Implement Origin Policy filter #9771
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allows dropping server scope in tests.
JunielKatarn
added
the
AutoMerge
|
Hello @JunielKatarn! Because this pull request has the p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (
|
JunielKatarn
added
AutoMerge
ghost
merged commit
JunielKatarn
added a commit
to jurocha-ms/react-native-windows
that referenced
this pull request
May 21, 2022
* Move all awaitable code into PerformSendRequest * Await coroutine methods * Remove blank lines * Simplify co_return UntrackResponse * Use dynamic body for server internal request * Defne SetOnOptions * Move url before headers in Response type * Add dummy preflight filter * Update x64 exports * Use strand for server IO context * Use HTTP message aliases * Use HTTP message aliases * Do not keep session references Allows dropping server scope in tests. * Comment out server scopes * Use DynamicRequest|Response alias * Format * Use thread vector * Drop outdated boost package validation in ReactCommon * Define experimental write strand * Drop server scope in default test * Also pass server context to sessions * Disable resource in default test * Use Beast example * Remove unused sample code * Create HttpServer as listener wrapper * Pass callbacks down to session * Strong-name response as DynamicResponse * Use DynamicRequest in handle_request * Define HandleRequest as member function * Lambda-based Respond() * #if-out original sample code * Keep count on get: ReaGetSucceeds * Implement lambda_ using std::function * Run context in io thread * Join threads in Stop method * Port send lambda to MS::R::T::HttpServer * Update other basic tests * Ensure Get+Options sequencing * Clean up comments * Use Callbacks() method * Add concurrency argument * Reduce macro usage * Fix default OPTIONS handler * Ensure number of headers * Define ResponseType * Use ResponseWrapper for polymorphism * Define remaining wrapped types (File, String) * Clean up server code * (WIP) add test PreflightSucceeds * catch hresult_error * Use ProcessRequest result in PreformSendReq * Rename test header value to Requested * Propagate orror in ProcessRequest * Rename OPReqFilter to PrototypeReqFilter * Port request filter to WinRT IHttpFilter subtype * Define allowed/forbidden methods and headers * Define MSRN::Networking::OriginPolicyHttpFilter * Move networking types into Shared\Networking folder * Refactor: Move network types to Microsoft::React::Networking * Clean up commented inline * Make OPFilter::SendAsync non const * Remove PrototypeHttpFilter * Temporarily have desk.ITs depend on CppWinRT * Define test OriginPolicyHttpFilterTest::UrlsHaveSameOrigin * Add more same origin tests * Start implementing ValidateRequest * Finish ValidateRequest() * Rename SingleOrigin to SameOrigin * Implement SendPreflightAsync * Fix OP assignment and GetOrigin rendering * Parse Access-Control-Allow-Headers * Done extracting access control values * Use request as argument of ValidatePreflightResponse * clang format * Pass RequestArgs to request properties * Pass RequestArgs to ValidateAllowOrigin * Remove prototype non-WinRT filter * Implement CorsUnsafeNotForbiddenRequestHeaderNames * Test WinRT RequestHeader case sensitivity * Fix ValidateAllowOrigin 4.10.5 * Add HttpOriginPolicyIntegrationTest * Use boost:iequals to compare method names * Add server support for CONNECT and TRACE methods * Make HttpServer port uint16_t * Prelfight only when OP is CORS. - Add test SimpleCorsSameOriginSucceededs - Add test NoCorsCrossOriginPatchSucceededs - Add test NoCorsCrossOriginFetchRequestSucceeds - Add test HTTP Server support for PATCH * Use runtime option Http.StrictScheme * Drop namespace from OriginPolicy * Remove Origin from request heders * Clean includes and usings in WinRTHttpResource.cpp * Update preflight cache issue references (microsoft#9770) * Pass origin in IHttpResource constructor * clang format * Prevent nullptr access when iterating preflight request headers * Include request content headers in preflight headers list * Send preflight to original request URL. - Change test origin URL to non-existing http://example.rnw - Have OriginPolicyHttpFilter::SendRequestAsync catch hresult_error to avoid losing info in (...) clause. * Export APIs Set/GetRuntimeOptionString - Switch to class-level static origin Uri. - Define static (global) origin Uri via runtime option "Http.GlobalOrigin". * clang format * Implement TestOriginPolicy to parameterize OP tests * Clean up non-parameterized tests * Use constant for dummy cross origin * Simplify test param constructors * Start implementing ValidateResponse * Add more tests - FullCorsCrossOriginMissingCorsHeadersFails - FullCorsCrossOriginMismatchedCorsHeaderFails * clang format * Change files * Update namespaces in MSRN solution * Move RequestArgs and ResponseType into new header * Implement ExtractAccessControlValues - Validate test result against ServerParams::Response::result * Report specific origin mismatch errors in ValidatePreflightResponse * Declare FullCorsCrossOriginCheckFailsOnPreflightRedirectFails * Add ABI-safe runtime options free functions. - Microsoft_React_SetRuntimeOptionBool - Microsoft_React_SetRuntimeOptionInt - Microsoft_React_SetRuntimeOptionString - Microsoft_React_GetRuntimeOptionBool - Microsoft_React_GetRuntimeOptionInt - Microsoft_React_GetRuntimeOptionString * Drop namespaced GetRuntimeOptionString * Use case-insensitive comparison * Drop newline from error message * Return unmanaged copy in GetRuntimeOptionString * Update FullCorsCrossOriginCheckFailsOnPreflightRedirectFails args * Disallow preflight redirect. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed * Replace winrt::get_self<D,I> with .as<D> * Drop LF from error messages * Use self-managed variable port in tests * Start writing FullCorsCorsCheckFailsOnResponseRedirectFails * Scope disabling autoredirect to preflight request only * Update TODOs with open issues * Compute originAllowed * Add test FullCorsSameOriginToSameOriginRedirectSucceeds * Test FullCorsSameOriginToCrossOriginRedirectSucceeds * Test FullCorsCrossOriginToOriginalOriginRedirectFails * Declare FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Implement OriginPolicyHttpFilter::ConstWcharComparer * Use _wcsicmp instead of boost::iequals in ConstWcharComparer * Correct SimpleCORS value search * Disable FullCorsCrossOriginWithCredentialsSucceeds for now * Rename type alias ResponseType to ResponseOperation * clang format * Handle originPolicy a request property instead of a member variable * Avoid iterating response headers while removing items * Gracefully fail when adding bad request headers - Write remaining integration tests * Use boost::iequals in PerformSendRequest * clang format * Use s_port for redirServer args * Rename TestOriginPolicy to TestOriginPolicyWithRedirect * Temporarily disabled tests - FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds - pending redirect - FullCorsRequestWithHostHeaderFails - Host request header is probematic * Use std::queue for nonSimpleNames * Finish ValidateResponse * Clean up comments * Add Test ExcludeHttpOnlyCookies * Add tests KeepNonHttpOnlyCookies, RemoveAllCookies * Address TODO comments * Always allow simple-CORS methods in preflight * Avoid auto for loop indexe sused against container .size() * Update Desktop.Test.DLL exports for ARM64 * Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails * Ignore SimpleCorsForbiddenMethodFails * Ignore SimpleCorsCrossOriginFetchFails * RequestWithProxyAuthorizationHeaderFails * Ignore SimpleCorsSameOriginSucceededs * Ignore NoCorsCrossOriginFetchRequestSucceeds * Revert "Ignore NoCorsCrossOriginFetchRequestSucceeds" This reverts commit b5445fb. * Revert "Ignore SimpleCorsSameOriginSucceededs" This reverts commit ab75c37. * Revert "RequestWithProxyAuthorizationHeaderFails" This reverts commit 70148b1. * Revert "Ignore SimpleCorsCrossOriginFetchFails" This reverts commit 982e450. * Revert "Ignore SimpleCorsForbiddenMethodFails" This reverts commit 869bda9. * Revert "Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails" This reverts commit e9e178a. * Revert "Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds" This reverts commit 6688e7d. * Skip OP integration tests * Empty commit * Use scoped_lock for runtime options * Testing signature * Have C++ Rt Option functions call ABI-safe ones * Ensure different ports for each netwk test class * Remove remaining hard-coded ports from WS tests * Use ABI-safe callback for GetRtOptString * Only insert boolean rt options when true * Use static variable for port in HttpResourceIntegrationTest * Add HttpResourceIntegrationTest::SimpleRedirectSucceeds * Move C++ Rt Optio APIs to new header CppRuntimeOptions.h * Implement internal Set/GetRuntimeOptionString * clang format * Rename Microsoft_React_* functions to MicrosoftReact* * Update nuspec
JunielKatarn
added a commit
to jurocha-ms/react-native-windows
that referenced
this pull request
May 21, 2022
* Move all awaitable code into PerformSendRequest * Await coroutine methods * Remove blank lines * Simplify co_return UntrackResponse * Use dynamic body for server internal request * Defne SetOnOptions * Move url before headers in Response type * Add dummy preflight filter * Update x64 exports * Use strand for server IO context * Use HTTP message aliases * Use HTTP message aliases * Do not keep session references Allows dropping server scope in tests. * Comment out server scopes * Use DynamicRequest|Response alias * Format * Use thread vector * Drop outdated boost package validation in ReactCommon * Define experimental write strand * Drop server scope in default test * Also pass server context to sessions * Disable resource in default test * Use Beast example * Remove unused sample code * Create HttpServer as listener wrapper * Pass callbacks down to session * Strong-name response as DynamicResponse * Use DynamicRequest in handle_request * Define HandleRequest as member function * Lambda-based Respond() * #if-out original sample code * Keep count on get: ReaGetSucceeds * Implement lambda_ using std::function * Run context in io thread * Join threads in Stop method * Port send lambda to MS::R::T::HttpServer * Update other basic tests * Ensure Get+Options sequencing * Clean up comments * Use Callbacks() method * Add concurrency argument * Reduce macro usage * Fix default OPTIONS handler * Ensure number of headers * Define ResponseType * Use ResponseWrapper for polymorphism * Define remaining wrapped types (File, String) * Clean up server code * (WIP) add test PreflightSucceeds * catch hresult_error * Use ProcessRequest result in PreformSendReq * Rename test header value to Requested * Propagate orror in ProcessRequest * Rename OPReqFilter to PrototypeReqFilter * Port request filter to WinRT IHttpFilter subtype * Define allowed/forbidden methods and headers * Define MSRN::Networking::OriginPolicyHttpFilter * Move networking types into Shared\Networking folder * Refactor: Move network types to Microsoft::React::Networking * Clean up commented inline * Make OPFilter::SendAsync non const * Remove PrototypeHttpFilter * Temporarily have desk.ITs depend on CppWinRT * Define test OriginPolicyHttpFilterTest::UrlsHaveSameOrigin * Add more same origin tests * Start implementing ValidateRequest * Finish ValidateRequest() * Rename SingleOrigin to SameOrigin * Implement SendPreflightAsync * Fix OP assignment and GetOrigin rendering * Parse Access-Control-Allow-Headers * Done extracting access control values * Use request as argument of ValidatePreflightResponse * clang format * Pass RequestArgs to request properties * Pass RequestArgs to ValidateAllowOrigin * Remove prototype non-WinRT filter * Implement CorsUnsafeNotForbiddenRequestHeaderNames * Test WinRT RequestHeader case sensitivity * Fix ValidateAllowOrigin 4.10.5 * Add HttpOriginPolicyIntegrationTest * Use boost:iequals to compare method names * Add server support for CONNECT and TRACE methods * Make HttpServer port uint16_t * Prelfight only when OP is CORS. - Add test SimpleCorsSameOriginSucceededs - Add test NoCorsCrossOriginPatchSucceededs - Add test NoCorsCrossOriginFetchRequestSucceeds - Add test HTTP Server support for PATCH * Use runtime option Http.StrictScheme * Drop namespace from OriginPolicy * Remove Origin from request heders * Clean includes and usings in WinRTHttpResource.cpp * Update preflight cache issue references (microsoft#9770) * Pass origin in IHttpResource constructor * clang format * Prevent nullptr access when iterating preflight request headers * Include request content headers in preflight headers list * Send preflight to original request URL. - Change test origin URL to non-existing http://example.rnw - Have OriginPolicyHttpFilter::SendRequestAsync catch hresult_error to avoid losing info in (...) clause. * Export APIs Set/GetRuntimeOptionString - Switch to class-level static origin Uri. - Define static (global) origin Uri via runtime option "Http.GlobalOrigin". * clang format * Implement TestOriginPolicy to parameterize OP tests * Clean up non-parameterized tests * Use constant for dummy cross origin * Simplify test param constructors * Start implementing ValidateResponse * Add more tests - FullCorsCrossOriginMissingCorsHeadersFails - FullCorsCrossOriginMismatchedCorsHeaderFails * clang format * Change files * Update namespaces in MSRN solution * Move RequestArgs and ResponseType into new header * Implement ExtractAccessControlValues - Validate test result against ServerParams::Response::result * Report specific origin mismatch errors in ValidatePreflightResponse * Declare FullCorsCrossOriginCheckFailsOnPreflightRedirectFails * Add ABI-safe runtime options free functions. - Microsoft_React_SetRuntimeOptionBool - Microsoft_React_SetRuntimeOptionInt - Microsoft_React_SetRuntimeOptionString - Microsoft_React_GetRuntimeOptionBool - Microsoft_React_GetRuntimeOptionInt - Microsoft_React_GetRuntimeOptionString * Drop namespaced GetRuntimeOptionString * Use case-insensitive comparison * Drop newline from error message * Return unmanaged copy in GetRuntimeOptionString * Update FullCorsCrossOriginCheckFailsOnPreflightRedirectFails args * Disallow preflight redirect. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed * Replace winrt::get_self<D,I> with .as<D> * Drop LF from error messages * Use self-managed variable port in tests * Start writing FullCorsCorsCheckFailsOnResponseRedirectFails * Scope disabling autoredirect to preflight request only * Update TODOs with open issues * Compute originAllowed * Add test FullCorsSameOriginToSameOriginRedirectSucceeds * Test FullCorsSameOriginToCrossOriginRedirectSucceeds * Test FullCorsCrossOriginToOriginalOriginRedirectFails * Declare FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Implement OriginPolicyHttpFilter::ConstWcharComparer * Use _wcsicmp instead of boost::iequals in ConstWcharComparer * Correct SimpleCORS value search * Disable FullCorsCrossOriginWithCredentialsSucceeds for now * Rename type alias ResponseType to ResponseOperation * clang format * Handle originPolicy a request property instead of a member variable * Avoid iterating response headers while removing items * Gracefully fail when adding bad request headers - Write remaining integration tests * Use boost::iequals in PerformSendRequest * clang format * Use s_port for redirServer args * Rename TestOriginPolicy to TestOriginPolicyWithRedirect * Temporarily disabled tests - FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds - pending redirect - FullCorsRequestWithHostHeaderFails - Host request header is probematic * Use std::queue for nonSimpleNames * Finish ValidateResponse * Clean up comments * Add Test ExcludeHttpOnlyCookies * Add tests KeepNonHttpOnlyCookies, RemoveAllCookies * Address TODO comments * Always allow simple-CORS methods in preflight * Avoid auto for loop indexe sused against container .size() * Update Desktop.Test.DLL exports for ARM64 * Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails * Ignore SimpleCorsForbiddenMethodFails * Ignore SimpleCorsCrossOriginFetchFails * RequestWithProxyAuthorizationHeaderFails * Ignore SimpleCorsSameOriginSucceededs * Ignore NoCorsCrossOriginFetchRequestSucceeds * Revert "Ignore NoCorsCrossOriginFetchRequestSucceeds" This reverts commit b5445fb. * Revert "Ignore SimpleCorsSameOriginSucceededs" This reverts commit ab75c37. * Revert "RequestWithProxyAuthorizationHeaderFails" This reverts commit 70148b1. * Revert "Ignore SimpleCorsCrossOriginFetchFails" This reverts commit 982e450. * Revert "Ignore SimpleCorsForbiddenMethodFails" This reverts commit 869bda9. * Revert "Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails" This reverts commit e9e178a. * Revert "Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds" This reverts commit 6688e7d. * Skip OP integration tests * Empty commit * Use scoped_lock for runtime options * Testing signature * Have C++ Rt Option functions call ABI-safe ones * Ensure different ports for each netwk test class * Remove remaining hard-coded ports from WS tests * Use ABI-safe callback for GetRtOptString * Only insert boolean rt options when true * Use static variable for port in HttpResourceIntegrationTest * Add HttpResourceIntegrationTest::SimpleRedirectSucceeds * Move C++ Rt Optio APIs to new header CppRuntimeOptions.h * Implement internal Set/GetRuntimeOptionString * clang format * Rename Microsoft_React_* functions to MicrosoftReact* * Update nuspec
JunielKatarn
added a commit
to jurocha-ms/react-native-windows
that referenced
this pull request
May 21, 2022
* Move all awaitable code into PerformSendRequest * Await coroutine methods * Remove blank lines * Simplify co_return UntrackResponse * Use dynamic body for server internal request * Defne SetOnOptions * Move url before headers in Response type * Add dummy preflight filter * Update x64 exports * Use strand for server IO context * Use HTTP message aliases * Use HTTP message aliases * Do not keep session references Allows dropping server scope in tests. * Comment out server scopes * Use DynamicRequest|Response alias * Format * Use thread vector * Drop outdated boost package validation in ReactCommon * Define experimental write strand * Drop server scope in default test * Also pass server context to sessions * Disable resource in default test * Use Beast example * Remove unused sample code * Create HttpServer as listener wrapper * Pass callbacks down to session * Strong-name response as DynamicResponse * Use DynamicRequest in handle_request * Define HandleRequest as member function * Lambda-based Respond() * #if-out original sample code * Keep count on get: ReaGetSucceeds * Implement lambda_ using std::function * Run context in io thread * Join threads in Stop method * Port send lambda to MS::R::T::HttpServer * Update other basic tests * Ensure Get+Options sequencing * Clean up comments * Use Callbacks() method * Add concurrency argument * Reduce macro usage * Fix default OPTIONS handler * Ensure number of headers * Define ResponseType * Use ResponseWrapper for polymorphism * Define remaining wrapped types (File, String) * Clean up server code * (WIP) add test PreflightSucceeds * catch hresult_error * Use ProcessRequest result in PreformSendReq * Rename test header value to Requested * Propagate orror in ProcessRequest * Rename OPReqFilter to PrototypeReqFilter * Port request filter to WinRT IHttpFilter subtype * Define allowed/forbidden methods and headers * Define MSRN::Networking::OriginPolicyHttpFilter * Move networking types into Shared\Networking folder * Refactor: Move network types to Microsoft::React::Networking * Clean up commented inline * Make OPFilter::SendAsync non const * Remove PrototypeHttpFilter * Temporarily have desk.ITs depend on CppWinRT * Define test OriginPolicyHttpFilterTest::UrlsHaveSameOrigin * Add more same origin tests * Start implementing ValidateRequest * Finish ValidateRequest() * Rename SingleOrigin to SameOrigin * Implement SendPreflightAsync * Fix OP assignment and GetOrigin rendering * Parse Access-Control-Allow-Headers * Done extracting access control values * Use request as argument of ValidatePreflightResponse * clang format * Pass RequestArgs to request properties * Pass RequestArgs to ValidateAllowOrigin * Remove prototype non-WinRT filter * Implement CorsUnsafeNotForbiddenRequestHeaderNames * Test WinRT RequestHeader case sensitivity * Fix ValidateAllowOrigin 4.10.5 * Add HttpOriginPolicyIntegrationTest * Use boost:iequals to compare method names * Add server support for CONNECT and TRACE methods * Make HttpServer port uint16_t * Prelfight only when OP is CORS. - Add test SimpleCorsSameOriginSucceededs - Add test NoCorsCrossOriginPatchSucceededs - Add test NoCorsCrossOriginFetchRequestSucceeds - Add test HTTP Server support for PATCH * Use runtime option Http.StrictScheme * Drop namespace from OriginPolicy * Remove Origin from request heders * Clean includes and usings in WinRTHttpResource.cpp * Update preflight cache issue references (microsoft#9770) * Pass origin in IHttpResource constructor * clang format * Prevent nullptr access when iterating preflight request headers * Include request content headers in preflight headers list * Send preflight to original request URL. - Change test origin URL to non-existing http://example.rnw - Have OriginPolicyHttpFilter::SendRequestAsync catch hresult_error to avoid losing info in (...) clause. * Export APIs Set/GetRuntimeOptionString - Switch to class-level static origin Uri. - Define static (global) origin Uri via runtime option "Http.GlobalOrigin". * clang format * Implement TestOriginPolicy to parameterize OP tests * Clean up non-parameterized tests * Use constant for dummy cross origin * Simplify test param constructors * Start implementing ValidateResponse * Add more tests - FullCorsCrossOriginMissingCorsHeadersFails - FullCorsCrossOriginMismatchedCorsHeaderFails * clang format * Change files * Update namespaces in MSRN solution * Move RequestArgs and ResponseType into new header * Implement ExtractAccessControlValues - Validate test result against ServerParams::Response::result * Report specific origin mismatch errors in ValidatePreflightResponse * Declare FullCorsCrossOriginCheckFailsOnPreflightRedirectFails * Add ABI-safe runtime options free functions. - Microsoft_React_SetRuntimeOptionBool - Microsoft_React_SetRuntimeOptionInt - Microsoft_React_SetRuntimeOptionString - Microsoft_React_GetRuntimeOptionBool - Microsoft_React_GetRuntimeOptionInt - Microsoft_React_GetRuntimeOptionString * Drop namespaced GetRuntimeOptionString * Use case-insensitive comparison * Drop newline from error message * Return unmanaged copy in GetRuntimeOptionString * Update FullCorsCrossOriginCheckFailsOnPreflightRedirectFails args * Disallow preflight redirect. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed * Replace winrt::get_self<D,I> with .as<D> * Drop LF from error messages * Use self-managed variable port in tests * Start writing FullCorsCorsCheckFailsOnResponseRedirectFails * Scope disabling autoredirect to preflight request only * Update TODOs with open issues * Compute originAllowed * Add test FullCorsSameOriginToSameOriginRedirectSucceeds * Test FullCorsSameOriginToCrossOriginRedirectSucceeds * Test FullCorsCrossOriginToOriginalOriginRedirectFails * Declare FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Implement OriginPolicyHttpFilter::ConstWcharComparer * Use _wcsicmp instead of boost::iequals in ConstWcharComparer * Correct SimpleCORS value search * Disable FullCorsCrossOriginWithCredentialsSucceeds for now * Rename type alias ResponseType to ResponseOperation * clang format * Handle originPolicy a request property instead of a member variable * Avoid iterating response headers while removing items * Gracefully fail when adding bad request headers - Write remaining integration tests * Use boost::iequals in PerformSendRequest * clang format * Use s_port for redirServer args * Rename TestOriginPolicy to TestOriginPolicyWithRedirect * Temporarily disabled tests - FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds - pending redirect - FullCorsRequestWithHostHeaderFails - Host request header is probematic * Use std::queue for nonSimpleNames * Finish ValidateResponse * Clean up comments * Add Test ExcludeHttpOnlyCookies * Add tests KeepNonHttpOnlyCookies, RemoveAllCookies * Address TODO comments * Always allow simple-CORS methods in preflight * Avoid auto for loop indexe sused against container .size() * Update Desktop.Test.DLL exports for ARM64 * Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails * Ignore SimpleCorsForbiddenMethodFails * Ignore SimpleCorsCrossOriginFetchFails * RequestWithProxyAuthorizationHeaderFails * Ignore SimpleCorsSameOriginSucceededs * Ignore NoCorsCrossOriginFetchRequestSucceeds * Revert "Ignore NoCorsCrossOriginFetchRequestSucceeds" This reverts commit b5445fb. * Revert "Ignore SimpleCorsSameOriginSucceededs" This reverts commit ab75c37. * Revert "RequestWithProxyAuthorizationHeaderFails" This reverts commit 70148b1. * Revert "Ignore SimpleCorsCrossOriginFetchFails" This reverts commit 982e450. * Revert "Ignore SimpleCorsForbiddenMethodFails" This reverts commit 869bda9. * Revert "Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails" This reverts commit e9e178a. * Revert "Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds" This reverts commit 6688e7d. * Skip OP integration tests * Empty commit * Use scoped_lock for runtime options * Testing signature * Have C++ Rt Option functions call ABI-safe ones * Ensure different ports for each netwk test class * Remove remaining hard-coded ports from WS tests * Use ABI-safe callback for GetRtOptString * Only insert boolean rt options when true * Use static variable for port in HttpResourceIntegrationTest * Add HttpResourceIntegrationTest::SimpleRedirectSucceeds * Move C++ Rt Optio APIs to new header CppRuntimeOptions.h * Implement internal Set/GetRuntimeOptionString * clang format * Rename Microsoft_React_* functions to MicrosoftReact* * Update nuspec
This was referenced May 21, 2022
Khalef1
pushed a commit
that referenced
this pull request
May 24, 2022
* Use shared pointer in WebSocket MessageReceived (#9293) * Set MessageReceived to self-capturing lambda * clang format * Change files * remove change file * Implement IHttpResource (#9484) * Added HttpResource skeleton * Import WINRT namespaces * Use custom struct instead of folly:dynamic in IHttpResource * Drop factory method from Beast HTTP resource * Move WinRT conversion utils into header * Move WinRT conversion utils into header * Define class WinRTHttpResource * Update HttpModule * Define IHttpResource::Response * Implement callback members * Implement AbortRequest * Implement multiple request handling * Drop client argument from PerformSendRequest * Use background thread in PerformSendRequest * Add WinRTConversions.cpp * Init resource in module * Implement test RequestGetSucceeds * Complete RequestGetSucceeds * Complete RequestGetFails * Add HttpModule to default modules * Move resume_in_queue back to WebSocket resource * Simplify WinRTConversions includes * Rename runtime option to Http.UseResourcedModule * clang format * Change files * Update x86 DLL boundary * Using SetRtOpt in InitModule * Add test RequestGetHeadersSucceeds * Allow aborting server * Use case-insensitive comparison for headers * Collect both response and content headers * Address feedback * Remove member function HttpModule::SendEvent * Remove SetOnRequest * Delete Beast HTTP resource * Catch specific exceptions where applicable * Rename Add/Remove Request to Track/Untrack Response * Use r-value references where applicable * Set runtime option Http.UseMonolithicModule * Define GetHttpModuleName and GetWebSocketModuleName * Remove WS, HTTP and Timing from Desktop test runner * Update XHRTest * Implement cxxCallback * Pass request ID to callbacks * Set default TestStatus for TestResult * Update XHR test * Format XHR test * remove change file * Implement Origin Policy filter (#9771) * Move all awaitable code into PerformSendRequest * Await coroutine methods * Remove blank lines * Simplify co_return UntrackResponse * Use dynamic body for server internal request * Defne SetOnOptions * Move url before headers in Response type * Add dummy preflight filter * Update x64 exports * Use strand for server IO context * Use HTTP message aliases * Use HTTP message aliases * Do not keep session references Allows dropping server scope in tests. * Comment out server scopes * Use DynamicRequest|Response alias * Format * Use thread vector * Drop outdated boost package validation in ReactCommon * Define experimental write strand * Drop server scope in default test * Also pass server context to sessions * Disable resource in default test * Use Beast example * Remove unused sample code * Create HttpServer as listener wrapper * Pass callbacks down to session * Strong-name response as DynamicResponse * Use DynamicRequest in handle_request * Define HandleRequest as member function * Lambda-based Respond() * #if-out original sample code * Keep count on get: ReaGetSucceeds * Implement lambda_ using std::function * Run context in io thread * Join threads in Stop method * Port send lambda to MS::R::T::HttpServer * Update other basic tests * Ensure Get+Options sequencing * Clean up comments * Use Callbacks() method * Add concurrency argument * Reduce macro usage * Fix default OPTIONS handler * Ensure number of headers * Define ResponseType * Use ResponseWrapper for polymorphism * Define remaining wrapped types (File, String) * Clean up server code * (WIP) add test PreflightSucceeds * catch hresult_error * Use ProcessRequest result in PreformSendReq * Rename test header value to Requested * Propagate orror in ProcessRequest * Rename OPReqFilter to PrototypeReqFilter * Port request filter to WinRT IHttpFilter subtype * Define allowed/forbidden methods and headers * Define MSRN::Networking::OriginPolicyHttpFilter * Move networking types into Shared\Networking folder * Refactor: Move network types to Microsoft::React::Networking * Clean up commented inline * Make OPFilter::SendAsync non const * Remove PrototypeHttpFilter * Temporarily have desk.ITs depend on CppWinRT * Define test OriginPolicyHttpFilterTest::UrlsHaveSameOrigin * Add more same origin tests * Start implementing ValidateRequest * Finish ValidateRequest() * Rename SingleOrigin to SameOrigin * Implement SendPreflightAsync * Fix OP assignment and GetOrigin rendering * Parse Access-Control-Allow-Headers * Done extracting access control values * Use request as argument of ValidatePreflightResponse * clang format * Pass RequestArgs to request properties * Pass RequestArgs to ValidateAllowOrigin * Remove prototype non-WinRT filter * Implement CorsUnsafeNotForbiddenRequestHeaderNames * Test WinRT RequestHeader case sensitivity * Fix ValidateAllowOrigin 4.10.5 * Add HttpOriginPolicyIntegrationTest * Use boost:iequals to compare method names * Add server support for CONNECT and TRACE methods * Make HttpServer port uint16_t * Prelfight only when OP is CORS. - Add test SimpleCorsSameOriginSucceededs - Add test NoCorsCrossOriginPatchSucceededs - Add test NoCorsCrossOriginFetchRequestSucceeds - Add test HTTP Server support for PATCH * Use runtime option Http.StrictScheme * Drop namespace from OriginPolicy * Remove Origin from request heders * Clean includes and usings in WinRTHttpResource.cpp * Update preflight cache issue references (#9770) * Pass origin in IHttpResource constructor * clang format * Prevent nullptr access when iterating preflight request headers * Include request content headers in preflight headers list * Send preflight to original request URL. - Change test origin URL to non-existing http://example.rnw - Have OriginPolicyHttpFilter::SendRequestAsync catch hresult_error to avoid losing info in (...) clause. * Export APIs Set/GetRuntimeOptionString - Switch to class-level static origin Uri. - Define static (global) origin Uri via runtime option "Http.GlobalOrigin". * clang format * Implement TestOriginPolicy to parameterize OP tests * Clean up non-parameterized tests * Use constant for dummy cross origin * Simplify test param constructors * Start implementing ValidateResponse * Add more tests - FullCorsCrossOriginMissingCorsHeadersFails - FullCorsCrossOriginMismatchedCorsHeaderFails * clang format * Change files * Update namespaces in MSRN solution * Move RequestArgs and ResponseType into new header * Implement ExtractAccessControlValues - Validate test result against ServerParams::Response::result * Report specific origin mismatch errors in ValidatePreflightResponse * Declare FullCorsCrossOriginCheckFailsOnPreflightRedirectFails * Add ABI-safe runtime options free functions. - Microsoft_React_SetRuntimeOptionBool - Microsoft_React_SetRuntimeOptionInt - Microsoft_React_SetRuntimeOptionString - Microsoft_React_GetRuntimeOptionBool - Microsoft_React_GetRuntimeOptionInt - Microsoft_React_GetRuntimeOptionString * Drop namespaced GetRuntimeOptionString * Use case-insensitive comparison * Drop newline from error message * Return unmanaged copy in GetRuntimeOptionString * Update FullCorsCrossOriginCheckFailsOnPreflightRedirectFails args * Disallow preflight redirect. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed * Replace winrt::get_self<D,I> with .as<D> * Drop LF from error messages * Use self-managed variable port in tests * Start writing FullCorsCorsCheckFailsOnResponseRedirectFails * Scope disabling autoredirect to preflight request only * Update TODOs with open issues * Compute originAllowed * Add test FullCorsSameOriginToSameOriginRedirectSucceeds * Test FullCorsSameOriginToCrossOriginRedirectSucceeds * Test FullCorsCrossOriginToOriginalOriginRedirectFails * Declare FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Implement OriginPolicyHttpFilter::ConstWcharComparer * Use _wcsicmp instead of boost::iequals in ConstWcharComparer * Correct SimpleCORS value search * Disable FullCorsCrossOriginWithCredentialsSucceeds for now * Rename type alias ResponseType to ResponseOperation * clang format * Handle originPolicy a request property instead of a member variable * Avoid iterating response headers while removing items * Gracefully fail when adding bad request headers - Write remaining integration tests * Use boost::iequals in PerformSendRequest * clang format * Use s_port for redirServer args * Rename TestOriginPolicy to TestOriginPolicyWithRedirect * Temporarily disabled tests - FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds - pending redirect - FullCorsRequestWithHostHeaderFails - Host request header is probematic * Use std::queue for nonSimpleNames * Finish ValidateResponse * Clean up comments * Add Test ExcludeHttpOnlyCookies * Add tests KeepNonHttpOnlyCookies, RemoveAllCookies * Address TODO comments * Always allow simple-CORS methods in preflight * Avoid auto for loop indexe sused against container .size() * Update Desktop.Test.DLL exports for ARM64 * Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails * Ignore SimpleCorsForbiddenMethodFails * Ignore SimpleCorsCrossOriginFetchFails * RequestWithProxyAuthorizationHeaderFails * Ignore SimpleCorsSameOriginSucceededs * Ignore NoCorsCrossOriginFetchRequestSucceeds * Revert "Ignore NoCorsCrossOriginFetchRequestSucceeds" This reverts commit b5445fb. * Revert "Ignore SimpleCorsSameOriginSucceededs" This reverts commit ab75c37. * Revert "RequestWithProxyAuthorizationHeaderFails" This reverts commit 70148b1. * Revert "Ignore SimpleCorsCrossOriginFetchFails" This reverts commit 982e450. * Revert "Ignore SimpleCorsForbiddenMethodFails" This reverts commit 869bda9. * Revert "Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails" This reverts commit e9e178a. * Revert "Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds" This reverts commit 6688e7d. * Skip OP integration tests * Empty commit * Use scoped_lock for runtime options * Testing signature * Have C++ Rt Option functions call ABI-safe ones * Ensure different ports for each netwk test class * Remove remaining hard-coded ports from WS tests * Use ABI-safe callback for GetRtOptString * Only insert boolean rt options when true * Use static variable for port in HttpResourceIntegrationTest * Add HttpResourceIntegrationTest::SimpleRedirectSucceeds * Move C++ Rt Optio APIs to new header CppRuntimeOptions.h * Implement internal Set/GetRuntimeOptionString * clang format * Rename Microsoft_React_* functions to MicrosoftReact* * Update nuspec * remove change file * Handle abrupt WebSocket connection interruption (#9829) * Add UnplugServer test * Handle exceptions in args.GetDataReader() * Consolidate catch clauses in MessageReceived * Change files * remove change file * Allow >10MB HTTP downloads (#9957) * Allow fetching HTTP content by segments * Change files * Restore the 10MB download chunk size * Remove usage of Content-Length * Revert segment size to 10MB * Make segmentSize and length uint32_t * Reuse response content buffer * remove change file * Implement Blob module (#9352) * Added BlobModule and IWSModuleContHandler headers * Implement Blob module * Avoid raw self pointer in BlobModule * Implement WebSocketModule msg processing * clang format * Don't return until websocketMessage event is sent * Define CreateBlobModule() * Add DEF exports * Add Blob JS tests * Add Blob JS tests * Change files * yarn lint * Add overrides * Register BlobModule in DesktopTestRunner * Keep ignoring WebSocketBlob test by default * Add BlobModule to default modules list * Allow 'blob' responseType in HTTP module * Ensure React Instance can be accessed when using older versions of react-native * Emit error message on createFromParts failure * Remove redundant extra modules in Desktop integration tests * Declare IWebSocketModuleProxy * Remove Blob and WS module factories from DLL boundary * Implement IWebSocketModuleProxy * clang format * Update packages.lock * Use winrt::array_view directly in ResolveMessage * Define InstanceImpl::m_transitionalModuleProperties * Include CreateModules.h in projects accessing MSRN.Cxx * Define WinRT class WebSocketModuleContentHandler - Have BlobModule constructor register the content handler in transitive property bag CxxNativeModule/WebSocketModuleContentHandler * Have WebSocketModule use IInspectable as props arg * Use property bag instead of global singletons for blob helpers * Store blob helpers in prop bag as weak_ptr * Replace remaining lock_guard<mutex> in BlobModule * Define IUriHandler, IReqBodyHandler, IRespHandler. * IHttpResource::SendRequest - add folly::dynamic data arg * Add data arg to test SendRequest calls * First implementation for BlobModuleUriHandler * Remove WebSocketModuleContentHandler WinRT class * Implement IBlobPersistor, MemoryBlobPersistor * clang format * Update yarn.lock * Update RctRootVieTagGen location * Implement addNetworkingHandler * Fix createFromParts buffer persistence * Drop WebSocketModule s_sharedState in favor of property bag * Disable back WebSocketBlob test * Rename iProperties to inspectableProperties * Pass ReactContext properties to CreateHttpModule in InstanceWin * Remove WebSocketModule constructor from x86 DLL boundary * yarn lint * Update packages.lock * Make transitional property bag non-member * Use blobURIScheme wherever possible * Pass request content as folly::dynaic. - Pass request ID directly from JavaScript layer. * Use constexpr for folly indexes * Implement GetMimeTypeFromUri * Finish BlobModule handler implementations. * Remove unused includes * Ensure HttpModule::m_resource is set * clang format * clang format * Allow blob responseType * Use winrt::to_hstring instead of Utf8ToUtf16 * Pass inspectableProperties down to WinRTHttpResource * Implement IHttpModuleProxy via WinRTHttpResource * Consume URI handler - IHttpResource - Rename SetOnRequest to SetOnRequestSuccess - Declare SetOnBlobData to pass complex (non-string) response data * Consume IRequestBodyHandler * Consume IResponseHandler * Ensure properties exist in bag before using value * Update packages lock * Add missing call to Modules::SendEvent * Fix Shared filters * Rename SetOnBlobData to SetOnData (different args) * Correctly retrieve blob slices * Correctly retrieve blob slices * Clang format * Update project filters * Drop BlobModuleUriHandler * Continue handling requests when not blob-supported * Add BlobTest * Update packages.lock.json * Define FileReaderModule * Implement FileReaderModule * Complete BlobTest * Make IBlobPersistor::ResolveMessage throw std::invalid_argument * Fail on Content-Encoding parsing even if no error handler * Remove MIME mappings. Currently unused * MemoryBlobPersistor::ResolveMessage throw on out of bounds * lint * Enable BlobTest by default * Disable Blob test in CI (may hang) * remove change file * Change files * clang format * Add missing boost imports * Downgrade C++/WinRT API usage * yarn lint * clang format * yarn lint * Skip RNTester Blob test * Disable BlobModule in UWP
acoates-ms
pushed a commit
that referenced
this pull request
May 26, 2022
* Implement IHttpResource (#9484) * Added HttpResource skeleton * Import WINRT namespaces * Use custom struct instead of folly:dynamic in IHttpResource * Drop factory method from Beast HTTP resource * Move WinRT conversion utils into header * Move WinRT conversion utils into header * Define class WinRTHttpResource * Update HttpModule * Define IHttpResource::Response * Implement callback members * Implement AbortRequest * Implement multiple request handling * Drop client argument from PerformSendRequest * Use background thread in PerformSendRequest * Add WinRTConversions.cpp * Init resource in module * Implement test RequestGetSucceeds * Complete RequestGetSucceeds * Complete RequestGetFails * Add HttpModule to default modules * Move resume_in_queue back to WebSocket resource * Simplify WinRTConversions includes * Rename runtime option to Http.UseResourcedModule * clang format * Change files * Update x86 DLL boundary * Using SetRtOpt in InitModule * Add test RequestGetHeadersSucceeds * Allow aborting server * Use case-insensitive comparison for headers * Collect both response and content headers * Address feedback * Remove member function HttpModule::SendEvent * Remove SetOnRequest * Delete Beast HTTP resource * Catch specific exceptions where applicable * Rename Add/Remove Request to Track/Untrack Response * Use r-value references where applicable * Set runtime option Http.UseMonolithicModule * Define GetHttpModuleName and GetWebSocketModuleName * Remove WS, HTTP and Timing from Desktop test runner * Update XHRTest * Implement cxxCallback * Pass request ID to callbacks * Set default TestStatus for TestResult * Update XHR test * Format XHR test * remove change file * Implement Origin Policy filter (#9771) * Move all awaitable code into PerformSendRequest * Await coroutine methods * Remove blank lines * Simplify co_return UntrackResponse * Use dynamic body for server internal request * Defne SetOnOptions * Move url before headers in Response type * Add dummy preflight filter * Update x64 exports * Use strand for server IO context * Use HTTP message aliases * Use HTTP message aliases * Do not keep session references Allows dropping server scope in tests. * Comment out server scopes * Use DynamicRequest|Response alias * Format * Use thread vector * Drop outdated boost package validation in ReactCommon * Define experimental write strand * Drop server scope in default test * Also pass server context to sessions * Disable resource in default test * Use Beast example * Remove unused sample code * Create HttpServer as listener wrapper * Pass callbacks down to session * Strong-name response as DynamicResponse * Use DynamicRequest in handle_request * Define HandleRequest as member function * Lambda-based Respond() * #if-out original sample code * Keep count on get: ReaGetSucceeds * Implement lambda_ using std::function * Run context in io thread * Join threads in Stop method * Port send lambda to MS::R::T::HttpServer * Update other basic tests * Ensure Get+Options sequencing * Clean up comments * Use Callbacks() method * Add concurrency argument * Reduce macro usage * Fix default OPTIONS handler * Ensure number of headers * Define ResponseType * Use ResponseWrapper for polymorphism * Define remaining wrapped types (File, String) * Clean up server code * (WIP) add test PreflightSucceeds * catch hresult_error * Use ProcessRequest result in PreformSendReq * Rename test header value to Requested * Propagate orror in ProcessRequest * Rename OPReqFilter to PrototypeReqFilter * Port request filter to WinRT IHttpFilter subtype * Define allowed/forbidden methods and headers * Define MSRN::Networking::OriginPolicyHttpFilter * Move networking types into Shared\Networking folder * Refactor: Move network types to Microsoft::React::Networking * Clean up commented inline * Make OPFilter::SendAsync non const * Remove PrototypeHttpFilter * Temporarily have desk.ITs depend on CppWinRT * Define test OriginPolicyHttpFilterTest::UrlsHaveSameOrigin * Add more same origin tests * Start implementing ValidateRequest * Finish ValidateRequest() * Rename SingleOrigin to SameOrigin * Implement SendPreflightAsync * Fix OP assignment and GetOrigin rendering * Parse Access-Control-Allow-Headers * Done extracting access control values * Use request as argument of ValidatePreflightResponse * clang format * Pass RequestArgs to request properties * Pass RequestArgs to ValidateAllowOrigin * Remove prototype non-WinRT filter * Implement CorsUnsafeNotForbiddenRequestHeaderNames * Test WinRT RequestHeader case sensitivity * Fix ValidateAllowOrigin 4.10.5 * Add HttpOriginPolicyIntegrationTest * Use boost:iequals to compare method names * Add server support for CONNECT and TRACE methods * Make HttpServer port uint16_t * Prelfight only when OP is CORS. - Add test SimpleCorsSameOriginSucceededs - Add test NoCorsCrossOriginPatchSucceededs - Add test NoCorsCrossOriginFetchRequestSucceeds - Add test HTTP Server support for PATCH * Use runtime option Http.StrictScheme * Drop namespace from OriginPolicy * Remove Origin from request heders * Clean includes and usings in WinRTHttpResource.cpp * Update preflight cache issue references (#9770) * Pass origin in IHttpResource constructor * clang format * Prevent nullptr access when iterating preflight request headers * Include request content headers in preflight headers list * Send preflight to original request URL. - Change test origin URL to non-existing http://example.rnw - Have OriginPolicyHttpFilter::SendRequestAsync catch hresult_error to avoid losing info in (...) clause. * Export APIs Set/GetRuntimeOptionString - Switch to class-level static origin Uri. - Define static (global) origin Uri via runtime option "Http.GlobalOrigin". * clang format * Implement TestOriginPolicy to parameterize OP tests * Clean up non-parameterized tests * Use constant for dummy cross origin * Simplify test param constructors * Start implementing ValidateResponse * Add more tests - FullCorsCrossOriginMissingCorsHeadersFails - FullCorsCrossOriginMismatchedCorsHeaderFails * clang format * Change files * Update namespaces in MSRN solution * Move RequestArgs and ResponseType into new header * Implement ExtractAccessControlValues - Validate test result against ServerParams::Response::result * Report specific origin mismatch errors in ValidatePreflightResponse * Declare FullCorsCrossOriginCheckFailsOnPreflightRedirectFails * Add ABI-safe runtime options free functions. - Microsoft_React_SetRuntimeOptionBool - Microsoft_React_SetRuntimeOptionInt - Microsoft_React_SetRuntimeOptionString - Microsoft_React_GetRuntimeOptionBool - Microsoft_React_GetRuntimeOptionInt - Microsoft_React_GetRuntimeOptionString * Drop namespaced GetRuntimeOptionString * Use case-insensitive comparison * Drop newline from error message * Return unmanaged copy in GetRuntimeOptionString * Update FullCorsCrossOriginCheckFailsOnPreflightRedirectFails args * Disallow preflight redirect. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed * Replace winrt::get_self<D,I> with .as<D> * Drop LF from error messages * Use self-managed variable port in tests * Start writing FullCorsCorsCheckFailsOnResponseRedirectFails * Scope disabling autoredirect to preflight request only * Update TODOs with open issues * Compute originAllowed * Add test FullCorsSameOriginToSameOriginRedirectSucceeds * Test FullCorsSameOriginToCrossOriginRedirectSucceeds * Test FullCorsCrossOriginToOriginalOriginRedirectFails * Declare FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Implement OriginPolicyHttpFilter::ConstWcharComparer * Use _wcsicmp instead of boost::iequals in ConstWcharComparer * Correct SimpleCORS value search * Disable FullCorsCrossOriginWithCredentialsSucceeds for now * Rename type alias ResponseType to ResponseOperation * clang format * Handle originPolicy a request property instead of a member variable * Avoid iterating response headers while removing items * Gracefully fail when adding bad request headers - Write remaining integration tests * Use boost::iequals in PerformSendRequest * clang format * Use s_port for redirServer args * Rename TestOriginPolicy to TestOriginPolicyWithRedirect * Temporarily disabled tests - FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds - pending redirect - FullCorsRequestWithHostHeaderFails - Host request header is probematic * Use std::queue for nonSimpleNames * Finish ValidateResponse * Clean up comments * Add Test ExcludeHttpOnlyCookies * Add tests KeepNonHttpOnlyCookies, RemoveAllCookies * Address TODO comments * Always allow simple-CORS methods in preflight * Avoid auto for loop indexe sused against container .size() * Update Desktop.Test.DLL exports for ARM64 * Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails * Ignore SimpleCorsForbiddenMethodFails * Ignore SimpleCorsCrossOriginFetchFails * RequestWithProxyAuthorizationHeaderFails * Ignore SimpleCorsSameOriginSucceededs * Ignore NoCorsCrossOriginFetchRequestSucceeds * Revert "Ignore NoCorsCrossOriginFetchRequestSucceeds" This reverts commit b5445fb. * Revert "Ignore SimpleCorsSameOriginSucceededs" This reverts commit ab75c37. * Revert "RequestWithProxyAuthorizationHeaderFails" This reverts commit 70148b1. * Revert "Ignore SimpleCorsCrossOriginFetchFails" This reverts commit 982e450. * Revert "Ignore SimpleCorsForbiddenMethodFails" This reverts commit 869bda9. * Revert "Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails" This reverts commit e9e178a. * Revert "Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds" This reverts commit 6688e7d. * Skip OP integration tests * Empty commit * Use scoped_lock for runtime options * Testing signature * Have C++ Rt Option functions call ABI-safe ones * Ensure different ports for each netwk test class * Remove remaining hard-coded ports from WS tests * Use ABI-safe callback for GetRtOptString * Only insert boolean rt options when true * Use static variable for port in HttpResourceIntegrationTest * Add HttpResourceIntegrationTest::SimpleRedirectSucceeds * Move C++ Rt Optio APIs to new header CppRuntimeOptions.h * Implement internal Set/GetRuntimeOptionString * clang format * Rename Microsoft_React_* functions to MicrosoftReact* * Update nuspec * remove change file * Handle abrupt WebSocket connection interruption (#9829) * Add UnplugServer test * Handle exceptions in args.GetDataReader() * Consolidate catch clauses in MessageReceived * Change files * remove change file * Allow >10MB HTTP downloads (#9957) * Allow fetching HTTP content by segments * Change files * Restore the 10MB download chunk size * Remove usage of Content-Length * Revert segment size to 10MB * Make segmentSize and length uint32_t * Reuse response content buffer * remove change file * Implement Blob module (#9352) * Added BlobModule and IWSModuleContHandler headers * Implement Blob module * Avoid raw self pointer in BlobModule * Implement WebSocketModule msg processing * clang format * Don't return until websocketMessage event is sent * Define CreateBlobModule() * Add DEF exports * Add Blob JS tests * Add Blob JS tests * Change files * yarn lint * Add overrides * Register BlobModule in DesktopTestRunner * Keep ignoring WebSocketBlob test by default * Add BlobModule to default modules list * Allow 'blob' responseType in HTTP module * Ensure React Instance can be accessed when using older versions of react-native * Emit error message on createFromParts failure * Remove redundant extra modules in Desktop integration tests * Declare IWebSocketModuleProxy * Remove Blob and WS module factories from DLL boundary * Implement IWebSocketModuleProxy * clang format * Update packages.lock * Use winrt::array_view directly in ResolveMessage * Define InstanceImpl::m_transitionalModuleProperties * Include CreateModules.h in projects accessing MSRN.Cxx * Define WinRT class WebSocketModuleContentHandler - Have BlobModule constructor register the content handler in transitive property bag CxxNativeModule/WebSocketModuleContentHandler * Have WebSocketModule use IInspectable as props arg * Use property bag instead of global singletons for blob helpers * Store blob helpers in prop bag as weak_ptr * Replace remaining lock_guard<mutex> in BlobModule * Define IUriHandler, IReqBodyHandler, IRespHandler. * IHttpResource::SendRequest - add folly::dynamic data arg * Add data arg to test SendRequest calls * First implementation for BlobModuleUriHandler * Remove WebSocketModuleContentHandler WinRT class * Implement IBlobPersistor, MemoryBlobPersistor * clang format * Update yarn.lock * Update RctRootVieTagGen location * Implement addNetworkingHandler * Fix createFromParts buffer persistence * Drop WebSocketModule s_sharedState in favor of property bag * Disable back WebSocketBlob test * Rename iProperties to inspectableProperties * Pass ReactContext properties to CreateHttpModule in InstanceWin * Remove WebSocketModule constructor from x86 DLL boundary * yarn lint * Update packages.lock * Make transitional property bag non-member * Use blobURIScheme wherever possible * Pass request content as folly::dynaic. - Pass request ID directly from JavaScript layer. * Use constexpr for folly indexes * Implement GetMimeTypeFromUri * Finish BlobModule handler implementations. * Remove unused includes * Ensure HttpModule::m_resource is set * clang format * clang format * Allow blob responseType * Use winrt::to_hstring instead of Utf8ToUtf16 * Pass inspectableProperties down to WinRTHttpResource * Implement IHttpModuleProxy via WinRTHttpResource * Consume URI handler - IHttpResource - Rename SetOnRequest to SetOnRequestSuccess - Declare SetOnBlobData to pass complex (non-string) response data * Consume IRequestBodyHandler * Consume IResponseHandler * Ensure properties exist in bag before using value * Update packages lock * Add missing call to Modules::SendEvent * Fix Shared filters * Rename SetOnBlobData to SetOnData (different args) * Correctly retrieve blob slices * Correctly retrieve blob slices * Clang format * Update project filters * Drop BlobModuleUriHandler * Continue handling requests when not blob-supported * Add BlobTest * Update packages.lock.json * Define FileReaderModule * Implement FileReaderModule * Complete BlobTest * Make IBlobPersistor::ResolveMessage throw std::invalid_argument * Fail on Content-Encoding parsing even if no error handler * Remove MIME mappings. Currently unused * MemoryBlobPersistor::ResolveMessage throw on out of bounds * lint * Enable BlobTest by default * Disable Blob test in CI (may hang) * remove change file * Change files * clang format * Add missing boost imports * Downgrade C++/WinRT API usage * yarn lint * clang format * yarn lint
ghost
pushed a commit
that referenced
this pull request
May 27, 2022
* cherry-pick 3634bfa * Implement Origin Policy filter (#9771) * Move all awaitable code into PerformSendRequest * Await coroutine methods * Remove blank lines * Simplify co_return UntrackResponse * Use dynamic body for server internal request * Defne SetOnOptions * Move url before headers in Response type * Add dummy preflight filter * Update x64 exports * Use strand for server IO context * Use HTTP message aliases * Use HTTP message aliases * Do not keep session references Allows dropping server scope in tests. * Comment out server scopes * Use DynamicRequest|Response alias * Format * Use thread vector * Drop outdated boost package validation in ReactCommon * Define experimental write strand * Drop server scope in default test * Also pass server context to sessions * Disable resource in default test * Use Beast example * Remove unused sample code * Create HttpServer as listener wrapper * Pass callbacks down to session * Strong-name response as DynamicResponse * Use DynamicRequest in handle_request * Define HandleRequest as member function * Lambda-based Respond() * #if-out original sample code * Keep count on get: ReaGetSucceeds * Implement lambda_ using std::function * Run context in io thread * Join threads in Stop method * Port send lambda to MS::R::T::HttpServer * Update other basic tests * Ensure Get+Options sequencing * Clean up comments * Use Callbacks() method * Add concurrency argument * Reduce macro usage * Fix default OPTIONS handler * Ensure number of headers * Define ResponseType * Use ResponseWrapper for polymorphism * Define remaining wrapped types (File, String) * Clean up server code * (WIP) add test PreflightSucceeds * catch hresult_error * Use ProcessRequest result in PreformSendReq * Rename test header value to Requested * Propagate orror in ProcessRequest * Rename OPReqFilter to PrototypeReqFilter * Port request filter to WinRT IHttpFilter subtype * Define allowed/forbidden methods and headers * Define MSRN::Networking::OriginPolicyHttpFilter * Move networking types into Shared\Networking folder * Refactor: Move network types to Microsoft::React::Networking * Clean up commented inline * Make OPFilter::SendAsync non const * Remove PrototypeHttpFilter * Temporarily have desk.ITs depend on CppWinRT * Define test OriginPolicyHttpFilterTest::UrlsHaveSameOrigin * Add more same origin tests * Start implementing ValidateRequest * Finish ValidateRequest() * Rename SingleOrigin to SameOrigin * Implement SendPreflightAsync * Fix OP assignment and GetOrigin rendering * Parse Access-Control-Allow-Headers * Done extracting access control values * Use request as argument of ValidatePreflightResponse * clang format * Pass RequestArgs to request properties * Pass RequestArgs to ValidateAllowOrigin * Remove prototype non-WinRT filter * Implement CorsUnsafeNotForbiddenRequestHeaderNames * Test WinRT RequestHeader case sensitivity * Fix ValidateAllowOrigin 4.10.5 * Add HttpOriginPolicyIntegrationTest * Use boost:iequals to compare method names * Add server support for CONNECT and TRACE methods * Make HttpServer port uint16_t * Prelfight only when OP is CORS. - Add test SimpleCorsSameOriginSucceededs - Add test NoCorsCrossOriginPatchSucceededs - Add test NoCorsCrossOriginFetchRequestSucceeds - Add test HTTP Server support for PATCH * Use runtime option Http.StrictScheme * Drop namespace from OriginPolicy * Remove Origin from request heders * Clean includes and usings in WinRTHttpResource.cpp * Update preflight cache issue references (#9770) * Pass origin in IHttpResource constructor * clang format * Prevent nullptr access when iterating preflight request headers * Include request content headers in preflight headers list * Send preflight to original request URL. - Change test origin URL to non-existing http://example.rnw - Have OriginPolicyHttpFilter::SendRequestAsync catch hresult_error to avoid losing info in (...) clause. * Export APIs Set/GetRuntimeOptionString - Switch to class-level static origin Uri. - Define static (global) origin Uri via runtime option "Http.GlobalOrigin". * clang format * Implement TestOriginPolicy to parameterize OP tests * Clean up non-parameterized tests * Use constant for dummy cross origin * Simplify test param constructors * Start implementing ValidateResponse * Add more tests - FullCorsCrossOriginMissingCorsHeadersFails - FullCorsCrossOriginMismatchedCorsHeaderFails * clang format * Change files * Update namespaces in MSRN solution * Move RequestArgs and ResponseType into new header * Implement ExtractAccessControlValues - Validate test result against ServerParams::Response::result * Report specific origin mismatch errors in ValidatePreflightResponse * Declare FullCorsCrossOriginCheckFailsOnPreflightRedirectFails * Add ABI-safe runtime options free functions. - Microsoft_React_SetRuntimeOptionBool - Microsoft_React_SetRuntimeOptionInt - Microsoft_React_SetRuntimeOptionString - Microsoft_React_GetRuntimeOptionBool - Microsoft_React_GetRuntimeOptionInt - Microsoft_React_GetRuntimeOptionString * Drop namespaced GetRuntimeOptionString * Use case-insensitive comparison * Drop newline from error message * Return unmanaged copy in GetRuntimeOptionString * Update FullCorsCrossOriginCheckFailsOnPreflightRedirectFails args * Disallow preflight redirect. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed * Replace winrt::get_self<D,I> with .as<D> * Drop LF from error messages * Use self-managed variable port in tests * Start writing FullCorsCorsCheckFailsOnResponseRedirectFails * Scope disabling autoredirect to preflight request only * Update TODOs with open issues * Compute originAllowed * Add test FullCorsSameOriginToSameOriginRedirectSucceeds * Test FullCorsSameOriginToCrossOriginRedirectSucceeds * Test FullCorsCrossOriginToOriginalOriginRedirectFails * Declare FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Implement OriginPolicyHttpFilter::ConstWcharComparer * Use _wcsicmp instead of boost::iequals in ConstWcharComparer * Correct SimpleCORS value search * Disable FullCorsCrossOriginWithCredentialsSucceeds for now * Rename type alias ResponseType to ResponseOperation * clang format * Handle originPolicy a request property instead of a member variable * Avoid iterating response headers while removing items * Gracefully fail when adding bad request headers - Write remaining integration tests * Use boost::iequals in PerformSendRequest * clang format * Use s_port for redirServer args * Rename TestOriginPolicy to TestOriginPolicyWithRedirect * Temporarily disabled tests - FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds - pending redirect - FullCorsRequestWithHostHeaderFails - Host request header is probematic * Use std::queue for nonSimpleNames * Finish ValidateResponse * Clean up comments * Add Test ExcludeHttpOnlyCookies * Add tests KeepNonHttpOnlyCookies, RemoveAllCookies * Address TODO comments * Always allow simple-CORS methods in preflight * Avoid auto for loop indexe sused against container .size() * Update Desktop.Test.DLL exports for ARM64 * Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails * Ignore SimpleCorsForbiddenMethodFails * Ignore SimpleCorsCrossOriginFetchFails * RequestWithProxyAuthorizationHeaderFails * Ignore SimpleCorsSameOriginSucceededs * Ignore NoCorsCrossOriginFetchRequestSucceeds * Revert "Ignore NoCorsCrossOriginFetchRequestSucceeds" This reverts commit b5445fb. * Revert "Ignore SimpleCorsSameOriginSucceededs" This reverts commit ab75c37. * Revert "RequestWithProxyAuthorizationHeaderFails" This reverts commit 70148b1. * Revert "Ignore SimpleCorsCrossOriginFetchFails" This reverts commit 982e450. * Revert "Ignore SimpleCorsForbiddenMethodFails" This reverts commit 869bda9. * Revert "Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails" This reverts commit e9e178a. * Revert "Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds" This reverts commit 6688e7d. * Skip OP integration tests * Empty commit * Use scoped_lock for runtime options * Testing signature * Have C++ Rt Option functions call ABI-safe ones * Ensure different ports for each netwk test class * Remove remaining hard-coded ports from WS tests * Use ABI-safe callback for GetRtOptString * Only insert boolean rt options when true * Use static variable for port in HttpResourceIntegrationTest * Add HttpResourceIntegrationTest::SimpleRedirectSucceeds * Move C++ Rt Optio APIs to new header CppRuntimeOptions.h * Implement internal Set/GetRuntimeOptionString * clang format * Rename Microsoft_React_* functions to MicrosoftReact* * Update nuspec * Remove change file * Allow >10MB HTTP downloads (#9957) * Allow fetching HTTP content by segments * Change files * Restore the 10MB download chunk size * Remove usage of Content-Length * Revert segment size to 10MB * Make segmentSize and length uint32_t * Reuse response content buffer * remove change file * Implement Blob module (#9352) * Added BlobModule and IWSModuleContHandler headers * Implement Blob module * Avoid raw self pointer in BlobModule * Implement WebSocketModule msg processing * clang format * Don't return until websocketMessage event is sent * Define CreateBlobModule() * Add DEF exports * Add Blob JS tests * Add Blob JS tests * Change files * yarn lint * Add overrides * Register BlobModule in DesktopTestRunner * Keep ignoring WebSocketBlob test by default * Add BlobModule to default modules list * Allow 'blob' responseType in HTTP module * Ensure React Instance can be accessed when using older versions of react-native * Emit error message on createFromParts failure * Remove redundant extra modules in Desktop integration tests * Declare IWebSocketModuleProxy * Remove Blob and WS module factories from DLL boundary * Implement IWebSocketModuleProxy * clang format * Update packages.lock * Use winrt::array_view directly in ResolveMessage * Define InstanceImpl::m_transitionalModuleProperties * Include CreateModules.h in projects accessing MSRN.Cxx * Define WinRT class WebSocketModuleContentHandler - Have BlobModule constructor register the content handler in transitive property bag CxxNativeModule/WebSocketModuleContentHandler * Have WebSocketModule use IInspectable as props arg * Use property bag instead of global singletons for blob helpers * Store blob helpers in prop bag as weak_ptr * Replace remaining lock_guard<mutex> in BlobModule * Define IUriHandler, IReqBodyHandler, IRespHandler. * IHttpResource::SendRequest - add folly::dynamic data arg * Add data arg to test SendRequest calls * First implementation for BlobModuleUriHandler * Remove WebSocketModuleContentHandler WinRT class * Implement IBlobPersistor, MemoryBlobPersistor * clang format * Update yarn.lock * Update RctRootVieTagGen location * Implement addNetworkingHandler * Fix createFromParts buffer persistence * Drop WebSocketModule s_sharedState in favor of property bag * Disable back WebSocketBlob test * Rename iProperties to inspectableProperties * Pass ReactContext properties to CreateHttpModule in InstanceWin * Remove WebSocketModule constructor from x86 DLL boundary * yarn lint * Update packages.lock * Make transitional property bag non-member * Use blobURIScheme wherever possible * Pass request content as folly::dynaic. - Pass request ID directly from JavaScript layer. * Use constexpr for folly indexes * Implement GetMimeTypeFromUri * Finish BlobModule handler implementations. * Remove unused includes * Ensure HttpModule::m_resource is set * clang format * clang format * Allow blob responseType * Use winrt::to_hstring instead of Utf8ToUtf16 * Pass inspectableProperties down to WinRTHttpResource * Implement IHttpModuleProxy via WinRTHttpResource * Consume URI handler - IHttpResource - Rename SetOnRequest to SetOnRequestSuccess - Declare SetOnBlobData to pass complex (non-string) response data * Consume IRequestBodyHandler * Consume IResponseHandler * Ensure properties exist in bag before using value * Update packages lock * Add missing call to Modules::SendEvent * Fix Shared filters * Rename SetOnBlobData to SetOnData (different args) * Correctly retrieve blob slices * Correctly retrieve blob slices * Clang format * Update project filters * Drop BlobModuleUriHandler * Continue handling requests when not blob-supported * Add BlobTest * Update packages.lock.json * Define FileReaderModule * Implement FileReaderModule * Complete BlobTest * Make IBlobPersistor::ResolveMessage throw std::invalid_argument * Fail on Content-Encoding parsing even if no error handler * Remove MIME mappings. Currently unused * MemoryBlobPersistor::ResolveMessage throw on out of bounds * lint * Enable BlobTest by default * Disable Blob test in CI (may hang) * remove change file * Change files * Update packages.lock * yarn format * yarn lint * yarn lint Co-authored-by: Andrew Coates <30809111+acoates-ms@users.noreply.github.com>
JunielKatarn
added a commit
to jurocha-ms/react-native-windows
that referenced
this pull request
Sep 16, 2022
* Move all awaitable code into PerformSendRequest * Await coroutine methods * Remove blank lines * Simplify co_return UntrackResponse * Use dynamic body for server internal request * Defne SetOnOptions * Move url before headers in Response type * Add dummy preflight filter * Update x64 exports * Use strand for server IO context * Use HTTP message aliases * Use HTTP message aliases * Do not keep session references Allows dropping server scope in tests. * Comment out server scopes * Use DynamicRequest|Response alias * Format * Use thread vector * Drop outdated boost package validation in ReactCommon * Define experimental write strand * Drop server scope in default test * Also pass server context to sessions * Disable resource in default test * Use Beast example * Remove unused sample code * Create HttpServer as listener wrapper * Pass callbacks down to session * Strong-name response as DynamicResponse * Use DynamicRequest in handle_request * Define HandleRequest as member function * Lambda-based Respond() * #if-out original sample code * Keep count on get: ReaGetSucceeds * Implement lambda_ using std::function * Run context in io thread * Join threads in Stop method * Port send lambda to MS::R::T::HttpServer * Update other basic tests * Ensure Get+Options sequencing * Clean up comments * Use Callbacks() method * Add concurrency argument * Reduce macro usage * Fix default OPTIONS handler * Ensure number of headers * Define ResponseType * Use ResponseWrapper for polymorphism * Define remaining wrapped types (File, String) * Clean up server code * (WIP) add test PreflightSucceeds * catch hresult_error * Use ProcessRequest result in PreformSendReq * Rename test header value to Requested * Propagate orror in ProcessRequest * Rename OPReqFilter to PrototypeReqFilter * Port request filter to WinRT IHttpFilter subtype * Define allowed/forbidden methods and headers * Define MSRN::Networking::OriginPolicyHttpFilter * Move networking types into Shared\Networking folder * Refactor: Move network types to Microsoft::React::Networking * Clean up commented inline * Make OPFilter::SendAsync non const * Remove PrototypeHttpFilter * Temporarily have desk.ITs depend on CppWinRT * Define test OriginPolicyHttpFilterTest::UrlsHaveSameOrigin * Add more same origin tests * Start implementing ValidateRequest * Finish ValidateRequest() * Rename SingleOrigin to SameOrigin * Implement SendPreflightAsync * Fix OP assignment and GetOrigin rendering * Parse Access-Control-Allow-Headers * Done extracting access control values * Use request as argument of ValidatePreflightResponse * clang format * Pass RequestArgs to request properties * Pass RequestArgs to ValidateAllowOrigin * Remove prototype non-WinRT filter * Implement CorsUnsafeNotForbiddenRequestHeaderNames * Test WinRT RequestHeader case sensitivity * Fix ValidateAllowOrigin 4.10.5 * Add HttpOriginPolicyIntegrationTest * Use boost:iequals to compare method names * Add server support for CONNECT and TRACE methods * Make HttpServer port uint16_t * Prelfight only when OP is CORS. - Add test SimpleCorsSameOriginSucceededs - Add test NoCorsCrossOriginPatchSucceededs - Add test NoCorsCrossOriginFetchRequestSucceeds - Add test HTTP Server support for PATCH * Use runtime option Http.StrictScheme * Drop namespace from OriginPolicy * Remove Origin from request heders * Clean includes and usings in WinRTHttpResource.cpp * Update preflight cache issue references (microsoft#9770) * Pass origin in IHttpResource constructor * clang format * Prevent nullptr access when iterating preflight request headers * Include request content headers in preflight headers list * Send preflight to original request URL. - Change test origin URL to non-existing http://example.rnw - Have OriginPolicyHttpFilter::SendRequestAsync catch hresult_error to avoid losing info in (...) clause. * Export APIs Set/GetRuntimeOptionString - Switch to class-level static origin Uri. - Define static (global) origin Uri via runtime option "Http.GlobalOrigin". * clang format * Implement TestOriginPolicy to parameterize OP tests * Clean up non-parameterized tests * Use constant for dummy cross origin * Simplify test param constructors * Start implementing ValidateResponse * Add more tests - FullCorsCrossOriginMissingCorsHeadersFails - FullCorsCrossOriginMismatchedCorsHeaderFails * clang format * Change files * Update namespaces in MSRN solution * Move RequestArgs and ResponseType into new header * Implement ExtractAccessControlValues - Validate test result against ServerParams::Response::result * Report specific origin mismatch errors in ValidatePreflightResponse * Declare FullCorsCrossOriginCheckFailsOnPreflightRedirectFails * Add ABI-safe runtime options free functions. - Microsoft_React_SetRuntimeOptionBool - Microsoft_React_SetRuntimeOptionInt - Microsoft_React_SetRuntimeOptionString - Microsoft_React_GetRuntimeOptionBool - Microsoft_React_GetRuntimeOptionInt - Microsoft_React_GetRuntimeOptionString * Drop namespaced GetRuntimeOptionString * Use case-insensitive comparison * Drop newline from error message * Return unmanaged copy in GetRuntimeOptionString * Update FullCorsCrossOriginCheckFailsOnPreflightRedirectFails args * Disallow preflight redirect. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed * Replace winrt::get_self<D,I> with .as<D> * Drop LF from error messages * Use self-managed variable port in tests * Start writing FullCorsCorsCheckFailsOnResponseRedirectFails * Scope disabling autoredirect to preflight request only * Update TODOs with open issues * Compute originAllowed * Add test FullCorsSameOriginToSameOriginRedirectSucceeds * Test FullCorsSameOriginToCrossOriginRedirectSucceeds * Test FullCorsCrossOriginToOriginalOriginRedirectFails * Declare FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Implement OriginPolicyHttpFilter::ConstWcharComparer * Use _wcsicmp instead of boost::iequals in ConstWcharComparer * Correct SimpleCORS value search * Disable FullCorsCrossOriginWithCredentialsSucceeds for now * Rename type alias ResponseType to ResponseOperation * clang format * Handle originPolicy a request property instead of a member variable * Avoid iterating response headers while removing items * Gracefully fail when adding bad request headers - Write remaining integration tests * Use boost::iequals in PerformSendRequest * clang format * Use s_port for redirServer args * Rename TestOriginPolicy to TestOriginPolicyWithRedirect * Temporarily disabled tests - FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds - pending redirect - FullCorsRequestWithHostHeaderFails - Host request header is probematic * Use std::queue for nonSimpleNames * Finish ValidateResponse * Clean up comments * Add Test ExcludeHttpOnlyCookies * Add tests KeepNonHttpOnlyCookies, RemoveAllCookies * Address TODO comments * Always allow simple-CORS methods in preflight * Avoid auto for loop indexe sused against container .size() * Update Desktop.Test.DLL exports for ARM64 * Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails * Ignore SimpleCorsForbiddenMethodFails * Ignore SimpleCorsCrossOriginFetchFails * RequestWithProxyAuthorizationHeaderFails * Ignore SimpleCorsSameOriginSucceededs * Ignore NoCorsCrossOriginFetchRequestSucceeds * Revert "Ignore NoCorsCrossOriginFetchRequestSucceeds" This reverts commit b5445fb. * Revert "Ignore SimpleCorsSameOriginSucceededs" This reverts commit ab75c37. * Revert "RequestWithProxyAuthorizationHeaderFails" This reverts commit 70148b1. * Revert "Ignore SimpleCorsCrossOriginFetchFails" This reverts commit 982e450. * Revert "Ignore SimpleCorsForbiddenMethodFails" This reverts commit 869bda9. * Revert "Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails" This reverts commit e9e178a. * Revert "Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds" This reverts commit 6688e7d. * Skip OP integration tests * Empty commit * Use scoped_lock for runtime options * Testing signature * Have C++ Rt Option functions call ABI-safe ones * Ensure different ports for each netwk test class * Remove remaining hard-coded ports from WS tests * Use ABI-safe callback for GetRtOptString * Only insert boolean rt options when true * Use static variable for port in HttpResourceIntegrationTest * Add HttpResourceIntegrationTest::SimpleRedirectSucceeds * Move C++ Rt Optio APIs to new header CppRuntimeOptions.h * Implement internal Set/GetRuntimeOptionString * clang format * Rename Microsoft_React_* functions to MicrosoftReact* * Update nuspec
JunielKatarn
added a commit
that referenced
this pull request
Sep 17, 2022
* Implement Origin Policy filter (#9771) * Move all awaitable code into PerformSendRequest * Await coroutine methods * Remove blank lines * Simplify co_return UntrackResponse * Use dynamic body for server internal request * Defne SetOnOptions * Move url before headers in Response type * Add dummy preflight filter * Update x64 exports * Use strand for server IO context * Use HTTP message aliases * Use HTTP message aliases * Do not keep session references Allows dropping server scope in tests. * Comment out server scopes * Use DynamicRequest|Response alias * Format * Use thread vector * Drop outdated boost package validation in ReactCommon * Define experimental write strand * Drop server scope in default test * Also pass server context to sessions * Disable resource in default test * Use Beast example * Remove unused sample code * Create HttpServer as listener wrapper * Pass callbacks down to session * Strong-name response as DynamicResponse * Use DynamicRequest in handle_request * Define HandleRequest as member function * Lambda-based Respond() * #if-out original sample code * Keep count on get: ReaGetSucceeds * Implement lambda_ using std::function * Run context in io thread * Join threads in Stop method * Port send lambda to MS::R::T::HttpServer * Update other basic tests * Ensure Get+Options sequencing * Clean up comments * Use Callbacks() method * Add concurrency argument * Reduce macro usage * Fix default OPTIONS handler * Ensure number of headers * Define ResponseType * Use ResponseWrapper for polymorphism * Define remaining wrapped types (File, String) * Clean up server code * (WIP) add test PreflightSucceeds * catch hresult_error * Use ProcessRequest result in PreformSendReq * Rename test header value to Requested * Propagate orror in ProcessRequest * Rename OPReqFilter to PrototypeReqFilter * Port request filter to WinRT IHttpFilter subtype * Define allowed/forbidden methods and headers * Define MSRN::Networking::OriginPolicyHttpFilter * Move networking types into Shared\Networking folder * Refactor: Move network types to Microsoft::React::Networking * Clean up commented inline * Make OPFilter::SendAsync non const * Remove PrototypeHttpFilter * Temporarily have desk.ITs depend on CppWinRT * Define test OriginPolicyHttpFilterTest::UrlsHaveSameOrigin * Add more same origin tests * Start implementing ValidateRequest * Finish ValidateRequest() * Rename SingleOrigin to SameOrigin * Implement SendPreflightAsync * Fix OP assignment and GetOrigin rendering * Parse Access-Control-Allow-Headers * Done extracting access control values * Use request as argument of ValidatePreflightResponse * clang format * Pass RequestArgs to request properties * Pass RequestArgs to ValidateAllowOrigin * Remove prototype non-WinRT filter * Implement CorsUnsafeNotForbiddenRequestHeaderNames * Test WinRT RequestHeader case sensitivity * Fix ValidateAllowOrigin 4.10.5 * Add HttpOriginPolicyIntegrationTest * Use boost:iequals to compare method names * Add server support for CONNECT and TRACE methods * Make HttpServer port uint16_t * Prelfight only when OP is CORS. - Add test SimpleCorsSameOriginSucceededs - Add test NoCorsCrossOriginPatchSucceededs - Add test NoCorsCrossOriginFetchRequestSucceeds - Add test HTTP Server support for PATCH * Use runtime option Http.StrictScheme * Drop namespace from OriginPolicy * Remove Origin from request heders * Clean includes and usings in WinRTHttpResource.cpp * Update preflight cache issue references (#9770) * Pass origin in IHttpResource constructor * clang format * Prevent nullptr access when iterating preflight request headers * Include request content headers in preflight headers list * Send preflight to original request URL. - Change test origin URL to non-existing http://example.rnw - Have OriginPolicyHttpFilter::SendRequestAsync catch hresult_error to avoid losing info in (...) clause. * Export APIs Set/GetRuntimeOptionString - Switch to class-level static origin Uri. - Define static (global) origin Uri via runtime option "Http.GlobalOrigin". * clang format * Implement TestOriginPolicy to parameterize OP tests * Clean up non-parameterized tests * Use constant for dummy cross origin * Simplify test param constructors * Start implementing ValidateResponse * Add more tests - FullCorsCrossOriginMissingCorsHeadersFails - FullCorsCrossOriginMismatchedCorsHeaderFails * clang format * Change files * Update namespaces in MSRN solution * Move RequestArgs and ResponseType into new header * Implement ExtractAccessControlValues - Validate test result against ServerParams::Response::result * Report specific origin mismatch errors in ValidatePreflightResponse * Declare FullCorsCrossOriginCheckFailsOnPreflightRedirectFails * Add ABI-safe runtime options free functions. - Microsoft_React_SetRuntimeOptionBool - Microsoft_React_SetRuntimeOptionInt - Microsoft_React_SetRuntimeOptionString - Microsoft_React_GetRuntimeOptionBool - Microsoft_React_GetRuntimeOptionInt - Microsoft_React_GetRuntimeOptionString * Drop namespaced GetRuntimeOptionString * Use case-insensitive comparison * Drop newline from error message * Return unmanaged copy in GetRuntimeOptionString * Update FullCorsCrossOriginCheckFailsOnPreflightRedirectFails args * Disallow preflight redirect. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed * Replace winrt::get_self<D,I> with .as<D> * Drop LF from error messages * Use self-managed variable port in tests * Start writing FullCorsCorsCheckFailsOnResponseRedirectFails * Scope disabling autoredirect to preflight request only * Update TODOs with open issues * Compute originAllowed * Add test FullCorsSameOriginToSameOriginRedirectSucceeds * Test FullCorsSameOriginToCrossOriginRedirectSucceeds * Test FullCorsCrossOriginToOriginalOriginRedirectFails * Declare FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Implement OriginPolicyHttpFilter::ConstWcharComparer * Use _wcsicmp instead of boost::iequals in ConstWcharComparer * Correct SimpleCORS value search * Disable FullCorsCrossOriginWithCredentialsSucceeds for now * Rename type alias ResponseType to ResponseOperation * clang format * Handle originPolicy a request property instead of a member variable * Avoid iterating response headers while removing items * Gracefully fail when adding bad request headers - Write remaining integration tests * Use boost::iequals in PerformSendRequest * clang format * Use s_port for redirServer args * Rename TestOriginPolicy to TestOriginPolicyWithRedirect * Temporarily disabled tests - FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds - pending redirect - FullCorsRequestWithHostHeaderFails - Host request header is probematic * Use std::queue for nonSimpleNames * Finish ValidateResponse * Clean up comments * Add Test ExcludeHttpOnlyCookies * Add tests KeepNonHttpOnlyCookies, RemoveAllCookies * Address TODO comments * Always allow simple-CORS methods in preflight * Avoid auto for loop indexe sused against container .size() * Update Desktop.Test.DLL exports for ARM64 * Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails * Ignore SimpleCorsForbiddenMethodFails * Ignore SimpleCorsCrossOriginFetchFails * RequestWithProxyAuthorizationHeaderFails * Ignore SimpleCorsSameOriginSucceededs * Ignore NoCorsCrossOriginFetchRequestSucceeds * Revert "Ignore NoCorsCrossOriginFetchRequestSucceeds" This reverts commit b5445fb. * Revert "Ignore SimpleCorsSameOriginSucceededs" This reverts commit ab75c37. * Revert "RequestWithProxyAuthorizationHeaderFails" This reverts commit 70148b1. * Revert "Ignore SimpleCorsCrossOriginFetchFails" This reverts commit 982e450. * Revert "Ignore SimpleCorsForbiddenMethodFails" This reverts commit 869bda9. * Revert "Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails" This reverts commit e9e178a. * Revert "Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds" This reverts commit 6688e7d. * Skip OP integration tests * Empty commit * Use scoped_lock for runtime options * Testing signature * Have C++ Rt Option functions call ABI-safe ones * Ensure different ports for each netwk test class * Remove remaining hard-coded ports from WS tests * Use ABI-safe callback for GetRtOptString * Only insert boolean rt options when true * Use static variable for port in HttpResourceIntegrationTest * Add HttpResourceIntegrationTest::SimpleRedirectSucceeds * Move C++ Rt Optio APIs to new header CppRuntimeOptions.h * Implement internal Set/GetRuntimeOptionString * clang format * Rename Microsoft_React_* functions to MicrosoftReact* * Update nuspec * Allow >10MB HTTP downloads (#9957) * Allow fetching HTTP content by segments * Change files * Restore the 10MB download chunk size * Remove usage of Content-Length * Revert segment size to 10MB * Make segmentSize and length uint32_t * Reuse response content buffer * Remove change files * Implement Blob module (#9352) * Added BlobModule and IWSModuleContHandler headers * Implement Blob module * Avoid raw self pointer in BlobModule * Implement WebSocketModule msg processing * clang format * Don't return until websocketMessage event is sent * Define CreateBlobModule() * Add DEF exports * Add Blob JS tests * Add Blob JS tests * Change files * yarn lint * Add overrides * Register BlobModule in DesktopTestRunner * Keep ignoring WebSocketBlob test by default * Add BlobModule to default modules list * Allow 'blob' responseType in HTTP module * Ensure React Instance can be accessed when using older versions of react-native * Emit error message on createFromParts failure * Remove redundant extra modules in Desktop integration tests * Declare IWebSocketModuleProxy * Remove Blob and WS module factories from DLL boundary * Implement IWebSocketModuleProxy * clang format * Update packages.lock * Use winrt::array_view directly in ResolveMessage * Define InstanceImpl::m_transitionalModuleProperties * Include CreateModules.h in projects accessing MSRN.Cxx * Define WinRT class WebSocketModuleContentHandler - Have BlobModule constructor register the content handler in transitive property bag CxxNativeModule/WebSocketModuleContentHandler * Have WebSocketModule use IInspectable as props arg * Use property bag instead of global singletons for blob helpers * Store blob helpers in prop bag as weak_ptr * Replace remaining lock_guard<mutex> in BlobModule * Define IUriHandler, IReqBodyHandler, IRespHandler. * IHttpResource::SendRequest - add folly::dynamic data arg * Add data arg to test SendRequest calls * First implementation for BlobModuleUriHandler * Remove WebSocketModuleContentHandler WinRT class * Implement IBlobPersistor, MemoryBlobPersistor * clang format * Update yarn.lock * Update RctRootVieTagGen location * Implement addNetworkingHandler * Fix createFromParts buffer persistence * Drop WebSocketModule s_sharedState in favor of property bag * Disable back WebSocketBlob test * Rename iProperties to inspectableProperties * Pass ReactContext properties to CreateHttpModule in InstanceWin * Remove WebSocketModule constructor from x86 DLL boundary * yarn lint * Update packages.lock * Make transitional property bag non-member * Use blobURIScheme wherever possible * Pass request content as folly::dynaic. - Pass request ID directly from JavaScript layer. * Use constexpr for folly indexes * Implement GetMimeTypeFromUri * Finish BlobModule handler implementations. * Remove unused includes * Ensure HttpModule::m_resource is set * clang format * clang format * Allow blob responseType * Use winrt::to_hstring instead of Utf8ToUtf16 * Pass inspectableProperties down to WinRTHttpResource * Implement IHttpModuleProxy via WinRTHttpResource * Consume URI handler - IHttpResource - Rename SetOnRequest to SetOnRequestSuccess - Declare SetOnBlobData to pass complex (non-string) response data * Consume IRequestBodyHandler * Consume IResponseHandler * Ensure properties exist in bag before using value * Update packages lock * Add missing call to Modules::SendEvent * Fix Shared filters * Rename SetOnBlobData to SetOnData (different args) * Correctly retrieve blob slices * Correctly retrieve blob slices * Clang format * Update project filters * Drop BlobModuleUriHandler * Continue handling requests when not blob-supported * Add BlobTest * Update packages.lock.json * Define FileReaderModule * Implement FileReaderModule * Complete BlobTest * Make IBlobPersistor::ResolveMessage throw std::invalid_argument * Fail on Content-Encoding parsing even if no error handler * Remove MIME mappings. Currently unused * MemoryBlobPersistor::ResolveMessage throw on out of bounds * lint * Enable BlobTest by default * Disable Blob test in CI (may hang) * Use logical OR to assert HTTP responseType (#10095) * update yarn.lock * Use logical OR to assert HTTP responseType * Change files * Remove change files * Implement HTTP client timeout (#10261) * Implement hard-coded timeout * Create timeout from JS args * Timeout only for values greater than 0 * Change files * Remove variable sendRequestAny * Remove unused captures * Remove change files * Use uint8_t const in IBlobPersistor.h (#10276) * Use uint8_t const in IBlobPersistor.h Some versions of clang will not compile when the array_view data for CryptographicBuffer::CreateFromByteArray is not `uint8_t const`. This change switches the callsites to use uint8_t const where needed. * Change files * Fix Blob test comparison Co-authored-by: Julio C. Rocha <julio.rocha@microsoft.com> * Remove change files * Adds missing headers for HttpRequestHeaderCollection (#10277) * Adds missing headers for HttpRequestHeaderCollection These headers are needed in case alternative PCH are used to compile (e.g., with clang BUCK). * Change files * Remove change files * Skip user agent HTTP header validation (#10279) * Skip user agent HTTP header validation In #8392, we added logic to skip HTTP header validation for `User-Agent` in the NetworkingModule. Now that NetworkingModule is being refactored, we need this change in the new implementation. This change skips user agent validation in the new networking module. * Change files * Remove change files * Implement HTTP redirection (#10534) * Define WinRTHttpResult::CreateRequest * Use request produced by CreateRequest() TODO: Have PerformSendRequest receive raw method and uri instead of HttpRequestMessage. * Exit if request is not created successfully * Enabled FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds * Single retry * Add test RedirectPatchSucceeds * Rename tests to SimpleRedirect<VERB>Succeeds * Use method and URI intead of full HTTPReqMsg in PerformSendReq * Move HttpResourceIntegrationTest into workspace * Add WinInet-based test * Get request complete variables * Define RequestContext struct * Get response content * Add synchronization logic * Refer CoreFX reference PR and version * Disable SimpleRedirectWinInetSucceeds * Define RedirectHttpFilter - Meant to be the default internal filter for WinRTHttpResource. * Use redirect filter for OP and default clients in factory * Implement RedirectHttpFilter::SendRequestAsync TODO: Deal with IDS_REQUEST_ALREADY_SENT by making CreateRequest coroutine available to both the resource and filter classes. * Expose resource as IWinRTHttpRequestFactory - Allows redir filter to access resource's request factory method. * Re-arrange resource instantiation in Make factory * Re-enable disabled Origin Policy tests * Make redir filter constructors noexcept * Attempt to implement IHttpBaseProtocolFilter * Make redir filter implement IHttpBaseProtocolFilter * Enable inheritance of IHttpBPFilter via unsetting WINRT_LEAN_AND_MEAN * Implement IHttpBPfilter based on inner filter * Add RedirHttpFilterUTs class * Fix comment * Consume mocks in MockBaseFilter * Implement mocks in ManualRedirectSucceeds * Implement manual redir test with coroutines * Complete [Manual|Automatic]RedirectSucceeds * Allow setting max redirect # in constructor - Add test TooManyRedirectsFails * Add test MaxAllowedRedirectsSucceeds * Minor requestArgs factoring * Define and consume IRedirectEventSource * Add IRedirectEventSource.idl to unit test project * Update Shared vcx filters * Partially implement OPFilter::OnRedirecting * Update Shared filters * Make OPFilter drop redirection for preflights * Allow empty string, non-null req content * Allow non-movable responses in test server (OPIntTests) * Always clear Http.OmitCredentials rt option * Update outdated comment * Removed commented code * Clean up stale/commented code * Throw E_INVALIDARG if redirect gets null request handle * Throw ERROR_HTTP_REDIRECT_FAILED on too many redirects * Remove/ignore incorrect tests * clang format * Change files * Update packages lock * Remove Redir filter constructor from DLL boundary * Drop unused libs/include dirs * Restore ut project IncludePath * Remove /*const*/ comments from HTTP mocks * Explicitly capture `constexpr` Implicit capture only available starting MSVC 14.3 * Declare redirect counts as size_t * Update packages.lock.json * Update packages lock * Replace IInspectable with WinRT IMap (request props) in CreateRequest * Make TaintedOrigin a direct request property. The `RequestArgs` struct should not hold Origin POlicy specific data. * clang format * Fix compilation of filter and resource in MSRN * Rename local variables * Fix relative include of WinRTTypes * Simplify redirect count tests * Propagate isTimeout to JS layer * Comment alternative HRESULTs for timeout * Address feedback for internal MIDL type * Update packages lock * Use std::stol to parse Content-Length * Use constexpr for default max redirects * Drop WinRT/Http/Filters header from PCH - This prevents including the header with WINRT_LEAN_AND_MEAN macro conflict. - Only DevSupportManager required it. Performance loss is negligible. * Add interface IRedirectEventSource2 * Remove IDL IRedirectEventSource * Rename IRedirectEventSource2 to IRedirectEventSource * Revert packages lock * Remove stale IDL reference * Throw on RedirectHttpFilter::AllowUI * Change files * Fix merge errors * clang format * Use global.FileReader * Remove duplicate JS override * Enable Blob module in UWP (#10187) * Update packages.lock.json * Update packages.lock.json * Add Shared project to ReactUWPTestApp solution * RNTesterApp.csproj formatting * Enable Blob module in UWP * Change files * Update packages.lock.json * Use context property bag for runtime options in MSRN * Remove unused options header * Revert ReactUWPTestApp.sln * Update packages.lock.json * Update packages.lock.json * Use namespace in monolith HTTP module property * clang format * Revert unwanted changes Co-authored-by: Eric Rozell <erozell@outlook.com>
JunielKatarn
added a commit
to jurocha-ms/react-native-windows
that referenced
this pull request
Dec 7, 2022
* Move all awaitable code into PerformSendRequest * Await coroutine methods * Remove blank lines * Simplify co_return UntrackResponse * Use dynamic body for server internal request * Defne SetOnOptions * Move url before headers in Response type * Add dummy preflight filter * Update x64 exports * Use strand for server IO context * Use HTTP message aliases * Use HTTP message aliases * Do not keep session references Allows dropping server scope in tests. * Comment out server scopes * Use DynamicRequest|Response alias * Format * Use thread vector * Drop outdated boost package validation in ReactCommon * Define experimental write strand * Drop server scope in default test * Also pass server context to sessions * Disable resource in default test * Use Beast example * Remove unused sample code * Create HttpServer as listener wrapper * Pass callbacks down to session * Strong-name response as DynamicResponse * Use DynamicRequest in handle_request * Define HandleRequest as member function * Lambda-based Respond() * #if-out original sample code * Keep count on get: ReaGetSucceeds * Implement lambda_ using std::function * Run context in io thread * Join threads in Stop method * Port send lambda to MS::R::T::HttpServer * Update other basic tests * Ensure Get+Options sequencing * Clean up comments * Use Callbacks() method * Add concurrency argument * Reduce macro usage * Fix default OPTIONS handler * Ensure number of headers * Define ResponseType * Use ResponseWrapper for polymorphism * Define remaining wrapped types (File, String) * Clean up server code * (WIP) add test PreflightSucceeds * catch hresult_error * Use ProcessRequest result in PreformSendReq * Rename test header value to Requested * Propagate orror in ProcessRequest * Rename OPReqFilter to PrototypeReqFilter * Port request filter to WinRT IHttpFilter subtype * Define allowed/forbidden methods and headers * Define MSRN::Networking::OriginPolicyHttpFilter * Move networking types into Shared\Networking folder * Refactor: Move network types to Microsoft::React::Networking * Clean up commented inline * Make OPFilter::SendAsync non const * Remove PrototypeHttpFilter * Temporarily have desk.ITs depend on CppWinRT * Define test OriginPolicyHttpFilterTest::UrlsHaveSameOrigin * Add more same origin tests * Start implementing ValidateRequest * Finish ValidateRequest() * Rename SingleOrigin to SameOrigin * Implement SendPreflightAsync * Fix OP assignment and GetOrigin rendering * Parse Access-Control-Allow-Headers * Done extracting access control values * Use request as argument of ValidatePreflightResponse * clang format * Pass RequestArgs to request properties * Pass RequestArgs to ValidateAllowOrigin * Remove prototype non-WinRT filter * Implement CorsUnsafeNotForbiddenRequestHeaderNames * Test WinRT RequestHeader case sensitivity * Fix ValidateAllowOrigin 4.10.5 * Add HttpOriginPolicyIntegrationTest * Use boost:iequals to compare method names * Add server support for CONNECT and TRACE methods * Make HttpServer port uint16_t * Prelfight only when OP is CORS. - Add test SimpleCorsSameOriginSucceededs - Add test NoCorsCrossOriginPatchSucceededs - Add test NoCorsCrossOriginFetchRequestSucceeds - Add test HTTP Server support for PATCH * Use runtime option Http.StrictScheme * Drop namespace from OriginPolicy * Remove Origin from request heders * Clean includes and usings in WinRTHttpResource.cpp * Update preflight cache issue references (microsoft#9770) * Pass origin in IHttpResource constructor * clang format * Prevent nullptr access when iterating preflight request headers * Include request content headers in preflight headers list * Send preflight to original request URL. - Change test origin URL to non-existing http://example.rnw - Have OriginPolicyHttpFilter::SendRequestAsync catch hresult_error to avoid losing info in (...) clause. * Export APIs Set/GetRuntimeOptionString - Switch to class-level static origin Uri. - Define static (global) origin Uri via runtime option "Http.GlobalOrigin". * clang format * Implement TestOriginPolicy to parameterize OP tests * Clean up non-parameterized tests * Use constant for dummy cross origin * Simplify test param constructors * Start implementing ValidateResponse * Add more tests - FullCorsCrossOriginMissingCorsHeadersFails - FullCorsCrossOriginMismatchedCorsHeaderFails * clang format * Change files * Update namespaces in MSRN solution * Move RequestArgs and ResponseType into new header * Implement ExtractAccessControlValues - Validate test result against ServerParams::Response::result * Report specific origin mismatch errors in ValidatePreflightResponse * Declare FullCorsCrossOriginCheckFailsOnPreflightRedirectFails * Add ABI-safe runtime options free functions. - Microsoft_React_SetRuntimeOptionBool - Microsoft_React_SetRuntimeOptionInt - Microsoft_React_SetRuntimeOptionString - Microsoft_React_GetRuntimeOptionBool - Microsoft_React_GetRuntimeOptionInt - Microsoft_React_GetRuntimeOptionString * Drop namespaced GetRuntimeOptionString * Use case-insensitive comparison * Drop newline from error message * Return unmanaged copy in GetRuntimeOptionString * Update FullCorsCrossOriginCheckFailsOnPreflightRedirectFails args * Disallow preflight redirect. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed * Replace winrt::get_self<D,I> with .as<D> * Drop LF from error messages * Use self-managed variable port in tests * Start writing FullCorsCorsCheckFailsOnResponseRedirectFails * Scope disabling autoredirect to preflight request only * Update TODOs with open issues * Compute originAllowed * Add test FullCorsSameOriginToSameOriginRedirectSucceeds * Test FullCorsSameOriginToCrossOriginRedirectSucceeds * Test FullCorsCrossOriginToOriginalOriginRedirectFails * Declare FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Implement OriginPolicyHttpFilter::ConstWcharComparer * Use _wcsicmp instead of boost::iequals in ConstWcharComparer * Correct SimpleCORS value search * Disable FullCorsCrossOriginWithCredentialsSucceeds for now * Rename type alias ResponseType to ResponseOperation * clang format * Handle originPolicy a request property instead of a member variable * Avoid iterating response headers while removing items * Gracefully fail when adding bad request headers - Write remaining integration tests * Use boost::iequals in PerformSendRequest * clang format * Use s_port for redirServer args * Rename TestOriginPolicy to TestOriginPolicyWithRedirect * Temporarily disabled tests - FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds - pending redirect - FullCorsRequestWithHostHeaderFails - Host request header is probematic * Use std::queue for nonSimpleNames * Finish ValidateResponse * Clean up comments * Add Test ExcludeHttpOnlyCookies * Add tests KeepNonHttpOnlyCookies, RemoveAllCookies * Address TODO comments * Always allow simple-CORS methods in preflight * Avoid auto for loop indexe sused against container .size() * Update Desktop.Test.DLL exports for ARM64 * Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails * Ignore SimpleCorsForbiddenMethodFails * Ignore SimpleCorsCrossOriginFetchFails * RequestWithProxyAuthorizationHeaderFails * Ignore SimpleCorsSameOriginSucceededs * Ignore NoCorsCrossOriginFetchRequestSucceeds * Revert "Ignore NoCorsCrossOriginFetchRequestSucceeds" This reverts commit b5445fb. * Revert "Ignore SimpleCorsSameOriginSucceededs" This reverts commit ab75c37. * Revert "RequestWithProxyAuthorizationHeaderFails" This reverts commit 70148b1. * Revert "Ignore SimpleCorsCrossOriginFetchFails" This reverts commit 982e450. * Revert "Ignore SimpleCorsForbiddenMethodFails" This reverts commit 869bda9. * Revert "Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails" This reverts commit e9e178a. * Revert "Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds" This reverts commit 6688e7d. * Skip OP integration tests * Empty commit * Use scoped_lock for runtime options * Testing signature * Have C++ Rt Option functions call ABI-safe ones * Ensure different ports for each netwk test class * Remove remaining hard-coded ports from WS tests * Use ABI-safe callback for GetRtOptString * Only insert boolean rt options when true * Use static variable for port in HttpResourceIntegrationTest * Add HttpResourceIntegrationTest::SimpleRedirectSucceeds * Move C++ Rt Optio APIs to new header CppRuntimeOptions.h * Implement internal Set/GetRuntimeOptionString * clang format * Rename Microsoft_React_* functions to MicrosoftReact* * Update nuspec
ghost
pushed a commit
that referenced
this pull request
Dec 10, 2022
* Implement Origin Policy filter (#9771) * Move all awaitable code into PerformSendRequest * Await coroutine methods * Remove blank lines * Simplify co_return UntrackResponse * Use dynamic body for server internal request * Defne SetOnOptions * Move url before headers in Response type * Add dummy preflight filter * Update x64 exports * Use strand for server IO context * Use HTTP message aliases * Use HTTP message aliases * Do not keep session references Allows dropping server scope in tests. * Comment out server scopes * Use DynamicRequest|Response alias * Format * Use thread vector * Drop outdated boost package validation in ReactCommon * Define experimental write strand * Drop server scope in default test * Also pass server context to sessions * Disable resource in default test * Use Beast example * Remove unused sample code * Create HttpServer as listener wrapper * Pass callbacks down to session * Strong-name response as DynamicResponse * Use DynamicRequest in handle_request * Define HandleRequest as member function * Lambda-based Respond() * #if-out original sample code * Keep count on get: ReaGetSucceeds * Implement lambda_ using std::function * Run context in io thread * Join threads in Stop method * Port send lambda to MS::R::T::HttpServer * Update other basic tests * Ensure Get+Options sequencing * Clean up comments * Use Callbacks() method * Add concurrency argument * Reduce macro usage * Fix default OPTIONS handler * Ensure number of headers * Define ResponseType * Use ResponseWrapper for polymorphism * Define remaining wrapped types (File, String) * Clean up server code * (WIP) add test PreflightSucceeds * catch hresult_error * Use ProcessRequest result in PreformSendReq * Rename test header value to Requested * Propagate orror in ProcessRequest * Rename OPReqFilter to PrototypeReqFilter * Port request filter to WinRT IHttpFilter subtype * Define allowed/forbidden methods and headers * Define MSRN::Networking::OriginPolicyHttpFilter * Move networking types into Shared\Networking folder * Refactor: Move network types to Microsoft::React::Networking * Clean up commented inline * Make OPFilter::SendAsync non const * Remove PrototypeHttpFilter * Temporarily have desk.ITs depend on CppWinRT * Define test OriginPolicyHttpFilterTest::UrlsHaveSameOrigin * Add more same origin tests * Start implementing ValidateRequest * Finish ValidateRequest() * Rename SingleOrigin to SameOrigin * Implement SendPreflightAsync * Fix OP assignment and GetOrigin rendering * Parse Access-Control-Allow-Headers * Done extracting access control values * Use request as argument of ValidatePreflightResponse * clang format * Pass RequestArgs to request properties * Pass RequestArgs to ValidateAllowOrigin * Remove prototype non-WinRT filter * Implement CorsUnsafeNotForbiddenRequestHeaderNames * Test WinRT RequestHeader case sensitivity * Fix ValidateAllowOrigin 4.10.5 * Add HttpOriginPolicyIntegrationTest * Use boost:iequals to compare method names * Add server support for CONNECT and TRACE methods * Make HttpServer port uint16_t * Prelfight only when OP is CORS. - Add test SimpleCorsSameOriginSucceededs - Add test NoCorsCrossOriginPatchSucceededs - Add test NoCorsCrossOriginFetchRequestSucceeds - Add test HTTP Server support for PATCH * Use runtime option Http.StrictScheme * Drop namespace from OriginPolicy * Remove Origin from request heders * Clean includes and usings in WinRTHttpResource.cpp * Update preflight cache issue references (#9770) * Pass origin in IHttpResource constructor * clang format * Prevent nullptr access when iterating preflight request headers * Include request content headers in preflight headers list * Send preflight to original request URL. - Change test origin URL to non-existing http://example.rnw - Have OriginPolicyHttpFilter::SendRequestAsync catch hresult_error to avoid losing info in (...) clause. * Export APIs Set/GetRuntimeOptionString - Switch to class-level static origin Uri. - Define static (global) origin Uri via runtime option "Http.GlobalOrigin". * clang format * Implement TestOriginPolicy to parameterize OP tests * Clean up non-parameterized tests * Use constant for dummy cross origin * Simplify test param constructors * Start implementing ValidateResponse * Add more tests - FullCorsCrossOriginMissingCorsHeadersFails - FullCorsCrossOriginMismatchedCorsHeaderFails * clang format * Change files * Update namespaces in MSRN solution * Move RequestArgs and ResponseType into new header * Implement ExtractAccessControlValues - Validate test result against ServerParams::Response::result * Report specific origin mismatch errors in ValidatePreflightResponse * Declare FullCorsCrossOriginCheckFailsOnPreflightRedirectFails * Add ABI-safe runtime options free functions. - Microsoft_React_SetRuntimeOptionBool - Microsoft_React_SetRuntimeOptionInt - Microsoft_React_SetRuntimeOptionString - Microsoft_React_GetRuntimeOptionBool - Microsoft_React_GetRuntimeOptionInt - Microsoft_React_GetRuntimeOptionString * Drop namespaced GetRuntimeOptionString * Use case-insensitive comparison * Drop newline from error message * Return unmanaged copy in GetRuntimeOptionString * Update FullCorsCrossOriginCheckFailsOnPreflightRedirectFails args * Disallow preflight redirect. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed * Replace winrt::get_self<D,I> with .as<D> * Drop LF from error messages * Use self-managed variable port in tests * Start writing FullCorsCorsCheckFailsOnResponseRedirectFails * Scope disabling autoredirect to preflight request only * Update TODOs with open issues * Compute originAllowed * Add test FullCorsSameOriginToSameOriginRedirectSucceeds * Test FullCorsSameOriginToCrossOriginRedirectSucceeds * Test FullCorsCrossOriginToOriginalOriginRedirectFails * Declare FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Implement OriginPolicyHttpFilter::ConstWcharComparer * Use _wcsicmp instead of boost::iequals in ConstWcharComparer * Correct SimpleCORS value search * Disable FullCorsCrossOriginWithCredentialsSucceeds for now * Rename type alias ResponseType to ResponseOperation * clang format * Handle originPolicy a request property instead of a member variable * Avoid iterating response headers while removing items * Gracefully fail when adding bad request headers - Write remaining integration tests * Use boost::iequals in PerformSendRequest * clang format * Use s_port for redirServer args * Rename TestOriginPolicy to TestOriginPolicyWithRedirect * Temporarily disabled tests - FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds - pending redirect - FullCorsRequestWithHostHeaderFails - Host request header is probematic * Use std::queue for nonSimpleNames * Finish ValidateResponse * Clean up comments * Add Test ExcludeHttpOnlyCookies * Add tests KeepNonHttpOnlyCookies, RemoveAllCookies * Address TODO comments * Always allow simple-CORS methods in preflight * Avoid auto for loop indexe sused against container .size() * Update Desktop.Test.DLL exports for ARM64 * Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds * Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails * Ignore SimpleCorsForbiddenMethodFails * Ignore SimpleCorsCrossOriginFetchFails * RequestWithProxyAuthorizationHeaderFails * Ignore SimpleCorsSameOriginSucceededs * Ignore NoCorsCrossOriginFetchRequestSucceeds * Revert "Ignore NoCorsCrossOriginFetchRequestSucceeds" This reverts commit b5445fb. * Revert "Ignore SimpleCorsSameOriginSucceededs" This reverts commit ab75c37. * Revert "RequestWithProxyAuthorizationHeaderFails" This reverts commit 70148b1. * Revert "Ignore SimpleCorsCrossOriginFetchFails" This reverts commit 982e450. * Revert "Ignore SimpleCorsForbiddenMethodFails" This reverts commit 869bda9. * Revert "Disable FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightFails" This reverts commit e9e178a. * Revert "Skip test FullCorsCrossOriginToAnotherCrossOriginRedirectSucceeds" This reverts commit 6688e7d. * Skip OP integration tests * Empty commit * Use scoped_lock for runtime options * Testing signature * Have C++ Rt Option functions call ABI-safe ones * Ensure different ports for each netwk test class * Remove remaining hard-coded ports from WS tests * Use ABI-safe callback for GetRtOptString * Only insert boolean rt options when true * Use static variable for port in HttpResourceIntegrationTest * Add HttpResourceIntegrationTest::SimpleRedirectSucceeds * Move C++ Rt Optio APIs to new header CppRuntimeOptions.h * Implement internal Set/GetRuntimeOptionString * clang format * Rename Microsoft_React_* functions to MicrosoftReact* * Update nuspec * Allow >10MB HTTP downloads (#9957) * Allow fetching HTTP content by segments * Change files * Restore the 10MB download chunk size * Remove usage of Content-Length * Revert segment size to 10MB * Make segmentSize and length uint32_t * Reuse response content buffer * remove change file * Implement Blob module (#9352) * Added BlobModule and IWSModuleContHandler headers * Implement Blob module * Avoid raw self pointer in BlobModule * Implement WebSocketModule msg processing * clang format * Don't return until websocketMessage event is sent * Define CreateBlobModule() * Add DEF exports * Add Blob JS tests * Add Blob JS tests * Change files * yarn lint * Add overrides * Register BlobModule in DesktopTestRunner * Keep ignoring WebSocketBlob test by default * Add BlobModule to default modules list * Allow 'blob' responseType in HTTP module * Ensure React Instance can be accessed when using older versions of react-native * Emit error message on createFromParts failure * Remove redundant extra modules in Desktop integration tests * Declare IWebSocketModuleProxy * Remove Blob and WS module factories from DLL boundary * Implement IWebSocketModuleProxy * clang format * Update packages.lock * Use winrt::array_view directly in ResolveMessage * Define InstanceImpl::m_transitionalModuleProperties * Include CreateModules.h in projects accessing MSRN.Cxx * Define WinRT class WebSocketModuleContentHandler - Have BlobModule constructor register the content handler in transitive property bag CxxNativeModule/WebSocketModuleContentHandler * Have WebSocketModule use IInspectable as props arg * Use property bag instead of global singletons for blob helpers * Store blob helpers in prop bag as weak_ptr * Replace remaining lock_guard<mutex> in BlobModule * Define IUriHandler, IReqBodyHandler, IRespHandler. * IHttpResource::SendRequest - add folly::dynamic data arg * Add data arg to test SendRequest calls * First implementation for BlobModuleUriHandler * Remove WebSocketModuleContentHandler WinRT class * Implement IBlobPersistor, MemoryBlobPersistor * clang format * Update yarn.lock * Update RctRootVieTagGen location * Implement addNetworkingHandler * Fix createFromParts buffer persistence * Drop WebSocketModule s_sharedState in favor of property bag * Disable back WebSocketBlob test * Rename iProperties to inspectableProperties * Pass ReactContext properties to CreateHttpModule in InstanceWin * Remove WebSocketModule constructor from x86 DLL boundary * yarn lint * Update packages.lock * Make transitional property bag non-member * Use blobURIScheme wherever possible * Pass request content as folly::dynaic. - Pass request ID directly from JavaScript layer. * Use constexpr for folly indexes * Implement GetMimeTypeFromUri * Finish BlobModule handler implementations. * Remove unused includes * Ensure HttpModule::m_resource is set * clang format * clang format * Allow blob responseType * Use winrt::to_hstring instead of Utf8ToUtf16 * Pass inspectableProperties down to WinRTHttpResource * Implement IHttpModuleProxy via WinRTHttpResource * Consume URI handler - IHttpResource - Rename SetOnRequest to SetOnRequestSuccess - Declare SetOnBlobData to pass complex (non-string) response data * Consume IRequestBodyHandler * Consume IResponseHandler * Ensure properties exist in bag before using value * Update packages lock * Add missing call to Modules::SendEvent * Fix Shared filters * Rename SetOnBlobData to SetOnData (different args) * Correctly retrieve blob slices * Correctly retrieve blob slices * Clang format * Update project filters * Drop BlobModuleUriHandler * Continue handling requests when not blob-supported * Add BlobTest * Update packages.lock.json * Define FileReaderModule * Implement FileReaderModule * Complete BlobTest * Make IBlobPersistor::ResolveMessage throw std::invalid_argument * Fail on Content-Encoding parsing even if no error handler * Remove MIME mappings. Currently unused * MemoryBlobPersistor::ResolveMessage throw on out of bounds * lint * Enable BlobTest by default * Disable Blob test in CI (may hang) * Remove change file * Don't autoformat in VS Code * Use logical OR to assert HTTP responseType (#10095) * update yarn.lock * Use logical OR to assert HTTP responseType * Change files * Remove change file * Implement HTTP client timeout (#10261) * Implement hard-coded timeout * Create timeout from JS args * Timeout only for values greater than 0 * Change files * Remove variable sendRequestAny * Remove unused captures * Remove change file * Use uint8_t const in IBlobPersistor.h (#10276) * Use uint8_t const in IBlobPersistor.h Some versions of clang will not compile when the array_view data for CryptographicBuffer::CreateFromByteArray is not `uint8_t const`. This change switches the callsites to use uint8_t const where needed. * Change files * Fix Blob test comparison Co-authored-by: Julio C. Rocha <julio.rocha@microsoft.com> * Remove change file * Adds missing headers for HttpRequestHeaderCollection (#10277) * Adds missing headers for HttpRequestHeaderCollection These headers are needed in case alternative PCH are used to compile (e.g., with clang BUCK). * Change files * Remove change file * Skip user agent HTTP header validation (#10279) * Skip user agent HTTP header validation In #8392, we added logic to skip HTTP header validation for `User-Agent` in the NetworkingModule. Now that NetworkingModule is being refactored, we need this change in the new implementation. This change skips user agent validation in the new networking module. * Change files * Remove change file * Implement HTTP redirection (#10534) * Define WinRTHttpResult::CreateRequest * Use request produced by CreateRequest() TODO: Have PerformSendRequest receive raw method and uri instead of HttpRequestMessage. * Exit if request is not created successfully * Enabled FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds * Single retry * Add test RedirectPatchSucceeds * Rename tests to SimpleRedirect<VERB>Succeeds * Use method and URI intead of full HTTPReqMsg in PerformSendReq * Move HttpResourceIntegrationTest into workspace * Add WinInet-based test * Get request complete variables * Define RequestContext struct * Get response content * Add synchronization logic * Refer CoreFX reference PR and version * Disable SimpleRedirectWinInetSucceeds * Define RedirectHttpFilter - Meant to be the default internal filter for WinRTHttpResource. * Use redirect filter for OP and default clients in factory * Implement RedirectHttpFilter::SendRequestAsync TODO: Deal with IDS_REQUEST_ALREADY_SENT by making CreateRequest coroutine available to both the resource and filter classes. * Expose resource as IWinRTHttpRequestFactory - Allows redir filter to access resource's request factory method. * Re-arrange resource instantiation in Make factory * Re-enable disabled Origin Policy tests * Make redir filter constructors noexcept * Attempt to implement IHttpBaseProtocolFilter * Make redir filter implement IHttpBaseProtocolFilter * Enable inheritance of IHttpBPFilter via unsetting WINRT_LEAN_AND_MEAN * Implement IHttpBPfilter based on inner filter * Add RedirHttpFilterUTs class * Fix comment * Consume mocks in MockBaseFilter * Implement mocks in ManualRedirectSucceeds * Implement manual redir test with coroutines * Complete [Manual|Automatic]RedirectSucceeds * Allow setting max redirect # in constructor - Add test TooManyRedirectsFails * Add test MaxAllowedRedirectsSucceeds * Minor requestArgs factoring * Define and consume IRedirectEventSource * Add IRedirectEventSource.idl to unit test project * Update Shared vcx filters * Partially implement OPFilter::OnRedirecting * Update Shared filters * Make OPFilter drop redirection for preflights * Allow empty string, non-null req content * Allow non-movable responses in test server (OPIntTests) * Always clear Http.OmitCredentials rt option * Update outdated comment * Removed commented code * Clean up stale/commented code * Throw E_INVALIDARG if redirect gets null request handle * Throw ERROR_HTTP_REDIRECT_FAILED on too many redirects * Remove/ignore incorrect tests * clang format * Change files * Update packages lock * Remove Redir filter constructor from DLL boundary * Drop unused libs/include dirs * Restore ut project IncludePath * Remove /*const*/ comments from HTTP mocks * Explicitly capture `constexpr` Implicit capture only available starting MSVC 14.3 * Declare redirect counts as size_t * Update packages.lock.json * Update packages lock * Replace IInspectable with WinRT IMap (request props) in CreateRequest * Make TaintedOrigin a direct request property. The `RequestArgs` struct should not hold Origin POlicy specific data. * clang format * Fix compilation of filter and resource in MSRN * Rename local variables * Fix relative include of WinRTTypes * Simplify redirect count tests * Propagate isTimeout to JS layer * Comment alternative HRESULTs for timeout * Address feedback for internal MIDL type * Update packages lock * Use std::stol to parse Content-Length * Use constexpr for default max redirects * Drop WinRT/Http/Filters header from PCH - This prevents including the header with WINRT_LEAN_AND_MEAN macro conflict. - Only DevSupportManager required it. Performance loss is negligible. * Add interface IRedirectEventSource2 * Remove IDL IRedirectEventSource * Rename IRedirectEventSource2 to IRedirectEventSource * Revert packages lock * Remove stale IDL reference * Throw on RedirectHttpFilter::AllowUI * Remove change file * Implement HTTP redirection (#10534) * Define WinRTHttpResult::CreateRequest * Use request produced by CreateRequest() TODO: Have PerformSendRequest receive raw method and uri instead of HttpRequestMessage. * Exit if request is not created successfully * Enabled FullCorsCrossOriginToAnotherCrossOriginRedirectWithPreflightSucceeds * Single retry * Add test RedirectPatchSucceeds * Rename tests to SimpleRedirect<VERB>Succeeds * Use method and URI intead of full HTTPReqMsg in PerformSendReq * Move HttpResourceIntegrationTest into workspace * Add WinInet-based test * Get request complete variables * Define RequestContext struct * Get response content * Add synchronization logic * Refer CoreFX reference PR and version * Disable SimpleRedirectWinInetSucceeds * Define RedirectHttpFilter - Meant to be the default internal filter for WinRTHttpResource. * Use redirect filter for OP and default clients in factory * Implement RedirectHttpFilter::SendRequestAsync TODO: Deal with IDS_REQUEST_ALREADY_SENT by making CreateRequest coroutine available to both the resource and filter classes. * Expose resource as IWinRTHttpRequestFactory - Allows redir filter to access resource's request factory method. * Re-arrange resource instantiation in Make factory * Re-enable disabled Origin Policy tests * Make redir filter constructors noexcept * Attempt to implement IHttpBaseProtocolFilter * Make redir filter implement IHttpBaseProtocolFilter * Enable inheritance of IHttpBPFilter via unsetting WINRT_LEAN_AND_MEAN * Implement IHttpBPfilter based on inner filter * Add RedirHttpFilterUTs class * Fix comment * Consume mocks in MockBaseFilter * Implement mocks in ManualRedirectSucceeds * Implement manual redir test with coroutines * Complete [Manual|Automatic]RedirectSucceeds * Allow setting max redirect # in constructor - Add test TooManyRedirectsFails * Add test MaxAllowedRedirectsSucceeds * Minor requestArgs factoring * Define and consume IRedirectEventSource * Add IRedirectEventSource.idl to unit test project * Update Shared vcx filters * Partially implement OPFilter::OnRedirecting * Update Shared filters * Make OPFilter drop redirection for preflights * Allow empty string, non-null req content * Allow non-movable responses in test server (OPIntTests) * Always clear Http.OmitCredentials rt option * Update outdated comment * Removed commented code * Clean up stale/commented code * Throw E_INVALIDARG if redirect gets null request handle * Throw ERROR_HTTP_REDIRECT_FAILED on too many redirects * Remove/ignore incorrect tests * clang format * Change files * Update packages lock * Remove Redir filter constructor from DLL boundary * Drop unused libs/include dirs * Restore ut project IncludePath * Remove /*const*/ comments from HTTP mocks * Explicitly capture `constexpr` Implicit capture only available starting MSVC 14.3 * Declare redirect counts as size_t * Update packages.lock.json * Update packages lock * Replace IInspectable with WinRT IMap (request props) in CreateRequest * Make TaintedOrigin a direct request property. The `RequestArgs` struct should not hold Origin POlicy specific data. * clang format * Fix compilation of filter and resource in MSRN * Rename local variables * Fix relative include of WinRTTypes * Simplify redirect count tests * Propagate isTimeout to JS layer * Comment alternative HRESULTs for timeout * Address feedback for internal MIDL type * Update packages lock * Use std::stol to parse Content-Length * Use constexpr for default max redirects * Drop WinRT/Http/Filters header from PCH - This prevents including the header with WINRT_LEAN_AND_MEAN macro conflict. - Only DevSupportManager required it. Performance loss is negligible. * Add interface IRedirectEventSource2 * Remove IDL IRedirectEventSource * Rename IRedirectEventSource2 to IRedirectEventSource * Revert packages lock * Remove stale IDL reference * Throw on RedirectHttpFilter::AllowUI * Remove change file * Allow >10MB content for blob responses (#10885) * Allow >10MB content for blob responses * Change files * clang format * Measure reader loaded bytes * Revert AutolinkedNativeModules.g.* * Remove change file * Implement HTTP incremental updates (#10933) * Declare remaining HTTP module event names * Set Progress handler * More debug data * Update AutolinkedNativeModules.g * Define IHttpResource::SetOnIncrementalData * Set up and invoke OnIncrementalData * Clean up Progress functor * Handle didReceiveNetworkDataProgress event - Define IHttpResource::SetOnDataProgress * Default segment size to 8MB * Define IHttpResource::SetOnResponseComplete - Separates request completion event from non-incremental data reception event. * Revert playground-win32 generated files * Change files * Address feedback * Added docs for IHttpResource methods * Remove change file * Remove change file * Change files * Reset fles * Set User-Agent header in Origin Policy filter (#10695) * Set User-Agent and Origin in OP filter * Fix Shared filters * Change files * Set the implicit User-Agent in RedirectHttpFilter * Remove change file * Always instantiate Blob module in UWP (#10848) * Always instantiate Blob module inUWP * Change files * Remove legacy HTTP module from DLL boundary * Remove change file * Update core native modules * Export OriginPolicy.h to NuGet package (#10615) * Export OriginPolicy.h to NuGet package * Remove comment * Change files * Remove change file * Fix RuntimeOptions for RNW Desktop (#10016) (#10031) * Fix RuntimeOptions for RNW Desktop (#10016) * Change release type to `prerelease` * Remove change file * Revert OInstance.h * Set Origin HTTP header during CORS (#10700) * Set Origin HTTP header during CORS * Change files * Remove change file * Fix formatting * Fix HttpModule.cpp * Fix OInstance * Adds header to fix clang build in FileReaderModule (#10329) * Adds header to fix clang build in FileReaderModule Adds `#include <sstream>` to fix clang compile issue for std::ostringstream. * Change files * Remove change file * Fix HTTP sever header file * Fix overrides * clang format * Revert BlobTest.js * Remove RCTNetworkingWinShared.js * Implement Form Data requests (#10797) * Implement Form Data requests * Change files * Update packages.lock * Update packages.lock * Update packages.lock * Enable XHRExample * Update packages.lock * Use actual multipart content in XHRExample * Use less-throw adapter for CreateRequest * Validate AttachMultipartHeaders * Update packages.lock * Omit headers when using the W3 Schools example * format * Use name,value aliases in header parsing * Avoid overwriting Content-Type for multipart/form-data * Throw when failing to append form data Authorization * Use non-const folly::dynamic object reference * Add HTTP test examples * Move HTTP examples into @react-native-windows * Moved HTTP examples to src/js/ * lint * Add overrides * Revert "Simplify root node lookups (#10689)" This reverts commit 39e908c. * Change files * Remove change file * yarn lint Co-authored-by: Eric Rozell <erozell@outlook.com> Co-authored-by: Vladimir Morozov <vmoroz@users.noreply.github.com>
This pull request was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Note: Work in progress but design and test strategy are set, so ready for initial review.
Adds an optional HTTP request filtering mechanism to enforce origin policies on the client-side (React Native Windows app).
Blocking #9352 due to HTTP resource refactoring.
Key files to review:
vnext/Shared/Networking/OriginPolicy.hvnext/Shared/Networking/OriginPolicyHttpFilter.hvnext/Shared/Networking/OriginPolicyHttpFilter.cppvnext/Shared/Networking/WinRTHttpResource.cppvnext/Desktop.IntegrationTests/HttpOriginPolicyIntegrationTest.cppType of Change
Why
There are consumers of RNW that requireOrigin Policy enforcement for HTTP requests.
Resolves #9537
What
react-native-win32.dll:MicrosoftReactSetRuntimeOptionString(const char*, const char*)MicrosoftReactSetRuntimeOptionBool(const char*, bool)MicrosoftReactSetRuntimeOptionInt(const char*, int32_t)MicrosoftReactGetRuntimeOptionBool(const char*) -> boolMicrosoftReactGetRuntimeOptionInt(const char*) -> int32_tMicrosoftReactGetRuntimeOptionString(const char*, (void*)(const char*, size_t, void*), void*) -> voidCppRuntimeOptions.h.These now use exported runtime option functions.
Microsoft::React::Networking::OriginPolicyenum.Http.OriginPolicy- GlobalOriginPolicyto use for all HTTP requests.Http.GlobalOrigin- Global origin URL (see https://tools.ietf.org/html/rfc6454) used to match all OP-enforced requests.Http.BlockMixedContentSimpleCorsenforce the same scheme in simple CORS requests.Http.StrictOriginCheckSimpleCorsenforce strict policy in simple CORS requests.Http.StrictSchemeallow onlyhttporhttpsschemes in requests.Http.OmitCredentialsdisregard JavaScript-provided credential passing flag. Make alwaysfalse.Microsoft::React::Networking::OriginPolicyHttpFilter.Injects origin policy preflighting and validation into
WinRTHttpResource's HTTP request, if explicitly requested via runtime options.Microsoft::React::Test::HttpServerOPTIONS,POST,PATCH,OPTIONS,CONNECT, andTRACE.Testing
Added test classes:
Microsoft::React::Test::HttpOriginPolicyIntegrationTestMicrosoft::React::Test::OriginPolicyHttpFilterTestPre-merge checklist
TODOs, etc).constexpr char[]for frequently used string constants.Microsoft Reviewers: Open in CodeFlow