EventSource: Synchronous loader callback not handled properly

https://bugs.webkit.org/show_bug.cgi?id=115104

Source/WebCore:

When attempting a cross-origin request towards a non-HTTP URL, an early verification
of the protocol scheme will cause didFailAccessControlCheck to be called synchronously
before the loader has even finished being created. This special case was not handled
properly, since we tried to cancel a non-existing loader, which resulted in a crash.
In addition to checking whether a request is in flight before trying to cancel it,
this change also schedules the initial creation of the loader to happen asynchronously
when an EventSource is constructed, so that a script can register for the error event
before it is dispatched (as a result of passing a non-HTTP URL to the constructor).

Patch by Per-Erik Brodin <per-erik.brodin@ericsson.com> on 2013-04-25
Reviewed by Alexey Proskuryakov.

Test: http/tests/eventsource/eventsource-cors-non-http.html

* page/EventSource.cpp:
(WebCore::EventSource::EventSource):
(WebCore::EventSource::create):
(WebCore::EventSource::scheduleInitialConnect):
(WebCore):
(WebCore::EventSource::scheduleReconnect):
(WebCore::EventSource::connectTimerFired):
(WebCore::EventSource::close):
(WebCore::EventSource::abortConnectionAttempt):
* page/EventSource.h:
(EventSource):

LayoutTests:

Patch by Per-Erik Brodin <per-erik.brodin@ericsson.com> on 2013-04-25
Reviewed by Alexey Proskuryakov.

* http/tests/eventsource/eventsource-cors-non-http-expected.txt: Added.
* http/tests/eventsource/eventsource-cors-non-http.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@149098 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 3b3692d5
2013-04-25 Per-Erik Brodin <per-erik.brodin@ericsson.com>
EventSource: Synchronous loader callback not handled properly
https://bugs.webkit.org/show_bug.cgi?id=115104
Reviewed by Alexey Proskuryakov.
* http/tests/eventsource/eventsource-cors-non-http-expected.txt: Added.
* http/tests/eventsource/eventsource-cors-non-http.html: Added.
2013-04-25 Ádám Kallai <kadam@inf.u-szeged.hu>
[Qt] Unreviewed gardening. Added platform specific expected files after r148987.
......
CONSOLE MESSAGE: EventSource cannot load ftp://127.0.0.1. Cross origin requests are only supported for HTTP.
CONSOLE MESSAGE: EventSource cannot load motd. Cross origin requests are only supported for HTTP.
CONSOLE MESSAGE: EventSource cannot load localhost:8080/. Cross origin requests are only supported for HTTP.
CONSOLE MESSAGE: EventSource cannot load tel:1234. Cross origin requests are only supported for HTTP.
Test EventSource with non-HTTP protocol schemes in the URL. Should print a series of PASS messages followed by DONE.
PASS: got error event and readyState is CLOSED
PASS: got error event and readyState is CLOSED
PASS: got error event and readyState is CLOSED
PASS: got error event and readyState is CLOSED
DONE
<html>
<body>
<p>Test EventSource with non-HTTP protocol schemes in the URL. Should print a series of PASS messages followed by DONE.</p>
<script>
function log(msg) {
document.body.innerHTML += msg + "<br>";
}
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.waitUntilDone();
}
var count = 0;
new EventSource("ftp://127.0.0.1").onerror =
new EventSource("file:///etc/motd").onerror =
new EventSource("localhost:8080/").onerror =
new EventSource("tel:1234").onerror = function () {
if (this.readyState == EventSource.CLOSED) {
log("PASS: got error event and readyState is CLOSED");
} else {
log("FAIL: got error event but readyState is not CLOSED");
this.close();
}
if (count++ == 3) {
log("DONE");
end();
}
};
function end() {
if (window.testRunner)
testRunner.notifyDone();
}
</script>
</body>
</html>
2013-04-25 Per-Erik Brodin <per-erik.brodin@ericsson.com>
EventSource: Synchronous loader callback not handled properly
https://bugs.webkit.org/show_bug.cgi?id=115104
When attempting a cross-origin request towards a non-HTTP URL, an early verification
of the protocol scheme will cause didFailAccessControlCheck to be called synchronously
before the loader has even finished being created. This special case was not handled
properly, since we tried to cancel a non-existing loader, which resulted in a crash.
In addition to checking whether a request is in flight before trying to cancel it,
this change also schedules the initial creation of the loader to happen asynchronously
when an EventSource is constructed, so that a script can register for the error event
before it is dispatched (as a result of passing a non-HTTP URL to the constructor).
Reviewed by Alexey Proskuryakov.
Test: http/tests/eventsource/eventsource-cors-non-http.html
* page/EventSource.cpp:
(WebCore::EventSource::EventSource):
(WebCore::EventSource::create):
(WebCore::EventSource::scheduleInitialConnect):
(WebCore):
(WebCore::EventSource::scheduleReconnect):
(WebCore::EventSource::connectTimerFired):
(WebCore::EventSource::close):
(WebCore::EventSource::abortConnectionAttempt):
* page/EventSource.h:
(EventSource):
2013-04-25 Patrick Gansterer <paroga@webkit.org>
Unreviewed WinCE build fix after r148545.
......
......@@ -65,7 +65,7 @@ inline EventSource::EventSource(ScriptExecutionContext* context, const KURL& url
, m_withCredentials(false)
, m_state(CONNECTING)
, m_decoder(TextResourceDecoder::create("text/plain", "UTF-8"))
, m_reconnectTimer(this, &EventSource::reconnectTimerFired)
, m_connectTimer(this, &EventSource::connectTimerFired)
, m_discardTrailingNewline(false)
, m_requestInFlight(false)
, m_reconnectDelay(defaultReconnectDelay)
......@@ -101,7 +101,7 @@ PassRefPtr<EventSource> EventSource::create(ScriptExecutionContext* context, con
RefPtr<EventSource> source = adoptRef(new EventSource(context, fullURL, eventSourceInit));
source->setPendingActivity(source.get());
source->connect();
source->scheduleInitialConnect();
source->suspendIfNeeded();
return source.release();
......@@ -155,14 +155,22 @@ void EventSource::networkRequestEnded()
unsetPendingActivity(this);
}
void EventSource::scheduleInitialConnect()
{
ASSERT(m_state == CONNECTING);
ASSERT(!m_requestInFlight);
m_connectTimer.startOneShot(0);
}
void EventSource::scheduleReconnect()
{
m_state = CONNECTING;
m_reconnectTimer.startOneShot(m_reconnectDelay / 1000);
m_connectTimer.startOneShot(m_reconnectDelay / 1000);
dispatchEvent(Event::create(eventNames().errorEvent, false, false));
}
void EventSource::reconnectTimerFired(Timer<EventSource>*)
void EventSource::connectTimerFired(Timer<EventSource>*)
{
connect();
}
......@@ -189,16 +197,16 @@ void EventSource::close()
return;
}
// Stop trying to reconnect if EventSource was explicitly closed or if ActiveDOMObject::stop() was called.
if (m_reconnectTimer.isActive()) {
m_reconnectTimer.stop();
unsetPendingActivity(this);
}
// Stop trying to connect/reconnect if EventSource was explicitly closed or if ActiveDOMObject::stop() was called.
if (m_connectTimer.isActive())
m_connectTimer.stop();
if (m_requestInFlight)
m_loader->cancel();
m_state = CLOSED;
else {
m_state = CLOSED;
unsetPendingActivity(this);
}
}
const AtomicString& EventSource::interfaceName() const
......@@ -305,9 +313,13 @@ void EventSource::didFailRedirectCheck()
void EventSource::abortConnectionAttempt()
{
ASSERT(m_state == CONNECTING);
ASSERT(m_requestInFlight);
m_loader->cancel();
if (m_requestInFlight)
m_loader->cancel();
else {
m_state = CLOSED;
unsetPendingActivity(this);
}
ASSERT(m_state == CLOSED);
dispatchEvent(Event::create(eventNames().errorEvent, false, false));
......
......@@ -97,8 +97,9 @@ private:
void connect();
void networkRequestEnded();
void scheduleInitialConnect();
void scheduleReconnect();
void reconnectTimerFired(Timer<EventSource>*);
void connectTimerFired(Timer<EventSource>*);
void abortConnectionAttempt();
void parseEventStream();
void parseEventStreamLine(unsigned pos, int fieldLength, int lineLength);
......@@ -110,7 +111,7 @@ private:
RefPtr<TextResourceDecoder> m_decoder;
RefPtr<ThreadableLoader> m_loader;
Timer<EventSource> m_reconnectTimer;
Timer<EventSource> m_connectTimer;
Vector<UChar> m_receiveBuf;
bool m_discardTrailingNewline;
bool m_requestInFlight;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment