jcs.org
Serenity Operating System
1/*
2 * Copyright (c) 2022-2023, Linus Groh <linusg@serenityos.org>
3 *
4 * SPDX-License-Identifier: BSD-2-Clause
5 */
6
7#include <LibJS/Runtime/Completion.h>
8#include <LibJS/Runtime/VM.h>
9#include <LibWeb/Bindings/Intrinsics.h>
10#include <LibWeb/Fetch/Headers.h>
11
12namespace Web::Fetch {
13
14// https://fetch.spec.whatwg.org/#dom-headers
15WebIDL::ExceptionOr<JS::NonnullGCPtr<Headers>> Headers::construct_impl(JS::Realm& realm, Optional<HeadersInit> const& init)
16{
17 auto& vm = realm.vm();
18
19 // The new Headers(init) constructor steps are:
20 auto headers = MUST_OR_THROW_OOM(realm.heap().allocate<Headers>(realm, realm, Infrastructure::HeaderList::create(vm)));
21
22 // 1. Set this’s guard to "none".
23 headers->m_guard = Guard::None;
24
25 // 2. If init is given, then fill this with init.
26 if (init.has_value())
27 TRY(headers->fill(*init));
28
29 return headers;
30}
31
32Headers::Headers(JS::Realm& realm, JS::NonnullGCPtr<Infrastructure::HeaderList> header_list)
33 : PlatformObject(realm)
34 , m_header_list(header_list)
35{
36}
37
38Headers::~Headers() = default;
39
40JS::ThrowCompletionOr<void> Headers::initialize(JS::Realm& realm)
41{
42 MUST_OR_THROW_OOM(Base::initialize(realm));
43 set_prototype(&Bindings::ensure_web_prototype<Bindings::HeadersPrototype>(realm, "Headers"));
44
45 return {};
46}
47
48void Headers::visit_edges(JS::Cell::Visitor& visitor)
49{
50 Base::visit_edges(visitor);
51 visitor.visit(m_header_list);
52}
53
54// https://fetch.spec.whatwg.org/#dom-headers-append
55WebIDL::ExceptionOr<void> Headers::append(String const& name_string, String const& value_string)
56{
57 auto& vm = this->vm();
58
59 // The append(name, value) method steps are to append (name, value) to this.
60 auto header = Infrastructure::Header {
61 .name = TRY_OR_THROW_OOM(vm, ByteBuffer::copy(name_string.bytes())),
62 .value = TRY_OR_THROW_OOM(vm, ByteBuffer::copy(value_string.bytes())),
63 };
64 TRY(append(move(header)));
65 return {};
66}
67
68// https://fetch.spec.whatwg.org/#dom-headers-delete
69WebIDL::ExceptionOr<void> Headers::delete_(String const& name_string)
70{
71 // The delete(name) method steps are:
72 auto& vm = this->vm();
73 auto name = name_string.bytes();
74
75 // 1. If validating (name, ``) for headers returns false, then return.
76 // NOTE: Passing a dummy header value ought not to have any negative repercussions.
77 auto header = TRY_OR_THROW_OOM(vm, Infrastructure::Header::from_string_pair(name, ""sv));
78 if (!TRY(validate(header)))
79 return {};
80
81 // 2. If this’s guard is "request-no-cors", name is not a no-CORS-safelisted request-header name, and name is not a privileged no-CORS request-header name, then return.
82 if (m_guard == Guard::RequestNoCORS && !Infrastructure::is_no_cors_safelisted_request_header_name(name) && !Infrastructure::is_privileged_no_cors_request_header_name(name))
83 return {};
84
85 // 3. If this’s header list does not contain name, then return.
86 if (!m_header_list->contains(name))
87 return {};
88
89 // 4. Delete name from this’s header list.
90 m_header_list->delete_(name);
91
92 // 5. If this’s guard is "request-no-cors", then remove privileged no-CORS request-headers from this.
93 if (m_guard == Guard::RequestNoCORS)
94 remove_privileged_no_cors_request_headers();
95
96 return {};
97}
98
99// https://fetch.spec.whatwg.org/#dom-headers-get
100WebIDL::ExceptionOr<Optional<String>> Headers::get(String const& name_string)
101{
102 // The get(name) method steps are:
103 auto& vm = this->vm();
104 auto name = name_string.bytes();
105
106 // 1. If name is not a header name, then throw a TypeError.
107 if (!Infrastructure::is_header_name(name))
108 return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Invalid header name"sv };
109
110 // 2. Return the result of getting name from this’s header list.
111 auto byte_buffer = TRY_OR_THROW_OOM(vm, m_header_list->get(name));
112 return byte_buffer.has_value() ? TRY_OR_THROW_OOM(vm, String::from_utf8(*byte_buffer)) : Optional<String> {};
113}
114
115// https://fetch.spec.whatwg.org/#dom-headers-getsetcookie
116WebIDL::ExceptionOr<Vector<String>> Headers::get_set_cookie()
117{
118 // The getSetCookie() method steps are:
119 auto& vm = this->vm();
120 auto values = Vector<String> {};
121
122 // 1. If this’s header list does not contain `Set-Cookie`, then return « ».
123 if (!m_header_list->contains("Set-Cookie"sv.bytes()))
124 return values;
125
126 // 2. Return the values of all headers in this’s header list whose name is a byte-case-insensitive match for
127 // `Set-Cookie`, in order.
128 for (auto const& header : *m_header_list) {
129 if (StringView { header.name }.equals_ignoring_ascii_case("Set-Cookie"sv))
130 TRY_OR_THROW_OOM(vm, values.try_append(TRY_OR_THROW_OOM(vm, String::from_utf8(header.value))));
131 }
132 return values;
133}
134
135// https://fetch.spec.whatwg.org/#dom-headers-has
136WebIDL::ExceptionOr<bool> Headers::has(String const& name_string)
137{
138 // The has(name) method steps are:
139 auto name = name_string.bytes();
140
141 // 1. If name is not a header name, then throw a TypeError.
142 if (!Infrastructure::is_header_name(name))
143 return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Invalid header name"sv };
144
145 // 2. Return true if this’s header list contains name; otherwise false.
146 return m_header_list->contains(name);
147}
148
149// https://fetch.spec.whatwg.org/#dom-headers-set
150WebIDL::ExceptionOr<void> Headers::set(String const& name_string, String const& value_string)
151{
152 auto& realm = this->realm();
153 auto& vm = realm.vm();
154
155 // The set(name, value) method steps are:
156 auto name = name_string.bytes();
157 auto value = value_string.bytes();
158
159 // 1. Normalize value.
160 auto normalized_value = TRY_OR_THROW_OOM(vm, Infrastructure::normalize_header_value(value));
161
162 auto header = Infrastructure::Header {
163 .name = TRY_OR_THROW_OOM(vm, ByteBuffer::copy(name)),
164 .value = move(normalized_value),
165 };
166
167 // 2. If validating (name, value) for headers returns false, then return.
168 if (!TRY(validate(header)))
169 return {};
170
171 // 3. If this’s guard is "request-no-cors" and (name, value) is not a no-CORS-safelisted request-header, then return.
172 if (m_guard == Guard::RequestNoCORS && !Infrastructure::is_no_cors_safelisted_request_header(header))
173 return {};
174
175 // 4. Set (name, value) in this’s header list.
176 TRY_OR_THROW_OOM(vm, m_header_list->set(move(header)));
177
178 // 5. If this’s guard is "request-no-cors", then remove privileged no-CORS request-headers from this.
179 if (m_guard == Guard::RequestNoCORS)
180 remove_privileged_no_cors_request_headers();
181
182 return {};
183}
184
185// https://webidl.spec.whatwg.org/#es-iterable, Step 4
186JS::ThrowCompletionOr<void> Headers::for_each(ForEachCallback callback)
187{
188 auto& vm = this->vm();
189
190 // The value pairs to iterate over are the return value of running sort and combine with this’s header list.
191 auto value_pairs_to_iterate_over = [&]() -> JS::ThrowCompletionOr<Vector<Fetch::Infrastructure::Header>> {
192 return TRY_OR_THROW_OOM(vm, m_header_list->sort_and_combine());
193 };
194
195 // 1-5. Are done in the generated wrapper code.
196
197 // 6. Let pairs be idlObject’s list of value pairs to iterate over.
198 auto pairs = TRY(value_pairs_to_iterate_over());
199
200 // 7. Let i be 0.
201 size_t i = 0;
202
203 // 8. While i < pairs’s size:
204 while (i < pairs.size()) {
205 // 1. Let pair be pairs[i].
206 auto const& pair = pairs[i];
207
208 // 2. Invoke idlCallback with « pair’s value, pair’s key, idlObject » and with thisArg as the callback this value.
209 TRY(callback(TRY_OR_THROW_OOM(vm, String::from_utf8(pair.name)), TRY_OR_THROW_OOM(vm, String::from_utf8(pair.value))));
210
211 // 3. Set pairs to idlObject’s current list of value pairs to iterate over. (It might have changed.)
212 pairs = TRY(value_pairs_to_iterate_over());
213
214 // 4. Set i to i + 1.
215 ++i;
216 }
217
218 return {};
219}
220
221// https://fetch.spec.whatwg.org/#headers-validate
222WebIDL::ExceptionOr<bool> Headers::validate(Infrastructure::Header const& header) const
223{
224 auto& realm = this->realm();
225
226 // To validate a header (name, value) for a Headers object headers:
227 auto const& [name, value] = header;
228
229 // 1. If name is not a header name or value is not a header value, then throw a TypeError.
230 if (!Infrastructure::is_header_name(name))
231 return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Invalid header name"sv };
232 if (!Infrastructure::is_header_value(value))
233 return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Invalid header value"sv };
234
235 // 2. If headers’s guard is "immutable", then throw a TypeError.
236 if (m_guard == Guard::Immutable)
237 return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Headers object is immutable"sv };
238
239 // 3. If headers’s guard is "request" and (name, value) is a forbidden request-header, then return false.
240 if (m_guard == Guard::Request && TRY_OR_THROW_OOM(realm.vm(), Infrastructure::is_forbidden_request_header(header)))
241 return false;
242
243 // 4. If headers’s guard is "response" and name is a forbidden response-header name, then return false.
244 if (m_guard == Guard::Response && Infrastructure::is_forbidden_response_header_name(name))
245 return false;
246
247 // 5. Return true.
248 return true;
249}
250
251// https://fetch.spec.whatwg.org/#concept-headers-append
252WebIDL::ExceptionOr<void> Headers::append(Infrastructure::Header header)
253{
254 auto& realm = this->realm();
255 auto& vm = realm.vm();
256
257 // To append a header (name, value) to a Headers object headers, run these steps:
258 auto& [name, value] = header;
259
260 // 1. Normalize value.
261 value = TRY_OR_THROW_OOM(vm, Infrastructure::normalize_header_value(value));
262
263 // 2. If validating (name, value) for headers returns false, then return.
264 if (!TRY(validate(header)))
265 return {};
266
267 // 3. If headers’s guard is "request-no-cors":
268 if (m_guard == Guard::RequestNoCORS) {
269 // 1. Let temporaryValue be the result of getting name from headers’s header list.
270 auto temporary_value = TRY_OR_THROW_OOM(vm, m_header_list->get(name));
271
272 // 2. If temporaryValue is null, then set temporaryValue to value.
273 if (!temporary_value.has_value()) {
274 temporary_value = TRY_OR_THROW_OOM(vm, ByteBuffer::copy(value));
275 }
276 // 3. Otherwise, set temporaryValue to temporaryValue, followed by 0x2C 0x20, followed by value.
277 else {
278 TRY_OR_THROW_OOM(vm, temporary_value->try_append(0x2c));
279 TRY_OR_THROW_OOM(vm, temporary_value->try_append(0x20));
280 TRY_OR_THROW_OOM(vm, temporary_value->try_append(value));
281 }
282
283 auto temporary_header = Infrastructure::Header {
284 .name = TRY_OR_THROW_OOM(vm, ByteBuffer::copy(name)),
285 .value = temporary_value.release_value(),
286 };
287
288 // 4. If (name, temporaryValue) is not a no-CORS-safelisted request-header, then return.
289 if (!Infrastructure::is_no_cors_safelisted_request_header(temporary_header))
290 return {};
291 }
292
293 // 4. Append (name, value) to headers’s header list.
294 TRY_OR_THROW_OOM(vm, m_header_list->append(move(header)));
295
296 // 5. If headers’s guard is "request-no-cors", then remove privileged no-CORS request-headers from headers.
297 if (m_guard == Guard::RequestNoCORS)
298 remove_privileged_no_cors_request_headers();
299
300 return {};
301}
302
303// https://fetch.spec.whatwg.org/#concept-headers-fill
304WebIDL::ExceptionOr<void> Headers::fill(HeadersInit const& object)
305{
306 auto& vm = realm().vm();
307
308 // To fill a Headers object headers with a given object object, run these steps:
309 return object.visit(
310 // 1. If object is a sequence, then for each header of object:
311 [&](Vector<Vector<String>> const& object) -> WebIDL::ExceptionOr<void> {
312 for (auto const& entry : object) {
313 // 1. If header's size is not 2, then throw a TypeError.
314 if (entry.size() != 2)
315 return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Array must contain header key/value pair"sv };
316
317 // 2. Append (header[0], header[1]) to headers.
318 auto header = TRY_OR_THROW_OOM(vm, Infrastructure::Header::from_string_pair(entry[0], entry[1]));
319 TRY(append(move(header)));
320 }
321 return {};
322 },
323 // 2. Otherwise, object is a record, then for each key → value of object, append (key, value) to headers.
324 [&](OrderedHashMap<String, String> const& object) -> WebIDL::ExceptionOr<void> {
325 for (auto const& entry : object) {
326 auto header = TRY_OR_THROW_OOM(vm, Infrastructure::Header::from_string_pair(entry.key, entry.value));
327 TRY(append(move(header)));
328 }
329 return {};
330 });
331}
332
333// https://fetch.spec.whatwg.org/#concept-headers-remove-privileged-no-cors-request-headers
334void Headers::remove_privileged_no_cors_request_headers()
335{
336 // To remove privileged no-CORS request-headers from a Headers object (headers), run these steps:
337
338 static constexpr Array privileged_no_cors_request_header_names = {
339 "Range"sv,
340 };
341
342 // 1. For each headerName of privileged no-CORS request-header names:
343 for (auto const& header_name : privileged_no_cors_request_header_names) {
344 // 1. Delete headerName from headers’s header list.
345 m_header_list->delete_(header_name.bytes());
346 }
347}
348
349}