Source code

Revision control

Copy as Markdown

Other Tools

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim:set ts=4 sw=2 sts=2 et cin: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
// HttpLog.h should generally be included first
#include "nsHttpTransaction.h"
#include <algorithm>
#include <utility>
#include "HttpLog.h"
#include "HTTPSRecordResolver.h"
#include "NSSErrorsService.h"
#include "base/basictypes.h"
#include "mozilla/Components.h"
#include "mozilla/glean/GleanMetrics.h"
#include "mozilla/net/SSLTokensCache.h"
#include "mozilla/ScopeExit.h"
#include "mozilla/Tokenizer.h"
#include "mozilla/StaticPrefs_network.h"
#include "MockHttpAuth.h"
#include "nsCRT.h"
#include "nsComponentManagerUtils.h" // do_CreateInstance
#include "nsHttpBasicAuth.h"
#include "nsHttpChannel.h"
#include "nsHttpChunkedDecoder.h"
#include "nsHttpDigestAuth.h"
#include "nsHttpHandler.h"
#include "nsHttpNTLMAuth.h"
#ifdef MOZ_AUTH_EXTENSION
# include "nsHttpNegotiateAuth.h"
#endif
#include "nsHttpRequestHead.h"
#include "nsHttpResponseHead.h"
#include "nsICancelable.h"
#include "nsIClassOfService.h"
#include "nsIDNSByTypeRecord.h"
#include "nsIDNSRecord.h"
#include "nsIDNSService.h"
#include "nsIEventTarget.h"
#include "nsIHttpActivityObserver.h"
#include "nsIHttpAuthenticator.h"
#include "nsIInputStream.h"
#include "nsIInputStreamPriority.h"
#include "nsIMultiplexInputStream.h"
#include "nsIOService.h"
#include "nsIPipe.h"
#include "nsIRequestContext.h"
#include "nsISeekableStream.h"
#include "nsITLSSocketControl.h"
#include "nsIThrottledInputChannel.h"
#include "nsITransport.h"
#include "nsMultiplexInputStream.h"
#include "nsNetCID.h"
#include "nsNetUtil.h"
#include "nsQueryObject.h"
#include "nsSocketTransportService2.h"
#include "nsStringStream.h"
#include "nsTransportUtils.h"
#include "sslerr.h"
#include "SpeculativeTransaction.h"
//-----------------------------------------------------------------------------
// Place a limit on how much non-compliant HTTP can be skipped while
// looking for a response header
#define MAX_INVALID_RESPONSE_BODY_SIZE (1024 * 128)
using namespace mozilla::net;
namespace mozilla::net {
//-----------------------------------------------------------------------------
// nsHttpTransaction <public>
//-----------------------------------------------------------------------------
nsHttpTransaction::nsHttpTransaction() {
LOG(("Creating nsHttpTransaction @%p\n", this));
#ifdef MOZ_VALGRIND
memset(&mSelfAddr, 0, sizeof(NetAddr));
memset(&mPeerAddr, 0, sizeof(NetAddr));
#endif
mSelfAddr.raw.family = PR_AF_UNSPEC;
mPeerAddr.raw.family = PR_AF_UNSPEC;
mThroughCaptivePortal = gHttpHandler->GetThroughCaptivePortal();
}
void nsHttpTransaction::ResumeReading() {
MOZ_ASSERT(OnSocketThread(), "not on socket thread");
if (!mReadingStopped) {
return;
}
LOG(("nsHttpTransaction::ResumeReading %p", this));
mReadingStopped = false;
// This with either reengage the limit when still throttled in WriteSegments
// or simply reset to allow unlimeted reading again.
mThrottlingReadAllowance = THROTTLE_NO_LIMIT;
if (mConnection) {
mConnection->TransactionHasDataToRecv(this);
nsresult rv = mConnection->ResumeRecv();
if (NS_FAILED(rv)) {
LOG((" resume failed with rv=%" PRIx32, static_cast<uint32_t>(rv)));
}
}
}
bool nsHttpTransaction::EligibleForThrottling() const {
return (mClassOfServiceFlags &
(nsIClassOfService::Throttleable | nsIClassOfService::DontThrottle |
nsIClassOfService::Leader | nsIClassOfService::Unblocked)) ==
nsIClassOfService::Throttleable;
}
void nsHttpTransaction::SetClassOfService(ClassOfService cos) {
if (mClosed) {
return;
}
bool wasThrottling = EligibleForThrottling();
mClassOfServiceFlags = cos.Flags();
mClassOfServiceIncremental = cos.Incremental();
bool isThrottling = EligibleForThrottling();
if (mConnection && wasThrottling != isThrottling) {
// Do nothing until we are actually activated. For now
// only remember the throttle flag. Call to UpdateActiveTransaction
// would add this transaction to the list too early.
gHttpHandler->ConnMgr()->UpdateActiveTransaction(this);
if (mReadingStopped && !isThrottling) {
ResumeReading();
}
}
}
class ReleaseOnSocketThread final : public mozilla::Runnable {
public:
explicit ReleaseOnSocketThread(nsTArray<nsCOMPtr<nsISupports>>&& aDoomed)
: Runnable("ReleaseOnSocketThread"), mDoomed(std::move(aDoomed)) {}
NS_IMETHOD
Run() override {
mDoomed.Clear();
return NS_OK;
}
void Dispatch() {
nsCOMPtr<nsIEventTarget> sts =
do_GetService("@mozilla.org/network/socket-transport-service;1");
Unused << sts->Dispatch(this, nsIEventTarget::DISPATCH_NORMAL);
}
private:
virtual ~ReleaseOnSocketThread() = default;
nsTArray<nsCOMPtr<nsISupports>> mDoomed;
};
nsHttpTransaction::~nsHttpTransaction() {
LOG(("Destroying nsHttpTransaction @%p\n", this));
if (mPushedStream) {
mPushedStream->OnPushFailed();
mPushedStream = nullptr;
}
if (mTokenBucketCancel) {
mTokenBucketCancel->Cancel(NS_ERROR_ABORT);
mTokenBucketCancel = nullptr;
}
// Force the callbacks and connection to be released right now
{
MutexAutoLock lock(mLock);
mCallbacks = nullptr;
}
mEarlyHintObserver = nullptr;
delete mResponseHead;
delete mChunkedDecoder;
ReleaseBlockingTransaction();
nsTArray<nsCOMPtr<nsISupports>> arrayToRelease;
if (mConnection) {
arrayToRelease.AppendElement(mConnection.forget());
}
if (!arrayToRelease.IsEmpty()) {
RefPtr<ReleaseOnSocketThread> r =
new ReleaseOnSocketThread(std::move(arrayToRelease));
r->Dispatch();
}
}
nsresult nsHttpTransaction::Init(
uint32_t caps, nsHttpConnectionInfo* cinfo, nsHttpRequestHead* requestHead,
nsIInputStream* requestBody, uint64_t requestContentLength,
bool requestBodyHasHeaders, nsIEventTarget* target,
nsIInterfaceRequestor* callbacks, nsITransportEventSink* eventsink,
uint64_t browserId, HttpTrafficCategory trafficCategory,
nsIRequestContext* requestContext, ClassOfService classOfService,
uint32_t initialRwin, bool responseTimeoutEnabled, uint64_t channelId,
TransactionObserverFunc&& transactionObserver,
OnPushCallback&& aOnPushCallback,
HttpTransactionShell* transWithPushedStream, uint32_t aPushedStreamId) {
nsresult rv;
LOG1(("nsHttpTransaction::Init [this=%p caps=%x]\n", this, caps));
if (AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdownConfirmed)) {
LOG(
("nsHttpTransaction aborting init because of app"
"shutdown"));
return NS_ERROR_ILLEGAL_DURING_SHUTDOWN;
}
MOZ_ASSERT(cinfo);
MOZ_ASSERT(requestHead);
MOZ_ASSERT(target);
MOZ_ASSERT(target->IsOnCurrentThread());
mChannelId = channelId;
mTransactionObserver = std::move(transactionObserver);
mOnPushCallback = std::move(aOnPushCallback);
mBrowserId = browserId;
mTrafficCategory = trafficCategory;
LOG1(("nsHttpTransaction %p SetRequestContext %p\n", this, requestContext));
mRequestContext = requestContext;
SetClassOfService(classOfService);
mResponseTimeoutEnabled = responseTimeoutEnabled;
mInitialRwin = initialRwin;
// create transport event sink proxy. it coalesces consecutive
// events of the same status type.
rv = net_NewTransportEventSinkProxy(getter_AddRefs(mTransportSink), eventsink,
target);
if (NS_FAILED(rv)) return rv;
mConnInfo = cinfo;
mCallbacks = callbacks;
mConsumerTarget = target;
mCaps = caps;
// eventsink is a nsHttpChannel when we expect "103 Early Hints" responses.
// We expect it in document requests and not e.g. in TRR requests.
mEarlyHintObserver = do_QueryInterface(eventsink);
if (requestHead->IsHead()) {
mNoContent = true;
}
// grab a weak reference to the request head
mRequestHead = requestHead;
mReqHeaderBuf = nsHttp::ConvertRequestHeadToString(
*requestHead, !!requestBody, requestBodyHasHeaders,
cinfo->UsingConnect());
if (LOG1_ENABLED()) {
LOG1(("http request [\n"));
LogHeaders(mReqHeaderBuf.get());
LOG1(("]\n"));
}
// report the request header
if (gHttpHandler->HttpActivityDistributorActivated()) {
nsCString requestBuf(mReqHeaderBuf);
NS_DispatchToMainThread(NS_NewRunnableFunction(
"ObserveHttpActivityWithArgs", [channelId(mChannelId), requestBuf]() {
if (!gHttpHandler) {
return;
}
gHttpHandler->ObserveHttpActivityWithArgs(
HttpActivityArgs(channelId),
NS_HTTP_ACTIVITY_TYPE_HTTP_TRANSACTION,
NS_HTTP_ACTIVITY_SUBTYPE_REQUEST_HEADER, PR_Now(), 0, requestBuf);
}));
}
// Create a string stream for the request header buf (the stream holds
// a non-owning reference to the request header data, so we MUST keep
// mReqHeaderBuf around).
nsCOMPtr<nsIInputStream> headers;
rv = NS_NewByteInputStream(getter_AddRefs(headers), mReqHeaderBuf,
NS_ASSIGNMENT_DEPEND);
if (NS_FAILED(rv)) return rv;
mHasRequestBody = !!requestBody;
if (mHasRequestBody && !requestContentLength) {
mHasRequestBody = false;
}
requestContentLength += mReqHeaderBuf.Length();
if (mHasRequestBody) {
// wrap the headers and request body in a multiplexed input stream.
nsCOMPtr<nsIMultiplexInputStream> multi;
rv = nsMultiplexInputStreamConstructor(NS_GET_IID(nsIMultiplexInputStream),
getter_AddRefs(multi));
if (NS_FAILED(rv)) return rv;
rv = multi->AppendStream(headers);
if (NS_FAILED(rv)) return rv;
rv = multi->AppendStream(requestBody);
if (NS_FAILED(rv)) return rv;
// wrap the multiplexed input stream with a buffered input stream, so
// that we write data in the largest chunks possible. this is actually
// necessary to workaround some common server bugs (see bug 137155).
nsCOMPtr<nsIInputStream> stream(do_QueryInterface(multi));
rv = NS_NewBufferedInputStream(getter_AddRefs(mRequestStream),
stream.forget(),
nsIOService::gDefaultSegmentSize);
if (NS_FAILED(rv)) return rv;
} else {
mRequestStream = headers;
}
nsCOMPtr<nsIThrottledInputChannel> throttled = do_QueryInterface(eventsink);
if (throttled) {
nsCOMPtr<nsIInputChannelThrottleQueue> queue;
rv = throttled->GetThrottleQueue(getter_AddRefs(queue));
// In case of failure, just carry on without throttling.
if (NS_SUCCEEDED(rv) && queue) {
nsCOMPtr<nsIAsyncInputStream> wrappedStream;
rv = queue->WrapStream(mRequestStream, getter_AddRefs(wrappedStream));
// Failure to throttle isn't sufficient reason to fail
// initialization
if (NS_SUCCEEDED(rv)) {
MOZ_ASSERT(wrappedStream != nullptr);
LOG(
("nsHttpTransaction::Init %p wrapping input stream using throttle "
"queue %p\n",
this, queue.get()));
mRequestStream = wrappedStream;
}
}
}
// make sure request content-length fits within js MAX_SAFE_INTEGER
mRequestSize = InScriptableRange(requestContentLength)
? static_cast<int64_t>(requestContentLength)
: -1;
// create pipe for response stream
NS_NewPipe2(getter_AddRefs(mPipeIn), getter_AddRefs(mPipeOut), true, true,
nsIOService::gDefaultSegmentSize,
nsIOService::gDefaultSegmentCount);
if (transWithPushedStream && aPushedStreamId) {
RefPtr<nsHttpTransaction> trans =
transWithPushedStream->AsHttpTransaction();
MOZ_ASSERT(trans);
mPushedStream = trans->TakePushedStreamById(aPushedStreamId);
}
bool forceUseHTTPSRR = StaticPrefs::network_dns_force_use_https_rr();
if ((gHttpHandler->UseHTTPSRRAsAltSvcEnabled() &&
!(mCaps & NS_HTTP_DISALLOW_HTTPS_RR)) ||
forceUseHTTPSRR) {
nsCOMPtr<nsIEventTarget> target;
Unused << gHttpHandler->GetSocketThreadTarget(getter_AddRefs(target));
if (target) {
if (StaticPrefs::network_dns_force_waiting_https_rr() ||
StaticPrefs::network_dns_echconfig_enabled() || forceUseHTTPSRR) {
mCaps |= NS_HTTP_FORCE_WAIT_HTTP_RR;
}
mResolver = new HTTPSRecordResolver(this);
nsCOMPtr<nsICancelable> dnsRequest;
rv = mResolver->FetchHTTPSRRInternal(target, getter_AddRefs(dnsRequest));
if (NS_SUCCEEDED(rv)) {
mHTTPSSVCReceivedStage = HTTPSSVC_NOT_PRESENT;
}
{
MutexAutoLock lock(mLock);
mDNSRequest.swap(dnsRequest);
if (NS_FAILED(rv)) {
MakeDontWaitHTTPSRR();
}
}
}
}
RefPtr<nsHttpChannel> httpChannel = do_QueryObject(eventsink);
RefPtr<WebTransportSessionEventListener> listener =
httpChannel ? httpChannel->GetWebTransportSessionEventListener()
: nullptr;
if (listener) {
mWebTransportSessionEventListener = std::move(listener);
}
return NS_OK;
}
static inline void CreateAndStartTimer(nsCOMPtr<nsITimer>& aTimer,
nsITimerCallback* aCallback,
uint32_t aTimeout) {
MOZ_DIAGNOSTIC_ASSERT(OnSocketThread(), "not on socket thread");
MOZ_ASSERT(!aTimer);
if (!aTimeout) {
return;
}
NS_NewTimerWithCallback(getter_AddRefs(aTimer), aCallback, aTimeout,
nsITimer::TYPE_ONE_SHOT);
}
void nsHttpTransaction::OnPendingQueueInserted(
const nsACString& aConnectionHashKey) {
MOZ_ASSERT(OnSocketThread(), "not on socket thread");
{
MutexAutoLock lock(mLock);
mHashKeyOfConnectionEntry.Assign(aConnectionHashKey);
}
// Don't create mHttp3BackupTimer if HTTPS RR is in play.
if (mConnInfo->IsHttp3() && !mOrigConnInfo && !mConnInfo->GetWebTransport()) {
// Backup timer should only be created once.
if (!mHttp3BackupTimerCreated) {
CreateAndStartTimer(mHttp3BackupTimer, this,
StaticPrefs::network_http_http3_backup_timer_delay());
mHttp3BackupTimerCreated = true;
}
}
}
nsresult nsHttpTransaction::AsyncRead(nsIStreamListener* listener,
nsIRequest** pump) {
RefPtr<nsInputStreamPump> transactionPump;
nsresult rv =
nsInputStreamPump::Create(getter_AddRefs(transactionPump), mPipeIn);
NS_ENSURE_SUCCESS(rv, rv);
rv = transactionPump->AsyncRead(listener);
NS_ENSURE_SUCCESS(rv, rv);
transactionPump.forget(pump);
return NS_OK;
}
// This method should only be used on the socket thread
nsAHttpConnection* nsHttpTransaction::Connection() {
MOZ_ASSERT(OnSocketThread(), "not on socket thread");
return mConnection.get();
}
void nsHttpTransaction::SetH2WSConnRefTaken() {
if (!OnSocketThread()) {
nsCOMPtr<nsIRunnable> event =
NewRunnableMethod("nsHttpTransaction::SetH2WSConnRefTaken", this,
&nsHttpTransaction::SetH2WSConnRefTaken);
gSocketTransportService->Dispatch(event, NS_DISPATCH_NORMAL);
return;
}
}
UniquePtr<nsHttpResponseHead> nsHttpTransaction::TakeResponseHead() {
MOZ_ASSERT(!mResponseHeadTaken, "TakeResponseHead called 2x");
// Lock TakeResponseHead() against main thread
MutexAutoLock lock(mLock);
mResponseHeadTaken = true;
// Even in OnStartRequest() the headers won't be available if we were
// canceled
if (!mHaveAllHeaders) {
NS_WARNING("response headers not available or incomplete");
return nullptr;
}
return WrapUnique(std::exchange(mResponseHead, nullptr));
}
UniquePtr<nsHttpHeaderArray> nsHttpTransaction::TakeResponseTrailers() {
MOZ_ASSERT(!mResponseTrailersTaken, "TakeResponseTrailers called 2x");
// Lock TakeResponseTrailers() against main thread
MutexAutoLock lock(mLock);
mResponseTrailersTaken = true;
return std::move(mForTakeResponseTrailers);
}
void nsHttpTransaction::SetProxyConnectFailed() { mProxyConnectFailed = true; }
nsHttpRequestHead* nsHttpTransaction::RequestHead() { return mRequestHead; }
uint32_t nsHttpTransaction::Http1xTransactionCount() { return 1; }
nsresult nsHttpTransaction::TakeSubTransactions(
nsTArray<RefPtr<nsAHttpTransaction>>& outTransactions) {
return NS_ERROR_NOT_IMPLEMENTED;
}
//----------------------------------------------------------------------------
// nsHttpTransaction::nsAHttpTransaction
//----------------------------------------------------------------------------
void nsHttpTransaction::SetConnection(nsAHttpConnection* conn) {
{
MutexAutoLock lock(mLock);
mConnection = conn;
if (mConnection) {
mIsHttp3Used = mConnection->Version() == HttpVersion::v3_0;
}
}
}
void nsHttpTransaction::OnActivated() {
MOZ_ASSERT(OnSocketThread());
if (mActivated) {
return;
}
if (mTrafficCategory != HttpTrafficCategory::eInvalid) {
HttpTrafficAnalyzer* hta = gHttpHandler->GetHttpTrafficAnalyzer();
if (hta) {
hta->IncrementHttpTransaction(mTrafficCategory);
}
if (mConnection) {
mConnection->SetTrafficCategory(mTrafficCategory);
}
}
if (mConnection && mRequestHead &&
mConnection->Version() >= HttpVersion::v2_0) {
// So this is fun. On http/2, we want to send TE: trailers, to be
// spec-compliant. So we add it to the request head here. The fun part
// is that adding a header to the request head at this point has no
// effect on what we send on the wire, as the headers are already
// flattened (in Init()) by the time we get here. So the *real* adding
// of the header happens in the h2 compression code. We still have to
// add the header to the request head here, though, so that devtools can
// show that we sent the header. FUN!
Unused << mRequestHead->SetHeader(nsHttp::TE, "trailers"_ns);
}
mActivated = true;
gHttpHandler->ConnMgr()->AddActiveTransaction(this);
}
void nsHttpTransaction::GetSecurityCallbacks(nsIInterfaceRequestor** cb) {
MutexAutoLock lock(mLock);
nsCOMPtr<nsIInterfaceRequestor> tmp(mCallbacks);
tmp.forget(cb);
}
void nsHttpTransaction::SetSecurityCallbacks(
nsIInterfaceRequestor* aCallbacks) {
{
MutexAutoLock lock(mLock);
mCallbacks = aCallbacks;
}
if (gSocketTransportService) {
RefPtr<UpdateSecurityCallbacks> event =
new UpdateSecurityCallbacks(this, aCallbacks);
gSocketTransportService->Dispatch(event, nsIEventTarget::DISPATCH_NORMAL);
}
}
void nsHttpTransaction::OnTransportStatus(nsITransport* transport,
nsresult status, int64_t progress) {
LOG1(("nsHttpTransaction::OnSocketStatus [this=%p status=%" PRIx32
" progress=%" PRId64 "]\n",
this, static_cast<uint32_t>(status), progress));
if (status == NS_NET_STATUS_CONNECTED_TO ||
status == NS_NET_STATUS_WAITING_FOR) {
if (mConnection) {
MutexAutoLock lock(mLock);
mConnection->GetSelfAddr(&mSelfAddr);
mConnection->GetPeerAddr(&mPeerAddr);
mResolvedByTRR = mConnection->ResolvedByTRR();
mEffectiveTRRMode = mConnection->EffectiveTRRMode();
mTRRSkipReason = mConnection->TRRSkipReason();
mEchConfigUsed = mConnection->GetEchConfigUsed();
}
}
// If the timing is enabled, and we are not using a persistent connection
// then the requestStart timestamp will be null, so we mark the timestamps
// for domainLookupStart/End and connectStart/End
// If we are using a persistent connection they will remain null,
// and the correct value will be returned in Performance.
if (TimingEnabled() && GetRequestStart().IsNull()) {
if (status == NS_NET_STATUS_RESOLVING_HOST) {
SetDomainLookupStart(TimeStamp::Now(), true);
} else if (status == NS_NET_STATUS_RESOLVED_HOST) {
SetDomainLookupEnd(TimeStamp::Now());
} else if (status == NS_NET_STATUS_CONNECTING_TO) {
SetConnectStart(TimeStamp::Now());
} else if (status == NS_NET_STATUS_CONNECTED_TO) {
TimeStamp tnow = TimeStamp::Now();
SetConnectEnd(tnow, true);
{
MutexAutoLock lock(mLock);
mTimings.tcpConnectEnd = tnow;
}
} else if (status == NS_NET_STATUS_TLS_HANDSHAKE_STARTING) {
{
MutexAutoLock lock(mLock);
mTimings.secureConnectionStart = TimeStamp::Now();
}
} else if (status == NS_NET_STATUS_TLS_HANDSHAKE_ENDED) {
SetConnectEnd(TimeStamp::Now(), false);
} else if (status == NS_NET_STATUS_SENDING_TO) {
// Set the timestamp to Now(), only if it null
SetRequestStart(TimeStamp::Now(), true);
}
}
if (!mTransportSink) return;
MOZ_ASSERT(OnSocketThread(), "not on socket thread");
// Need to do this before the STATUS_RECEIVING_FROM check below, to make
// sure that the activity distributor gets told about all status events.
// upon STATUS_WAITING_FOR; report request body sent
if ((mHasRequestBody) && (status == NS_NET_STATUS_WAITING_FOR)) {
gHttpHandler->ObserveHttpActivityWithArgs(
HttpActivityArgs(mChannelId), NS_HTTP_ACTIVITY_TYPE_HTTP_TRANSACTION,
NS_HTTP_ACTIVITY_SUBTYPE_REQUEST_BODY_SENT, PR_Now(), 0, ""_ns);
}
// report the status and progress
gHttpHandler->ObserveHttpActivityWithArgs(
HttpActivityArgs(mChannelId), NS_HTTP_ACTIVITY_TYPE_SOCKET_TRANSPORT,
static_cast<uint32_t>(status), PR_Now(), progress, ""_ns);
// nsHttpChannel synthesizes progress events in OnDataAvailable
if (status == NS_NET_STATUS_RECEIVING_FROM) return;
int64_t progressMax;
if (status == NS_NET_STATUS_SENDING_TO) {
// suppress progress when only writing request headers
if (!mHasRequestBody) {
LOG1(
("nsHttpTransaction::OnTransportStatus %p "
"SENDING_TO without request body\n",
this));
return;
}
if (mReader) {
// A mRequestStream method is on the stack - wait.
LOG(
("nsHttpTransaction::OnSocketStatus [this=%p] "
"Skipping Re-Entrant NS_NET_STATUS_SENDING_TO\n",
this));
// its ok to coalesce several of these into one deferred event
mDeferredSendProgress = true;
return;
}
nsCOMPtr<nsITellableStream> tellable = do_QueryInterface(mRequestStream);
if (!tellable) {
LOG1(
("nsHttpTransaction::OnTransportStatus %p "
"SENDING_TO without tellable request stream\n",
this));
MOZ_ASSERT(
!mRequestStream,
"mRequestStream should be tellable as it was wrapped in "
"nsBufferedInputStream, which provides the tellable interface even "
"when wrapping non-tellable streams.");
progress = 0;
} else {
int64_t prog = 0;
tellable->Tell(&prog);
progress = prog;
}
// when uploading, we include the request headers in the progress
// notifications.
progressMax = mRequestSize;
} else {
progress = 0;
progressMax = 0;
}
mTransportSink->OnTransportStatus(transport, status, progress, progressMax);
}
bool nsHttpTransaction::IsDone() { return mTransactionDone; }
nsresult nsHttpTransaction::Status() { return mStatus; }
uint32_t nsHttpTransaction::Caps() { return mCaps & ~mCapsToClear; }
void nsHttpTransaction::SetDNSWasRefreshed() {
MOZ_ASSERT(mConsumerTarget->IsOnCurrentThread(),
"SetDNSWasRefreshed on target thread only!");
mCapsToClear |= NS_HTTP_REFRESH_DNS;
}
nsresult nsHttpTransaction::ReadRequestSegment(nsIInputStream* stream,
void* closure, const char* buf,
uint32_t offset, uint32_t count,
uint32_t* countRead) {
// For the tracking of sent bytes that we used to do for the networkstats
// API, please see bug 1318883 where it was removed.
nsHttpTransaction* trans = (nsHttpTransaction*)closure;
nsresult rv = trans->mReader->OnReadSegment(buf, count, countRead);
if (NS_FAILED(rv)) {
trans->MaybeRefreshSecurityInfo();
return rv;
}
LOG(("nsHttpTransaction::ReadRequestSegment %p read=%u", trans, *countRead));
trans->mSentData = true;
return NS_OK;
}
nsresult nsHttpTransaction::ReadSegments(nsAHttpSegmentReader* reader,
uint32_t count, uint32_t* countRead) {
LOG(("nsHttpTransaction::ReadSegments %p", this));
MOZ_ASSERT(OnSocketThread(), "not on socket thread");
if (mTransactionDone) {
*countRead = 0;
return mStatus;
}
if (!m0RTTInProgress) {
MaybeCancelFallbackTimer();
}
if (!mConnected && !m0RTTInProgress) {
mConnected = true;
MaybeRefreshSecurityInfo();
}
mDeferredSendProgress = false;
mReader = reader;
nsresult rv =
mRequestStream->ReadSegments(ReadRequestSegment, this, count, countRead);
mReader = nullptr;
if (m0RTTInProgress && (mEarlyDataDisposition == EARLY_NONE) &&
NS_SUCCEEDED(rv) && (*countRead > 0)) {
LOG(("mEarlyDataDisposition = EARLY_SENT"));
mEarlyDataDisposition = EARLY_SENT;
}
if (mDeferredSendProgress && mConnection) {
// to avoid using mRequestStream concurrently, OnTransportStatus()
// did not report upload status off the ReadSegments() stack from
// nsSocketTransport do it now.
OnTransportStatus(mConnection->Transport(), NS_NET_STATUS_SENDING_TO, 0);
}
mDeferredSendProgress = false;
if (mForceRestart) {
// The forceRestart condition was dealt with on the stack, but it did not
// clear the flag because nsPipe in the readsegment stack clears out
// return codes, so we need to use the flag here as a cue to return
// ERETARGETED
if (NS_SUCCEEDED(rv)) {
rv = NS_BINDING_RETARGETED;
}
mForceRestart = false;
}
// if read would block then we need to AsyncWait on the request stream.
// have callback occur on socket thread so we stay synchronized.
if (rv == NS_BASE_STREAM_WOULD_BLOCK) {
nsCOMPtr<nsIAsyncInputStream> asyncIn = do_QueryInterface(mRequestStream);
if (asyncIn) {
nsCOMPtr<nsIEventTarget> target;
Unused << gHttpHandler->GetSocketThreadTarget(getter_AddRefs(target));
if (target) {
asyncIn->AsyncWait(this, 0, 0, target);
} else {
NS_ERROR("no socket thread event target");
rv = NS_ERROR_UNEXPECTED;
}
}
}
return rv;
}
nsresult nsHttpTransaction::WritePipeSegment(nsIOutputStream* stream,
void* closure, char* buf,
uint32_t offset, uint32_t count,
uint32_t* countWritten) {
nsHttpTransaction* trans = (nsHttpTransaction*)closure;
if (trans->mTransactionDone) return NS_BASE_STREAM_CLOSED; // stop iterating
if (trans->TimingEnabled()) {
// Set the timestamp to Now(), only if it null
trans->SetResponseStart(TimeStamp::Now(), true);
}
// Bug 1153929 - add checks to fix windows crash
MOZ_ASSERT(trans->mWriter);
if (!trans->mWriter) {
return NS_ERROR_UNEXPECTED;
}
nsresult rv;
//
// OK, now let the caller fill this segment with data.
//
rv = trans->mWriter->OnWriteSegment(buf, count, countWritten);
if (NS_FAILED(rv)) {
trans->MaybeRefreshSecurityInfo();
return rv; // caller didn't want to write anything
}
LOG(("nsHttpTransaction::WritePipeSegment %p written=%u", trans,
*countWritten));
MOZ_ASSERT(*countWritten > 0, "bad writer");
trans->mReceivedData = true;
trans->mTransferSize += *countWritten;
// Let the transaction "play" with the buffer. It is free to modify
// the contents of the buffer and/or modify countWritten.
// - Bytes in HTTP headers don't count towards countWritten, so the input
// side of pipe (aka nsHttpChannel's mTransactionPump) won't hit
// OnInputStreamReady until all headers have been parsed.
//
rv = trans->ProcessData(buf, *countWritten, countWritten);
if (NS_FAILED(rv)) trans->Close(rv);
return rv; // failure code only stops WriteSegments; it is not propagated.
}
bool nsHttpTransaction::ShouldThrottle() {
if (mClassOfServiceFlags & nsIClassOfService::DontThrottle) {
// We deliberately don't touch the throttling window here since
// DontThrottle requests are expected to be long-standing media
// streams and would just unnecessarily block running downloads.
// If we want to ballance bandwidth for media responses against
// running downloads, we need to find something smarter like
// changing the suspend/resume throttling intervals at-runtime.
return false;
}
if (!gHttpHandler->ConnMgr()->ShouldThrottle(this)) {
// We are not obligated to throttle
return false;
}
if (mContentRead < 16000) {
// Let the first bytes go, it may also well be all the content we get
LOG(("nsHttpTransaction::ShouldThrottle too few content (%" PRIi64
") this=%p",
mContentRead, this));
return false;
}
if (!(mClassOfServiceFlags & nsIClassOfService::Throttleable) &&
gHttpHandler->ConnMgr()->IsConnEntryUnderPressure(mConnInfo)) {
LOG(("nsHttpTransaction::ShouldThrottle entry pressure this=%p", this));
// This is expensive to check (two hashtable lookups) but may help
// freeing connections for active tab transactions.
// Checking this only for transactions that are not explicitly marked
// as throttleable because trackers and (specially) downloads should
// keep throttling even under pressure.
return false;
}
return true;
}
void nsHttpTransaction::DontReuseConnection() {
LOG(("nsHttpTransaction::DontReuseConnection %p\n", this));
if (!OnSocketThread()) {
LOG(("DontReuseConnection %p not on socket thread\n", this));
nsCOMPtr<nsIRunnable> event =
NewRunnableMethod("nsHttpTransaction::DontReuseConnection", this,
&nsHttpTransaction::DontReuseConnection);
gSocketTransportService->Dispatch(event, NS_DISPATCH_NORMAL);
return;
}
if (mConnection) {
mConnection->DontReuse();
}
}
nsresult nsHttpTransaction::WriteSegments(nsAHttpSegmentWriter* writer,
uint32_t count,
uint32_t* countWritten) {
LOG(("nsHttpTransaction::WriteSegments %p", this));
MOZ_ASSERT(OnSocketThread(), "not on socket thread");
if (mTransactionDone) {
return NS_SUCCEEDED(mStatus) ? NS_BASE_STREAM_CLOSED : mStatus;
}
if (ShouldThrottle()) {
if (mThrottlingReadAllowance == THROTTLE_NO_LIMIT) { // no limit set
// V1: ThrottlingReadLimit() returns 0
mThrottlingReadAllowance = gHttpHandler->ThrottlingReadLimit();
}
} else {
mThrottlingReadAllowance = THROTTLE_NO_LIMIT; // don't limit
}
if (mThrottlingReadAllowance == 0) { // depleted
if (gHttpHandler->ConnMgr()->CurrentBrowserId() != mBrowserId) {
nsHttp::NotifyActiveTabLoadOptimization();
}
// Must remember that we have to call ResumeRecv() on our connection when
// called back by the conn manager to resume reading.
LOG(("nsHttpTransaction::WriteSegments %p response throttled", this));
mReadingStopped = true;
// This makes the underlaying connection or stream wait for explicit resume.
// For h1 this means we stop reading from the socket.
// For h2 this means we stop updating recv window for the stream.
return NS_BASE_STREAM_WOULD_BLOCK;
}
mWriter = writer;
if (!mPipeOut) {
return NS_ERROR_UNEXPECTED;
}
if (mThrottlingReadAllowance > 0) {
LOG(("nsHttpTransaction::WriteSegments %p limiting read from %u to %d",
this, count, mThrottlingReadAllowance));
count = std::min(count, static_cast<uint32_t>(mThrottlingReadAllowance));
}
nsresult rv =
mPipeOut->WriteSegments(WritePipeSegment, this, count, countWritten);
mWriter = nullptr;
if (mForceRestart) {
// The forceRestart condition was dealt with on the stack, but it did not
// clear the flag because nsPipe in the writesegment stack clears out
// return codes, so we need to use the flag here as a cue to return
// ERETARGETED
if (NS_SUCCEEDED(rv)) {
rv = NS_BINDING_RETARGETED;
}
mForceRestart = false;
}
// if pipe would block then we need to AsyncWait on it. have callback
// occur on socket thread so we stay synchronized.
if (rv == NS_BASE_STREAM_WOULD_BLOCK) {
nsCOMPtr<nsIEventTarget> target;
Unused << gHttpHandler->GetSocketThreadTarget(getter_AddRefs(target));
if (target) {
mPipeOut->AsyncWait(this, 0, 0, target);
mWaitingOnPipeOut = true;
} else {
NS_ERROR("no socket thread event target");
rv = NS_ERROR_UNEXPECTED;
}
} else if (mThrottlingReadAllowance > 0 && NS_SUCCEEDED(rv)) {
MOZ_ASSERT(count >= *countWritten);
mThrottlingReadAllowance -= *countWritten;
}
return rv;
}
bool nsHttpTransaction::ProxyConnectFailed() { return mProxyConnectFailed; }
bool nsHttpTransaction::DataSentToChildProcess() { return false; }
already_AddRefed<nsITransportSecurityInfo> nsHttpTransaction::SecurityInfo() {
MutexAutoLock lock(mLock);
return do_AddRef(mSecurityInfo);
}
bool nsHttpTransaction::HasStickyConnection() const {
return mCaps & NS_HTTP_STICKY_CONNECTION;
}
bool nsHttpTransaction::ResponseIsComplete() { return mResponseIsComplete; }
int64_t nsHttpTransaction::GetTransferSize() { return mTransferSize; }
int64_t nsHttpTransaction::GetRequestSize() { return mRequestSize; }
bool nsHttpTransaction::IsHttp3Used() { return mIsHttp3Used; }
bool nsHttpTransaction::Http2Disabled() const {
return mCaps & NS_HTTP_DISALLOW_SPDY;
}
bool nsHttpTransaction::Http3Disabled() const {
return mCaps & NS_HTTP_DISALLOW_HTTP3;
}
already_AddRefed<nsHttpConnectionInfo> nsHttpTransaction::GetConnInfo() const {
RefPtr<nsHttpConnectionInfo> connInfo = mConnInfo->Clone();
return connInfo.forget();
}
already_AddRefed<Http2PushedStreamWrapper>
nsHttpTransaction::TakePushedStreamById(uint32_t aStreamId) {
MOZ_ASSERT(mConsumerTarget->IsOnCurrentThread());
MOZ_ASSERT(aStreamId);
auto entry = mIDToStreamMap.Lookup(aStreamId);
if (entry) {
RefPtr<Http2PushedStreamWrapper> stream = entry.Data();
entry.Remove();
return stream.forget();
}
return nullptr;
}
void nsHttpTransaction::OnPush(Http2PushedStreamWrapper* aStream) {
LOG(("nsHttpTransaction::OnPush %p aStream=%p", this, aStream));
MOZ_ASSERT(aStream);
MOZ_ASSERT(mOnPushCallback);
MOZ_ASSERT(mConsumerTarget);
RefPtr<Http2PushedStreamWrapper> stream = aStream;
if (!mConsumerTarget->IsOnCurrentThread()) {
RefPtr<nsHttpTransaction> self = this;
if (NS_FAILED(mConsumerTarget->Dispatch(
NS_NewRunnableFunction("nsHttpTransaction::OnPush",
[self, stream]() { self->OnPush(stream); }),
NS_DISPATCH_NORMAL))) {
stream->OnPushFailed();
}
return;
}
mIDToStreamMap.WithEntryHandle(stream->StreamID(), [&](auto&& entry) {
MOZ_ASSERT(!entry);
entry.OrInsert(stream);
});
if (NS_FAILED(mOnPushCallback(stream->StreamID(), stream->GetResourceUrl(),
stream->GetRequestString(), this))) {
stream->OnPushFailed();
mIDToStreamMap.Remove(stream->StreamID());
}
}
nsHttpTransaction* nsHttpTransaction::AsHttpTransaction() { return this; }
HttpTransactionParent* nsHttpTransaction::AsHttpTransactionParent() {
return nullptr;
}
nsHttpTransaction::HTTPSSVC_CONNECTION_FAILED_REASON
nsHttpTransaction::ErrorCodeToFailedReason(nsresult aErrorCode) {
HTTPSSVC_CONNECTION_FAILED_REASON reason = HTTPSSVC_CONNECTION_OTHERS;
switch (aErrorCode) {
case NS_ERROR_UNKNOWN_HOST:
reason = HTTPSSVC_CONNECTION_UNKNOWN_HOST;
break;
case NS_ERROR_CONNECTION_REFUSED:
reason = HTTPSSVC_CONNECTION_UNREACHABLE;
break;
default:
if (m421Received) {
reason = HTTPSSVC_CONNECTION_421_RECEIVED;
} else if (NS_ERROR_GET_MODULE(aErrorCode) == NS_ERROR_MODULE_SECURITY) {
reason = HTTPSSVC_CONNECTION_SECURITY_ERROR;
}
break;
}
return reason;
}
bool nsHttpTransaction::PrepareSVCBRecordsForRetry(
const nsACString& aFailedDomainName, const nsACString& aFailedAlpn,
bool& aAllRecordsHaveEchConfig) {
MOZ_ASSERT(mRecordsForRetry.IsEmpty());
if (!mHTTPSSVCRecord) {
return false;
}
// If we already failed to connect with h3, don't select records that supports
// h3.
bool noHttp3 = mCaps & NS_HTTP_DISALLOW_HTTP3;
bool unused;
nsTArray<RefPtr<nsISVCBRecord>> records;
Unused << mHTTPSSVCRecord->GetAllRecordsWithEchConfig(
mCaps & NS_HTTP_DISALLOW_SPDY, noHttp3, &aAllRecordsHaveEchConfig,
&unused, records);
// Note that it's possible that we can't get any usable record here. For
// example, when http3 connection is failed, we won't select records with
// http3 alpn.
// If not all records have echConfig, we'll directly fallback to the origin
// server.
if (!aAllRecordsHaveEchConfig) {
return false;
}
// Take the records behind the failed one and put them into mRecordsForRetry.
for (const auto& record : records) {
nsAutoCString name;
record->GetName(name);
nsAutoCString alpn;
nsresult rv = record->GetSelectedAlpn(alpn);
if (name == aFailedDomainName) {
// If the record has no alpn or the alpn is already tried, we skip this
// record.
if (NS_FAILED(rv) || alpn == aFailedAlpn) {
continue;
}
}
mRecordsForRetry.InsertElementAt(0, record);
}
// Set mHTTPSSVCRecord to null to avoid this function being executed twice.
mHTTPSSVCRecord = nullptr;
return !mRecordsForRetry.IsEmpty();
}
already_AddRefed<nsHttpConnectionInfo>
nsHttpTransaction::PrepareFastFallbackConnInfo(bool aEchConfigUsed) {
MOZ_ASSERT(mHTTPSSVCRecord && mOrigConnInfo);
RefPtr<nsHttpConnectionInfo> fallbackConnInfo;
nsCOMPtr<nsISVCBRecord> fastFallbackRecord;
Unused << mHTTPSSVCRecord->GetServiceModeRecord(
mCaps & NS_HTTP_DISALLOW_SPDY, true, getter_AddRefs(fastFallbackRecord));
if (fastFallbackRecord && aEchConfigUsed) {
nsAutoCString echConfig;
Unused << fastFallbackRecord->GetEchConfig(echConfig);
if (echConfig.IsEmpty()) {
fastFallbackRecord = nullptr;
}
}
if (!fastFallbackRecord) {
if (aEchConfigUsed) {
LOG(
("nsHttpTransaction::PrepareFastFallbackConnInfo [this=%p] no record "
"can be used",
this));
return nullptr;
}
if (mOrigConnInfo->IsHttp3()) {
mOrigConnInfo->CloneAsDirectRoute(getter_AddRefs(fallbackConnInfo));
} else {
fallbackConnInfo = mOrigConnInfo;
}
return fallbackConnInfo.forget();
}
fallbackConnInfo =
mOrigConnInfo->CloneAndAdoptHTTPSSVCRecord(fastFallbackRecord);
return fallbackConnInfo.forget();
}
void nsHttpTransaction::PrepareConnInfoForRetry(nsresult aReason) {
LOG(("nsHttpTransaction::PrepareConnInfoForRetry [this=%p reason=%" PRIx32
"]",
this, static_cast<uint32_t>(aReason)));
RefPtr<nsHttpConnectionInfo> failedConnInfo = mConnInfo->Clone();
mConnInfo = nullptr;
bool echConfigUsed =
gHttpHandler->EchConfigEnabled(failedConnInfo->IsHttp3()) &&
!failedConnInfo->GetEchConfig().IsEmpty();
if (mFastFallbackTriggered) {
mFastFallbackTriggered = false;
MOZ_ASSERT(mBackupConnInfo);
mConnInfo.swap(mBackupConnInfo);
return;
}
auto useOrigConnInfoToRetry = [&]() {
mOrigConnInfo.swap(mConnInfo);
if (mConnInfo->IsHttp3() &&
((mCaps & NS_HTTP_DISALLOW_HTTP3) ||
gHttpHandler->IsHttp3Excluded(mConnInfo->GetRoutedHost().IsEmpty()
? mConnInfo->GetOrigin()
: mConnInfo->GetRoutedHost()))) {
RefPtr<nsHttpConnectionInfo> ci;
mConnInfo->CloneAsDirectRoute(getter_AddRefs(ci));
mConnInfo = ci;
}
};
if (!echConfigUsed) {
LOG((" echConfig is not used, fallback to origin conn info"));
useOrigConnInfoToRetry();
return;
}
Telemetry::HistogramID id = Telemetry::TRANSACTION_ECH_RETRY_OTHERS_COUNT;
auto updateCount = MakeScopeExit([&] {
auto entry = mEchRetryCounterMap.Lookup(id);
MOZ_ASSERT(entry, "table not initialized");
if (entry) {
*entry += 1;
}
});
if (aReason == psm::GetXPCOMFromNSSError(SSL_ERROR_ECH_RETRY_WITHOUT_ECH)) {
LOG((" Got SSL_ERROR_ECH_RETRY_WITHOUT_ECH, use empty echConfig to retry"));
failedConnInfo->SetEchConfig(EmptyCString());
failedConnInfo.swap(mConnInfo);
id = Telemetry::TRANSACTION_ECH_RETRY_WITHOUT_ECH_COUNT;
return;
}
if (aReason == psm::GetXPCOMFromNSSError(SSL_ERROR_ECH_RETRY_WITH_ECH)) {
LOG((" Got SSL_ERROR_ECH_RETRY_WITH_ECH, use retry echConfig"));
MOZ_ASSERT(mConnection);
nsCOMPtr<nsITLSSocketControl> socketControl;
if (mConnection) {
mConnection->GetTLSSocketControl(getter_AddRefs(socketControl));
}
MOZ_ASSERT(socketControl);
nsAutoCString retryEchConfig;
if (socketControl &&
NS_SUCCEEDED(socketControl->GetRetryEchConfig(retryEchConfig))) {
MOZ_ASSERT(!retryEchConfig.IsEmpty());
failedConnInfo->SetEchConfig(retryEchConfig);
failedConnInfo.swap(mConnInfo);
}
id = Telemetry::TRANSACTION_ECH_RETRY_WITH_ECH_COUNT;
return;
}
// Note that we retry the connection not only for SSL_ERROR_ECH_FAILED, but
// also for all failure cases.
if (aReason == psm::GetXPCOMFromNSSError(SSL_ERROR_ECH_FAILED) ||
NS_FAILED(aReason)) {
LOG((" Got SSL_ERROR_ECH_FAILED, try other records"));
if (aReason == psm::GetXPCOMFromNSSError(SSL_ERROR_ECH_FAILED)) {
id = Telemetry::TRANSACTION_ECH_RETRY_ECH_FAILED_COUNT;
}
if (mRecordsForRetry.IsEmpty()) {
if (mHTTPSSVCRecord) {
bool allRecordsHaveEchConfig = true;
if (!PrepareSVCBRecordsForRetry(failedConnInfo->GetRoutedHost(),
failedConnInfo->GetNPNToken(),
allRecordsHaveEchConfig)) {
LOG(
(" Can't find other records with echConfig, "
"allRecordsHaveEchConfig=%d",
allRecordsHaveEchConfig));
if (gHttpHandler->FallbackToOriginIfConfigsAreECHAndAllFailed() ||
!allRecordsHaveEchConfig) {
useOrigConnInfoToRetry();
}
return;
}
} else {
LOG((" No available records to retry"));
if (gHttpHandler->FallbackToOriginIfConfigsAreECHAndAllFailed()) {
useOrigConnInfoToRetry();
}
return;
}
}
if (LOG5_ENABLED()) {
LOG(("SvcDomainName to retry: ["));
for (const auto& r : mRecordsForRetry) {
nsAutoCString name;
r->GetName(name);
nsAutoCString alpn;
r->GetSelectedAlpn(alpn);
LOG((" name=%s alpn=%s", name.get(), alpn.get()));
}
LOG(("]"));
}
RefPtr<nsISVCBRecord> recordsForRetry =
mRecordsForRetry.PopLastElement().forget();
mConnInfo = mOrigConnInfo->CloneAndAdoptHTTPSSVCRecord(recordsForRetry);
}
}
void nsHttpTransaction::MaybeReportFailedSVCDomain(
nsresult aReason, nsHttpConnectionInfo* aFailedConnInfo) {
if (aReason == psm::GetXPCOMFromNSSError(SSL_ERROR_ECH_RETRY_WITHOUT_ECH) ||
aReason != psm::GetXPCOMFromNSSError(SSL_ERROR_ECH_RETRY_WITH_ECH)) {
return;
}
Telemetry::Accumulate(Telemetry::DNS_HTTPSSVC_CONNECTION_FAILED_REASON,
ErrorCodeToFailedReason(aReason));
nsCOMPtr<nsIDNSService> dns = do_GetService(NS_DNSSERVICE_CONTRACTID);
if (dns) {
const nsCString& failedHost = aFailedConnInfo->GetRoutedHost().IsEmpty()
? aFailedConnInfo->GetOrigin()
: aFailedConnInfo->GetRoutedHost();
LOG(("add failed domain name [%s] -> [%s] to exclusion list",
aFailedConnInfo->GetOrigin().get(), failedHost.get()));
Unused << dns->ReportFailedSVCDomainName(aFailedConnInfo->GetOrigin(),
failedHost);
}
}
bool nsHttpTransaction::ShouldRestartOn0RttError(nsresult reason) {
LOG(
("nsHttpTransaction::ShouldRestartOn0RttError [this=%p, "
"mEarlyDataWasAvailable=%d error=%" PRIx32 "]\n",
this, mEarlyDataWasAvailable, static_cast<uint32_t>(reason)));
return StaticPrefs::network_http_early_data_disable_on_error() &&
mEarlyDataWasAvailable && PossibleZeroRTTRetryError(reason);
}
static void MaybeRemoveSSLToken(nsITransportSecurityInfo* aSecurityInfo) {
if (!StaticPrefs::
network_http_remove_resumption_token_when_early_data_failed()) {
return;
}
if (!aSecurityInfo) {
return;
}
nsAutoCString key;
aSecurityInfo->GetPeerId(key);
nsresult rv = SSLTokensCache::RemoveAll(key);
LOG(("RemoveSSLToken [key=%s, rv=%" PRIx32 "]", key.get(),
static_cast<uint32_t>(rv)));
}
void nsHttpTransaction::Close(nsresult reason) {
LOG(("nsHttpTransaction::Close [this=%p reason=%" PRIx32 "]\n", this,
static_cast<uint32_t>(reason)));
{
MutexAutoLock lock(mLock);
mEarlyHintObserver = nullptr;
mWebTransportSessionEventListener = nullptr;
}
if (!mClosed) {
gHttpHandler->ConnMgr()->RemoveActiveTransaction(this);
mActivated = false;
}
if (mDNSRequest) {
mDNSRequest->Cancel(NS_ERROR_ABORT);
mDNSRequest = nullptr;
}
MaybeCancelFallbackTimer();
MOZ_ASSERT(OnSocketThread(), "not on socket thread");
if (reason == NS_BINDING_RETARGETED) {
LOG((" close %p skipped due to ERETARGETED\n", this));
return;
}
if (mClosed) {
LOG((" already closed\n"));
return;
}
NotifyTransactionObserver(reason);
if (mTokenBucketCancel) {
mTokenBucketCancel->Cancel(reason);
mTokenBucketCancel = nullptr;
}
// report the reponse is complete if not already reported
if (!mResponseIsComplete) {
gHttpHandler->ObserveHttpActivityWithArgs(
HttpActivityArgs(mChannelId), NS_HTTP_ACTIVITY_TYPE_HTTP_TRANSACTION,
NS_HTTP_ACTIVITY_SUBTYPE_RESPONSE_COMPLETE, PR_Now(),
static_cast<uint64_t>(mContentRead), ""_ns);
}
// report that this transaction is closing
gHttpHandler->ObserveHttpActivityWithArgs(
HttpActivityArgs(mChannelId), NS_HTTP_ACTIVITY_TYPE_HTTP_TRANSACTION,
NS_HTTP_ACTIVITY_SUBTYPE_TRANSACTION_CLOSE, PR_Now(), 0, ""_ns);
// we must no longer reference the connection! find out if the
// connection was being reused before letting it go.
bool connReused = false;
bool isHttp2or3 = false;
if (mConnection) {
connReused = mConnection->IsReused();
isHttp2or3 = mConnection->Version() >= HttpVersion::v2_0;
if (!mConnected) {
MaybeRefreshSecurityInfo();
}
}
mConnected = false;
// When mDoNotRemoveAltSvc is true, this means we want to keep the AltSvc in
// in the conncetion info. In this case, let's not apply HTTPS RR retry logic
// to make sure this transaction can be restarted with the same conncetion
// info.
bool shouldRestartTransactionForHTTPSRR =
mOrigConnInfo && AllowedErrorForHTTPSRRFallback(reason) &&
!mDoNotRemoveAltSvc;
//
// if the connection was reset or closed before we wrote any part of the
// request or if we wrote the request but didn't receive any part of the
// response and the connection was being reused, then we can (and really
// should) assume that we wrote to a stale connection and we must therefore
// repeat the request over a new connection.
//
// We have decided to retry not only in case of the reused connections, but
// all safe methods(bug 1236277).
//
// NOTE: the conditions under which we will automatically retry the HTTP
// request have to be carefully selected to avoid duplication of the
// request from the point-of-view of the server. such duplication could
// have dire consequences including repeated purchases, etc.
//
// NOTE: because of the way SSL proxy CONNECT is implemented, it is
// possible that the transaction may have received data without having
// sent any data. for this reason, mSendData == FALSE does not imply
// mReceivedData == FALSE. (see bug 203057 for more info.)
//
// Never restart transactions that are marked as sticky to their conenction.
// We use that capability to identify transactions bound to connection based
// authentication. Reissuing them on a different connections will break
// this bondage. Major issue may arise when there is an NTLM message auth
// header on the transaction and we send it to a different NTLM authenticated
// connection. It will break that connection and also confuse the channel's
// auth provider, beliving the cached credentials are wrong and asking for
// the password mistakenly again from the user.
if ((reason == NS_ERROR_NET_RESET || reason == NS_OK ||
reason ==
psm::GetXPCOMFromNSSError(SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA) ||
ShouldRestartOn0RttError(reason) ||
shouldRestartTransactionForHTTPSRR) &&
(!(mCaps & NS_HTTP_STICKY_CONNECTION) ||
(mCaps & NS_HTTP_CONNECTION_RESTARTABLE) ||
(mEarlyDataDisposition == EARLY_425))) {
if (mForceRestart) {
SetRestartReason(TRANSACTION_RESTART_FORCED);
if (NS_SUCCEEDED(Restart())) {
if (mResponseHead) {
mResponseHead->Reset();
}
mContentRead = 0;
mContentLength = -1;
delete mChunkedDecoder;
mChunkedDecoder = nullptr;
mHaveStatusLine = false;
mHaveAllHeaders = false;
mHttpResponseMatched = false;
mResponseIsComplete = false;
mDidContentStart = false;
mNoContent = false;
mSentData = false;
mReceivedData = false;
mSupportsHTTP3 = false;
LOG(("transaction force restarted\n"));
return;
}
}
mDoNotTryEarlyData = true;
// reallySentData is meant to separate the instances where data has
// been sent by this transaction but buffered at a higher level while
// a TLS session (perhaps via a tunnel) is setup.
bool reallySentData =
mSentData && (!mConnection || mConnection->BytesWritten());
// If this is true, it means we failed to use the HTTPSSVC connection info
// to connect to the server. We need to retry with the original connection
// info.
shouldRestartTransactionForHTTPSRR &= !reallySentData;
if (reason ==
psm::GetXPCOMFromNSSError(SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA) ||
PossibleZeroRTTRetryError(reason) ||
(!mReceivedData && ((mRequestHead && mRequestHead->IsSafeMethod()) ||
!reallySentData || connReused)) ||
shouldRestartTransactionForHTTPSRR) {
if (shouldRestartTransactionForHTTPSRR) {
MaybeReportFailedSVCDomain(reason, mConnInfo);
PrepareConnInfoForRetry(reason);
mDontRetryWithDirectRoute = true;
LOG(
("transaction will be restarted with the fallback connection info "
"key=%s",
mConnInfo ? mConnInfo->HashKey().get() : "None"));
}
if (shouldRestartTransactionForHTTPSRR) {
auto toRestartReason =
[](nsresult aStatus) -> TRANSACTION_RESTART_REASON {
if (aStatus == NS_ERROR_NET_RESET) {
return TRANSACTION_RESTART_HTTPS_RR_NET_RESET;
}
if (aStatus == NS_ERROR_CONNECTION_REFUSED) {
return TRANSACTION_RESTART_HTTPS_RR_CONNECTION_REFUSED;
}
if (aStatus == NS_ERROR_UNKNOWN_HOST) {
return TRANSACTION_RESTART_HTTPS_RR_UNKNOWN_HOST;
}
if (aStatus == NS_ERROR_NET_TIMEOUT) {
return TRANSACTION_RESTART_HTTPS_RR_NET_TIMEOUT;
}
if (psm::IsNSSErrorCode(-1 * NS_ERROR_GET_CODE(aStatus))) {
return TRANSACTION_RESTART_HTTPS_RR_SEC_ERROR;
}
MOZ_ASSERT_UNREACHABLE("Unexpected reason");
return TRANSACTION_RESTART_OTHERS;
};
SetRestartReason(toRestartReason(reason));
} else if (!reallySentData) {
SetRestartReason(TRANSACTION_RESTART_NO_DATA_SENT);
} else if (reason == psm::GetXPCOMFromNSSError(
SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA)) {
SetRestartReason(TRANSACTION_RESTART_DOWNGRADE_WITH_EARLY_DATA);
} else if (PossibleZeroRTTRetryError(reason)) {
SetRestartReason(TRANSACTION_RESTART_POSSIBLE_0RTT_ERROR);
}
// if restarting fails, then we must proceed to close the pipe,
// which will notify the channel that the transaction failed.
// Note that when echConfig is enabled, it's possible that we don't have a
// usable connection info to retry.
if (mConnInfo && NS_SUCCEEDED(Restart())) {
return;
}
// mConnInfo could be set to null in PrepareConnInfoForRetry() when we
// can't find an available https rr to retry. We have to set mConnInfo
// back to mOrigConnInfo to make sure no crash when mConnInfo being
// accessed again.
if (!mConnInfo) {
mConnInfo.swap(mOrigConnInfo);
MOZ_ASSERT(mConnInfo);
}
}
}
Telemetry::Accumulate(Telemetry::HTTP_TRANSACTION_RESTART_REASON,
mRestartReason);
if (!mResponseIsComplete && NS_SUCCEEDED(reason) && isHttp2or3) {
// Responses without content-length header field are still complete if
// they are transfered over http2 or http3 and the stream is properly
// closed.
mResponseIsComplete = true;
}
if ((mChunkedDecoder || (mContentLength >= int64_t(0))) &&
(NS_SUCCEEDED(reason) && !mResponseIsComplete)) {
NS_WARNING("Partial transfer, incomplete HTTP response received");
if ((mHttpResp