LibWeb: Implement 'create a potential-CORS request' algorithm

author: Srikavin Ramkumar <srikavinramkumar@gmail.com> 2023-01-14 19:00:42 +0530
committer: Linus Groh <mail@linusgroh.de> 2023-03-19 14:16:15 +0000
commit: f7176463b5c623b8f50a06969f88907b2ff5728d (patch)
tree: d613661ae15d8b131952c4b617963acde499595e /Userland/Libraries
parent: 3e2e94bd01204336eb6a81242d88adc747402f89 (diff)
download: serenity-f7176463b5c623b8f50a06969f88907b2ff5728d.zip
6 files changed, 122 insertions, 0 deletions
diff --git a/Userland/Libraries/LibWeb/CMakeLists.txt b/Userland/Libraries/LibWeb/CMakeLists.txt
index 54ee70ef75..06602ba5de 100644
--- a/Userland/Libraries/LibWeb/CMakeLists.txt
+++ b/Userland/Libraries/LibWeb/CMakeLists.txt
@@ -172,6 +172,7 @@ set(SOURCES
     HTML/CanvasPattern.cpp
     HTML/CanvasRenderingContext2D.cpp
     HTML/CloseEvent.cpp
+    HTML/CORSSettingAttribute.cpp
     HTML/CrossOrigin/AbstractOperations.cpp
     HTML/CrossOrigin/Reporting.cpp
     HTML/DOMParser.cpp
@@ -282,6 +283,7 @@ set(SOURCES
     HTML/Path2D.cpp
     HTML/Plugin.cpp
     HTML/PluginArray.cpp
+    HTML/PotentialCORSRequest.cpp
     HTML/PromiseRejectionEvent.cpp
     HTML/RemoteBrowsingContext.cpp
     HTML/Scripting/ClassicScript.cpp
diff --git a/Userland/Libraries/LibWeb/HTML/AttributeNames.h b/Userland/Libraries/LibWeb/HTML/AttributeNames.h
index 10cf26c8c0..e1bbf094f1 100644
--- a/Userland/Libraries/LibWeb/HTML/AttributeNames.h
+++ b/Userland/Libraries/LibWeb/HTML/AttributeNames.h
@@ -52,6 +52,7 @@ namespace AttributeNames {
     __ENUMERATE_HTML_ATTRIBUTE(contenteditable)            \
     __ENUMERATE_HTML_ATTRIBUTE(controls)                   \
     __ENUMERATE_HTML_ATTRIBUTE(coords)                     \
+    __ENUMERATE_HTML_ATTRIBUTE(crossorigin)                \
     __ENUMERATE_HTML_ATTRIBUTE(data)                       \
     __ENUMERATE_HTML_ATTRIBUTE(datetime)                   \
     __ENUMERATE_HTML_ATTRIBUTE(declare)                    \
diff --git a/Userland/Libraries/LibWeb/HTML/CORSSettingAttribute.cpp b/Userland/Libraries/LibWeb/HTML/CORSSettingAttribute.cpp
new file mode 100644
index 0000000000..6eee57613d
--- /dev/null
+++ b/Userland/Libraries/LibWeb/HTML/CORSSettingAttribute.cpp
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2023, Srikavin Ramkumar <me@srikavin.me>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <LibWeb/HTML/CORSSettingAttribute.h>
+
+namespace Web::HTML {
+
+// https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-settings-attributes
+CORSSettingAttribute cors_setting_attribute_from_keyword(Optional<String> const& keyword)
+{
+    if (!keyword.has_value()) {
+        // its missing value default is the No CORS state
+        return CORSSettingAttribute::NoCORS;
+    }
+    if (keyword->is_empty() || keyword->bytes_as_string_view().equals_ignoring_ascii_case("anonymous"sv)) {
+        return CORSSettingAttribute::Anonymous;
+    }
+    if (keyword->bytes_as_string_view().equals_ignoring_ascii_case("use-credentials"sv)) {
+        return CORSSettingAttribute::UseCredentials;
+    }
+
+    // The attribute's invalid value default is the Anonymous state
+    return CORSSettingAttribute::Anonymous;
+}
+
+}
diff --git a/Userland/Libraries/LibWeb/HTML/CORSSettingAttribute.h b/Userland/Libraries/LibWeb/HTML/CORSSettingAttribute.h
new file mode 100644
index 0000000000..5d60e13052
--- /dev/null
+++ b/Userland/Libraries/LibWeb/HTML/CORSSettingAttribute.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2023, Srikavin Ramkumar <me@srikavin.me>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#pragma once
+
+#include <AK/Optional.h>
+#include <AK/String.h>
+
+namespace Web::HTML {
+
+// https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-settings-attribute
+enum class CORSSettingAttribute {
+    NoCORS,
+    Anonymous,
+    UseCredentials
+};
+
+[[nodiscard]] CORSSettingAttribute cors_setting_attribute_from_keyword(Optional<String> const& keyword);
+
+}
diff --git a/Userland/Libraries/LibWeb/HTML/PotentialCORSRequest.cpp b/Userland/Libraries/LibWeb/HTML/PotentialCORSRequest.cpp
new file mode 100644
index 0000000000..f5b9a8aff6
--- /dev/null
+++ b/Userland/Libraries/LibWeb/HTML/PotentialCORSRequest.cpp
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2023, Srikavin Ramkumar <me@srikavin.me>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <LibWeb/HTML/CORSSettingAttribute.h>
+#include <LibWeb/HTML/PotentialCORSRequest.h>
+
+namespace Web::HTML {
+
+// https://html.spec.whatwg.org/multipage/urls-and-fetching.html#create-a-potential-cors-request
+JS::NonnullGCPtr<Fetch::Infrastructure::Request>
+create_potential_CORS_request(JS::VM& vm, AK::URL const& url, Optional<Fetch::Infrastructure::Request::Destination> destination, CORSSettingAttribute cors_attribute_state, SameOriginFallbackFlag same_origin_fallback_flag)
+{
+    // 1. Let mode be "no-cors" if corsAttributeState is No CORS, and "cors" otherwise.
+    auto mode = cors_attribute_state == CORSSettingAttribute::NoCORS
+        ? Fetch::Infrastructure::Request::Mode::NoCORS
+        : Fetch::Infrastructure::Request::Mode::CORS;
+
+    // 2. If same-origin fallback flag is set and mode is "no-cors", set mode to "same-origin".
+    if (same_origin_fallback_flag == SameOriginFallbackFlag::Yes && mode == Fetch::Infrastructure::Request::Mode::NoCORS)
+        mode = Fetch::Infrastructure::Request::Mode::SameOrigin;
+
+    // 3. Let credentialsMode be "include".
+    auto credentials_mode = Fetch::Infrastructure::Request::CredentialsMode::Include;
+
+    // 4. If corsAttributeState is Anonymous, set credentialsMode to "same-origin".
+    if (cors_attribute_state == CORSSettingAttribute::Anonymous)
+        credentials_mode = Fetch::Infrastructure::Request::CredentialsMode::SameOrigin;
+
+    // 5. Let request be a new request whose URL is url, destination is destination, mode is mode, credentials mode is credentialsMode,
+    // and whose use-URL-credentials flag is set.
+    auto request = Fetch::Infrastructure::Request::create(vm);
+    request->set_url(url);
+    request->set_destination(destination);
+    request->set_mode(mode);
+    request->set_credentials_mode(credentials_mode);
+    request->set_use_url_credentials(true);
+
+    return request;
+}
+
+}
diff --git a/Userland/Libraries/LibWeb/HTML/PotentialCORSRequest.h b/Userland/Libraries/LibWeb/HTML/PotentialCORSRequest.h
new file mode 100644
index 0000000000..6af88a49c4
--- /dev/null
+++ b/Userland/Libraries/LibWeb/HTML/PotentialCORSRequest.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2023, Srikavin Ramkumar <me@srikavin.me>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#pragma once
+
+#include <AK/URL.h>
+#include <LibJS/Heap/GCPtr.h>
+#include <LibWeb/Fetch/Infrastructure/HTTP/Requests.h>
+#include <LibWeb/HTML/CORSSettingAttribute.h>
+
+namespace Web::HTML {
+
+enum class SameOriginFallbackFlag {
+    No,
+    Yes,
+};
+
+[[nodiscard]] JS::NonnullGCPtr<Fetch::Infrastructure::Request> create_potential_CORS_request(JS::VM&, const AK::URL&, Optional<Fetch::Infrastructure::Request::Destination>, CORSSettingAttribute, SameOriginFallbackFlag = SameOriginFallbackFlag::No);
+
+}
author	Srikavin Ramkumar <srikavinramkumar@gmail.com>	2023-01-14 19:00:42 +0530
committer	Linus Groh <mail@linusgroh.de>	2023-03-19 14:16:15 +0000
commit	f7176463b5c623b8f50a06969f88907b2ff5728d (patch)
tree	d613661ae15d8b131952c4b617963acde499595e /Userland/Libraries
parent	3e2e94bd01204336eb6a81242d88adc747402f89 (diff)
download	serenity-f7176463b5c623b8f50a06969f88907b2ff5728d.zip