1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "third_party/blink/renderer/core/loader/modulescript/module_script_fetcher.h"
#include "third_party/blink/renderer/core/dom/dom_implementation.h"
#include "third_party/blink/renderer/core/inspector/console_message.h"
#include "third_party/blink/renderer/core/loader/subresource_integrity_helper.h"
#include "third_party/blink/renderer/platform/loader/cors/cors.h"
#include "third_party/blink/renderer/platform/network/mime/mime_type_registry.h"
#include "third_party/blink/renderer/platform/runtime_enabled_features.h"
#include "third_party/blink/renderer/platform/wtf/vector.h"
namespace blink {
void ModuleScriptFetcher::Client::OnFetched(
const base::Optional<ModuleScriptCreationParams>& params) {
NotifyFetchFinished(params, HeapVector<Member<ConsoleMessage>>());
}
void ModuleScriptFetcher::Client::OnFailed() {
NotifyFetchFinished(base::nullopt, HeapVector<Member<ConsoleMessage>>());
}
// <specdef href="https://html.spec.whatwg.org/C/#fetch-a-single-module-script">
bool ModuleScriptFetcher::WasModuleLoadSuccessful(
Resource* resource,
HeapVector<Member<ConsoleMessage>>* error_messages,
ModuleScriptCreationParams::ModuleType* module_type) {
DCHECK(error_messages);
if (resource) {
SubresourceIntegrityHelper::GetConsoleMessages(
resource->IntegrityReportInfo(), error_messages);
}
// <spec step="9">... response's type is "error" ...</spec>
if (!resource || resource->ErrorOccurred() ||
resource->IntegrityDisposition() !=
ResourceIntegrityDisposition::kPassed) {
return false;
}
const auto& response = resource->GetResponse();
// <spec step="9">... response's status is not an ok status</spec>
if (response.IsHTTP() && !cors::IsOkStatus(response.HttpStatusCode())) {
return false;
}
// <spec step="10">Let type be the result of extracting a MIME type from
// response's header list.</spec>
//
// Note: For historical reasons, fetching a classic script does not include
// MIME type checking. In contrast, module scripts will fail to load if they
// are not of a correct MIME type.
// We use ResourceResponse::HttpContentType() instead of MimeType(), as
// MimeType() may be rewritten by mime sniffer.
//
// <spec step="12">If type is a JavaScript MIME type, then:</spec>
if (MIMETypeRegistry::IsSupportedJavaScriptMIMEType(
response.HttpContentType())) {
*module_type = ModuleScriptCreationParams::ModuleType::kJavaScriptModule;
return true;
}
// <spec step="13">If type is a JSON MIME type, then:</spec>
if (RuntimeEnabledFeatures::JSONModulesEnabled() &&
MIMETypeRegistry::IsJSONMimeType(response.HttpContentType())) {
*module_type = ModuleScriptCreationParams::ModuleType::kJSONModule;
return true;
}
String required_response_type = RuntimeEnabledFeatures::JSONModulesEnabled()
? "JavaScript or JSON"
: "JavaScript";
String message =
"Failed to load module script: The server responded with a non-" +
required_response_type + " MIME type of \"" +
resource->GetResponse().HttpContentType() +
"\". Strict MIME type checking is enforced for module scripts per HTML "
"spec.";
error_messages->push_back(ConsoleMessage::CreateForRequest(
mojom::ConsoleMessageSource::kJavaScript,
mojom::ConsoleMessageLevel::kError, message,
response.CurrentRequestUrl().GetString(), /*loader=*/nullptr,
resource->InspectorId()));
return false;
}
} // namespace blink
|
