strings.
No behavior change.
2023-01-27 20:38:49 +00:00
Linus Groh
22089436ed LibJS: Convert Heap::allocate{,_without_realm}() to NonnullGCPtr 2022-12-15 06:56:37 -05:00
Linus Groh
2f1bda3347 LibWeb/Fetch: Tweak wording in some spec comments
This is a change in the Fetch spec.

See: 223ca89
2022-12-08 15:37:19 +00:00
Linus Groh
a156722744 LibWeb/Fetch: Update spec comment to decode bytes to string
This is a change in the Fetch spec.

See: a04d096
2022-12-08 15:37:19 +00:00
Linus Groh
1c9bb2d8b4 LibWeb/Fetch: Refactor forbidden request-headers
This is a change in the Fetch spec.

See:
- 92e6c91
- 494431a
2022-12-08 15:37:19 +00:00
Linus Groh
011f6a6cb4 LibWeb/Fetch: Use tuple syntax for headers in spec comments
This is an editorial change in the Fetch spec.

See: b482186
2022-12-08 15:37:19 +00:00
Linus Groh
6e19ab2bbc AK+Everywhere: Rename String to DeprecatedString
We have a new, improved string type coming up in AK (OOM aware, no null
state), and while it's going to use UTF-8, the name UTF8String is a
mouthful - so let's free up the String name by renaming the existing
class.
Making the old one have an annoying name will hopefully also help with
quick adoption :^)
2022-12-06 08:54:33 +01:00
Linus Groh
455aa34011 LibWeb: Partially implement 'Extract header (list) values' AOs
The header-specific ABNF rules are completely ignored for now, but we
can at least extract a single header value, which at least works for
simple cases like `Location`-based redirects.
2022-10-30 20:10:29 +00:00
Linus Groh
6deb5ce9b5 LibWeb: Implement 'Default User-Agent value' AO 2022-10-30 20:10:29 +00:00
Linus Groh
b1968b8bed LibWeb: Make Fetch::Infrastructure::{Request,Response,HeaderList} GC'd
This is the way.

On a more serious note, there's no reason to keep adding ref-counted
classes to LibWeb now that the majority of classes is GC'd - it only
adds the risk of discovering some cycle down the line, and forces us to
use handles as we can't visit().
2022-10-30 11:30:23 +00:00
Linus Groh
16136f0bdd LibWeb: Fix incorrect peek offset in HeaderList::get_decode_and_split()
We want to look at the current character, not the next one.
2022-10-26 10:36:48 +01:00
Linus Groh
65f5c7adbc LibWeb: Add Fetch::Infrastructure::Header::from_string_pair() helper
This allows us to use this:

```cpp
auto header = TRY_OR_RETURN_OOM(realm,
    Infrastructure::Header::from_string_pair(name, value));
```

Instead of the somewhat unwieldly:

```cpp
auto header = Infrastructure::Header {
    .name = TRY_OR_RETURN_OOM(realm, ByteBuffer::copy(name.bytes())),
    .value = TRY_OR_RETURN_OOM(realm, ByteBuffer::copy(value.bytes())),
};
```
2022-10-24 09:26:16 +01:00
Linus Groh
60e9790a40 LibWeb/Fetch: Add support for parsing a single range header value
This is a change in the Fetch spec.

See:
- 2d080d7
- a18fb3e
2022-10-15 12:15:31 +02:00
Ben Wiederhake
3aeb57ed09 AK+Everywhere: Fix data corruption due to code-point-to-char conversion
In particular, StringView::contains(char) is often used with a u32
code point. When this is done, the compiler will for some reason allow
data corruption to occur silently.

In fact, this is one of two reasons for the following OSS Fuzz issue:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49184
This is probably a very old bug.

In the particular case of URLParser, AK::is_url_code_point got confused:
    return /* ... */ || "!$&'()*+,-./:;=?@_~"sv.contains(code_point);
If code_point is a large code point that happens to have the correct
lower bytes, AK::is_url_code_point is then convinced that the given
code point is okay, even if it is actually problematic.

This commit fixes *only* the silent data corruption due to the erroneous
conversion, and does not fully resolve OSS-Fuzz#49184.
2022-10-09 10:37:20 -06:00
Linus Groh
042dfc7284 LibWeb: Move extract_mime_type() from XMLHttpRequest to HeaderList
Except some minor tweaks, this is a direct copy of Luke's initial
implementation in XMLHttpRequest, now replacing the former.
2022-07-20 18:03:21 +01:00
Linus Groh
b5ab1f6b4a LibWeb: Implement HeaderList::sort_and_combine() 2022-07-19 00:27:35 +01:00
Linus Groh
bad6ad8861 LibWeb: Implement CaseInsensitiveBytesTraits::equals()
Turns out HashTable::contains() doesn't solely use hash() for equality
checks, so the lack of a proper equals() implementation broke the check
in convert_header_names_to_a_sorted_lowercase_set() and caused duplicate
entries in header_names_set.
2022-07-19 00:27:35 +01:00
Linus Groh
2726fc9c73 LibWeb: Move Fetch infra into the Web::Fetch::Infrastructure namespace
The Fetch spec unfortunately will cause a name clash between the Request
concept and the Request JS object - both cannot live in the Web::Fetch
namespace, and WrapperGenerator generally assumes `Web::<Name>` for
things living in the `<Name>/` subdirectory, so let's instead move infra
code into its own namespace - it already sits in a (sub-)subdirectory
anyway.
2022-07-19 00:27:35 +01:00
Linus Groh
dd9bf10151 LibWeb: Add definitions from '2.2.2. Headers' in the Fetch spec 2022-07-14 00:42:26 +01:00