script/dom/
xmlhttprequest.rs

1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
4
5use std::borrow::ToOwned;
6use std::cell::Cell;
7use std::cmp;
8use std::default::Default;
9use std::str::{self, FromStr};
10use std::sync::{Arc, Mutex};
11use std::time::{Duration, Instant};
12
13use constellation_traits::BlobImpl;
14use data_url::mime::Mime;
15use dom_struct::dom_struct;
16use encoding_rs::{Encoding, UTF_8};
17use headers::{ContentLength, ContentType, HeaderMapExt};
18use html5ever::serialize;
19use html5ever::serialize::SerializeOpts;
20use http::Method;
21use http::header::{self, HeaderMap, HeaderName, HeaderValue};
22use hyper_serde::Serde;
23use js::jsapi::{Heap, JS_ClearPendingException};
24use js::jsval::{JSVal, NullValue};
25use js::rust::wrappers::JS_ParseJSON;
26use js::rust::{HandleObject, MutableHandleValue};
27use js::typedarray::{ArrayBuffer, ArrayBufferU8};
28use net_traits::fetch::headers::extract_mime_type_as_dataurl_mime;
29use net_traits::http_status::HttpStatus;
30use net_traits::request::{CredentialsMode, Referrer, RequestBuilder, RequestId, RequestMode};
31use net_traits::{
32    FetchMetadata, FetchResponseListener, FilteredMetadata, NetworkError, ReferrerPolicy,
33    ResourceFetchTiming, ResourceTimingType, trim_http_whitespace,
34};
35use script_bindings::conversions::SafeToJSValConvertible;
36use script_bindings::num::Finite;
37use script_traits::DocumentActivity;
38use servo_url::ServoUrl;
39use stylo_atoms::Atom;
40use url::Position;
41
42use crate::body::{BodySource, Extractable, ExtractedBody, decode_to_utf16_with_bom_removal};
43use crate::document_loader::DocumentLoader;
44use crate::dom::bindings::buffer_source::HeapBufferSource;
45use crate::dom::bindings::cell::DomRefCell;
46use crate::dom::bindings::codegen::Bindings::WindowBinding::WindowMethods;
47use crate::dom::bindings::codegen::Bindings::XMLHttpRequestBinding::{
48    XMLHttpRequestMethods, XMLHttpRequestResponseType,
49};
50use crate::dom::bindings::codegen::UnionTypes::DocumentOrBlobOrArrayBufferViewOrArrayBufferOrFormDataOrStringOrURLSearchParams as DocumentOrXMLHttpRequestBodyInit;
51use crate::dom::bindings::error::{Error, ErrorResult, Fallible};
52use crate::dom::bindings::inheritance::Castable;
53use crate::dom::bindings::refcounted::Trusted;
54use crate::dom::bindings::reflector::{DomGlobal, reflect_dom_object_with_proto};
55use crate::dom::bindings::root::{Dom, DomRoot, MutNullableDom};
56use crate::dom::bindings::str::{ByteString, DOMString, USVString, is_token};
57use crate::dom::blob::{Blob, normalize_type_string};
58use crate::dom::csp::{GlobalCspReporting, Violation};
59use crate::dom::document::{Document, DocumentSource, HasBrowsingContext, IsHTMLDocument};
60use crate::dom::event::{Event, EventBubbles, EventCancelable};
61use crate::dom::eventtarget::EventTarget;
62use crate::dom::globalscope::GlobalScope;
63use crate::dom::headers::is_forbidden_request_header;
64use crate::dom::node::Node;
65use crate::dom::performanceresourcetiming::InitiatorType;
66use crate::dom::progressevent::ProgressEvent;
67use crate::dom::readablestream::ReadableStream;
68use crate::dom::servoparser::ServoParser;
69use crate::dom::window::Window;
70use crate::dom::workerglobalscope::WorkerGlobalScope;
71use crate::dom::xmlhttprequesteventtarget::XMLHttpRequestEventTarget;
72use crate::dom::xmlhttprequestupload::XMLHttpRequestUpload;
73use crate::fetch::FetchCanceller;
74use crate::mime::{APPLICATION, CHARSET, HTML, MimeExt, TEXT, XML};
75use crate::network_listener::{self, PreInvoke, ResourceTimingListener};
76use crate::script_runtime::{CanGc, JSContext};
77use crate::task_source::{SendableTaskSource, TaskSourceName};
78use crate::timers::{OneshotTimerCallback, OneshotTimerHandle};
79
80#[derive(Clone, Copy, Debug, JSTraceable, MallocSizeOf, PartialEq)]
81enum XMLHttpRequestState {
82    Unsent = 0,
83    Opened = 1,
84    HeadersReceived = 2,
85    Loading = 3,
86    Done = 4,
87}
88
89#[derive(Clone, Copy, JSTraceable, MallocSizeOf, PartialEq)]
90pub(crate) struct GenerationId(u32);
91
92/// Closure of required data for each async network event that comprises the
93/// XHR's response.
94struct XHRContext {
95    xhr: TrustedXHRAddress,
96    gen_id: GenerationId,
97    sync_status: DomRefCell<Option<ErrorResult>>,
98    resource_timing: ResourceFetchTiming,
99    url: ServoUrl,
100}
101
102impl FetchResponseListener for XHRContext {
103    fn process_request_body(&mut self, _: RequestId) {
104        // todo
105    }
106
107    fn process_request_eof(&mut self, _: RequestId) {
108        // todo
109    }
110
111    fn process_response(&mut self, _: RequestId, metadata: Result<FetchMetadata, NetworkError>) {
112        let xhr = self.xhr.root();
113        let rv = xhr.process_headers_available(self.gen_id, metadata, CanGc::note());
114        if rv.is_err() {
115            *self.sync_status.borrow_mut() = Some(rv);
116        }
117    }
118
119    fn process_response_chunk(&mut self, _: RequestId, chunk: Vec<u8>) {
120        self.xhr
121            .root()
122            .process_data_available(self.gen_id, chunk, CanGc::note());
123    }
124
125    fn process_response_eof(
126        &mut self,
127        _: RequestId,
128        response: Result<ResourceFetchTiming, NetworkError>,
129    ) {
130        let rv = self.xhr.root().process_response_complete(
131            self.gen_id,
132            response.map(|_| ()),
133            CanGc::note(),
134        );
135        *self.sync_status.borrow_mut() = Some(rv);
136    }
137
138    fn resource_timing_mut(&mut self) -> &mut ResourceFetchTiming {
139        &mut self.resource_timing
140    }
141
142    fn resource_timing(&self) -> &ResourceFetchTiming {
143        &self.resource_timing
144    }
145
146    fn submit_resource_timing(&mut self) {
147        network_listener::submit_timing(self, CanGc::note())
148    }
149
150    fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<Violation>) {
151        let global = &self.resource_timing_global();
152        global.report_csp_violations(violations, None, None);
153    }
154}
155
156impl ResourceTimingListener for XHRContext {
157    fn resource_timing_information(&self) -> (InitiatorType, ServoUrl) {
158        (InitiatorType::XMLHttpRequest, self.url.clone())
159    }
160
161    fn resource_timing_global(&self) -> DomRoot<GlobalScope> {
162        self.xhr.root().global()
163    }
164}
165
166impl PreInvoke for XHRContext {
167    fn should_invoke(&self) -> bool {
168        self.xhr.root().generation_id.get() == self.gen_id
169    }
170}
171
172#[derive(Clone)]
173pub(crate) enum XHRProgress {
174    /// Notify that headers have been received
175    HeadersReceived(GenerationId, Option<HeaderMap>, HttpStatus),
176    /// Partial progress (after receiving headers), containing portion of the response
177    Loading(GenerationId, Vec<u8>),
178    /// Loading is done
179    Done(GenerationId),
180    /// There was an error (only Error::Abort, Error::Timeout or Error::Network is used)
181    Errored(GenerationId, Error),
182}
183
184impl XHRProgress {
185    fn generation_id(&self) -> GenerationId {
186        match *self {
187            XHRProgress::HeadersReceived(id, _, _) |
188            XHRProgress::Loading(id, _) |
189            XHRProgress::Done(id) |
190            XHRProgress::Errored(id, _) => id,
191        }
192    }
193}
194
195#[dom_struct]
196pub(crate) struct XMLHttpRequest {
197    eventtarget: XMLHttpRequestEventTarget,
198    ready_state: Cell<XMLHttpRequestState>,
199    timeout: Cell<Duration>,
200    with_credentials: Cell<bool>,
201    upload: Dom<XMLHttpRequestUpload>,
202    response_url: DomRefCell<String>,
203    #[no_trace]
204    status: DomRefCell<HttpStatus>,
205    response: DomRefCell<Vec<u8>>,
206    response_type: Cell<XMLHttpRequestResponseType>,
207    response_xml: MutNullableDom<Document>,
208    response_blob: MutNullableDom<Blob>,
209    #[ignore_malloc_size_of = "mozjs"]
210    response_arraybuffer: HeapBufferSource<ArrayBufferU8>,
211    #[ignore_malloc_size_of = "Defined in rust-mozjs"]
212    response_json: Heap<JSVal>,
213    #[ignore_malloc_size_of = "Defined in hyper"]
214    #[no_trace]
215    response_headers: DomRefCell<HeaderMap>,
216    #[ignore_malloc_size_of = "Defined in hyper"]
217    #[no_trace]
218    override_mime_type: DomRefCell<Option<Mime>>,
219
220    // Associated concepts
221    #[ignore_malloc_size_of = "Defined in hyper"]
222    #[no_trace]
223    request_method: DomRefCell<Method>,
224    #[no_trace]
225    request_url: DomRefCell<Option<ServoUrl>>,
226    #[ignore_malloc_size_of = "Defined in hyper"]
227    #[no_trace]
228    request_headers: DomRefCell<HeaderMap>,
229    request_body_len: Cell<usize>,
230    sync: Cell<bool>,
231    upload_complete: Cell<bool>,
232    upload_listener: Cell<bool>,
233    send_flag: Cell<bool>,
234
235    timeout_cancel: DomRefCell<Option<OneshotTimerHandle>>,
236    fetch_time: Cell<Instant>,
237    generation_id: Cell<GenerationId>,
238    response_status: Cell<Result<(), ()>>,
239    #[no_trace]
240    referrer: Referrer,
241    #[no_trace]
242    referrer_policy: ReferrerPolicy,
243    canceller: DomRefCell<FetchCanceller>,
244}
245
246impl XMLHttpRequest {
247    fn new_inherited(global: &GlobalScope, can_gc: CanGc) -> XMLHttpRequest {
248        XMLHttpRequest {
249            eventtarget: XMLHttpRequestEventTarget::new_inherited(),
250            ready_state: Cell::new(XMLHttpRequestState::Unsent),
251            timeout: Cell::new(Duration::ZERO),
252            with_credentials: Cell::new(false),
253            upload: Dom::from_ref(&*XMLHttpRequestUpload::new(global, can_gc)),
254            response_url: DomRefCell::new(String::new()),
255            status: DomRefCell::new(HttpStatus::new_error()),
256            response: DomRefCell::new(vec![]),
257            response_type: Cell::new(XMLHttpRequestResponseType::_empty),
258            response_xml: Default::default(),
259            response_blob: Default::default(),
260            response_arraybuffer: HeapBufferSource::default(),
261            response_json: Heap::default(),
262            response_headers: DomRefCell::new(HeaderMap::new()),
263            override_mime_type: DomRefCell::new(None),
264
265            request_method: DomRefCell::new(Method::GET),
266            request_url: DomRefCell::new(None),
267            request_headers: DomRefCell::new(HeaderMap::new()),
268            request_body_len: Cell::new(0),
269            sync: Cell::new(false),
270            upload_complete: Cell::new(false),
271            upload_listener: Cell::new(false),
272            send_flag: Cell::new(false),
273
274            timeout_cancel: DomRefCell::new(None),
275            fetch_time: Cell::new(Instant::now()),
276            generation_id: Cell::new(GenerationId(0)),
277            response_status: Cell::new(Ok(())),
278            referrer: global.get_referrer(),
279            referrer_policy: global.get_referrer_policy(),
280            canceller: DomRefCell::new(Default::default()),
281        }
282    }
283
284    fn new(
285        global: &GlobalScope,
286        proto: Option<HandleObject>,
287        can_gc: CanGc,
288    ) -> DomRoot<XMLHttpRequest> {
289        reflect_dom_object_with_proto(
290            Box::new(XMLHttpRequest::new_inherited(global, can_gc)),
291            global,
292            proto,
293            can_gc,
294        )
295    }
296
297    fn sync_in_window(&self) -> bool {
298        self.sync.get() && self.global().is::<Window>()
299    }
300}
301
302impl XMLHttpRequestMethods<crate::DomTypeHolder> for XMLHttpRequest {
303    /// <https://xhr.spec.whatwg.org/#constructors>
304    fn Constructor(
305        global: &GlobalScope,
306        proto: Option<HandleObject>,
307        can_gc: CanGc,
308    ) -> Fallible<DomRoot<XMLHttpRequest>> {
309        Ok(XMLHttpRequest::new(global, proto, can_gc))
310    }
311
312    // https://xhr.spec.whatwg.org/#handler-xhr-onreadystatechange
313    event_handler!(
314        readystatechange,
315        GetOnreadystatechange,
316        SetOnreadystatechange
317    );
318
319    /// <https://xhr.spec.whatwg.org/#dom-xmlhttprequest-readystate>
320    fn ReadyState(&self) -> u16 {
321        self.ready_state.get() as u16
322    }
323
324    /// <https://xhr.spec.whatwg.org/#the-open()-method>
325    fn Open(&self, method: ByteString, url: USVString) -> ErrorResult {
326        // Step 8
327        self.Open_(method, url, true, None, None)
328    }
329
330    /// <https://xhr.spec.whatwg.org/#the-open()-method>
331    fn Open_(
332        &self,
333        method: ByteString,
334        url: USVString,
335        asynch: bool,
336        username: Option<USVString>,
337        password: Option<USVString>,
338    ) -> ErrorResult {
339        // Step 1
340        if let Some(window) = DomRoot::downcast::<Window>(self.global()) {
341            if !window.Document().is_fully_active() {
342                return Err(Error::InvalidState);
343            }
344        }
345
346        // Step 5
347        // FIXME(seanmonstar): use a Trie instead?
348        let maybe_method = method.as_str().and_then(|s| {
349            // Note: hyper tests against the uppercase versions
350            // Since we want to pass methods not belonging to the short list above
351            // without changing capitalization, this will actually sidestep rust-http's type system
352            // since methods like "patch" or "PaTcH" will be considered extension methods
353            // despite the there being a rust-http method variant for them
354            let upper = s.to_ascii_uppercase();
355            match &*upper {
356                "DELETE" | "GET" | "HEAD" | "OPTIONS" | "POST" | "PUT" | "CONNECT" | "TRACE" |
357                "TRACK" => upper.parse().ok(),
358                _ => s.parse().ok(),
359            }
360        });
361
362        match maybe_method {
363            // Step 4
364            Some(Method::CONNECT) | Some(Method::TRACE) => Err(Error::Security),
365            Some(ref t) if t.as_str() == "TRACK" => Err(Error::Security),
366            Some(parsed_method) => {
367                // Step 3
368                if !is_token(&method) {
369                    return Err(Error::Syntax);
370                }
371
372                // Step 2
373                let base = self.global().api_base_url();
374                // Step 6
375                let mut parsed_url = match base.join(&url.0) {
376                    Ok(parsed) => parsed,
377                    // Step 7
378                    Err(_) => return Err(Error::Syntax),
379                };
380
381                // Step 9
382                if parsed_url.host().is_some() {
383                    if let Some(user_str) = username {
384                        parsed_url.set_username(&user_str.0).unwrap();
385                    }
386                    if let Some(pass_str) = password {
387                        parsed_url.set_password(Some(&pass_str.0)).unwrap();
388                    }
389                }
390
391                // Step 10
392                if !asynch {
393                    // FIXME: This should only happen if the global environment is a document environment
394                    if !self.timeout.get().is_zero() ||
395                        self.response_type.get() != XMLHttpRequestResponseType::_empty
396                    {
397                        return Err(Error::InvalidAccess);
398                    }
399                }
400                // Step 11 - abort existing requests
401                self.terminate_ongoing_fetch();
402
403                // FIXME(#13767): In the WPT test: FileAPI/blob/Blob-XHR-revoke.html,
404                // the xhr.open(url) is expected to hold a reference to the URL,
405                // thus renders following revocations invalid. Though we won't
406                // implement this for now, if ever needed, we should check blob
407                // scheme and trigger corresponding actions here.
408
409                // Step 12
410                *self.request_method.borrow_mut() = parsed_method;
411                *self.request_url.borrow_mut() = Some(parsed_url);
412                self.sync.set(!asynch);
413                *self.request_headers.borrow_mut() = HeaderMap::new();
414                self.send_flag.set(false);
415                self.upload_listener.set(false);
416                *self.status.borrow_mut() = HttpStatus::new_error();
417
418                // Step 13
419                if self.ready_state.get() != XMLHttpRequestState::Opened {
420                    self.change_ready_state(XMLHttpRequestState::Opened, CanGc::note());
421                }
422                Ok(())
423            },
424            // Step 3
425            // This includes cases where as_str() returns None, and when is_token() returns false,
426            // both of which indicate invalid extension method names
427            _ => Err(Error::Syntax),
428        }
429    }
430
431    /// <https://xhr.spec.whatwg.org/#the-setrequestheader()-method>
432    fn SetRequestHeader(&self, name: ByteString, value: ByteString) -> ErrorResult {
433        // Step 1: If this’s state is not opened, then throw an "InvalidStateError" DOMException.
434        // Step 2: If this’s send() flag is set, then throw an "InvalidStateError" DOMException.
435        if self.ready_state.get() != XMLHttpRequestState::Opened || self.send_flag.get() {
436            return Err(Error::InvalidState);
437        }
438
439        // Step 3: Normalize value.
440        let value = trim_http_whitespace(&value);
441
442        // Step 4: If name is not a header name or value is not a header value, then throw a
443        // "SyntaxError" DOMException.
444        if !is_token(&name) || !is_field_value(value) {
445            return Err(Error::Syntax);
446        }
447
448        let name_str = name.as_str().ok_or(Error::Syntax)?;
449
450        // Step 5: If (name, value) is a forbidden request-header, then return.
451        if is_forbidden_request_header(name_str, value) {
452            return Ok(());
453        }
454
455        debug!(
456            "SetRequestHeader: name={:?}, value={:?}",
457            name_str,
458            str::from_utf8(value).ok()
459        );
460        let mut headers = self.request_headers.borrow_mut();
461
462        // Step 6: Combine (name, value) in this’s author request headers.
463        // https://fetch.spec.whatwg.org/#concept-header-list-combine
464        let value = match headers.get(name_str).map(HeaderValue::as_bytes) {
465            Some(raw) => {
466                let mut buf = raw.to_vec();
467                buf.extend_from_slice(b", ");
468                buf.extend_from_slice(value);
469                buf
470            },
471            None => value.into(),
472        };
473
474        headers.insert(
475            HeaderName::from_str(name_str).unwrap(),
476            HeaderValue::from_bytes(&value).unwrap(),
477        );
478        Ok(())
479    }
480
481    /// <https://xhr.spec.whatwg.org/#the-timeout-attribute>
482    fn Timeout(&self) -> u32 {
483        self.timeout.get().as_millis() as u32
484    }
485
486    /// <https://xhr.spec.whatwg.org/#the-timeout-attribute>
487    fn SetTimeout(&self, timeout: u32) -> ErrorResult {
488        // Step 1
489        if self.sync_in_window() {
490            return Err(Error::InvalidAccess);
491        }
492
493        // Step 2
494        let timeout = Duration::from_millis(timeout as u64);
495        self.timeout.set(timeout);
496
497        if self.send_flag.get() {
498            if timeout.is_zero() {
499                self.cancel_timeout();
500                return Ok(());
501            }
502            let progress = Instant::now() - self.fetch_time.get();
503            if timeout > progress {
504                self.set_timeout(timeout - progress);
505            } else {
506                // Immediately execute the timeout steps
507                self.set_timeout(Duration::ZERO);
508            }
509        }
510        Ok(())
511    }
512
513    /// <https://xhr.spec.whatwg.org/#the-withcredentials-attribute>
514    fn WithCredentials(&self) -> bool {
515        self.with_credentials.get()
516    }
517
518    /// <https://xhr.spec.whatwg.org/#dom-xmlhttprequest-withcredentials>
519    fn SetWithCredentials(&self, with_credentials: bool) -> ErrorResult {
520        match self.ready_state.get() {
521            // Step 1
522            XMLHttpRequestState::HeadersReceived |
523            XMLHttpRequestState::Loading |
524            XMLHttpRequestState::Done => Err(Error::InvalidState),
525            // Step 2
526            _ if self.send_flag.get() => Err(Error::InvalidState),
527            // Step 3
528            _ => {
529                self.with_credentials.set(with_credentials);
530                Ok(())
531            },
532        }
533    }
534
535    /// <https://xhr.spec.whatwg.org/#the-upload-attribute>
536    fn Upload(&self) -> DomRoot<XMLHttpRequestUpload> {
537        DomRoot::from_ref(&*self.upload)
538    }
539
540    /// <https://xhr.spec.whatwg.org/#the-send()-method>
541    fn Send(&self, data: Option<DocumentOrXMLHttpRequestBodyInit>, can_gc: CanGc) -> ErrorResult {
542        // Step 1, 2
543        if self.ready_state.get() != XMLHttpRequestState::Opened || self.send_flag.get() {
544            return Err(Error::InvalidState);
545        }
546
547        // Step 3
548        let data = match *self.request_method.borrow() {
549            Method::GET | Method::HEAD => None,
550            _ => data,
551        };
552        // Step 4 (first half)
553        let mut extracted_or_serialized = match data {
554            Some(DocumentOrXMLHttpRequestBodyInit::Document(ref doc)) => {
555                let bytes = Vec::from(serialize_document(doc)?.as_ref());
556                let content_type = if doc.is_html_document() {
557                    "text/html;charset=UTF-8"
558                } else {
559                    "application/xml;charset=UTF-8"
560                };
561                let total_bytes = bytes.len();
562                let global = self.global();
563                let stream = ReadableStream::new_from_bytes(&global, bytes, can_gc)?;
564                Some(ExtractedBody {
565                    stream,
566                    total_bytes: Some(total_bytes),
567                    content_type: Some(DOMString::from(content_type)),
568                    source: BodySource::Object,
569                })
570            },
571            Some(DocumentOrXMLHttpRequestBodyInit::Blob(ref b)) => {
572                let extracted_body = b
573                    .extract(&self.global(), can_gc)
574                    .expect("Couldn't extract body.");
575                if !extracted_body.in_memory() && self.sync.get() {
576                    warn!("Sync XHR with not in-memory Blob as body not supported");
577                    None
578                } else {
579                    Some(extracted_body)
580                }
581            },
582            Some(DocumentOrXMLHttpRequestBodyInit::FormData(ref formdata)) => Some(
583                formdata
584                    .extract(&self.global(), can_gc)
585                    .expect("Couldn't extract body."),
586            ),
587            Some(DocumentOrXMLHttpRequestBodyInit::String(ref str)) => Some(
588                str.extract(&self.global(), can_gc)
589                    .expect("Couldn't extract body."),
590            ),
591            Some(DocumentOrXMLHttpRequestBodyInit::URLSearchParams(ref urlsp)) => Some(
592                urlsp
593                    .extract(&self.global(), can_gc)
594                    .expect("Couldn't extract body."),
595            ),
596            Some(DocumentOrXMLHttpRequestBodyInit::ArrayBuffer(ref typedarray)) => {
597                let bytes = typedarray.to_vec();
598                let total_bytes = bytes.len();
599                let global = self.global();
600                let stream = ReadableStream::new_from_bytes(&global, bytes, can_gc)?;
601                Some(ExtractedBody {
602                    stream,
603                    total_bytes: Some(total_bytes),
604                    content_type: None,
605                    source: BodySource::Object,
606                })
607            },
608            Some(DocumentOrXMLHttpRequestBodyInit::ArrayBufferView(ref typedarray)) => {
609                let bytes = typedarray.to_vec();
610                let total_bytes = bytes.len();
611                let global = self.global();
612                let stream = ReadableStream::new_from_bytes(&global, bytes, can_gc)?;
613                Some(ExtractedBody {
614                    stream,
615                    total_bytes: Some(total_bytes),
616                    content_type: None,
617                    source: BodySource::Object,
618                })
619            },
620            None => None,
621        };
622
623        self.request_body_len.set(
624            extracted_or_serialized
625                .as_ref()
626                .map_or(0, |e| e.total_bytes.unwrap_or(0)),
627        );
628
629        // Step 5
630        // If we dont have data to upload, we dont want to emit events
631        let has_handlers = self.upload.upcast::<EventTarget>().has_handlers();
632        self.upload_listener.set(has_handlers && data.is_some());
633
634        // todo preserved headers?
635
636        // Step 7
637        self.upload_complete.set(false);
638        // Step 8
639        // FIXME handle the 'timed out flag'
640        // Step 9
641        self.upload_complete.set(extracted_or_serialized.is_none());
642        // Step 10
643        self.send_flag.set(true);
644
645        // Step 11
646        if !self.sync.get() {
647            // If one of the event handlers below aborts the fetch by calling
648            // abort or open we will need the current generation id to detect it.
649            // Substep 1
650            let gen_id = self.generation_id.get();
651            self.dispatch_response_progress_event(atom!("loadstart"), can_gc);
652            if self.generation_id.get() != gen_id {
653                return Ok(());
654            }
655            // Substep 2
656            if !self.upload_complete.get() && self.upload_listener.get() {
657                self.dispatch_upload_progress_event(atom!("loadstart"), Ok(Some(0)), can_gc);
658                if self.generation_id.get() != gen_id {
659                    return Ok(());
660                }
661            }
662        }
663
664        // Step 6
665        // TODO - set referrer_policy/referrer_url in request
666        let credentials_mode = if self.with_credentials.get() {
667            CredentialsMode::Include
668        } else {
669            CredentialsMode::CredentialsSameOrigin
670        };
671        let use_url_credentials = if let Some(ref url) = *self.request_url.borrow() {
672            !url.username().is_empty() || url.password().is_some()
673        } else {
674            unreachable!()
675        };
676
677        let content_type = match extracted_or_serialized.as_mut() {
678            Some(body) => body.content_type.take(),
679            None => None,
680        };
681
682        let global = self.global();
683        let mut request = RequestBuilder::new(
684            global.webview_id(),
685            self.request_url.borrow().clone().unwrap(),
686            self.referrer.clone(),
687        )
688        .method(self.request_method.borrow().clone())
689        .headers((*self.request_headers.borrow()).clone())
690        .unsafe_request(true)
691        // XXXManishearth figure out how to avoid this clone
692        .body(extracted_or_serialized.map(|e| e.into_net_request_body().0))
693        .synchronous(self.sync.get())
694        .mode(RequestMode::CorsMode)
695        .use_cors_preflight(self.upload_listener.get())
696        .credentials_mode(credentials_mode)
697        .use_url_credentials(use_url_credentials)
698        .origin(global.origin().immutable().clone())
699        .referrer_policy(self.referrer_policy)
700        .insecure_requests_policy(global.insecure_requests_policy())
701        .has_trustworthy_ancestor_origin(global.has_trustworthy_ancestor_or_current_origin())
702        .policy_container(global.policy_container())
703        .pipeline_id(Some(global.pipeline_id()));
704
705        // step 4 (second half)
706        if let Some(content_type) = content_type {
707            let encoding = match data {
708                Some(DocumentOrXMLHttpRequestBodyInit::String(_)) |
709                Some(DocumentOrXMLHttpRequestBodyInit::Document(_)) =>
710                // XHR spec differs from http, and says UTF-8 should be in capitals,
711                // instead of "utf-8", which is what Hyper defaults to. So not
712                // using content types provided by Hyper.
713                {
714                    Some("UTF-8")
715                },
716                _ => None,
717            };
718
719            let mut content_type_set = false;
720            if !request.headers.contains_key(header::CONTENT_TYPE) {
721                request.headers.insert(
722                    header::CONTENT_TYPE,
723                    HeaderValue::from_str(&content_type).unwrap(),
724                );
725                content_type_set = true;
726            }
727
728            if !content_type_set {
729                let ct = request.headers.typed_get::<ContentType>();
730                if let Some(ct) = ct {
731                    if let Some(encoding) = encoding {
732                        let mime: Mime = ct.to_string().parse().unwrap();
733                        for param in mime.parameters.iter() {
734                            if param.0 == CHARSET && !param.1.eq_ignore_ascii_case(encoding) {
735                                let params_iter = mime.parameters.iter();
736                                let new_params: Vec<(String, String)> = params_iter
737                                    .filter(|p| p.0 != CHARSET)
738                                    .map(|p| (p.0.clone(), p.1.clone()))
739                                    .collect();
740
741                                let new_mime = format!(
742                                    "{}/{};charset={}{}{}",
743                                    mime.type_,
744                                    mime.subtype,
745                                    encoding,
746                                    if new_params.is_empty() { "" } else { "; " },
747                                    new_params
748                                        .iter()
749                                        .map(|p| format!("{}={}", p.0, p.1))
750                                        .collect::<Vec<String>>()
751                                        .join("; ")
752                                );
753
754                                request.headers.insert(
755                                    header::CONTENT_TYPE,
756                                    HeaderValue::from_str(&new_mime).unwrap(),
757                                );
758                            }
759                        }
760                    }
761                }
762            }
763        }
764
765        self.fetch_time.set(Instant::now());
766
767        let rv = self.fetch(request, &self.global());
768        // Step 10
769        if self.sync.get() {
770            return rv;
771        }
772
773        let timeout = self.timeout.get();
774        if timeout > Duration::ZERO {
775            self.set_timeout(timeout);
776        }
777        Ok(())
778    }
779
780    /// <https://xhr.spec.whatwg.org/#the-abort()-method>
781    fn Abort(&self, can_gc: CanGc) {
782        // Step 1
783        self.terminate_ongoing_fetch();
784        // Step 2
785        let state = self.ready_state.get();
786        if (state == XMLHttpRequestState::Opened && self.send_flag.get()) ||
787            state == XMLHttpRequestState::HeadersReceived ||
788            state == XMLHttpRequestState::Loading
789        {
790            let gen_id = self.generation_id.get();
791            self.process_partial_response(XHRProgress::Errored(gen_id, Error::Abort), can_gc);
792            // If open was called in one of the handlers invoked by the
793            // above call then we should terminate the abort sequence
794            if self.generation_id.get() != gen_id {
795                return;
796            }
797        }
798        // Step 3
799        if self.ready_state.get() == XMLHttpRequestState::Done {
800            self.change_ready_state(XMLHttpRequestState::Unsent, can_gc);
801            self.response_status.set(Err(()));
802            *self.status.borrow_mut() = HttpStatus::new_error();
803            self.response.borrow_mut().clear();
804            self.response_headers.borrow_mut().clear();
805        }
806    }
807
808    /// <https://xhr.spec.whatwg.org/#the-responseurl-attribute>
809    fn ResponseURL(&self) -> USVString {
810        USVString(self.response_url.borrow().clone())
811    }
812
813    /// <https://xhr.spec.whatwg.org/#the-status-attribute>
814    fn Status(&self) -> u16 {
815        self.status.borrow().raw_code()
816    }
817
818    /// <https://xhr.spec.whatwg.org/#the-statustext-attribute>
819    fn StatusText(&self) -> ByteString {
820        ByteString::new(self.status.borrow().message().to_vec())
821    }
822
823    /// <https://xhr.spec.whatwg.org/#the-getresponseheader()-method>
824    fn GetResponseHeader(&self, name: ByteString) -> Option<ByteString> {
825        let headers = self.filter_response_headers();
826        let headers = headers.get_all(HeaderName::from_str(&name.as_str()?.to_lowercase()).ok()?);
827        let mut first = true;
828        let s = headers.iter().fold(Vec::new(), |mut vec, value| {
829            if !first {
830                vec.extend(", ".as_bytes());
831            }
832            if let Ok(v) = str::from_utf8(value.as_bytes()).map(|s| s.trim().as_bytes()) {
833                vec.extend(v);
834                first = false;
835            }
836            vec
837        });
838
839        // There was no header with that name so we never got to change that value
840        if first {
841            None
842        } else {
843            Some(ByteString::new(s))
844        }
845    }
846
847    /// <https://xhr.spec.whatwg.org/#the-getallresponseheaders()-method>
848    fn GetAllResponseHeaders(&self) -> ByteString {
849        let headers = self.filter_response_headers();
850        let keys = headers.keys();
851        let v = keys.fold(Vec::new(), |mut vec, k| {
852            let values = headers.get_all(k);
853            vec.extend(k.as_str().as_bytes());
854            vec.extend(": ".as_bytes());
855            let mut first = true;
856            for value in values {
857                if !first {
858                    vec.extend(", ".as_bytes());
859                    first = false;
860                }
861                vec.extend(value.as_bytes());
862            }
863            vec.extend("\r\n".as_bytes());
864            vec
865        });
866
867        ByteString::new(v)
868    }
869
870    /// <https://xhr.spec.whatwg.org/#the-overridemimetype()-method>
871    fn OverrideMimeType(&self, mime: DOMString) -> ErrorResult {
872        // 1. If this’s state is loading or done, then throw an "InvalidStateError"
873        //   DOMException.
874        match self.ready_state.get() {
875            XMLHttpRequestState::Loading | XMLHttpRequestState::Done => {
876                return Err(Error::InvalidState);
877            },
878            _ => {},
879        }
880
881        // 2. Set this’s override MIME type to the result of parsing mime.
882        // 3. If this’s override MIME type is failure, then set this’s override MIME type
883        //    to application/octet-stream.
884        let override_mime = match mime.parse::<Mime>() {
885            Ok(mime) => mime,
886            Err(_) => "application/octet-stream"
887                .parse::<Mime>()
888                .map_err(|_| Error::Syntax)?,
889        };
890
891        *self.override_mime_type.borrow_mut() = Some(override_mime);
892        Ok(())
893    }
894
895    /// <https://xhr.spec.whatwg.org/#the-responsetype-attribute>
896    fn ResponseType(&self) -> XMLHttpRequestResponseType {
897        self.response_type.get()
898    }
899
900    /// <https://xhr.spec.whatwg.org/#the-responsetype-attribute>
901    fn SetResponseType(&self, response_type: XMLHttpRequestResponseType) -> ErrorResult {
902        // Step 1
903        if self.global().is::<WorkerGlobalScope>() &&
904            response_type == XMLHttpRequestResponseType::Document
905        {
906            return Ok(());
907        }
908        match self.ready_state.get() {
909            // Step 2
910            XMLHttpRequestState::Loading | XMLHttpRequestState::Done => Err(Error::InvalidState),
911            _ => {
912                if self.sync_in_window() {
913                    // Step 3
914                    Err(Error::InvalidAccess)
915                } else {
916                    // Step 4
917                    self.response_type.set(response_type);
918                    Ok(())
919                }
920            },
921        }
922    }
923
924    /// <https://xhr.spec.whatwg.org/#the-response-attribute>
925    fn Response(&self, cx: JSContext, can_gc: CanGc, mut rval: MutableHandleValue) {
926        match self.response_type.get() {
927            XMLHttpRequestResponseType::_empty | XMLHttpRequestResponseType::Text => {
928                let ready_state = self.ready_state.get();
929                // Step 2
930                if ready_state == XMLHttpRequestState::Done ||
931                    ready_state == XMLHttpRequestState::Loading
932                {
933                    self.text_response().safe_to_jsval(cx, rval);
934                } else {
935                    // Step 1
936                    "".safe_to_jsval(cx, rval);
937                }
938            },
939            // Step 1
940            _ if self.ready_state.get() != XMLHttpRequestState::Done => {
941                rval.set(NullValue());
942            },
943            // Step 2
944            XMLHttpRequestResponseType::Document => {
945                self.document_response(can_gc).safe_to_jsval(cx, rval)
946            },
947            XMLHttpRequestResponseType::Json => self.json_response(cx, rval),
948            XMLHttpRequestResponseType::Blob => self.blob_response(can_gc).safe_to_jsval(cx, rval),
949            XMLHttpRequestResponseType::Arraybuffer => {
950                match self.arraybuffer_response(cx, can_gc) {
951                    Some(array_buffer) => array_buffer.safe_to_jsval(cx, rval),
952                    None => rval.set(NullValue()),
953                }
954            },
955        }
956    }
957
958    /// <https://xhr.spec.whatwg.org/#the-responsetext-attribute>
959    fn GetResponseText(&self) -> Fallible<USVString> {
960        match self.response_type.get() {
961            XMLHttpRequestResponseType::_empty | XMLHttpRequestResponseType::Text => {
962                Ok(USVString(match self.ready_state.get() {
963                    // Step 3
964                    XMLHttpRequestState::Loading | XMLHttpRequestState::Done => {
965                        self.text_response()
966                    },
967                    // Step 2
968                    _ => "".to_owned(),
969                }))
970            },
971            // Step 1
972            _ => Err(Error::InvalidState),
973        }
974    }
975
976    /// <https://xhr.spec.whatwg.org/#the-responsexml-attribute>
977    fn GetResponseXML(&self, can_gc: CanGc) -> Fallible<Option<DomRoot<Document>>> {
978        match self.response_type.get() {
979            XMLHttpRequestResponseType::_empty | XMLHttpRequestResponseType::Document => {
980                // Step 3
981                if let XMLHttpRequestState::Done = self.ready_state.get() {
982                    Ok(self.document_response(can_gc))
983                } else {
984                    // Step 2
985                    Ok(None)
986                }
987            },
988            // Step 1
989            _ => Err(Error::InvalidState),
990        }
991    }
992}
993
994pub(crate) type TrustedXHRAddress = Trusted<XMLHttpRequest>;
995
996impl XMLHttpRequest {
997    fn change_ready_state(&self, rs: XMLHttpRequestState, can_gc: CanGc) {
998        assert_ne!(self.ready_state.get(), rs);
999        self.ready_state.set(rs);
1000        if rs != XMLHttpRequestState::Unsent {
1001            let event = Event::new(
1002                &self.global(),
1003                atom!("readystatechange"),
1004                EventBubbles::DoesNotBubble,
1005                EventCancelable::Cancelable,
1006                can_gc,
1007            );
1008            event.fire(self.upcast(), can_gc);
1009        }
1010    }
1011
1012    fn process_headers_available(
1013        &self,
1014        gen_id: GenerationId,
1015        metadata: Result<FetchMetadata, NetworkError>,
1016        can_gc: CanGc,
1017    ) -> Result<(), Error> {
1018        let metadata = match metadata {
1019            Ok(meta) => match meta {
1020                FetchMetadata::Unfiltered(m) => m,
1021                FetchMetadata::Filtered { filtered, .. } => match filtered {
1022                    FilteredMetadata::Basic(m) => m,
1023                    FilteredMetadata::Cors(m) => m,
1024                    FilteredMetadata::Opaque => return Err(Error::Network),
1025                    FilteredMetadata::OpaqueRedirect(_) => return Err(Error::Network),
1026                },
1027            },
1028            Err(_) => {
1029                self.process_partial_response(XHRProgress::Errored(gen_id, Error::Network), can_gc);
1030                return Err(Error::Network);
1031            },
1032        };
1033
1034        metadata.final_url[..Position::AfterQuery].clone_into(&mut self.response_url.borrow_mut());
1035
1036        // XXXManishearth Clear cache entries in case of a network error
1037        self.process_partial_response(
1038            XHRProgress::HeadersReceived(
1039                gen_id,
1040                metadata.headers.map(Serde::into_inner),
1041                metadata.status,
1042            ),
1043            can_gc,
1044        );
1045        Ok(())
1046    }
1047
1048    fn process_data_available(&self, gen_id: GenerationId, payload: Vec<u8>, can_gc: CanGc) {
1049        self.process_partial_response(XHRProgress::Loading(gen_id, payload), can_gc);
1050    }
1051
1052    fn process_response_complete(
1053        &self,
1054        gen_id: GenerationId,
1055        status: Result<(), NetworkError>,
1056        can_gc: CanGc,
1057    ) -> ErrorResult {
1058        match status {
1059            Ok(()) => {
1060                self.process_partial_response(XHRProgress::Done(gen_id), can_gc);
1061                Ok(())
1062            },
1063            Err(_) => {
1064                self.process_partial_response(XHRProgress::Errored(gen_id, Error::Network), can_gc);
1065                Err(Error::Network)
1066            },
1067        }
1068    }
1069
1070    fn process_partial_response(&self, progress: XHRProgress, can_gc: CanGc) {
1071        let msg_id = progress.generation_id();
1072
1073        // Aborts processing if abort() or open() was called
1074        // (including from one of the event handlers called below)
1075        macro_rules! return_if_fetch_was_terminated(
1076            () => (
1077                if msg_id != self.generation_id.get() {
1078                    return
1079                }
1080            );
1081        );
1082
1083        // Ignore message if it belongs to a terminated fetch
1084        return_if_fetch_was_terminated!();
1085
1086        // Ignore messages coming from previously-errored responses or requests that have timed out
1087        if self.response_status.get().is_err() {
1088            return;
1089        }
1090
1091        match progress {
1092            XHRProgress::HeadersReceived(_, headers, status) => {
1093                assert!(self.ready_state.get() == XMLHttpRequestState::Opened);
1094                // For synchronous requests, this should not fire any events, and just store data
1095                // XXXManishearth Find a way to track partial progress of the send (onprogresss for XHRUpload)
1096
1097                // Part of step 13, send() (processing request end of file)
1098                // Substep 1
1099                self.upload_complete.set(true);
1100                // Substeps 2-4
1101                if !self.sync.get() && self.upload_listener.get() {
1102                    self.dispatch_upload_progress_event(atom!("progress"), Ok(None), can_gc);
1103                    return_if_fetch_was_terminated!();
1104                    self.dispatch_upload_progress_event(atom!("load"), Ok(None), can_gc);
1105                    return_if_fetch_was_terminated!();
1106                    self.dispatch_upload_progress_event(atom!("loadend"), Ok(None), can_gc);
1107                    return_if_fetch_was_terminated!();
1108                }
1109                // Part of step 13, send() (processing response)
1110                // XXXManishearth handle errors, if any (substep 1)
1111                // Substep 2
1112                if !status.is_error() {
1113                    *self.status.borrow_mut() = status.clone();
1114                }
1115                if let Some(h) = headers.as_ref() {
1116                    *self.response_headers.borrow_mut() = h.clone();
1117                }
1118                {
1119                    let len = headers.and_then(|h| h.typed_get::<ContentLength>());
1120                    let mut response = self.response.borrow_mut();
1121                    response.clear();
1122                    if let Some(len) = len {
1123                        // don't attempt to prereserve more than 4 MB of memory,
1124                        // to avoid giving servers the ability to DOS the client by
1125                        // providing arbitrarily large content-lengths.
1126                        //
1127                        // this number is arbitrary, it's basically big enough that most
1128                        // XHR requests won't hit it, but not so big that it allows for DOS
1129                        let size = cmp::min(0b100_0000000000_0000000000, len.0 as usize);
1130
1131                        // preallocate the buffer
1132                        response.reserve(size);
1133                    }
1134                }
1135                // Substep 3
1136                if !self.sync.get() {
1137                    self.change_ready_state(XMLHttpRequestState::HeadersReceived, can_gc);
1138                }
1139            },
1140            XHRProgress::Loading(_, mut partial_response) => {
1141                // For synchronous requests, this should not fire any events, and just store data
1142                // Part of step 11, send() (processing response body)
1143                // XXXManishearth handle errors, if any (substep 2)
1144
1145                self.response.borrow_mut().append(&mut partial_response);
1146                if !self.sync.get() {
1147                    if self.ready_state.get() == XMLHttpRequestState::HeadersReceived {
1148                        self.ready_state.set(XMLHttpRequestState::Loading);
1149                    }
1150                    let event = Event::new(
1151                        &self.global(),
1152                        atom!("readystatechange"),
1153                        EventBubbles::DoesNotBubble,
1154                        EventCancelable::Cancelable,
1155                        can_gc,
1156                    );
1157                    event.fire(self.upcast(), can_gc);
1158                    return_if_fetch_was_terminated!();
1159                    self.dispatch_response_progress_event(atom!("progress"), can_gc);
1160                }
1161            },
1162            XHRProgress::Done(_) => {
1163                assert!(
1164                    self.ready_state.get() == XMLHttpRequestState::HeadersReceived ||
1165                        self.ready_state.get() == XMLHttpRequestState::Loading ||
1166                        self.sync.get()
1167                );
1168
1169                self.cancel_timeout();
1170                self.canceller.borrow_mut().ignore();
1171
1172                // Part of step 11, send() (processing response end of file)
1173                // XXXManishearth handle errors, if any (substep 2)
1174
1175                // Subsubsteps 6-8
1176                self.send_flag.set(false);
1177
1178                self.change_ready_state(XMLHttpRequestState::Done, can_gc);
1179                return_if_fetch_was_terminated!();
1180                // Subsubsteps 11-12
1181                self.dispatch_response_progress_event(atom!("load"), can_gc);
1182                return_if_fetch_was_terminated!();
1183                self.dispatch_response_progress_event(atom!("loadend"), can_gc);
1184            },
1185            XHRProgress::Errored(_, e) => {
1186                self.cancel_timeout();
1187                self.canceller.borrow_mut().ignore();
1188
1189                self.discard_subsequent_responses();
1190                self.send_flag.set(false);
1191                *self.status.borrow_mut() = HttpStatus::new_error();
1192                self.response_headers.borrow_mut().clear();
1193                // XXXManishearth set response to NetworkError
1194                self.change_ready_state(XMLHttpRequestState::Done, can_gc);
1195                return_if_fetch_was_terminated!();
1196
1197                let errormsg = match e {
1198                    Error::Abort => "abort",
1199                    Error::Timeout => "timeout",
1200                    _ => "error",
1201                };
1202
1203                let upload_complete = &self.upload_complete;
1204                if !upload_complete.get() {
1205                    upload_complete.set(true);
1206                    if self.upload_listener.get() {
1207                        self.dispatch_upload_progress_event(Atom::from(errormsg), Err(()), can_gc);
1208                        return_if_fetch_was_terminated!();
1209                        self.dispatch_upload_progress_event(atom!("loadend"), Err(()), can_gc);
1210                        return_if_fetch_was_terminated!();
1211                    }
1212                }
1213                self.dispatch_response_progress_event(Atom::from(errormsg), can_gc);
1214                return_if_fetch_was_terminated!();
1215                self.dispatch_response_progress_event(atom!("loadend"), can_gc);
1216            },
1217        }
1218    }
1219
1220    fn terminate_ongoing_fetch(&self) {
1221        self.canceller.borrow_mut().cancel();
1222        let GenerationId(prev_id) = self.generation_id.get();
1223        self.generation_id.set(GenerationId(prev_id + 1));
1224        self.response_status.set(Ok(()));
1225    }
1226
1227    fn dispatch_progress_event(
1228        &self,
1229        upload: bool,
1230        type_: Atom,
1231        loaded: u64,
1232        total: Option<u64>,
1233        can_gc: CanGc,
1234    ) {
1235        let (total_length, length_computable) = if self
1236            .response_headers
1237            .borrow()
1238            .contains_key(header::CONTENT_ENCODING)
1239        {
1240            (0, false)
1241        } else {
1242            (total.unwrap_or(0), total.is_some())
1243        };
1244        let progressevent = ProgressEvent::new(
1245            &self.global(),
1246            type_,
1247            EventBubbles::DoesNotBubble,
1248            EventCancelable::NotCancelable,
1249            length_computable,
1250            Finite::wrap(loaded as f64),
1251            Finite::wrap(total_length as f64),
1252            can_gc,
1253        );
1254        let target = if upload {
1255            self.upload.upcast()
1256        } else {
1257            self.upcast()
1258        };
1259        progressevent.upcast::<Event>().fire(target, can_gc);
1260    }
1261
1262    fn dispatch_upload_progress_event(
1263        &self,
1264        type_: Atom,
1265        partial_load: Result<Option<u64>, ()>,
1266        can_gc: CanGc,
1267    ) {
1268        // If partial_load is Ok(None), loading has completed and we can just use the value from the request body
1269        // If an error occured, we pass 0 for both loaded and total
1270
1271        let request_body_len = self.request_body_len.get() as u64;
1272        let (loaded, total) = match partial_load {
1273            Ok(l) => match l {
1274                Some(loaded) => (loaded, Some(request_body_len)),
1275                None => (request_body_len, Some(request_body_len)),
1276            },
1277            Err(()) => (0, None),
1278        };
1279        self.dispatch_progress_event(true, type_, loaded, total, can_gc);
1280    }
1281
1282    fn dispatch_response_progress_event(&self, type_: Atom, can_gc: CanGc) {
1283        let len = self.response.borrow().len() as u64;
1284        let total = self
1285            .response_headers
1286            .borrow()
1287            .typed_get::<ContentLength>()
1288            .map(|v| v.0);
1289        self.dispatch_progress_event(false, type_, len, total, can_gc);
1290    }
1291
1292    fn set_timeout(&self, duration: Duration) {
1293        // Sets up the object to timeout in a given number of milliseconds
1294        // This will cancel all previous timeouts
1295        let callback = OneshotTimerCallback::XhrTimeout(XHRTimeoutCallback {
1296            xhr: Trusted::new(self),
1297            generation_id: self.generation_id.get(),
1298        });
1299        *self.timeout_cancel.borrow_mut() =
1300            Some(self.global().schedule_callback(callback, duration));
1301    }
1302
1303    fn cancel_timeout(&self) {
1304        if let Some(handle) = self.timeout_cancel.borrow_mut().take() {
1305            self.global().unschedule_callback(handle);
1306        }
1307    }
1308
1309    /// <https://xhr.spec.whatwg.org/#text-response>
1310    fn text_response(&self) -> String {
1311        // Step 3, 5
1312        let charset = self.final_charset().unwrap_or(UTF_8);
1313        // TODO: Step 4 - add support for XML encoding guess stuff using XML spec
1314
1315        // According to Simon, decode() should never return an error, so unwrap()ing
1316        // the result should be fine. XXXManishearth have a closer look at this later
1317        // Step 1, 2, 6
1318        let response = self.response.borrow();
1319        let (text, _, _) = charset.decode(&response);
1320        text.into_owned()
1321    }
1322
1323    /// <https://xhr.spec.whatwg.org/#blob-response>
1324    fn blob_response(&self, can_gc: CanGc) -> DomRoot<Blob> {
1325        // Step 1
1326        if let Some(response) = self.response_blob.get() {
1327            return response;
1328        }
1329        // Step 2
1330        let mime = normalize_type_string(&self.final_mime_type().to_string());
1331
1332        // Step 3, 4
1333        let bytes = self.response.borrow().to_vec();
1334        let blob = Blob::new(
1335            &self.global(),
1336            BlobImpl::new_from_bytes(bytes, mime),
1337            can_gc,
1338        );
1339        self.response_blob.set(Some(&blob));
1340        blob
1341    }
1342
1343    /// <https://xhr.spec.whatwg.org/#arraybuffer-response>
1344    fn arraybuffer_response(&self, cx: JSContext, can_gc: CanGc) -> Option<ArrayBuffer> {
1345        // Step 5: Set the response object to a new ArrayBuffer with the received bytes
1346        // For caching purposes, skip this step if the response is already created
1347        if !self.response_arraybuffer.is_initialized() {
1348            let bytes = self.response.borrow();
1349
1350            // If this is not successful, the response won't be set and the function will return None
1351            self.response_arraybuffer
1352                .set_data(cx, &bytes, can_gc)
1353                .ok()?;
1354        }
1355
1356        // Return the correct ArrayBuffer
1357        self.response_arraybuffer.get_typed_array().ok()
1358    }
1359
1360    /// <https://xhr.spec.whatwg.org/#document-response>
1361    fn document_response(&self, can_gc: CanGc) -> Option<DomRoot<Document>> {
1362        // Caching: if we have existing response xml, redirect it directly
1363        let response = self.response_xml.get();
1364        if response.is_some() {
1365            return response;
1366        }
1367
1368        // Step 1: If xhr’s response’s body is null, then return.
1369        if self.response_status.get().is_err() {
1370            return None;
1371        }
1372
1373        // Step 2: Let finalMIME be the result of get a final MIME type for xhr.
1374        let final_mime = self.final_mime_type();
1375
1376        // Step 3: If finalMIME is not an HTML MIME type or an XML MIME type, then return.
1377        let is_xml_mime_type = final_mime.matches(TEXT, XML) ||
1378            final_mime.matches(APPLICATION, XML) ||
1379            final_mime.has_suffix(XML);
1380        if !final_mime.matches(TEXT, HTML) && !is_xml_mime_type {
1381            return None;
1382        }
1383
1384        // Step 4: If xhr’s response type is the empty string and finalMIME is an HTML MIME
1385        //         type, then return.
1386        let charset;
1387        let temp_doc;
1388        if final_mime.matches(TEXT, HTML) {
1389            if self.response_type.get() == XMLHttpRequestResponseType::_empty {
1390                return None;
1391            }
1392
1393            // Step 5: If finalMIME is an HTML MIME type, then:
1394            // Step 5.1: Let charset be the result of get a final encoding for xhr.
1395            // Step 5.2: If charset is null, prescan the first 1024 bytes of xhr’s received bytes
1396            // and if that does not terminate unsuccessfully then let charset be the return value.
1397            // TODO: This isn't happening right now.
1398            // Step 5.3. If charset is null, then set charset to UTF-8.
1399            charset = Some(self.final_charset().unwrap_or(UTF_8));
1400
1401            // Step 5.4: Let document be a document that represents the result parsing xhr’s
1402            // received bytes following the rules set forth in the HTML Standard for an HTML parser
1403            // with scripting disabled and a known definite encoding charset. [HTML]
1404            temp_doc = self.document_text_html(can_gc);
1405        } else {
1406            assert!(is_xml_mime_type);
1407
1408            // Step 6: Otherwise, let document be a document that represents the result of running
1409            // the XML parser with XML scripting support disabled on xhr’s received bytes. If that
1410            // fails (unsupported character encoding, namespace well-formedness error, etc.), then
1411            // return null. [HTML]
1412            //
1413            // TODO: The spec seems to suggest the charset should come from the XML parser here.
1414            temp_doc = self.handle_xml(can_gc);
1415            charset = self.final_charset();
1416
1417            // Not sure it the parser should throw an error for this case
1418            // The specification does not indicates this test,
1419            // but for now we check the document has no child nodes
1420            let has_no_child_nodes = temp_doc.upcast::<Node>().children().next().is_none();
1421            if has_no_child_nodes {
1422                return None;
1423            }
1424        }
1425
1426        // Step 7: If charset is null, then set charset to UTF-8.
1427        let charset = charset.unwrap_or(UTF_8);
1428
1429        // Step 8: Set document’s encoding to charset.
1430        temp_doc.set_encoding(charset);
1431
1432        // Step 9: Set document’s content type to finalMIME.
1433        // Step 10: Set document’s URL to xhr’s response’s URL.
1434        // Step 11: Set document’s origin to xhr’s relevant settings object’s origin.
1435        //
1436        // Done by `handle_text_html()` and `handle_xml()`.
1437
1438        // Step 12: Set xhr’s response object to document.
1439        self.response_xml.set(Some(&temp_doc));
1440        self.response_xml.get()
1441    }
1442
1443    #[allow(unsafe_code)]
1444    /// <https://xhr.spec.whatwg.org/#json-response>
1445    fn json_response(&self, cx: JSContext, mut rval: MutableHandleValue) {
1446        // Step 1
1447        let response_json = self.response_json.get();
1448        if !response_json.is_null_or_undefined() {
1449            return rval.set(response_json);
1450        }
1451        // Step 2
1452        let bytes = self.response.borrow();
1453        // Step 3
1454        if bytes.is_empty() {
1455            return rval.set(NullValue());
1456        }
1457        // Step 4
1458        // https://xhr.spec.whatwg.org/#json-response refers to
1459        // https://infra.spec.whatwg.org/#parse-json-from-bytes which refers to
1460        // https://encoding.spec.whatwg.org/#utf-8-decode which means
1461        // that the encoding is always UTF-8 and the UTF-8 BOM is removed,
1462        // if present, but UTF-16BE/LE BOM must not be honored.
1463        let json_text = decode_to_utf16_with_bom_removal(&bytes, UTF_8);
1464        // Step 5
1465        unsafe {
1466            if !JS_ParseJSON(
1467                *cx,
1468                json_text.as_ptr(),
1469                json_text.len() as u32,
1470                rval.reborrow(),
1471            ) {
1472                JS_ClearPendingException(*cx);
1473                return rval.set(NullValue());
1474            }
1475        }
1476        // Step 6
1477        self.response_json.set(rval.get());
1478    }
1479
1480    fn document_text_html(&self, can_gc: CanGc) -> DomRoot<Document> {
1481        let charset = self.final_charset().unwrap_or(UTF_8);
1482        let wr = self.global();
1483        let response = self.response.borrow();
1484        let (decoded, _, _) = charset.decode(&response);
1485        let document = self.new_doc(IsHTMLDocument::HTMLDocument, can_gc);
1486        // TODO: Disable scripting while parsing
1487        ServoParser::parse_html_document(
1488            &document,
1489            Some(DOMString::from(decoded)),
1490            wr.get_url(),
1491            can_gc,
1492        );
1493        document
1494    }
1495
1496    fn handle_xml(&self, can_gc: CanGc) -> DomRoot<Document> {
1497        let charset = self.final_charset().unwrap_or(UTF_8);
1498        let wr = self.global();
1499        let response = self.response.borrow();
1500        let (decoded, _, _) = charset.decode(&response);
1501        let document = self.new_doc(IsHTMLDocument::NonHTMLDocument, can_gc);
1502        // TODO: Disable scripting while parsing
1503        ServoParser::parse_xml_document(
1504            &document,
1505            Some(DOMString::from(decoded)),
1506            wr.get_url(),
1507            can_gc,
1508        );
1509        document
1510    }
1511
1512    fn new_doc(&self, is_html_document: IsHTMLDocument, can_gc: CanGc) -> DomRoot<Document> {
1513        let wr = self.global();
1514        let win = wr.as_window();
1515        let doc = win.Document();
1516        let docloader = DocumentLoader::new(&doc.loader());
1517        let base = wr.get_url();
1518        let parsed_url = base.join(&self.ResponseURL().0).ok();
1519        let content_type = Some(self.final_mime_type());
1520        Document::new(
1521            win,
1522            HasBrowsingContext::No,
1523            parsed_url,
1524            doc.origin().clone(),
1525            is_html_document,
1526            content_type,
1527            None,
1528            DocumentActivity::Inactive,
1529            DocumentSource::FromParser,
1530            docloader,
1531            None,
1532            None,
1533            Default::default(),
1534            false,
1535            false,
1536            Some(doc.insecure_requests_policy()),
1537            doc.has_trustworthy_ancestor_origin(),
1538            doc.custom_element_reaction_stack(),
1539            can_gc,
1540        )
1541    }
1542
1543    fn filter_response_headers(&self) -> HeaderMap {
1544        // https://fetch.spec.whatwg.org/#concept-response-header-list
1545        let mut headers = self.response_headers.borrow().clone();
1546        headers.remove(header::SET_COOKIE);
1547        headers.remove(HeaderName::from_static("set-cookie2"));
1548        // XXXManishearth additional CORS filtering goes here
1549        headers
1550    }
1551
1552    fn discard_subsequent_responses(&self) {
1553        self.response_status.set(Err(()));
1554    }
1555
1556    fn fetch(&self, request_builder: RequestBuilder, global: &GlobalScope) -> ErrorResult {
1557        let xhr = Trusted::new(self);
1558
1559        let context = Arc::new(Mutex::new(XHRContext {
1560            xhr,
1561            gen_id: self.generation_id.get(),
1562            sync_status: DomRefCell::new(None),
1563            resource_timing: ResourceFetchTiming::new(ResourceTimingType::Resource),
1564            url: request_builder.url.clone(),
1565        }));
1566
1567        let (task_source, script_port) = if self.sync.get() {
1568            let (sender, receiver) = global.new_script_pair();
1569            (
1570                SendableTaskSource {
1571                    sender,
1572                    pipeline_id: global.pipeline_id(),
1573                    name: TaskSourceName::Networking,
1574                    canceller: Default::default(),
1575                },
1576                Some(receiver),
1577            )
1578        } else {
1579            (
1580                global.task_manager().networking_task_source().to_sendable(),
1581                None,
1582            )
1583        };
1584
1585        *self.canceller.borrow_mut() =
1586            FetchCanceller::new(request_builder.id, global.core_resource_thread());
1587        global.fetch(request_builder, context.clone(), task_source);
1588
1589        if let Some(script_port) = script_port {
1590            loop {
1591                if !global.process_event(script_port.recv().unwrap()) {
1592                    // We're exiting.
1593                    return Err(Error::Abort);
1594                }
1595                let context = context.lock().unwrap();
1596                let sync_status = context.sync_status.borrow();
1597                if let Some(ref status) = *sync_status {
1598                    return status.clone();
1599                }
1600            }
1601        }
1602        Ok(())
1603    }
1604
1605    /// <https://xhr.spec.whatwg.org/#final-charset>
1606    fn final_charset(&self) -> Option<&'static Encoding> {
1607        // 1. Let label be null.
1608        // 2. Let responseMIME be the result of get a response MIME type for xhr.
1609        // 3. If responseMIME’s parameters["charset"] exists, then set label to it.
1610        let response_charset = self
1611            .response_mime_type()
1612            .get_parameter(CHARSET)
1613            .map(ToString::to_string);
1614
1615        // 4. If xhr’s override MIME type’s parameters["charset"] exists, then set label to it.
1616        let override_charset = self
1617            .override_mime_type
1618            .borrow()
1619            .as_ref()
1620            .and_then(|mime| mime.get_parameter(CHARSET))
1621            .map(ToString::to_string);
1622
1623        // 5. If label is null, then return null.
1624        // 6. Let encoding be the result of getting an encoding from label.
1625        // 7. If encoding is failure, then return null.
1626        // 8. Return encoding.
1627        override_charset
1628            .or(response_charset)
1629            .and_then(|charset| Encoding::for_label(charset.as_bytes()))
1630    }
1631
1632    /// <https://xhr.spec.whatwg.org/#response-mime-type>
1633    fn response_mime_type(&self) -> Mime {
1634        // 1. Let mimeType be the result of extracting a MIME type from xhr’s response’s
1635        //    header list.
1636        // 2. If mimeType is failure, then set mimeType to text/xml.
1637        // 3. Return mimeType.
1638        extract_mime_type_as_dataurl_mime(&self.response_headers.borrow())
1639            .unwrap_or_else(|| Mime::new(TEXT, XML))
1640    }
1641
1642    /// <https://xhr.spec.whatwg.org/#final-mime-type>
1643    fn final_mime_type(&self) -> Mime {
1644        self.override_mime_type
1645            .borrow()
1646            .as_ref()
1647            .map(MimeExt::clone)
1648            .unwrap_or_else(|| self.response_mime_type())
1649    }
1650}
1651
1652#[derive(JSTraceable, MallocSizeOf)]
1653pub(crate) struct XHRTimeoutCallback {
1654    #[ignore_malloc_size_of = "Because it is non-owning"]
1655    xhr: Trusted<XMLHttpRequest>,
1656    generation_id: GenerationId,
1657}
1658
1659impl XHRTimeoutCallback {
1660    pub(crate) fn invoke(self, can_gc: CanGc) {
1661        let xhr = self.xhr.root();
1662        if xhr.ready_state.get() != XMLHttpRequestState::Done {
1663            xhr.process_partial_response(
1664                XHRProgress::Errored(self.generation_id, Error::Timeout),
1665                can_gc,
1666            );
1667        }
1668    }
1669}
1670
1671fn serialize_document(doc: &Document) -> Fallible<DOMString> {
1672    let mut writer = vec![];
1673    match serialize(&mut writer, &doc.upcast::<Node>(), SerializeOpts::default()) {
1674        Ok(_) => Ok(DOMString::from(String::from_utf8(writer).unwrap())),
1675        Err(_) => Err(Error::InvalidState),
1676    }
1677}
1678
1679/// Returns whether `bs` is a `field-value`, as defined by
1680/// [RFC 2616](http://tools.ietf.org/html/rfc2616#page-32).
1681pub(crate) fn is_field_value(slice: &[u8]) -> bool {
1682    // Classifications of characters necessary for the [CRLF] (SP|HT) rule
1683    #[derive(PartialEq)]
1684    #[allow(clippy::upper_case_acronyms)]
1685    enum PreviousCharacter {
1686        Other,
1687        CR,
1688        LF,
1689        SPHT, // SP or HT
1690    }
1691    let mut prev = PreviousCharacter::Other; // The previous character
1692    slice.iter().all(|&x| {
1693        // http://tools.ietf.org/html/rfc2616#section-2.2
1694        match x {
1695            13 => {
1696                // CR
1697                if prev == PreviousCharacter::Other || prev == PreviousCharacter::SPHT {
1698                    prev = PreviousCharacter::CR;
1699                    true
1700                } else {
1701                    false
1702                }
1703            },
1704            10 => {
1705                // LF
1706                if prev == PreviousCharacter::CR {
1707                    prev = PreviousCharacter::LF;
1708                    true
1709                } else {
1710                    false
1711                }
1712            },
1713            32 => {
1714                // SP
1715                if prev == PreviousCharacter::LF || prev == PreviousCharacter::SPHT {
1716                    prev = PreviousCharacter::SPHT;
1717                    true
1718                } else if prev == PreviousCharacter::Other {
1719                    // Counts as an Other here, since it's not preceded by a CRLF
1720                    // SP is not a CTL, so it can be used anywhere
1721                    // though if used immediately after a CR the CR is invalid
1722                    // We don't change prev since it's already Other
1723                    true
1724                } else {
1725                    false
1726                }
1727            },
1728            9 => {
1729                // HT
1730                if prev == PreviousCharacter::LF || prev == PreviousCharacter::SPHT {
1731                    prev = PreviousCharacter::SPHT;
1732                    true
1733                } else {
1734                    false
1735                }
1736            },
1737            0..=31 | 127 => false, // CTLs
1738            x if x > 127 => false, // non ASCII
1739            _ if prev == PreviousCharacter::Other || prev == PreviousCharacter::SPHT => {
1740                prev = PreviousCharacter::Other;
1741                true
1742            },
1743            _ => false, // Previous character was a CR/LF but not part of the [CRLF] (SP|HT) rule
1744        }
1745    })
1746}