mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-09-30 00:31:14 +00:00
LibWeb/Fetch: Share validation logic in the Headers class
This is an editorial change in the Fetch spec. See: https://github.com/whatwg/fetch/commit/f435978
This commit is contained in:
parent
3414a6ba20
commit
a06b97dae0
Notes:
sideshowbarker
2024-07-17 05:05:51 +09:00
Author: https://github.com/linusg Commit: https://github.com/SerenityOS/serenity/commit/a06b97dae0 Pull-request: https://github.com/SerenityOS/serenity/pull/16362 Reviewed-by: https://github.com/trflynn89 ✅
|
@ -62,36 +62,24 @@ WebIDL::ExceptionOr<void> Headers::delete_(DeprecatedString const& name_string)
|
|||
auto& realm = this->realm();
|
||||
auto name = name_string.bytes();
|
||||
|
||||
// 1. If name is not a header name, then throw a TypeError.
|
||||
if (!Infrastructure::is_header_name(name))
|
||||
return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Invalid header name"sv };
|
||||
|
||||
// 2. If this’s guard is "immutable", then throw a TypeError.
|
||||
if (m_guard == Guard::Immutable)
|
||||
return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Headers object is immutable"sv };
|
||||
|
||||
// 3. Otherwise, if this's guard is "request" and (name, ``) is a forbidden request-header, return.
|
||||
// NOTE: Passing a dummy header value to forbidden request-header ought not to have any negative repercussions.
|
||||
// 1. If validating (name, ``) for headers returns false, then return.
|
||||
// NOTE: Passing a dummy header value ought not to have any negative repercussions.
|
||||
auto header = TRY_OR_RETURN_OOM(realm, Infrastructure::Header::from_string_pair(name, ""sv));
|
||||
if (m_guard == Guard::Request && TRY_OR_RETURN_OOM(realm, Infrastructure::is_forbidden_request_header(header)))
|
||||
if (!TRY(validate(header)))
|
||||
return {};
|
||||
|
||||
// 4. Otherwise, if this’s guard is "request-no-cors", name is not a no-CORS-safelisted request-header name, and name is not a privileged no-CORS request-header name, return.
|
||||
// 2. If this’s guard is "request-no-cors", name is not a no-CORS-safelisted request-header name, and name is not a privileged no-CORS request-header name, then return.
|
||||
if (m_guard == Guard::RequestNoCORS && !Infrastructure::is_no_cors_safelisted_request_header_name(name) && !Infrastructure::is_privileged_no_cors_request_header_name(name))
|
||||
return {};
|
||||
|
||||
// 5. Otherwise, if this’s guard is "response" and name is a forbidden response-header name, return.
|
||||
if (m_guard == Guard::Response && Infrastructure::is_forbidden_response_header_name(name))
|
||||
return {};
|
||||
|
||||
// 6. If this’s header list does not contain name, then return.
|
||||
// 3. If this’s header list does not contain name, then return.
|
||||
if (!m_header_list->contains(name))
|
||||
return {};
|
||||
|
||||
// 7. Delete name from this’s header list.
|
||||
// 4. Delete name from this’s header list.
|
||||
m_header_list->delete_(name);
|
||||
|
||||
// 8. If this’s guard is "request-no-cors", then remove privileged no-CORS request-headers from this.
|
||||
// 5. If this’s guard is "request-no-cors", then remove privileged no-CORS request-headers from this.
|
||||
if (m_guard == Guard::RequestNoCORS)
|
||||
remove_privileged_no_cors_request_headers();
|
||||
|
||||
|
@ -144,32 +132,18 @@ WebIDL::ExceptionOr<void> Headers::set(DeprecatedString const& name_string, Depr
|
|||
.value = move(normalized_value),
|
||||
};
|
||||
|
||||
// 2. If name is not a header name or value is not a header value, then throw a TypeError.
|
||||
if (!Infrastructure::is_header_name(name))
|
||||
return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Invalid header name"sv };
|
||||
if (!Infrastructure::is_header_value(value))
|
||||
return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Invalid header value"sv };
|
||||
|
||||
// 3. If this’s guard is "immutable", then throw a TypeError.
|
||||
if (m_guard == Guard::Immutable)
|
||||
return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Headers object is immutable"sv };
|
||||
|
||||
// 4. Otherwise, if this’s guard is "request" and (name, value) is a forbidden request-header, return.
|
||||
if (m_guard == Guard::Request && TRY_OR_RETURN_OOM(realm, Infrastructure::is_forbidden_request_header(header)))
|
||||
// 2. If validating (name, value) for headers returns false, then return.
|
||||
if (!TRY(validate(header)))
|
||||
return {};
|
||||
|
||||
// 5. Otherwise, if this’s guard is "request-no-cors" and (name, value) is not a no-CORS-safelisted request-header, return.
|
||||
// 3. If this’s guard is "request-no-cors" and (name, value) is not a no-CORS-safelisted request-header, then return.
|
||||
if (m_guard == Guard::RequestNoCORS && !Infrastructure::is_no_cors_safelisted_request_header(header))
|
||||
return {};
|
||||
|
||||
// 6. Otherwise, if this’s guard is "response" and name is a forbidden response-header name, return.
|
||||
if (m_guard == Guard::Response && Infrastructure::is_forbidden_response_header_name(name))
|
||||
return {};
|
||||
|
||||
// 7. Set (name, value) in this’s header list.
|
||||
// 4. Set (name, value) in this’s header list.
|
||||
TRY_OR_RETURN_OOM(realm, m_header_list->set(move(header)));
|
||||
|
||||
// 8. If this’s guard is "request-no-cors", then remove privileged no-CORS request-headers from this.
|
||||
// 5. If this’s guard is "request-no-cors", then remove privileged no-CORS request-headers from this.
|
||||
if (m_guard == Guard::RequestNoCORS)
|
||||
remove_privileged_no_cors_request_headers();
|
||||
|
||||
|
@ -213,6 +187,35 @@ JS::ThrowCompletionOr<void> Headers::for_each(ForEachCallback callback)
|
|||
return {};
|
||||
}
|
||||
|
||||
// https://fetch.spec.whatwg.org/#headers-validate
|
||||
WebIDL::ExceptionOr<bool> Headers::validate(Infrastructure::Header const& header) const
|
||||
{
|
||||
// To validate a header (name, value) for a Headers object headers:
|
||||
auto& realm = this->realm();
|
||||
auto const& [name, value] = header;
|
||||
|
||||
// 1. If name is not a header name or value is not a header value, then throw a TypeError.
|
||||
if (!Infrastructure::is_header_name(name))
|
||||
return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Invalid header name"sv };
|
||||
if (!Infrastructure::is_header_value(value))
|
||||
return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Invalid header value"sv };
|
||||
|
||||
// 2. If headers’s guard is "immutable", then throw a TypeError.
|
||||
if (m_guard == Guard::Immutable)
|
||||
return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Headers object is immutable"sv };
|
||||
|
||||
// 3. If headers’s guard is "request" and (name, value) is a forbidden request-header, then return false.
|
||||
if (m_guard == Guard::Request && TRY_OR_RETURN_OOM(realm, Infrastructure::is_forbidden_request_header(header)))
|
||||
return false;
|
||||
|
||||
// 4. If headers’s guard is "response" and name is a forbidden response-header name, then return false.
|
||||
if (m_guard == Guard::Response && Infrastructure::is_forbidden_response_header_name(name))
|
||||
return false;
|
||||
|
||||
// 5. Return true.
|
||||
return true;
|
||||
}
|
||||
|
||||
// https://fetch.spec.whatwg.org/#concept-headers-append
|
||||
WebIDL::ExceptionOr<void> Headers::append(Infrastructure::Header header)
|
||||
{
|
||||
|
@ -223,21 +226,11 @@ WebIDL::ExceptionOr<void> Headers::append(Infrastructure::Header header)
|
|||
// 1. Normalize value.
|
||||
value = TRY_OR_RETURN_OOM(realm, Infrastructure::normalize_header_value(value));
|
||||
|
||||
// 2. If name is not a header name or value is not a header value, then throw a TypeError.
|
||||
if (!Infrastructure::is_header_name(name))
|
||||
return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Invalid header name"sv };
|
||||
if (!Infrastructure::is_header_value(value))
|
||||
return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Invalid header value"sv };
|
||||
|
||||
// 3. If headers’s guard is "immutable", then throw a TypeError.
|
||||
if (m_guard == Guard::Immutable)
|
||||
return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Headers object is immutable"sv };
|
||||
|
||||
// 4. Otherwise, if headers’s guard is "request" and (name, value) is a forbidden request-header, return.
|
||||
if (m_guard == Guard::Request && TRY_OR_RETURN_OOM(realm, Infrastructure::is_forbidden_request_header(header)))
|
||||
// 2. If validating (name, value) for headers returns false, then return.
|
||||
if (!TRY(validate(header)))
|
||||
return {};
|
||||
|
||||
// 5. Otherwise, if headers’s guard is "request-no-cors":
|
||||
// 3. If headers’s guard is "request-no-cors":
|
||||
if (m_guard == Guard::RequestNoCORS) {
|
||||
// 1. Let temporaryValue be the result of getting name from headers’s header list.
|
||||
auto temporary_value = TRY_OR_RETURN_OOM(realm, m_header_list->get(name));
|
||||
|
@ -263,14 +256,10 @@ WebIDL::ExceptionOr<void> Headers::append(Infrastructure::Header header)
|
|||
return {};
|
||||
}
|
||||
|
||||
// 6. Otherwise, if headers’s guard is "response" and name is a forbidden response-header name, return.
|
||||
if (m_guard == Guard::Response && Infrastructure::is_forbidden_response_header_name(name))
|
||||
return {};
|
||||
|
||||
// 7. Append (name, value) to headers’s header list.
|
||||
// 4. Append (name, value) to headers’s header list.
|
||||
TRY_OR_RETURN_OOM(realm, m_header_list->append(move(header)));
|
||||
|
||||
// 8. If headers’s guard is "request-no-cors", then remove privileged no-CORS request-headers from headers.
|
||||
// 5. If headers’s guard is "request-no-cors", then remove privileged no-CORS request-headers from headers.
|
||||
if (m_guard == Guard::RequestNoCORS)
|
||||
remove_privileged_no_cors_request_headers();
|
||||
|
||||
|
|
|
@ -62,6 +62,7 @@ private:
|
|||
|
||||
virtual void visit_edges(JS::Cell::Visitor&) override;
|
||||
|
||||
WebIDL::ExceptionOr<bool> validate(Infrastructure::Header const&) const;
|
||||
void remove_privileged_no_cors_request_headers();
|
||||
|
||||
// https://fetch.spec.whatwg.org/#concept-headers-header-list
|
||||
|
|
Loading…
Reference in a new issue