chromium/third_party/blink/renderer/core/loader/modulescript/module_script_fetcher.cc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "third_party/blink/renderer/core/loader/modulescript/module_script_fetcher.h"

#include "third_party/blink/public/common/features.h"
#include "third_party/blink/renderer/core/dom/dom_implementation.h"
#include "third_party/blink/renderer/core/inspector/console_message.h"
#include "third_party/blink/renderer/core/loader/resource/script_resource.h"
#include "third_party/blink/renderer/core/loader/subresource_integrity_helper.h"
#include "third_party/blink/renderer/platform/heap/heap.h"
#include "third_party/blink/renderer/platform/loader/cors/cors.h"
#include "third_party/blink/renderer/platform/network/mime/mime_type_registry.h"
#include "third_party/blink/renderer/platform/runtime_enabled_features.h"
#include "third_party/blink/renderer/platform/wtf/vector.h"

namespace blink {

ModuleScriptFetcher::ModuleScriptFetcher(
    base::PassKey<ModuleScriptLoader> pass_key) {}

void ModuleScriptFetcher::Client::OnFetched(
    const ModuleScriptCreationParams& params) {
  NotifyFetchFinishedSuccess(params);
}

void ModuleScriptFetcher::Client::OnFailed() {
  NotifyFetchFinishedError(HeapVector<Member<ConsoleMessage>>());
}

void ModuleScriptFetcher::Trace(Visitor* visitor) const {
  ResourceClient::Trace(visitor);
}

// <specdef href="https://html.spec.whatwg.org/C/#fetch-a-single-module-script">
bool ModuleScriptFetcher::WasModuleLoadSuccessful(
    ScriptResource* resource,
    ModuleType expected_module_type,
    HeapVector<Member<ConsoleMessage>>* error_messages) {
  DCHECK(error_messages);
  DCHECK_EQ(resource->GetScriptType(), mojom::blink::ScriptType::kModule);

  if (resource) {
    SubresourceIntegrityHelper::GetConsoleMessages(
        resource->IntegrityReportInfo(), error_messages);
  }

  // <spec step="9">... response's type is "error" ...</spec>
  if (!resource || resource->ErrorOccurred() ||
      resource->IntegrityDisposition() !=
          ResourceIntegrityDisposition::kPassed) {
    return false;
  }

  const auto& response = resource->GetResponse();
  // <spec step="9">... response's status is not an ok status</spec>
  if (response.IsHTTP() && !cors::IsOkStatus(response.HttpStatusCode())) {
    return false;
  }

  // <spec step="10">Let type be the result of extracting a MIME type from
  // response's header list.</spec>
  //
  // Note: For historical reasons, fetching a classic script does not include
  // MIME type checking. In contrast, module scripts will fail to load if they
  // are not of a correct MIME type.
  // We use ResourceResponse::HttpContentType() instead of MimeType(), as
  // MimeType() may be rewritten by mime sniffer.
  //
  // <spec step="12">If type is a JavaScript MIME type, then:</spec>
  if (expected_module_type == ModuleType::kJavaScript &&
      MIMETypeRegistry::IsSupportedJavaScriptMIMEType(
          response.HttpContentType())) {
    return true;
  }
  // <spec step="13">If type is a JSON MIME type, then:</spec>
  if (base::FeatureList::IsEnabled(blink::features::kJSONModules) &&
      expected_module_type == ModuleType::kJSON &&
      MIMETypeRegistry::IsJSONMimeType(response.HttpContentType())) {
    return true;
  }

  if (RuntimeEnabledFeatures::CSSModulesEnabled() &&
      expected_module_type == ModuleType::kCSS &&
      MIMETypeRegistry::IsSupportedStyleSheetMIMEType(
          response.HttpContentType())) {
    return true;
  }

  String message;
  if (base::FeatureList::IsEnabled(blink::features::kJSONModules) ||
      RuntimeEnabledFeatures::CSSModulesEnabled()) {
    message =
        "Failed to load module script: Expected a " +
        ModuleScriptCreationParams::ModuleTypeToString(expected_module_type) +
        " module script but the server responded with a MIME type of \"" +
        resource->GetResponse().HttpContentType() +
        "\". Strict MIME type checking is enforced for module scripts per HTML "
        "spec.";
  } else {
    message =
        "Failed to load module script: The server responded with a "
        "non-JavaScript "
        "MIME type of \"" +
        resource->GetResponse().HttpContentType() +
        "\". Strict MIME type checking is enforced for module scripts per HTML "
        "spec.";
  }

  error_messages->push_back(MakeGarbageCollected<ConsoleMessage>(
      mojom::ConsoleMessageSource::kJavaScript,
      mojom::ConsoleMessageLevel::kError, message,
      response.CurrentRequestUrl().GetString(), /*loader=*/nullptr,
      resource->InspectorId()));
  return false;
}

}  // namespace blink