Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[0.68] Implement HTTP redirection (#10600)
* Implement Origin Policy filter (#9771) * Move all awaitable code into PerformSendRequest * Await coroutine methods * Remove blank lines * Simplify co_return UntrackResponse * Use dynamic body for server internal request * Defne SetOnOptions * Move url before headers in Response type * Add dummy preflight filter * Update x64 exports * Use strand for server IO context * Use HTTP message aliases * Use HTTP message aliases * Do not keep session references Allows dropping server scope in tests. * Comment out server scopes * Use DynamicRequest|Response alias * Format * Use thread vector * Drop outdated boost package validation in ReactCommon * Define experimental write strand * Drop server scope in default test * Also pass server context to sessions * Disable resource in default test * Use Beast example * Remove unused sample code * Create HttpServer as listener wrapper * Pass callbacks down to session * Strong-name response as DynamicResponse * Use DynamicRequest in handle_request * Define HandleRequest as member function * Lambda-based Respond() * #if-out original sample code * Keep count on get: ReaGetSucceeds * Implement lambda_ using std::function * Run context in io thread * Join threads in Stop method * Port send lambda to MS::R::T::HttpServer * Update other basic tests * Ensure Get+Options sequencing * Clean up comments * Use Callbacks() method * Add concurrency argument * Reduce macro usage * Fix default OPTIONS handler * Ensure number of headers * Define ResponseType * Use ResponseWrapper for polymorphism * Define remaining wrapped types (File, String) * Clean up server code * (WIP) add test PreflightSucceeds * catch hresult_error * Use ProcessRequest result in PreformSendReq * Rename test header value to Requested * Propagate orror in ProcessRequest * Rename OPReqFilter to PrototypeReqFilter * Port request filter to WinRT IHttpFilter subtype * Define allowed/forbidden methods and headers * Define MSRN::Networking::OriginPolicyHttpFilter * Move networking types into Shared\Networking folder * Refactor: Move network types to Microsoft::React::Networking * Clean up commented inline * Make OPFilter::SendAsync non const * Remove PrototypeHttpFilter * Temporarily have desk.ITs depend on CppWinRT * Define test OriginPolicyHttpFilterTest::UrlsHaveSameOrigin * Add more same origin tests * Start implementing ValidateRequest * Finish ValidateRequest() * Rename SingleOrigin to SameOrigin * Implement SendPreflightAsync * Fix OP assignment and GetOrigin rendering * Parse Access-Control-Allow-Headers * Done extracting access control values * Use request as argument of ValidatePreflightResponse * clang format * Pass RequestArgs to request properties * Pass RequestArgs to ValidateAllowOrigin * Remove prototype non-WinRT filter * Implement CorsUnsafeNotForbiddenRequestHeaderNames * Test WinRT RequestHeader case sensitivity * Fix ValidateAllowOrigin 4.10.5 * Add HttpOriginPolicyIntegrationTest * Use boost:iequals to compare method names * Add server support for CONNECT and TRACE methods * Make HttpServer port uint16_t * Prelfight only when OP is CORS. - Add test SimpleCorsSameOriginSucceededs - Add test NoCorsCrossOriginPatchSucceededs - Add test NoCorsCrossOriginFetchRequestSucceeds - Add test HTTP Server support for PATCH * Use runtime option Http.StrictScheme * Drop namespace from OriginPolicy * Remove Origin from request heders * Clean includes and usings in WinRTHttpResource.cpp * Update preflight cache issue references (#9770) * Pass origin in IHttpResource constructor * clang format * Prevent nullptr access when iterating preflight request headers * Include request content headers in preflight headers list * Send preflight to original request URL. - Change test origin URL to non-existing http://example.rnw - Have OriginPolicyHttpFilter::SendRequestAsync catch hresult_error to avoid losing info in (...) clause. * Export APIs Set/GetRuntimeOptionString - Switch to class-level static origin Uri. - Define static (global) origin Uri via runtime option "Http.GlobalOrigin". * clang format * Implement TestOriginPolicy to parameterize OP tests * Clean up non-parameterized tests * Use constant for dummy cross origin * Simplify test param constructors * Start implementing ValidateResponse * Add more tests - FullCorsCrossOriginMissingCorsHeadersFails - FullCorsCrossOriginMismatchedCorsHeaderFails * clang format * Change files * Update namespaces in MSRN solution * Move RequestArgs and ResponseType into new header * Implement ExtractAccessControlValues - Validate test result against ServerParams::Response::result * Report specific origin mismatch errors in ValidatePreflightResponse * Declare FullCorsCrossOriginCheckFailsOnPreflightRedirectFails * Add ABI-safe runtime options free functions. - Microsoft_React_SetRuntimeOptionBool - Microsoft_React_SetRuntimeOptionInt - Microsoft_React_SetRuntimeOptionString - Microsoft_React_GetRuntimeOptionBool - Microsoft_React_GetRuntimeOptionInt - Microsoft_React_GetRuntimeOptionString * Drop namespaced GetRuntimeOptionString * Use case-insensitive comparison * Drop newline from error message * Return unmanaged copy in GetRuntimeOptionString * Update FullCorsCrossOriginCheckFailsOnPreflightRedirectFails args * Disallow preflight redirect. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed * Replace winrt::get_self<D,I> with .as<D> * Drop LF from error messages * Use self-managed variable port in tests * Start writing FullCorsCorsCheckFailsOnResponseRedirectFails * Scope disabling autoredirect to preflight request only * Update TODOs with open issues * Compute originAllowed * Add test FullCorsSameOriginToSameOriginRedirectSucceeds * Test FullCorsSameOriginToCrossOriginRedirectSucceeds * Test FullCorsCrossOriginToOriginalOriginRedirectFails * Declare FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Implement OriginPolicyHttpFilter::ConstWcharComparer * Use _wcsicmp instead of boost::iequals in ConstWcharComparer * Correct SimpleCORS value search * Disable FullCorsCrossOriginWithCredentialsSucceeds for now * Rename type alias ResponseType to ResponseOperation * clang format * Handle originPolicy a request property instead of a member variable * Avoid iterating response headers while removing items * Gracefully fail when adding bad request headers - Write remaining integration tests * Use boost::iequals in PerformSendRequest * clang format * Use s_port for redirServer args * Rename TestOriginPolicy to TestOriginPolicyWithRedirect * Temporarily disabled tests - FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds - pending redirect - FullCorsRequestWithHostHeaderFails - Host request header is probematic * Use std::queue for nonSimpleNames * Finish ValidateResponse * Clean up comments * Add Test ExcludeHttpOnlyCookies * Add tests KeepNonHttpOnlyCookies, RemoveAllCookies * Address TODO comments * Always allow simple-CORS methods in preflight * Avoid auto for loop indexe sused against container .size() * Update Desktop.Test.DLL exports for ARM64 * Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails * Ignore SimpleCorsForbiddenMethodFails * Ignore SimpleCorsCrossOriginFetchFails * RequestWithProxyAuthorizationHeaderFails * Ignore SimpleCorsSameOriginSucceededs * Ignore NoCorsCrossOriginFetchRequestSucceeds * Revert "Ignore NoCorsCrossOriginFetchRequestSucceeds" This reverts commit b5445fb. * Revert "Ignore SimpleCorsSameOriginSucceededs" This reverts commit ab75c37. * Revert "RequestWithProxyAuthorizationHeaderFails" This reverts commit 70148b1. * Revert "Ignore SimpleCorsCrossOriginFetchFails" This reverts commit 982e450. * Revert "Ignore SimpleCorsForbiddenMethodFails" This reverts commit 869bda9. * Revert "Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails" This reverts commit e9e178a. * Revert "Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds" This reverts commit 6688e7d. * Skip OP integration tests * Empty commit * Use scoped_lock for runtime options * Testing signature * Have C++ Rt Option functions call ABI-safe ones * Ensure different ports for each netwk test class * Remove remaining hard-coded ports from WS tests * Use ABI-safe callback for GetRtOptString * Only insert boolean rt options when true * Use static variable for port in HttpResourceIntegrationTest * Add HttpResourceIntegrationTest::SimpleRedirectSucceeds * Move C++ Rt Optio APIs to new header CppRuntimeOptions.h * Implement internal Set/GetRuntimeOptionString * clang format * Rename Microsoft_React_* functions to MicrosoftReact* * Update nuspec * Allow >10MB HTTP downloads (#9957) * Allow fetching HTTP content by segments * Change files * Restore the 10MB download chunk size * Remove usage of Content-Length * Revert segment size to 10MB * Make segmentSize and length uint32_t * Reuse response content buffer * Remove change files * Implement Blob module (#9352) * Added BlobModule and IWSModuleContHandler headers * Implement Blob module * Avoid raw self pointer in BlobModule * Implement WebSocketModule msg processing * clang format * Don't return until websocketMessage event is sent * Define CreateBlobModule() * Add DEF exports * Add Blob JS tests * Add Blob JS tests * Change files * yarn lint * Add overrides * Register BlobModule in DesktopTestRunner * Keep ignoring WebSocketBlob test by default * Add BlobModule to default modules list * Allow 'blob' responseType in HTTP module * Ensure React Instance can be accessed when using older versions of react-native * Emit error message on createFromParts failure * Remove redundant extra modules in Desktop integration tests * Declare IWebSocketModuleProxy * Remove Blob and WS module factories from DLL boundary * Implement IWebSocketModuleProxy * clang format * Update packages.lock * Use winrt::array_view directly in ResolveMessage * Define InstanceImpl::m_transitionalModuleProperties * Include CreateModules.h in projects accessing MSRN.Cxx * Define WinRT class WebSocketModuleContentHandler - Have BlobModule constructor register the content handler in transitive property bag CxxNativeModule/WebSocketModuleContentHandler * Have WebSocketModule use IInspectable as props arg * Use property bag instead of global singletons for blob helpers * Store blob helpers in prop bag as weak_ptr * Replace remaining lock_guard<mutex> in BlobModule * Define IUriHandler, IReqBodyHandler, IRespHandler. * IHttpResource::SendRequest - add folly::dynamic data arg * Add data arg to test SendRequest calls * First implementation for BlobModuleUriHandler * Remove WebSocketModuleContentHandler WinRT class * Implement IBlobPersistor, MemoryBlobPersistor * clang format * Update yarn.lock * Update RctRootVieTagGen location * Implement addNetworkingHandler * Fix createFromParts buffer persistence * Drop WebSocketModule s_sharedState in favor of property bag * Disable back WebSocketBlob test * Rename iProperties to inspectableProperties * Pass ReactContext properties to CreateHttpModule in InstanceWin * Remove WebSocketModule constructor from x86 DLL boundary * yarn lint * Update packages.lock * Make transitional property bag non-member * Use blobURIScheme wherever possible * Pass request content as folly::dynaic. - Pass request ID directly from JavaScript layer. * Use constexpr for folly indexes * Implement GetMimeTypeFromUri * Finish BlobModule handler implementations. * Remove unused includes * Ensure HttpModule::m_resource is set * clang format * clang format * Allow blob responseType * Use winrt::to_hstring instead of Utf8ToUtf16 * Pass inspectableProperties down to WinRTHttpResource * Implement IHttpModuleProxy via WinRTHttpResource * Consume URI handler - IHttpResource - Rename SetOnRequest to SetOnRequestSuccess - Declare SetOnBlobData to pass complex (non-string) response data * Consume IRequestBodyHandler * Consume IResponseHandler * Ensure properties exist in bag before using value * Update packages lock * Add missing call to Modules::SendEvent * Fix Shared filters * Rename SetOnBlobData to SetOnData (different args) * Correctly retrieve blob slices * Correctly retrieve blob slices * Clang format * Update project filters * Drop BlobModuleUriHandler * Continue handling requests when not blob-supported * Add BlobTest * Update packages.lock.json * Define FileReaderModule * Implement FileReaderModule * Complete BlobTest * Make IBlobPersistor::ResolveMessage throw std::invalid_argument * Fail on Content-Encoding parsing even if no error handler * Remove MIME mappings. Currently unused * MemoryBlobPersistor::ResolveMessage throw on out of bounds * lint * Enable BlobTest by default * Disable Blob test in CI (may hang) * Use logical OR to assert HTTP responseType (#10095) * update yarn.lock * Use logical OR to assert HTTP responseType * Change files * Remove change files * Implement HTTP client timeout (#10261) * Implement hard-coded timeout * Create timeout from JS args * Timeout only for values greater than 0 * Change files * Remove variable sendRequestAny * Remove unused captures * Remove change files * Use uint8_t const in IBlobPersistor.h (#10276) * Use uint8_t const in IBlobPersistor.h Some versions of clang will not compile when the array_view data for CryptographicBuffer::CreateFromByteArray is not `uint8_t const`. This change switches the callsites to use uint8_t const where needed. * Change files * Fix Blob test comparison Co-authored-by: Julio C. Rocha <julio.rocha@microsoft.com> * Remove change files * Adds missing headers for HttpRequestHeaderCollection (#10277) * Adds missing headers for HttpRequestHeaderCollection These headers are needed in case alternative PCH are used to compile (e.g., with clang BUCK). * Change files * Remove change files * Skip user agent HTTP header validation (#10279) * Skip user agent HTTP header validation In #8392, we added logic to skip HTTP header validation for `User-Agent` in the NetworkingModule. Now that NetworkingModule is being refactored, we need this change in the new implementation. This change skips user agent validation in the new networking module. * Change files * Remove change files * Implement HTTP redirection (#10534) * Define WinRTHttpResult::CreateRequest * Use request produced by CreateRequest() TODO: Have PerformSendRequest receive raw method and uri instead of HttpRequestMessage. * Exit if request is not created successfully * Enabled FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds * Single retry * Add test RedirectPatchSucceeds * Rename tests to SimpleRedirect<VERB>Succeeds * Use method and URI intead of full HTTPReqMsg in PerformSendReq * Move HttpResourceIntegrationTest into workspace * Add WinInet-based test * Get request complete variables * Define RequestContext struct * Get response content * Add synchronization logic * Refer CoreFX reference PR and version * Disable SimpleRedirectWinInetSucceeds * Define RedirectHttpFilter - Meant to be the default internal filter for WinRTHttpResource. * Use redirect filter for OP and default clients in factory * Implement RedirectHttpFilter::SendRequestAsync TODO: Deal with IDS_REQUEST_ALREADY_SENT by making CreateRequest coroutine available to both the resource and filter classes. * Expose resource as IWinRTHttpRequestFactory - Allows redir filter to access resource's request factory method. * Re-arrange resource instantiation in Make factory * Re-enable disabled Origin Policy tests * Make redir filter constructors noexcept * Attempt to implement IHttpBaseProtocolFilter * Make redir filter implement IHttpBaseProtocolFilter * Enable inheritance of IHttpBPFilter via unsetting WINRT_LEAN_AND_MEAN * Implement IHttpBPfilter based on inner filter * Add RedirHttpFilterUTs class * Fix comment * Consume mocks in MockBaseFilter * Implement mocks in ManualRedirectSucceeds * Implement manual redir test with coroutines * Complete [Manual|Automatic]RedirectSucceeds * Allow setting max redirect # in constructor - Add test TooManyRedirectsFails * Add test MaxAllowedRedirectsSucceeds * Minor requestArgs factoring * Define and consume IRedirectEventSource * Add IRedirectEventSource.idl to unit test project * Update Shared vcx filters * Partially implement OPFilter::OnRedirecting * Update Shared filters * Make OPFilter drop redirection for preflights * Allow empty string, non-null req content * Allow non-movable responses in test server (OPIntTests) * Always clear Http.OmitCredentials rt option * Update outdated comment * Removed commented code * Clean up stale/commented code * Throw E_INVALIDARG if redirect gets null request handle * Throw ERROR_HTTP_REDIRECT_FAILED on too many redirects * Remove/ignore incorrect tests * clang format * Change files * Update packages lock * Remove Redir filter constructor from DLL boundary * Drop unused libs/include dirs * Restore ut project IncludePath * Remove /*const*/ comments from HTTP mocks * Explicitly capture `constexpr` Implicit capture only available starting MSVC 14.3 * Declare redirect counts as size_t * Update packages.lock.json * Update packages lock * Replace IInspectable with WinRT IMap (request props) in CreateRequest * Make TaintedOrigin a direct request property. The `RequestArgs` struct should not hold Origin POlicy specific data. * clang format * Fix compilation of filter and resource in MSRN * Rename local variables * Fix relative include of WinRTTypes * Simplify redirect count tests * Propagate isTimeout to JS layer * Comment alternative HRESULTs for timeout * Address feedback for internal MIDL type * Update packages lock * Use std::stol to parse Content-Length * Use constexpr for default max redirects * Drop WinRT/Http/Filters header from PCH - This prevents including the header with WINRT_LEAN_AND_MEAN macro conflict. - Only DevSupportManager required it. Performance loss is negligible. * Add interface IRedirectEventSource2 * Remove IDL IRedirectEventSource * Rename IRedirectEventSource2 to IRedirectEventSource * Revert packages lock * Remove stale IDL reference * Throw on RedirectHttpFilter::AllowUI * Change files * Fix merge errors * clang format * Use global.FileReader * Remove duplicate JS override * Enable Blob module in UWP (#10187) * Update packages.lock.json * Update packages.lock.json * Add Shared project to ReactUWPTestApp solution * RNTesterApp.csproj formatting * Enable Blob module in UWP * Change files * Update packages.lock.json * Use context property bag for runtime options in MSRN * Remove unused options header * Revert ReactUWPTestApp.sln * Update packages.lock.json * Update packages.lock.json * Use namespace in monolith HTTP module property * clang format * Revert unwanted changes Co-authored-by: Eric Rozell <erozell@outlook.com>
- Loading branch information