react-native-windows 0.66.18 → 0.66.21

package/Shared/Networking/OriginPolicyHttpFilter.h

@@ -0,0 +1,112 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+#pragma once
+
+#include "OriginPolicy.h"
+
+// Windows API
+#include <winrt/Windows.Foundation.h>
+#include <winrt/Windows.Web.Http.Filters.h>
+#include <winrt/Windows.Web.Http.h>
+
+// Standard Library
+#include <set>
+
+namespace Microsoft::React::Networking {
+
+class OriginPolicyHttpFilter
+    : public winrt::implements<OriginPolicyHttpFilter, winrt::Windows::Web::Http::Filters::IHttpFilter> {
+ public:
+  struct ConstWcharComparer {
+    bool operator()(const wchar_t *, const wchar_t *) const;
+  };
+
+ private:
+  static std::set<const wchar_t *, ConstWcharComparer> s_forbiddenMethods;
+  static std::set<const wchar_t *, ConstWcharComparer> s_simpleCorsMethods;
+  static std::set<const wchar_t *, ConstWcharComparer> s_simpleCorsRequestHeaderNames;
+  static std::set<const wchar_t *, ConstWcharComparer> s_simpleCorsResponseHeaderNames;
+  static std::set<const wchar_t *, ConstWcharComparer> s_simpleCorsContentTypeValues;
+  static std::set<const wchar_t *, ConstWcharComparer> s_corsForbiddenRequestHeaderNames;
+  static std::set<const wchar_t *, ConstWcharComparer> s_corsForbiddenRequestHeaderNamePrefixes;
+  static std::set<const wchar_t *, ConstWcharComparer> s_cookieSettingResponseHeaders;
+
+  // NOTE: Assumes static origin through owning client/resource/module/(React) instance's lifetime.
+  static winrt::Windows::Foundation::Uri s_origin;
+
+  struct AccessControlValues {
+    winrt::hstring AllowedOrigin;
+    winrt::hstring AllowedCredentials;
+    std::set<std::wstring> AllowedHeaders;
+    std::set<std::wstring> AllowedMethods;
+    std::set<std::wstring> ExposedHeaders;
+    size_t MaxAge;
+  };
+
+  winrt::Windows::Web::Http::Filters::IHttpFilter m_innerFilter;
+
+ public:
+  static void SetStaticOrigin(std::string &&url);
+
+  static bool IsSameOrigin(
+      winrt::Windows::Foundation::Uri const &u1,
+      winrt::Windows::Foundation::Uri const &u2) noexcept;
+
+  static winrt::Windows::Foundation::Uri GetOrigin(winrt::Windows::Foundation::Uri const &uri) noexcept;
+
+  static bool IsSimpleCorsRequest(winrt::Windows::Web::Http::HttpRequestMessage const &request) noexcept;
+
+  static bool AreSafeRequestHeaders(
+      winrt::Windows::Web::Http::Headers::HttpRequestHeaderCollection const &headers) noexcept;
+
+  static std::set<const wchar_t *> CorsUnsafeNotForbiddenRequestHeaderNames(
+      winrt::Windows::Web::Http::Headers::HttpRequestHeaderCollection const &headers) noexcept;
+
+  static AccessControlValues ExtractAccessControlValues(
+      winrt::Windows::Foundation::Collections::IMap<winrt::hstring, winrt::hstring> const &headers);
+
+  static bool IsCorsSafelistedRequestHeader(winrt::hstring const &name, winrt::hstring const &value) noexcept;
+
+  static bool IsCorsUnsafeRequestHeaderByte(wchar_t c) noexcept;
+
+  // Filter out Http-Only cookies from response headers to prevent malicious code from being sent to a malicious server
+  static void RemoveHttpOnlyCookiesFromResponseHeaders(
+      winrt::Windows::Web::Http::HttpResponseMessage const &response,
+      bool removeAll);
+
+  OriginPolicyHttpFilter(winrt::Windows::Web::Http::Filters::IHttpFilter &&innerFilter);
+
+  OriginPolicyHttpFilter();
+
+  OriginPolicy ValidateRequest(winrt::Windows::Web::Http::HttpRequestMessage const &request);
+
+  void ValidatePreflightResponse(
+      winrt::Windows::Web::Http::HttpRequestMessage const &request,
+      winrt::Windows::Web::Http::HttpResponseMessage const &response) const;
+
+  void ValidateResponse(
+      winrt::Windows::Web::Http::HttpResponseMessage const &response,
+      const OriginPolicy effectivePolicy) const;
+
+  void ValidateAllowOrigin(
+      winrt::hstring const &allowedOrigin,
+      winrt::hstring const &allowCredentials,
+      winrt::Windows::Foundation::IInspectable const &iArgs) const;
+
+  winrt::Windows::Foundation::IAsyncOperationWithProgress<
+      winrt::Windows::Web::Http::HttpResponseMessage,
+      winrt::Windows::Web::Http::HttpProgress>
+  SendPreflightAsync(winrt::Windows::Web::Http::HttpRequestMessage const &request) const;
+
+#pragma region IHttpFilter
+
+  winrt::Windows::Foundation::IAsyncOperationWithProgress<
+      winrt::Windows::Web::Http::HttpResponseMessage,
+      winrt::Windows::Web::Http::HttpProgress>
+  SendRequestAsync(winrt::Windows::Web::Http::HttpRequestMessage const &request);
+
+#pragma endregion IHttpFilter
+};
+
+} // namespace Microsoft::React::Networking

package/Shared/Networking/WinRTHttpResource.cpp

@@ -0,0 +1,465 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+#include "WinRTHttpResource.h"
+
+#include <CppRuntimeOptions.h>
+#include <ReactPropertyBag.h>
+#include <Utils/CppWinrtLessExceptions.h>
+#include <Utils/WinRTConversions.h>
+#include <utilities.h>
+#include "OriginPolicyHttpFilter.h"
+
+// Boost Libraries
+#include <boost/algorithm/string.hpp>
+
+// Windows API
+#include <winrt/Windows.Security.Cryptography.h>
+#include <winrt/Windows.Storage.Streams.h>
+#include <winrt/Windows.Web.Http.Headers.h>
+
+using folly::dynamic;
+
+using std::function;
+using std::scoped_lock;
+using std::shared_ptr;
+using std::string;
+using std::vector;
+using std::weak_ptr;
+
+using winrt::fire_and_forget;
+using winrt::hresult_error;
+using winrt::to_hstring;
+using winrt::to_string;
+using winrt::Windows::Foundation::IInspectable;
+using winrt::Windows::Foundation::Uri;
+using winrt::Windows::Security::Cryptography::CryptographicBuffer;
+using winrt::Windows::Storage::StorageFile;
+using winrt::Windows::Storage::Streams::DataReader;
+using winrt::Windows::Storage::Streams::UnicodeEncoding;
+using winrt::Windows::Web::Http::HttpBufferContent;
+using winrt::Windows::Web::Http::HttpMethod;
+using winrt::Windows::Web::Http::HttpRequestMessage;
+using winrt::Windows::Web::Http::HttpStreamContent;
+using winrt::Windows::Web::Http::HttpStringContent;
+using winrt::Windows::Web::Http::IHttpClient;
+using winrt::Windows::Web::Http::IHttpContent;
+using winrt::Windows::Web::Http::Headers::HttpMediaTypeHeaderValue;
+
+namespace Microsoft::React::Networking {
+
+#pragma region WinRTHttpResource
+
+WinRTHttpResource::WinRTHttpResource(IHttpClient &&client) noexcept : m_client{std::move(client)} {}
+
+WinRTHttpResource::WinRTHttpResource() noexcept : WinRTHttpResource(winrt::Windows::Web::Http::HttpClient{}) {}
+
+#pragma region IHttpResource
+
+void WinRTHttpResource::SendRequest(
+    string &&method,
+    string &&url,
+    int64_t requestId,
+    Headers &&headers,
+    dynamic &&data,
+    string &&responseType,
+    bool useIncrementalUpdates,
+    int64_t timeout,
+    bool withCredentials,
+    std::function<void(int64_t)> &&callback) noexcept /*override*/ {
+  // Enforce supported args
+  assert(responseType == "text" || responseType == "base64" | responseType == "blob");
+
+  if (callback) {
+    callback(requestId);
+  }
+
+  try {
+    HttpMethod httpMethod{to_hstring(std::move(method))};
+    Uri uri{to_hstring(std::move(url))};
+    HttpRequestMessage request{httpMethod, uri};
+
+    auto args = winrt::make<RequestArgs>();
+    auto concreteArgs = args.as<RequestArgs>();
+    concreteArgs->RequestId = requestId;
+    concreteArgs->Headers = std::move(headers);
+    concreteArgs->Data = std::move(data);
+    concreteArgs->IncrementalUpdates = useIncrementalUpdates;
+    concreteArgs->WithCredentials = withCredentials;
+    concreteArgs->ResponseType = std::move(responseType);
+    concreteArgs->Timeout = timeout;
+
+    PerformSendRequest(std::move(request), args);
+  } catch (std::exception const &e) {
+    if (m_onError) {
+      m_onError(requestId, e.what());
+    }
+  } catch (hresult_error const &e) {
+    if (m_onError) {
+      m_onError(requestId, Utilities::HResultToString(e));
+    }
+  } catch (...) {
+    m_onError(requestId, "Unidentified error sending HTTP request");
+  }
+}
+
+void WinRTHttpResource::AbortRequest(int64_t requestId) noexcept /*override*/ {
+  ResponseOperation request{nullptr};
+
+  {
+    scoped_lock lock{m_mutex};
+    auto iter = m_responses.find(requestId);
+    if (iter == std::end(m_responses)) {
+      return;
+    }
+    request = iter->second;
+  }
+
+  try {
+    request.Cancel();
+  } catch (hresult_error const &e) {
+    m_onError(requestId, Utilities::HResultToString(e));
+  }
+}
+
+void WinRTHttpResource::ClearCookies() noexcept /*override*/ {
+  assert(false);
+  // NOT IMPLEMENTED
+}
+
+void WinRTHttpResource::SetOnRequestSuccess(function<void(int64_t requestId)> &&handler) noexcept /*override*/ {
+  m_onRequestSuccess = std::move(handler);
+}
+
+void WinRTHttpResource::SetOnResponse(function<void(int64_t requestId, Response &&response)> &&handler) noexcept
+/*override*/ {
+  m_onResponse = std::move(handler);
+}
+
+void WinRTHttpResource::SetOnData(function<void(int64_t requestId, string &&responseData)> &&handler) noexcept
+/*override*/ {
+  m_onData = std::move(handler);
+}
+
+void WinRTHttpResource::SetOnData(function<void(int64_t requestId, dynamic &&responseData)> &&handler) noexcept
+/*override*/
+{
+  m_onDataDynamic = std::move(handler);
+}
+
+void WinRTHttpResource::SetOnError(function<void(int64_t requestId, string &&errorMessage)> &&handler) noexcept
+/*override*/ {
+  m_onError = std::move(handler);
+}
+
+#pragma endregion IHttpResource
+
+void WinRTHttpResource::TrackResponse(int64_t requestId, ResponseOperation response) noexcept {
+  scoped_lock lock{m_mutex};
+  m_responses[requestId] = response;
+}
+
+void WinRTHttpResource::UntrackResponse(int64_t requestId) noexcept {
+  scoped_lock lock{m_mutex};
+  m_responses.erase(requestId);
+}
+
+fire_and_forget WinRTHttpResource::PerformSendRequest(HttpRequestMessage &&request, IInspectable const &args) noexcept {
+  // Keep references after coroutine suspension.
+  auto self = shared_from_this();
+  auto coRequest = std::move(request);
+  auto coArgs = args;
+  auto coReqArgs = coArgs.as<RequestArgs>();
+
+  // Ensure background thread
+  co_await winrt::resume_background();
+
+  // If URI handler is available, it takes over request processing.
+  if (auto uriHandler = self->m_uriHandler.lock()) {
+    auto uri = winrt::to_string(coRequest.RequestUri().ToString());
+    try {
+      if (uriHandler->Supports(uri, coReqArgs->ResponseType)) {
+        auto blob = uriHandler->Fetch(uri);
+        if (self->m_onDataDynamic && self->m_onRequestSuccess) {
+          self->m_onDataDynamic(coReqArgs->RequestId, std::move(blob));
+          self->m_onRequestSuccess(coReqArgs->RequestId);
+        }
+
+        co_return;
+      }
+    } catch (const hresult_error &e) {
+      if (self->m_onError)
+        co_return self->m_onError(coReqArgs->RequestId, Utilities::HResultToString(e));
+    } catch (const std::exception &e) {
+      if (self->m_onError)
+        co_return self->m_onError(coReqArgs->RequestId, e.what());
+    }
+  }
+
+  HttpMediaTypeHeaderValue contentType{nullptr};
+  string contentEncoding;
+  string contentLength;
+
+  // Headers are generally case-insensitive
+  // https://www.ietf.org/rfc/rfc2616.txt section 4.2
+  for (auto &header : coReqArgs->Headers) {
+    if (boost::iequals(header.first.c_str(), "Content-Type")) {
+      bool success = HttpMediaTypeHeaderValue::TryParse(to_hstring(header.second), contentType);
+      if (!success && m_onError) {
+        co_return m_onError(coReqArgs->RequestId, "Failed to parse Content-Type");
+      }
+    } else if (boost::iequals(header.first.c_str(), "Content-Encoding")) {
+      contentEncoding = header.second;
+    } else if (boost::iequals(header.first.c_str(), "Content-Length")) {
+      contentLength = header.second;
+    } else if (boost::iequals(header.first.c_str(), "Authorization")) {
+      bool success =
+          coRequest.Headers().TryAppendWithoutValidation(to_hstring(header.first), to_hstring(header.second));
+      if (!success && m_onError) {
+        co_return m_onError(coReqArgs->RequestId, "Failed to append Authorization");
+      }
+    } else {
+      try {
+        coRequest.Headers().Append(to_hstring(header.first), to_hstring(header.second));
+      } catch (hresult_error const &e) {
+        if (self->m_onError) {
+          co_return self->m_onError(coReqArgs->RequestId, Utilities::HResultToString(e));
+        }
+      }
+    }
+  }
+
+  IHttpContent content{nullptr};
+  auto &data = coReqArgs->Data;
+  if (!data.isNull()) {
+    auto bodyHandler = self->m_requestBodyHandler.lock();
+    if (bodyHandler && bodyHandler->Supports(data)) {
+      auto contentTypeString = contentType ? winrt::to_string(contentType.ToString()) : "";
+      dynamic blob;
+      try {
+        blob = bodyHandler->ToRequestBody(data, contentTypeString);
+      } catch (const std::invalid_argument &e) {
+        if (self->m_onError) {
+          self->m_onError(coReqArgs->RequestId, e.what());
+        }
+        co_return;
+      }
+      auto bytes = blob["bytes"];
+      auto byteVector = vector<uint8_t>(bytes.size());
+      for (auto &byte : bytes) {
+        byteVector.push_back(static_cast<uint8_t>(byte.asInt()));
+      }
+      auto view = winrt::array_view<uint8_t>{byteVector};
+      auto buffer = CryptographicBuffer::CreateFromByteArray(view);
+      content = HttpBufferContent{std::move(buffer)};
+    } else if (!data["string"].empty()) {
+      content = HttpStringContent{to_hstring(data["string"].asString())};
+    } else if (!data["base64"].empty()) {
+      auto buffer = CryptographicBuffer::DecodeFromBase64String(to_hstring(data["base64"].asString()));
+      content = HttpBufferContent{std::move(buffer)};
+    } else if (!data["uri"].empty()) {
+      auto file = co_await StorageFile::GetFileFromApplicationUriAsync(Uri{to_hstring(data["uri"].asString())});
+      auto stream = co_await file.OpenReadAsync();
+      content = HttpStreamContent{std::move(stream)};
+    } else if (!data["form"].empty()) {
+      // #9535 - HTTP form data support
+      // winrt::Windows::Web::Http::HttpMultipartFormDataContent()
+    } else {
+      // Assume empty request body.
+      // content = HttpStringContent{L""};
+    }
+  }
+
+  if (content != nullptr) {
+    // Attach content headers
+    if (contentType) {
+      content.Headers().ContentType(contentType);
+    }
+    if (!contentEncoding.empty()) {
+      if (!content.Headers().ContentEncoding().TryParseAdd(to_hstring(contentEncoding))) {
+        if (self->m_onError)
+          self->m_onError(coReqArgs->RequestId, "Failed to parse Content-Encoding");
+
+        co_return;
+      }
+    }
+
+    if (!contentLength.empty()) {
+      const auto contentLengthHeader = _atoi64(contentLength.c_str());
+      content.Headers().ContentLength(contentLengthHeader);
+    }
+
+    coRequest.Content(content);
+  }
+
+  try {
+    coRequest.Properties().Insert(L"RequestArgs", coArgs);
+    auto sendRequestOp = self->m_client.SendRequestAsync(coRequest);
+    self->TrackResponse(coReqArgs->RequestId, sendRequestOp);
+
+    co_await lessthrow_await_adapter<ResponseOperation>{sendRequestOp};
+    auto result = sendRequestOp.ErrorCode();
+    if (result < 0) {
+      if (self->m_onError) {
+        self->m_onError(coReqArgs->RequestId, Utilities::HResultToString(std::move(result)));
+      }
+      co_return self->UntrackResponse(coReqArgs->RequestId);
+    }
+
+    auto response = sendRequestOp.GetResults();
+    if (response) {
+      if (self->m_onResponse) {
+        auto url = to_string(response.RequestMessage().RequestUri().AbsoluteUri());
+
+        // Gather headers for both the response content and the response itself
+        // See Invoke-WebRequest PowerShell cmdlet or Chromium response handling
+        Headers responseHeaders;
+        for (auto header : response.Headers()) {
+          responseHeaders.emplace(to_string(header.Key()), to_string(header.Value()));
+        }
+        for (auto header : response.Content().Headers()) {
+          responseHeaders.emplace(to_string(header.Key()), to_string(header.Value()));
+        }
+
+        self->m_onResponse(
+            coReqArgs->RequestId,
+            {static_cast<int32_t>(response.StatusCode()), std::move(url), std::move(responseHeaders)});
+      }
+    }
+
+    // #9534 - Support HTTP incremental updates
+    if (response && response.Content()) {
+      auto inputStream = co_await response.Content().ReadAsInputStreamAsync();
+      auto reader = DataReader{inputStream};
+
+      // #9510 - 10mb limit on fetch
+      co_await reader.LoadAsync(10 * 1024 * 1024);
+
+      // Let response handler take over, if set
+      if (auto responseHandler = self->m_responseHandler.lock()) {
+        if (responseHandler->Supports(coReqArgs->ResponseType)) {
+          auto bytes = vector<uint8_t>(reader.UnconsumedBufferLength());
+          reader.ReadBytes(bytes);
+          auto blob = responseHandler->ToResponseData(std::move(bytes));
+
+          if (self->m_onDataDynamic && self->m_onRequestSuccess) {
+            self->m_onDataDynamic(coReqArgs->RequestId, std::move(blob));
+            self->m_onRequestSuccess(coReqArgs->RequestId);
+          }
+
+          co_return;
+        }
+      }
+
+      auto isText = coReqArgs->ResponseType == "text";
+      if (isText) {
+        reader.UnicodeEncoding(UnicodeEncoding::Utf8);
+      }
+
+      // #9510 - We currently accumulate all incoming request data in 10MB chunks.
+      uint32_t segmentSize = 10 * 1024 * 1024;
+      string responseData;
+      winrt::Windows::Storage::Streams::IBuffer buffer;
+      uint32_t length;
+      do {
+        co_await reader.LoadAsync(segmentSize);
+        length = reader.UnconsumedBufferLength();
+
+        if (isText) {
+          auto data = std::vector<uint8_t>(length);
+          reader.ReadBytes(data);
+
+          responseData += string(Common::Utilities::CheckedReinterpretCast<char *>(data.data()), data.size());
+        } else {
+          buffer = reader.ReadBuffer(length);
+          auto data = CryptographicBuffer::EncodeToBase64String(buffer);
+
+          responseData += to_string(std::wstring_view(data));
+        }
+      } while (length > 0);
+
+      if (self->m_onData) {
+        self->m_onData(coReqArgs->RequestId, std::move(responseData));
+      }
+    } else {
+      if (self->m_onError) {
+        self->m_onError(coReqArgs->RequestId, response == nullptr ? "request failed" : "No response content");
+      }
+    }
+  } catch (std::exception const &e) {
+    if (self->m_onError) {
+      self->m_onError(coReqArgs->RequestId, e.what());
+    }
+  } catch (hresult_error const &e) {
+    if (self->m_onError) {
+      self->m_onError(coReqArgs->RequestId, Utilities::HResultToString(e));
+    }
+  } catch (...) {
+    if (self->m_onError) {
+      self->m_onError(coReqArgs->RequestId, "Unhandled exception during request");
+    }
+  }
+
+  self->UntrackResponse(coReqArgs->RequestId);
+} // PerformSendRequest
+
+#pragma region IHttpModuleProxy
+
+void WinRTHttpResource::AddUriHandler(shared_ptr<IUriHandler> /*uriHandler*/) noexcept /*override*/
+{
+  // TODO: Implement custom URI handling.
+}
+
+void WinRTHttpResource::AddRequestBodyHandler(shared_ptr<IRequestBodyHandler> requestBodyHandler) noexcept /*override*/
+{
+  m_requestBodyHandler = weak_ptr<IRequestBodyHandler>(requestBodyHandler);
+}
+
+void WinRTHttpResource::AddResponseHandler(shared_ptr<IResponseHandler> responseHandler) noexcept /*override*/
+{
+  m_responseHandler = weak_ptr<IResponseHandler>(responseHandler);
+}
+
+#pragma endregion IHttpModuleProxy
+
+#pragma endregion WinRTHttpResource
+
+#pragma region IHttpResource
+
+/*static*/ shared_ptr<IHttpResource> IHttpResource::Make(
+    winrt::Windows::Foundation::IInspectable const &inspectableProperties) noexcept {
+  using namespace winrt::Microsoft::ReactNative;
+  using winrt::Windows::Web::Http::HttpClient;
+
+  shared_ptr<WinRTHttpResource> result;
+
+  if (static_cast<OriginPolicy>(GetRuntimeOptionInt("Http.OriginPolicy")) == OriginPolicy::None) {
+    result = std::make_shared<WinRTHttpResource>();
+  } else {
+    auto globalOrigin = GetRuntimeOptionString("Http.GlobalOrigin");
+    OriginPolicyHttpFilter::SetStaticOrigin(std::move(globalOrigin));
+    auto opFilter = winrt::make<OriginPolicyHttpFilter>();
+    auto client = HttpClient{opFilter};
+
+    result = std::make_shared<WinRTHttpResource>(std::move(client));
+  }
+
+  // Register resource as HTTP module proxy.
+  if (inspectableProperties) {
+    auto propId = ReactPropertyId<ReactNonAbiValue<weak_ptr<IHttpModuleProxy>>>{L"HttpModule.Proxy"};
+    auto propBag = ReactPropertyBag{inspectableProperties.try_as<IReactPropertyBag>()};
+    auto moduleProxy = weak_ptr<IHttpModuleProxy>{result};
+    propBag.Set(propId, std::move(moduleProxy));
+  }
+
+  return result;
+}
+
+/*static*/ shared_ptr<IHttpResource> IHttpResource::Make() noexcept {
+  auto inspectableProperties = IInspectable{nullptr};
+  return Make(inspectableProperties);
+}
+
+#pragma endregion IHttpResource
+
+} // namespace Microsoft::React::Networking

package/Shared/{WinRTHttpResource.h → Networking/WinRTHttpResource.h}

@@ -3,7 +3,10 @@
 
 #pragma once
 
-#include <IHttpResource.h>
+#include "IHttpResource.h"
+
+#include <Modules/IHttpModuleProxy.h>
+#include "WinRTTypes.h"
 
 // Windows API
 #include <winrt/Windows.Web.Http.h>
@@ -11,33 +14,33 @@
 // Standard Library
 #include <mutex>
 
-namespace Microsoft::React {
-
-class WinRTHttpResource : public IHttpResource, public std::enable_shared_from_this<WinRTHttpResource> {
-  typedef winrt::Windows::Foundation::IAsyncOperationWithProgress<
-      winrt::Windows::Web::Http::HttpResponseMessage,
-      winrt::Windows::Web::Http::HttpProgress>
-      ResponseType;
-
-  static int64_t s_lastRequestId;
+namespace Microsoft::React::Networking {
 
+class WinRTHttpResource : public IHttpResource,
+                          public IHttpModuleProxy,
+                          public std::enable_shared_from_this<WinRTHttpResource> {
   winrt::Windows::Web::Http::IHttpClient m_client;
   std::mutex m_mutex;
-  std::unordered_map<int64_t, ResponseType> m_responses;
+  std::unordered_map<int64_t, ResponseOperation> m_responses;
 
-  std::function<void(int64_t requestId)> m_onRequest;
+  std::function<void(int64_t requestId)> m_onRequestSuccess;
   std::function<void(int64_t requestId, Response &&response)> m_onResponse;
   std::function<void(int64_t requestId, std::string &&responseData)> m_onData;
+  std::function<void(int64_t requestId, folly::dynamic &&responseData)> m_onDataDynamic;
   std::function<void(int64_t requestId, std::string &&errorMessage /*, bool isTimeout*/)> m_onError;
 
-  void TrackResponse(int64_t requestId, ResponseType response) noexcept;
+  // Used for IHttpModuleProxy
+  std::weak_ptr<IUriHandler> m_uriHandler;
+  std::weak_ptr<IRequestBodyHandler> m_requestBodyHandler;
+  std::weak_ptr<IResponseHandler> m_responseHandler;
+
+  void TrackResponse(int64_t requestId, ResponseOperation response) noexcept;
 
   void UntrackResponse(int64_t requestId) noexcept;
 
   winrt::fire_and_forget PerformSendRequest(
-      int64_t requestId,
       winrt::Windows::Web::Http::HttpRequestMessage &&request,
-      bool textResponse) noexcept;
+      winrt::Windows::Foundation::IInspectable const &args) noexcept;
 
  public:
   WinRTHttpResource() noexcept;
@@ -49,8 +52,9 @@ class WinRTHttpResource : public IHttpResource, public std::enable_shared_from_t
   void SendRequest(
       std::string &&method,
       std::string &&url,
+      int64_t requestId,
       Headers &&headers,
-      BodyData &&bodyData,
+      folly::dynamic &&data,
       std::string &&responseType,
       bool useIncrementalUpdates,
       int64_t timeout,
@@ -59,13 +63,24 @@ class WinRTHttpResource : public IHttpResource, public std::enable_shared_from_t
   void AbortRequest(int64_t requestId) noexcept override;
   void ClearCookies() noexcept override;
 
-#pragma endregion IHttpResource
-
-  void SetOnRequest(std::function<void(int64_t requestId)> &&handler) noexcept override;
+  void SetOnRequestSuccess(std::function<void(int64_t requestId)> &&handler) noexcept override;
   void SetOnResponse(std::function<void(int64_t requestId, Response &&response)> &&handler) noexcept override;
   void SetOnData(std::function<void(int64_t requestId, std::string &&responseData)> &&handler) noexcept override;
+  void SetOnData(std::function<void(int64_t requestId, folly::dynamic &&responseData)> &&handler) noexcept override;
   void SetOnError(std::function<void(int64_t requestId, std::string &&errorMessage /*, bool isTimeout*/)>
                       &&handler) noexcept override;
+
+#pragma endregion IHttpResource
+
+#pragma region IHttpModuleProxy
+
+  void AddUriHandler(std::shared_ptr<IUriHandler> uriHandler) noexcept override;
+
+  void AddRequestBodyHandler(std::shared_ptr<IRequestBodyHandler> requestBodyHandler) noexcept override;
+
+  void AddResponseHandler(std::shared_ptr<IResponseHandler> responseHandler) noexcept override;
+
+#pragma endregion IHttpModuleProxy
 };
 
-} // namespace Microsoft::React
+} // namespace Microsoft::React::Networking