react-native-windows 0.70.0-preview.2 → 0.70.1

package/Microsoft.ReactNative.Cxx/JSI/LongLivedJsiValue.h

@@ -0,0 +1,84 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+#pragma once
+#ifndef MICROSOFT_REACTNATIVE_JSI_LONGLIVEDJSIVALUE_
+#define MICROSOFT_REACTNATIVE_JSI_LONGLIVEDJSIVALUE_
+
+#include <ReactCommon/LongLivedObject.h>
+#include <jsi/jsi.h>
+
+namespace winrt::Microsoft::ReactNative {
+
+// Wrap up JSI Runtime into a LongLivedObject
+struct LongLivedJsiRuntime : facebook::react::LongLivedObject {
+  static std::weak_ptr<LongLivedJsiRuntime> CreateWeak(
+      std::shared_ptr<facebook::react::LongLivedObjectCollection> const &longLivedObjectCollection,
+      facebook::jsi::Runtime &runtime) noexcept {
+    auto value = std::shared_ptr<LongLivedJsiRuntime>(new LongLivedJsiRuntime(longLivedObjectCollection, runtime));
+    longLivedObjectCollection->add(value);
+    return value;
+  }
+
+  facebook::jsi::Runtime &Runtime() {
+    return runtime_;
+  }
+
+ public: // LongLivedObject overrides
+  void allowRelease() override {
+    if (auto longLivedObjectCollection = longLivedObjectCollection_.lock()) {
+      if (longLivedObjectCollection != nullptr) {
+        longLivedObjectCollection->remove(this);
+        return;
+      }
+    }
+    LongLivedObject::allowRelease();
+  }
+
+ protected:
+  LongLivedJsiRuntime(
+      std::shared_ptr<facebook::react::LongLivedObjectCollection> const &longLivedObjectCollection,
+      facebook::jsi::Runtime &runtime)
+      : longLivedObjectCollection_(longLivedObjectCollection), runtime_(runtime) {}
+
+  LongLivedJsiRuntime(LongLivedJsiRuntime const &) = delete;
+
+ private:
+  // Use a weak reference to the collection to avoid reference loops
+  std::weak_ptr<facebook::react::LongLivedObjectCollection> longLivedObjectCollection_;
+  facebook::jsi::Runtime &runtime_;
+};
+
+// Wrap up a JSI Value into a LongLivedObject.
+template <typename TValue>
+struct LongLivedJsiValue : LongLivedJsiRuntime {
+  static std::weak_ptr<LongLivedJsiValue<TValue>> CreateWeak(
+      std::shared_ptr<facebook::react::LongLivedObjectCollection> const &longLivedObjectCollection,
+      facebook::jsi::Runtime &runtime,
+      TValue &&value) noexcept {
+    auto valueWrapper = std::shared_ptr<LongLivedJsiValue<TValue>>(
+        new LongLivedJsiValue<TValue>(longLivedObjectCollection, runtime, std::forward<TValue>(value)));
+    longLivedObjectCollection->add(valueWrapper);
+    return valueWrapper;
+  }
+
+  TValue &Value() {
+    return value_;
+  }
+
+ protected:
+  template <typename TValue2>
+  LongLivedJsiValue(
+      std::shared_ptr<facebook::react::LongLivedObjectCollection> const &longLivedObjectCollection,
+      facebook::jsi::Runtime &runtime,
+      TValue2 &&value)
+      : LongLivedJsiRuntime(longLivedObjectCollection, runtime), value_(std::forward<TValue2>(value)) {}
+
+ private:
+  TValue value_;
+};
+
+using LongLivedJsiFunction = LongLivedJsiValue<facebook::jsi::Function>;
+
+} // namespace winrt::Microsoft::ReactNative
+
+#endif // MICROSOFT_REACTNATIVE_JSI_LONGLIVEDJSIVALUE_

package/Microsoft.ReactNative.Cxx/Microsoft.ReactNative.Cxx.vcxitems

@@ -39,6 +39,7 @@
     <ClInclude Include="$(JSI_SourcePath)\jsi\jsi.h" />
     <ClInclude Include="$(MSBuildThisFileDirectory)CoreApp.h" />
     <ClInclude Include="$(MSBuildThisFileDirectory)DesktopWindowBridge.h" />
+    <ClInclude Include="$(MSBuildThisFileDirectory)JSI\LongLivedJsiValue.h" />
     <ClInclude Include="$(MSBuildThisFileDirectory)JSI\NodeApiJsiRuntime.h" />
     <ClInclude Include="$(MSBuildThisFileDirectory)TurboModuleProvider.h" />
     <ClInclude Include="$(CallInvoker_SourcePath)\ReactCommon\CallInvoker.h" />

package/Microsoft.ReactNative.Cxx/Microsoft.ReactNative.Cxx.vcxitems.filters

@@ -158,6 +158,9 @@
     </ClInclude>
     <ClInclude Include="$(Bridging_SourcePath)\CallbackWrapper.h" />
     <ClInclude Include="$(MSBuildThisFileDirectory)CoreApp.h" />
+    <ClInclude Include="$(MSBuildThisFileDirectory)JSI\LongLivedJsiValue.h">
+      <Filter>TurboModule</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <Filter Include="JSI">

package/Mso/src/dispatchQueue/uiScheduler_winrt.cpp

@@ -289,7 +289,12 @@ void UISchedulerWinRT::AwaitTermination() noexcept {
     return queue;
   }
 
-  auto dispatcher = DispatcherQueue::GetForCurrentThread();
+  decltype(DispatcherQueue::GetForCurrentThread()) dispatcher{nullptr};
+  try {
+    dispatcher = DispatcherQueue::GetForCurrentThread();
+  } catch (winrt::hresult_error const &) {
+  }
+
   if (!dispatcher) {
     return queue;
   }

package/PropertySheets/Generated/PackageVersion.g.props

@@ -10,10 +10,10 @@
 -->
 <Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
-    <ReactNativeWindowsVersion>0.70.0-preview.2</ReactNativeWindowsVersion>
+    <ReactNativeWindowsVersion>0.70.1</ReactNativeWindowsVersion>
     <ReactNativeWindowsMajor>0</ReactNativeWindowsMajor>
     <ReactNativeWindowsMinor>70</ReactNativeWindowsMinor>
-    <ReactNativeWindowsPatch>0</ReactNativeWindowsPatch>
+    <ReactNativeWindowsPatch>1</ReactNativeWindowsPatch>
     <ReactNativeWindowsCanary>false</ReactNativeWindowsCanary>
   </PropertyGroup>
 </Project>

package/Shared/InstanceManager.cpp

@@ -41,6 +41,35 @@ std::shared_ptr<InstanceWrapper> CreateReactInstance(
       std::move(jsBundleBasePath),
       std::move(cxxModules),
       std::move(turboModuleRegistry),
+      nullptr,
+      std::move(callback),
+      std::move(jsQueue),
+      std::move(nativeQueue),
+      std::move(devSettings),
+      GetSharedDevManager());
+
+  return inner;
+}
+
+std::shared_ptr<InstanceWrapper> CreateReactInstance(
+    std::shared_ptr<Instance> &&instance,
+    std::string &&jsBundleBasePath,
+    std::vector<
+        std::tuple<std::string, facebook::xplat::module::CxxModule::Provider, std::shared_ptr<MessageQueueThread>>>
+        &&cxxModules,
+    std::shared_ptr<TurboModuleRegistry> turboModuleRegistry,
+    std::shared_ptr<facebook::react::LongLivedObjectCollection> longLivedObjectCollection,
+    std::unique_ptr<InstanceCallback> &&callback,
+    std::shared_ptr<MessageQueueThread> jsQueue,
+    std::shared_ptr<MessageQueueThread> nativeQueue,
+    std::shared_ptr<DevSettings> devSettings) noexcept {
+  // Now create the instance
+  std::shared_ptr<InstanceWrapper> inner = InstanceImpl::MakeNoBundle(
+      std::move(instance),
+      std::move(jsBundleBasePath),
+      std::move(cxxModules),
+      std::move(turboModuleRegistry),
+      std::move(longLivedObjectCollection),
       std::move(callback),
       std::move(jsQueue),
       std::move(nativeQueue),

package/Shared/InstanceManager.h

@@ -4,6 +4,7 @@
 #pragma once
 
 #include <Logging.h>
+#include <ReactCommon/LongLivedObject.h>
 #include <cxxreact/CxxModule.h>
 #include <cxxreact/JSBigString.h>
 #include <map>
@@ -51,6 +52,19 @@ std::shared_ptr<InstanceWrapper> CreateReactInstance(
     std::shared_ptr<MessageQueueThread> nativeQueue,
     std::shared_ptr<DevSettings> devSettings) noexcept;
 
+std::shared_ptr<InstanceWrapper> CreateReactInstance(
+    std::shared_ptr<Instance> &&instance,
+    std::string &&jsBundleRelativePath,
+    std::vector<
+        std::tuple<std::string, facebook::xplat::module::CxxModule::Provider, std::shared_ptr<MessageQueueThread>>>
+        &&cxxModules,
+    std::shared_ptr<TurboModuleRegistry> turboModuleRegistry,
+    std::shared_ptr<facebook::react::LongLivedObjectCollection> longLivedObjectCollection,
+    std::unique_ptr<InstanceCallback> &&callback,
+    std::shared_ptr<MessageQueueThread> jsQueue,
+    std::shared_ptr<MessageQueueThread> nativeQueue,
+    std::shared_ptr<DevSettings> devSettings) noexcept;
+
 std::shared_ptr<InstanceWrapper> CreateReactInstance(
     std::shared_ptr<Instance> &&instance,
     std::string &&jsBundleBasePath,

package/Shared/Modules/HttpModule.cpp

@@ -72,9 +72,11 @@ static void SetUpHttpResource(
   };
   resource->SetOnData(std::move(onDataDynamic));
 
-  resource->SetOnError([weakReactInstance](int64_t requestId, string &&message) {
+  resource->SetOnError([weakReactInstance](int64_t requestId, string &&message, bool isTimeout) {
     dynamic args = dynamic::array(requestId, std::move(message));
-    // TODO: isTimeout errorArgs.push_back(true);
+    if (isTimeout) {
+      args.push_back(true);
+    }
 
     SendEvent(weakReactInstance, completedResponse, std::move(args));
   });

package/Shared/Networking/IHttpResource.h

@@ -96,7 +96,7 @@ struct IHttpResource {
   virtual void SetOnData(std::function<void(int64_t requestId, std::string &&responseData)> &&handler) noexcept = 0;
   virtual void SetOnData(std::function<void(int64_t requestId, folly::dynamic &&responseData)> &&handler) noexcept = 0;
   virtual void SetOnError(
-      std::function<void(int64_t requestId, std::string &&errorMessage /*, bool isTimeout*/)> &&handler) noexcept = 0;
+      std::function<void(int64_t requestId, std::string &&errorMessage, bool isTimeout)> &&handler) noexcept = 0;
 };
 
 } // namespace Microsoft::React::Networking

package/Shared/Networking/IRedirectEventSource.h

@@ -0,0 +1,18 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+#pragma once
+
+#include <winrt/Windows.Foundation.h>
+#include <winrt/Windows.Web.Http.h>
+#include <winrt/base.h>
+
+namespace Microsoft::React::Networking {
+
+struct IRedirectEventSource : winrt::implements<IRedirectEventSource, winrt::Windows::Foundation::IInspectable> {
+  virtual bool OnRedirecting(
+      winrt::Windows::Web::Http::HttpRequestMessage const &request,
+      winrt::Windows::Web::Http::HttpResponseMessage const &response) noexcept = 0;
+};
+
+} // namespace Microsoft::React::Networking

package/Shared/Networking/IWinRTHttpRequestFactory.h

@@ -0,0 +1,22 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+#pragma once
+
+#include <winrt/Windows.Foundation.Collections.h>
+#include <winrt/Windows.Foundation.h>
+#include <winrt/Windows.Web.Http.h>
+
+namespace Microsoft::React::Networking {
+
+struct IWinRTHttpRequestFactory {
+  virtual ~IWinRTHttpRequestFactory() noexcept {}
+
+  virtual winrt::Windows::Foundation::IAsyncOperation<winrt::Windows::Web::Http::HttpRequestMessage> CreateRequest(
+      winrt::Windows::Web::Http::HttpMethod &&method,
+      winrt::Windows::Foundation::Uri &&uri,
+      winrt::Windows::Foundation::Collections::IMap<winrt::hstring, winrt::Windows::Foundation::IInspectable>
+          props) noexcept = 0;
+};
+
+} // namespace Microsoft::React::Networking

package/Shared/Networking/OriginPolicyHttpFilter.cpp

@@ -11,10 +11,6 @@
 #include <boost/algorithm/string.hpp>
 #include <boost/lexical_cast/try_lexical_convert.hpp>
 
-// Windows API
-#include <winrt/Windows.Foundation.Collections.h>
-#include <winrt/Windows.Web.Http.Headers.h>
-
 // Standard Library
 #include <queue>
 #include <regex>
@@ -28,6 +24,7 @@ using winrt::to_hstring;
 using winrt::Windows::Foundation::IInspectable;
 using winrt::Windows::Foundation::IPropertyValue;
 using winrt::Windows::Foundation::Uri;
+using winrt::Windows::Foundation::Collections::IMap;
 using winrt::Windows::Web::Http::HttpMethod;
 using winrt::Windows::Web::Http::HttpRequestMessage;
 using winrt::Windows::Web::Http::HttpResponseMessage;
@@ -119,7 +116,7 @@ bool OriginPolicyHttpFilter::ConstWcharComparer::operator()(const wchar_t *a, co
 }
 
 /*static*/ bool OriginPolicyHttpFilter::IsSameOrigin(Uri const &u1, Uri const &u2) noexcept {
-  return u1.SchemeName() == u2.SchemeName() && u1.Host() == u2.Host() && u1.Port() == u2.Port();
+  return (u1 && u2) && u1.SchemeName() == u2.SchemeName() && u1.Host() == u2.Host() && u1.Port() == u2.Port();
 }
 
 /*static*/ bool OriginPolicyHttpFilter::IsSimpleCorsRequest(HttpRequestMessage const &request) noexcept {
@@ -374,7 +371,7 @@ bool OriginPolicyHttpFilter::ConstWcharComparer::operator()(const wchar_t *a, co
   }
 }
 
-OriginPolicyHttpFilter::OriginPolicyHttpFilter(IHttpFilter &&innerFilter) : m_innerFilter{std::move(innerFilter)} {}
+OriginPolicyHttpFilter::OriginPolicyHttpFilter(IHttpFilter const &innerFilter) : m_innerFilter{innerFilter} {}
 
 OriginPolicyHttpFilter::OriginPolicyHttpFilter()
     : OriginPolicyHttpFilter(winrt::Windows::Web::Http::Filters::HttpBaseProtocolFilter{}) {}
@@ -443,21 +440,24 @@ OriginPolicy OriginPolicyHttpFilter::ValidateRequest(HttpRequestMessage const &r
 void OriginPolicyHttpFilter::ValidateAllowOrigin(
     hstring const &allowedOrigin,
     hstring const &allowCredentials,
-    IInspectable const &iRequestArgs) const {
+    IMap<hstring, IInspectable> props) const {
   // 4.10.1-2 - null allow origin
   if (L"null" == allowedOrigin)
     throw hresult_error{
         E_INVALIDARG,
         L"Response header Access-Control-Allow-Origin has a value of [null] which differs from the supplied origin"};
 
-  bool withCredentials = iRequestArgs.as<RequestArgs>()->WithCredentials;
+  bool withCredentials = props.Lookup(L"RequestArgs").as<RequestArgs>()->WithCredentials;
   // 4.10.3 - valid wild card allow origin
   if (!withCredentials && L"*" == allowedOrigin)
     return;
 
   // We assume the source (request) origin is not "*", "null", or empty string. Valid URI is expected
   // 4.10.4 - Mismatched allow origin
-  if (allowedOrigin.empty() || !IsSameOrigin(s_origin, Uri{allowedOrigin})) {
+  auto taintedOriginProp = props.TryLookup(L"TaintedOrigin");
+  auto taintedOrigin = taintedOriginProp && winrt::unbox_value<bool>(taintedOriginProp);
+  auto origin = taintedOrigin ? nullptr : s_origin;
+  if (allowedOrigin.empty() || !IsSameOrigin(origin, Uri{allowedOrigin})) {
     hstring errorMessage;
     if (allowedOrigin.empty())
       errorMessage = L"No valid origin in response";
@@ -511,14 +511,14 @@ void OriginPolicyHttpFilter::ValidatePreflightResponse(
 
   auto controlValues = ExtractAccessControlValues(response.Headers());
 
-  auto iRequestArgs = request.Properties().Lookup(L"RequestArgs");
+  auto props = request.Properties();
   // Check if the origin is allowed in conjuction with the withCredentials flag
   // CORS preflight should always exclude credentials although the subsequent CORS request may include credentials.
-  ValidateAllowOrigin(controlValues.AllowedOrigin, controlValues.AllowedCredentials, iRequestArgs);
+  ValidateAllowOrigin(controlValues.AllowedOrigin, controlValues.AllowedCredentials, props);
 
   // See https://fetch.spec.whatwg.org/#cors-preflight-fetch, section 4.8.7.5
   // Check if the request method is allowed
-  bool withCredentials = iRequestArgs.as<RequestArgs>()->WithCredentials;
+  bool withCredentials = props.Lookup(L"RequestArgs").as<RequestArgs>()->WithCredentials;
   bool requestMethodAllowed = false;
   for (const auto &method : controlValues.AllowedMethods) {
     if (L"*" == method) {
@@ -579,8 +579,8 @@ void OriginPolicyHttpFilter::ValidateResponse(HttpResponseMessage const &respons
   if (originPolicy == OriginPolicy::SimpleCrossOriginResourceSharing ||
       originPolicy == OriginPolicy::CrossOriginResourceSharing) {
     auto controlValues = ExtractAccessControlValues(response.Headers());
-    auto withCredentials =
-        response.RequestMessage().Properties().Lookup(L"RequestArgs").try_as<RequestArgs>()->WithCredentials;
+    auto props = response.RequestMessage().Properties();
+    auto withCredentials = props.Lookup(L"RequestArgs").try_as<RequestArgs>()->WithCredentials;
 
     if (GetRuntimeOptionBool("Http.StrictOriginCheckSimpleCors") &&
         originPolicy == OriginPolicy::SimpleCrossOriginResourceSharing) {
@@ -595,8 +595,7 @@ void OriginPolicyHttpFilter::ValidateResponse(HttpResponseMessage const &respons
         throw hresult_error{E_INVALIDARG, L"The server does not support CORS or the origin is not allowed"};
       }
     } else {
-      auto iRequestArgs = response.RequestMessage().Properties().Lookup(L"RequestArgs");
-      ValidateAllowOrigin(controlValues.AllowedOrigin, controlValues.AllowedCredentials, iRequestArgs);
+      ValidateAllowOrigin(controlValues.AllowedOrigin, controlValues.AllowedCredentials, props);
     }
 
     if (originPolicy == OriginPolicy::SimpleCrossOriginResourceSharing) {
@@ -684,6 +683,38 @@ ResponseOperation OriginPolicyHttpFilter::SendPreflightAsync(HttpRequestMessage
   co_return {co_await m_innerFilter.SendRequestAsync(preflightRequest)};
 }
 
+#pragma region IRedirectEventSource
+
+bool OriginPolicyHttpFilter::OnRedirecting(
+    HttpRequestMessage const &request,
+    HttpResponseMessage const &response) noexcept {
+  // Consider the following scenario.
+  // User signs in to http://a.com and visits a page that makes CORS request to http://b.com with origin=http://a.com.
+  // Http://b.com reponds with a redirect to http://a.com. The browser follows the redirect to http://a.com with
+  // origin=http://a.com. Since the origin matches the URL, the request is authorized at http://a.com, but it actually
+  // allows http://b.com to bypass the CORS check at http://a.com since the redirected URL is from http://b.com.
+  if (!IsSameOrigin(response.Headers().Location(), request.RequestUri()) &&
+      !IsSameOrigin(s_origin, request.RequestUri())) {
+    // By masking the origin field in the request header, we make it impossible for the server to set a single value for
+    // the access-control-allow-origin header. It means, the only way to support redirect is that server allows access
+    // from all sites through wildcard.
+    request.Headers().Insert(L"Origin", L"null");
+
+    auto props = request.Properties();
+    // Look for 'RequestArgs' key to ensure we are redirecting the main request.
+    if (auto iReqArgs = props.TryLookup(L"RequestArgs")) {
+      props.Insert(L"TaintedOrigin", winrt::box_value(true));
+    } else {
+      // Abort redirection if the request is either preflight or extraneous.
+      return false;
+    }
+  }
+
+  return true;
+}
+
+#pragma endregion IRedirectEventSource
+
 #pragma region IHttpFilter
 
 ResponseOperation OriginPolicyHttpFilter::SendRequestAsync(HttpRequestMessage const &request) {

package/Shared/Networking/OriginPolicyHttpFilter.h

@@ -3,11 +3,14 @@
 
 #pragma once
 
+#include "IRedirectEventSource.h"
 #include "OriginPolicy.h"
 
 // Windows API
+#include <winrt/Windows.Foundation.Collections.h>
 #include <winrt/Windows.Foundation.h>
 #include <winrt/Windows.Web.Http.Filters.h>
+#include <winrt/Windows.Web.Http.Headers.h>
 #include <winrt/Windows.Web.Http.h>
 
 // Standard Library
@@ -16,7 +19,8 @@
 namespace Microsoft::React::Networking {
 
 class OriginPolicyHttpFilter
-    : public winrt::implements<OriginPolicyHttpFilter, winrt::Windows::Web::Http::Filters::IHttpFilter> {
+    : public winrt::
+          implements<OriginPolicyHttpFilter, winrt::Windows::Web::Http::Filters::IHttpFilter, IRedirectEventSource> {
  public:
   struct ConstWcharComparer {
     bool operator()(const wchar_t *, const wchar_t *) const;
@@ -75,7 +79,7 @@ class OriginPolicyHttpFilter
       winrt::Windows::Web::Http::HttpResponseMessage const &response,
       bool removeAll);
 
-  OriginPolicyHttpFilter(winrt::Windows::Web::Http::Filters::IHttpFilter &&innerFilter);
+  OriginPolicyHttpFilter(winrt::Windows::Web::Http::Filters::IHttpFilter const &innerFilter);
 
   OriginPolicyHttpFilter();
 
@@ -92,13 +96,22 @@ class OriginPolicyHttpFilter
   void ValidateAllowOrigin(
       winrt::hstring const &allowedOrigin,
       winrt::hstring const &allowCredentials,
-      winrt::Windows::Foundation::IInspectable const &iArgs) const;
+      winrt::Windows::Foundation::Collections::IMap<winrt::hstring, winrt::Windows::Foundation::IInspectable> props)
+      const;
 
   winrt::Windows::Foundation::IAsyncOperationWithProgress<
       winrt::Windows::Web::Http::HttpResponseMessage,
       winrt::Windows::Web::Http::HttpProgress>
   SendPreflightAsync(winrt::Windows::Web::Http::HttpRequestMessage const &request) const;
 
+#pragma region IRedirectEventSource
+
+  bool OnRedirecting(
+      winrt::Windows::Web::Http::HttpRequestMessage const &request,
+      winrt::Windows::Web::Http::HttpResponseMessage const &response) noexcept override;
+
+#pragma endregion IRedirectEventSource
+
 #pragma region IHttpFilter
 
   winrt::Windows::Foundation::IAsyncOperationWithProgress<