Issues #696,1231,1264,1265 - Improve handling in PassthroughApp

src/plugin/PluginWbPassThrough.cpp

 #include "PluginStdAfx.h"
 
 #include "PluginWbPassThrough.h"
 #include "PluginClient.h"
 #include "PluginClientFactory.h"
 #ifdef SUPPORT_FILTER
 #include "PluginFilter.h"
 #endif
 #include "PluginSettings.h"
 #include "PluginClass.h"
 #include "PluginSystem.h"
-
+#include <WinInet.h>
 #include "wtypes.h"
 
-EXTERN_C IMAGE_DOS_HEADER __ImageBase;
+namespace
+{
+  std::string g_blockedByABPPage = "<!DOCTYPE html>"
+    "<html>"
+        "<body>"
+          "<!-- blocked by AdblockPlus -->"
+        "</body>"
+    "</html>";
+}
 
+WBPassthruSink::WBPassthruSink()
+  : m_currentPositionOfSentPage(0)

[Oleksandr, 2014/09/21 23:30:40]

I wouldn't be entirely sure that IE does not reuse requests. So I think it'll be
better to set m_currentPositionOfSentPage = 0 somewhere in OnStart

[sergei, 2014/09/22 16:18:05]

It does not reuse them. If it happens we will be already aware about it.
From the implementation of IInternetProtocolRoot::Start the method
IInternetProtocolSinkImpl::OnStart is called, where m_spInternetProtocolSink and
m_spTargetProtocol are firstly checked for nullptr and then are assigned. They
are released only when our interceptor is being released. So if somebody calls
IInternetProtocolRoot::Start again the request will not be executed and the
caller will receive E_UNEXPECTED returned by IInternetProtocolSinkImpl::OnStart.
If it's reused then it should fail too often and we should get a plenty of
complains from users.

[Oleksandr, 2014/10/03 14:36:37]

Even though I can't provide an example when this might be failing I still think
that logically it would be better to set m_currentPositionOfSentPage in OnStart
(maybe even in both places, in fact), but as it is now is fine as well, if you
disagree.

On 2014/09/22 16:18:05, sergei wrote:

+  , m_contentType(CFilter::EContentType::contentTypeAny)
+  , m_blockedInTransaction(false)
+{
+}
 
-
-int WBPassthruSink::GetContentTypeFromMimeType(CString mimeType)
+int WBPassthruSink::GetContentTypeFromMimeType(const CString& mimeType)
 {
   if (mimeType.Find(L"image/") >= 0)
   {
     return CFilter::contentTypeImage;
   }
   if (mimeType.Find(L"text/css") >= 0)
   {
     return CFilter::contentTypeStyleSheet;
   }
   if ((mimeType.Find(L"application/javascript") >= 0) || (mimeType.Find(L"application/json") >= 0))
@@ skipping 10 matching lines @@
   }
   // It is important to have this check last, since it is rather generic, and might overlay text/html, for example
   if (mimeType.Find(L"xml") >= 0)
   {
     return CFilter::contentTypeXmlHttpRequest;
   }
 
   return CFilter::contentTypeAny;
 }
 
-int WBPassthruSink::GetContentTypeFromURL(CString src)
+int WBPassthruSink::GetContentTypeFromURL(const CString& src)
 {
   CString srcExt = src;
 
   int pos = 0;
   if ((pos = src.Find('?')) > 0)
   {
     srcExt = src.Left(pos);
   }
 
   int lastDotIndex = srcExt.ReverseFind('.');
@@ skipping 17 matching lines @@
     return CFilter::contentTypeXmlHttpRequest;
   }
   else if (ext == L".swf")
   {
     return CFilter::contentTypeObject;
   }
   else if (ext == L".jsp" || ext == L".php" || ext == L".html")
   {
     return CFilter::contentTypeSubdocument;
   }
-  else
-  {
-    return CFilter::contentTypeAny & ~CFilter::contentTypeSubdocument;
-  }
-
+  return CFilter::contentTypeAny;
 }
 
-int WBPassthruSink::GetContentType(CString mimeType, CString domain, CString src)
+int WBPassthruSink::GetContentType(const CString& mimeType, const CString& domain, const CString& src)
 {
   // No referer or mime type
   // BINDSTRING_XDR_ORIGIN works only for IE v8+
   if (mimeType.IsEmpty() && domain.IsEmpty() && CPluginClient::GetInstance()->GetIEVersion() >= 8)
   {
     return CFilter::contentTypeXmlHttpRequest;
   }
   int contentType = GetContentTypeFromMimeType(mimeType);
   if (contentType == CFilter::contentTypeAny)
   {
     contentType = GetContentTypeFromURL(src);
   }
   return contentType;
 }
 
 ////////////////////////////////////////////////////////////////////////////////////////
 //WBPassthruSink
 //Monitor and/or cancel every request and responde
 //WB makes, including images, sounds, scripts, etc
 ////////////////////////////////////////////////////////////////////////////////////////
 HRESULT WBPassthruSink::OnStart(LPCWSTR szUrl, IInternetProtocolSink *pOIProtSink,
                                 IInternetBindInfo *pOIBindInfo, DWORD grfPI, HANDLE_PTR dwReserved,
-                                IInternetProtocol* pTargetProtocol)
+                                IInternetProtocol* pTargetProtocol, bool& handled)
 {
-
   m_pTargetProtocol = pTargetProtocol;
   bool isBlocked = false;
-  m_shouldBlock = false;
-  m_lastDataReported = false;
-  CString src;
-  src.Append(szUrl);
+  CString src = szUrl;
   DEBUG_GENERAL(src);
   CPluginClient::UnescapeUrl(src);
 
-  CString boundDomain;
+  // call the impl of the base class as soon as possible because it initializes the base class
+  // members, used by this method. It queries for the required interfaces.
+  HRESULT hr = BaseClass::OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, pTargetProtocol);

[Oleksandr, 2014/09/21 23:30:40]

I still have my concerns if the requests are actually blocked on older browsers,
if we call this for all requests. I have checked the IE 11 is fine. Can you
please confirm you have tested on IE8 and IE9 as well?

[sergei, 2014/09/22 16:18:05]

I have checked it before and now again, it works in IE[8-11]. It merely queries
interfaces and calls AddRef. Do you suspect some special case?

[Oleksandr, 2014/10/03 14:36:37]

Not really. Just wanted to double check if you've tested on other IE versions as
well.
On 2014/09/22 16:18:05, sergei wrote:

+  if (FAILED(hr))
+  {
+    return hr;
+  }
+
   CString mimeType;
-  LPOLESTR mime[10];
   if (pOIBindInfo)
   {
     ULONG resLen = 0;
 
     // Apparently IE will report random mime type if there's more then 1 in the list.
     // So we get the whole list and just use the first one (top priority one)
+    LPOLESTR mime[10];
     pOIBindInfo->GetBindString(BINDSTRING_ACCEPT_MIMES, mime, 10, &resLen);
     if (mime && resLen > 0)
     {
       mimeType.SetString(mime[0]);
     }
-    LPOLESTR bindToObject = 0;
-    pOIBindInfo->GetBindString(BINDSTRING_FLAG_BIND_TO_OBJECT, &bindToObject, 1, &resLen);
-    LPOLESTR domainRetrieved = 0;
-    if (resLen == 0 || wcscmp(bindToObject, L"FALSE") == 0)
-    {   
+    LPOLESTR bindString = nullptr;
+    pOIBindInfo->GetBindString(BINDSTRING_FLAG_BIND_TO_OBJECT, &bindString, 1, &resLen);
+    LPOLESTR domainRetrieved = nullptr;
+    if (resLen == 0 || wcscmp(bindString, L"FALSE") == 0)
+    {
       HRESULT hr = pOIBindInfo->GetBindString(BINDSTRING_XDR_ORIGIN, &domainRetrieved, 1, &resLen);
-      
       if ((hr == S_OK) && domainRetrieved && (resLen > 0))
       {
-        boundDomain.SetString(domainRetrieved);
+        m_boundDomain = domainRetrieved;
       }
     }
+    // We can obtain IBindCtx* here, but IEnumString obtained via IBindCtx::EnumObjectParam
+    // does not return any parameter, so it's useless.
   }
 
   CString cookie;
   ULONG len1 = 2048;
   ULONG len2 = 2048;
 
 #ifdef SUPPORT_FILTER
-  int contentType = CFilter::contentTypeAny;
-
   CPluginTab* tab = CPluginClass::GetTab(::GetCurrentThreadId());
   CPluginClient* client = CPluginClient::GetInstance();
 
-
   if (tab && client)
   {
     CString documentUrl = tab->GetDocumentUrl();
     // Page is identical to document => don't block
     if (documentUrl == src)
     {
       // fall through
     }
     else if (CPluginSettings::GetInstance()->IsPluginEnabled() && !client->IsWhitelistedUrl(std::wstring(documentUrl)))
     {
-      boundDomain = tab->GetDocumentUrl();
-
-      contentType = CFilter::contentTypeAny;
-
+      m_boundDomain = tab->GetDocumentUrl();
+      m_contentType = CFilter::contentTypeAny;
 #ifdef SUPPORT_FRAME_CACHING
-      if ((tab != 0) && (tab->IsFrameCached(src)))
+      if (nullptr != tab && tab->IsFrameCached(src))

[Oleksandr, 2014/09/21 23:30:40]

No yoda conditions, please
if (tab != nullptr && ..)

       {
-        contentType = CFilter::contentTypeSubdocument;
+        m_contentType = CFilter::contentTypeSubdocument;
       }
       else
 #endif // SUPPORT_FRAME_CACHING
-      contentType = GetContentType(mimeType, boundDomain, src);
-      if (client->ShouldBlock(src, contentType, boundDomain, true))
       {
-        isBlocked = true;
-
-        DEBUG_BLOCKER("Blocker::Blocking Http-request:" + src);
+        m_contentType = GetContentType(mimeType, m_boundDomain, src);
       }
     }
-    if (!isBlocked)
-    {
-      DEBUG_BLOCKER("Blocker::Ignoring Http-request:" + src)
-    }
   }
 
+  if (nullptr == tab)

[Oleksandr, 2014/09/21 23:30:40]

No yoda conditions, please

+  {
+    m_contentType = GetContentType(mimeType, m_boundDomain, src);
+  }
 
-  if (tab == NULL)
   {
-    contentType = GetContentType(mimeType, boundDomain, src);
-    if (client->ShouldBlock(src, contentType, boundDomain, true))
+    // Here is the heuristic which detects the requests issued by Flash.ocx.
+    // It turned out that the implementation from ''Flash.ocx'' (tested version is 15.0.0.152)
+    // returns quite minimal configuration in comparison with the implementation from Microsofts'
+    // libraries (see grfBINDF and bindInfo.dwOptions). The impl from MS often includes something
+    // else.
+    ATL::CComPtr<IBindStatusCallback> bscb;
+    if (SUCCEEDED(QueryServiceFromClient(&bscb)) && !!bscb)
     {
-      isBlocked = true;
+      DWORD grfBINDF = 0;
+      BINDINFO bindInfo = {};
+      bindInfo.cbSize = sizeof(bindInfo);
+      if (SUCCEEDED(bscb->GetBindInfo(&grfBINDF, &bindInfo))
+        && (BINDF_ASYNCHRONOUS | BINDF_ASYNCSTORAGE| BINDF_PULLDATA) == grfBINDF
+        && (BINDINFO_OPTIONS_ENABLE_UTF8 | BINDINFO_OPTIONS_USE_IE_ENCODING) == bindInfo.dwOptions
+        )

[Oleksandr, 2014/09/21 23:30:40]

This looks quite neat, however can you maybe test with other Flash versions?
Maybe even IE-Flash combinations. 

Also, can we use similar heuristics for XMLHttpRequests?

[sergei, 2014/09/22 16:18:05]

I will test it with different <IE, Flash> as far as I can.
Not sure about XMLHttpRequests, at least I have not seen anything which can
indicate it. I will check it yet.

+      {
+        m_contentType = CFilter::EContentType::contentTypeObjectSubrequest;
+      }
     }
   }
 
-#ifdef _DEBUG
-  CString type;
+  // The descision about EContentType::contentTypeAny is made later in
+  // WBPassthruSink::BeginningTransaction. Sometimes here we cannot detect the request type, but
+  // in WBPassthruSink::BeginningTransaction the header Accept is available which allows to
+  // obtain the "request type" in our terminology.
+  if (nullptr != client
+    && CFilter::EContentType::contentTypeAny != m_contentType
+    && client->ShouldBlock(src, m_contentType, m_boundDomain, true))
+  {
+    isBlocked = true;
+  }
 
-  if (contentType == CFilter::contentTypeDocument) type = "DOCUMENT";
-  else if (contentType == CFilter::contentTypeObject) type = "OBJECT";
-  else if (contentType == CFilter::contentTypeImage) type = "IMAGE";
-  else if (contentType == CFilter::contentTypeScript) type = "SCRIPT";
-  else if (contentType == CFilter::contentTypeOther) type = "OTHER";
-  else if (contentType == CFilter::contentTypeUnknown) type = "OTHER";
-  else if (contentType == CFilter::contentTypeSubdocument) type = "SUBDOCUMENT";
-  else if (contentType == CFilter::contentTypeStyleSheet) type = "STYLESHEET";
-  else type = "OTHER";
-
-  if (isBlocked)
+  // For IE6 and earlier there is iframe back button issue, so avoid it.
+  if (isBlocked && client->GetIEVersion() > 6)
   {
-    CPluginDebug::DebugResultBlocking(type, src, boundDomain);
-  }
-  else
-  {
-    CPluginDebug::DebugResultIgnoring(type, src, boundDomain);
-  }
-#endif
-
-  //Fixes the iframe back button issue
-  if (client->GetIEVersion() > 6)
-  {
-    if ((contentType == CFilter::contentTypeImage) && (isBlocked))
+    handled = true;
+    if (CFilter::EContentType::contentTypeImage == m_contentType)
     {
-      m_shouldBlock = true;
-      BaseClass::OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, pTargetProtocol);
-
+      // IE shows a cross that img is not loaded

[Oleksandr, 2014/09/21 23:30:40]

Does this happen even if we "eat" the ReportResult further in the code?
Shouldn't we also respond with an empty response in this case, then?

[sergei, 2014/09/22 16:18:05]

Have not tested yet, also I'm afraid that sending the custom img can break the
layout.
JIC, I will try.

[Oleksandr, 2014/10/03 14:36:37]

This can go into other review anyway.
On 2014/09/22 16:18:05, sergei wrote:

       return INET_E_REDIRECT_FAILED;
-
     }
-    if (((contentType == CFilter::contentTypeSubdocument))&& (isBlocked)) 
+    if (CFilter::EContentType::contentTypeSubdocument == m_contentType)
     {
-      m_shouldBlock = true;
-      BaseClass::OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, pTargetProtocol);
-
+      PassthroughAPP::CustomSinkStartPolicy<WBPassthru, WBPassthruSink>::GetProtocol(this)->m_shouldSupplyCustomContent = true;
       m_spInternetProtocolSink->ReportProgress(BINDSTATUS_MIMETYPEAVAILABLE, L"text/html");
-
-      //Here we check if we are running on Windows 8 Consumer Preview. 
-      //For some reason on that environment the next line causes IE to crash
-      if (CPluginSettings::GetInstance()->GetWindowsBuildNumber() != 8250)
-      {
-        m_spInternetProtocolSink->ReportResult(INET_E_REDIRECT_FAILED, 0, szUrl);
-      }
-
-      return INET_E_REDIRECT_FAILED;
+      m_spInternetProtocolSink->ReportData(BSCF_FIRSTDATANOTIFICATION, 0, static_cast<ULONG>(g_blockedByABPPage.size()));
+      return S_OK;
     } 
-    if (((contentType == CFilter::contentTypeScript)) && (isBlocked)) 
+    if (CFilter::EContentType::contentTypeScript == m_contentType)
     {
-      m_shouldBlock = true;
-      BaseClass::OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, pTargetProtocol);
       m_spInternetProtocolSink->ReportProgress(BINDSTATUS_MIMETYPEAVAILABLE, L"text/javascript");
       m_spInternetProtocolSink->ReportResult(INET_E_REDIRECTING, 301, L"data:");
       return INET_E_REDIRECT_FAILED;
     }
-    if ((contentType == CFilter::contentTypeXmlHttpRequest) && (isBlocked)) 
+    if (CFilter::EContentType::contentTypeXmlHttpRequest == m_contentType)
     {
-      m_shouldBlock = true;
-      BaseClass::OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, pTargetProtocol);
       m_spInternetProtocolSink->ReportResult(INET_E_REDIRECTING, 301, L"data:");
       return INET_E_REDIRECT_FAILED;
     }
-    if ((isBlocked)) 
+    if (CFilter::EContentType::contentTypeAny != m_contentType)
     {
-      m_shouldBlock = true;
-      BaseClass::OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, pTargetProtocol);
-      m_spInternetProtocolSink->ReportResult(S_FALSE, 0, L"");
-
+      m_spInternetProtocolSink->ReportResult(INET_E_REDIRECTING, 301, L"data:");
       return INET_E_REDIRECT_FAILED;
     }
   }
 #endif // SUPPORT_FILTER
 
-  return isBlocked ? S_FALSE : BaseClass::OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, pTargetProtocol);
+  return isBlocked ? S_FALSE : hr;
 }
 
+HRESULT WBPassthruSink::OnRead(void* pv, ULONG cb, ULONG* pcbRead)
+{
+  if (nullptr == pv)

[Oleksandr, 2014/09/21 23:30:40]

if (pv == nullptr) looks better, imho

+  {
+    return E_POINTER;
+  }
+  if (nullptr == pcbRead)

[Oleksandr, 2014/09/21 23:30:40]

Same as above

+  {
+    return E_POINTER;
+  }
+  *pcbRead = 0;
 
-HRESULT WBPassthruSink::Read(void *pv, ULONG cb, ULONG* pcbRead)
-{
-  if (m_shouldBlock)
+  if (PassthroughAPP::CustomSinkStartPolicy<WBPassthru, WBPassthruSink>::GetProtocol(this)->m_shouldSupplyCustomContent)
   {
-    *pcbRead = 0;
-    if (!m_lastDataReported)
+    ULONG myPageSize = static_cast<ULONG>(g_blockedByABPPage.size());

[Oleksandr, 2014/09/21 23:30:40]

abpPageSize would be a better name, IMHO

[sergei, 2014/09/22 16:18:05]

Sorry, forgot to change the name. During the playing with it g_blockedByABPPage
was called g_myPage.

+    auto positionGrow = std::min<ULONG>(cb, static_cast<ULONG>(g_blockedByABPPage.size() - m_currentPositionOfSentPage));
+    if (0 == positionGrow) {

[Oleksandr, 2014/09/21 23:30:40]

positionGrow == 0 seems more logical

+      return S_FALSE;
+    }
+    std::copy(g_blockedByABPPage.begin(), g_blockedByABPPage.begin() + positionGrow,
+      stdext::make_checked_array_iterator(static_cast<char*>(pv), cb));

[Oleksandr, 2014/09/21 23:30:40]

So this will throw a runtime error if cb < positionGrow, won't it? I know IE
likes to set cb = 0 quite often, so I don't think this is a very unlikely
scenario. I think we should handle this more gracefully.

[sergei, 2014/09/22 16:18:05]

- It's not possible to compile without checked iterator, so it's the reason it's
used here.
- It should not be possible that `cb < positionGrow` because
`positionGrow = min(cb, g_blockedByABPPageSize - m_currentPositionOfSentPage)`

[Oleksandr, 2014/10/03 14:36:37]

I suppose you could use memcpy here instead, but I personally like std::cope
better. And yes, looks like you're correct about the cb >= positionGrow, sorry.
On 2014/09/22 16:18:05, sergei wrote:

+    *pcbRead = positionGrow;
+    m_currentPositionOfSentPage += positionGrow;
+
+    if (m_spInternetProtocolSink)
     {
-      if (cb <= 1)
-      {
-        //IE must've gone nuts if this happened, but let's be cool about it and report we have no more data
-        m_spInternetProtocolSink->ReportResult(S_FALSE, 0, NULL);
-        return S_FALSE;
-      }
-      *pcbRead = 1;
-      memcpy(pv, " ", 1);
-
-      if (m_spInternetProtocolSink != NULL)
-      {
-        m_spInternetProtocolSink->ReportResult(S_OK, 0, NULL);
-      }
-      m_lastDataReported = true;
-      m_shouldBlock = false;
-      return S_OK;
+      m_spInternetProtocolSink->ReportData(BSCF_INTERMEDIATEDATANOTIFICATION,
+        static_cast<ULONG>(m_currentPositionOfSentPage), myPageSize);
+    }
+    if (myPageSize == m_currentPositionOfSentPage && m_spInternetProtocolSink)
+    {
+      m_spInternetProtocolSink->ReportData(BSCF_DATAFULLYAVAILABLE, myPageSize, myPageSize);
+      m_spInternetProtocolSink->ReportResult(S_OK, 0, nullptr);
     }
     return S_OK;
   }
-  else 
-  {
-
-    return m_pTargetProtocol->Read(pv, cb, pcbRead);
-  }
-  return S_OK;
+  return m_pTargetProtocol->Read(pv, cb, pcbRead);
 }
 STDMETHODIMP WBPassthruSink::Switch(
   /* [in] */ PROTOCOLDATA *pProtocolData)
 {
   ATLASSERT(m_spInternetProtocolSink != 0);
 
   /*
   From Igor Tandetnik "itandetnik@mvps.org"
   "
   Beware multithreading. URLMon has this nasty habit of spinning worker 
   threads, not even bothering to initialize COM on them, and calling APP 
   methods on those threads. If you try to raise COM events directly from 
   such a thread, bad things happen (random crashes, events being lost). 
   You are only guaranteed to be on the main STA thread in two cases. 
   First, in methods of interfaces that were obtained with 
   IServiceProvider, such as IHttpNegotiage::BeginningTransaction or 
   IAuthenticate::Authenticate. Second, you can call 
   IInternetProtocolSink::Switch with PD_FORCE_SWITCH flag in 
   PROTOCOLDATA::grfFlags, eventually URLMon will turn around and call 
   IInternetProtocol::Continue on the main thread. 
 
   Or, if you happen to have a window handy that was created on the main 
   thread, you can post yourself a message.
   "
   */
   return m_spInternetProtocolSink ? m_spInternetProtocolSink->Switch(pProtocolData) : E_UNEXPECTED;
 }
 
-
-STDMETHODIMP WBPassthruSink::BeginningTransaction(LPCWSTR szURL, LPCWSTR szHeaders, DWORD dwReserved, LPWSTR *pszAdditionalHeaders)
+STDMETHODIMP WBPassthruSink::BeginningTransaction(LPCWSTR szURL, LPCWSTR szHeaders, DWORD dwReserved, LPWSTR* pszAdditionalHeaders)
 {
   if (pszAdditionalHeaders)
   {
-    *pszAdditionalHeaders = 0;
+    *pszAdditionalHeaders = nullptr;
   }
 
+  CPluginClient* client = nullptr;
+  if (CFilter::EContentType::contentTypeAny == m_contentType && (client = CPluginClient::GetInstance()))
+  {
+    auto acceptHeader = [&]() -> std::string
+    {
+      // Despite there is HTTP_QUERY_ACCEPT and other query info flags, they don't work here,
+      // only HTTP_QUERY_RAW_HEADERS_CRLF | HTTP_QUERY_FLAG_REQUEST_HEADERS does dork.
+      ATL::CComPtr<IWinInetHttpInfo> winInetHttpInfo;
+      HRESULT hr = m_spTargetProtocol->QueryInterface(&winInetHttpInfo);
+      if(FAILED(hr))
+      {
+        return "";
+      }
+      DWORD size = 0;
+      DWORD flags = 0;
+      hr = winInetHttpInfo->QueryInfo(HTTP_QUERY_RAW_HEADERS_CRLF | HTTP_QUERY_FLAG_REQUEST_HEADERS,
+          /*buffer*/nullptr, /* get size */&size, &flags, /*reserved*/ 0);
+      if(FAILED(hr))
+      {
+        return "";
+      }
+      std::string buf(size, '\0');
+      hr = winInetHttpInfo->QueryInfo(HTTP_QUERY_RAW_HEADERS_CRLF | HTTP_QUERY_FLAG_REQUEST_HEADERS,
+        &buf[0], &size, &flags, 0);
+      if(FAILED(hr))
+      {
+        return "";
+      }
+      char acceptHeader[] = "Accept:";
+      auto acceptHeaderBeginsAt = buf.find(acceptHeader);
+      if (std::string::npos == acceptHeaderBeginsAt)
+      {
+        return "";
+      }
+      acceptHeaderBeginsAt += sizeof(acceptHeader);
+      auto acceptHeaderEndsAt = buf.find("\n", acceptHeaderBeginsAt);
+      if (std::string::npos == acceptHeaderEndsAt)
+      {
+        return "";
+      }
+      return buf.substr(acceptHeaderBeginsAt, acceptHeaderEndsAt - acceptHeaderBeginsAt);
+    }();
+    m_contentType = GetContentTypeFromMimeType(ATL::CString(acceptHeader.c_str()));
+    bool isBlocked = client->ShouldBlock(szURL, m_contentType, m_boundDomain, /*debug flag but must be set*/true);
+    if (isBlocked)
+    {
+      m_blockedInTransaction = true;
+      return E_ABORT;
+    }
+  }
   CComPtr<IHttpNegotiate> spHttpNegotiate;
   QueryServiceFromClient(&spHttpNegotiate);
   return spHttpNegotiate ? spHttpNegotiate->BeginningTransaction(szURL, szHeaders,dwReserved, pszAdditionalHeaders) : S_OK;
 }
 
 STDMETHODIMP WBPassthruSink::OnResponse(DWORD dwResponseCode, LPCWSTR szResponseHeaders, LPCWSTR szRequestHeaders, LPWSTR *pszAdditionalRequestHeaders)
 {
   if (pszAdditionalRequestHeaders)
   {
     *pszAdditionalRequestHeaders = 0;
   }
 
   CComPtr<IHttpNegotiate> spHttpNegotiate;
   QueryServiceFromClient(&spHttpNegotiate);
 
   return spHttpNegotiate ? spHttpNegotiate->OnResponse(dwResponseCode, szResponseHeaders, szRequestHeaders, pszAdditionalRequestHeaders) : S_OK;
 }
 
 STDMETHODIMP WBPassthruSink::ReportProgress(ULONG ulStatusCode, LPCWSTR szStatusText)
 {
   return m_spInternetProtocolSink ? m_spInternetProtocolSink->ReportProgress(ulStatusCode, szStatusText) : S_OK;
 }
 
+STDMETHODIMP WBPassthruSink::ReportResult(/* [in] */ HRESULT hrResult, /* [in] */ DWORD dwError, /* [in] */ LPCWSTR szResult)
+{
+  if (m_blockedInTransaction)
+  {
+    // Don't notify the client about aborting of the operation, thus don't call BaseClass::ReportResult.
+    // Current method is called by the original protocol implementation and we are intercepting the
+    // call here and eating it, we will call the proper ReportResult later by ourself.
+    return S_OK;
+  }
+  return BaseClass::ReportResult(hrResult, dwError, szResult);
+}
+
+
+WBPassthru::WBPassthru()
+  : m_shouldSupplyCustomContent(false)
+  , m_hasOriginalStartCalled(false)
+{
+}
 
 STDMETHODIMP WBPassthru::Start(LPCWSTR szUrl, IInternetProtocolSink *pOIProtSink,
     IInternetBindInfo *pOIBindInfo, DWORD grfPI, HANDLE_PTR dwReserved)
 {
   ATLASSERT(m_spInternetProtocol != 0);
   if (!m_spInternetProtocol)
   {
     return E_UNEXPECTED;
   }
 
-  return OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI,
-    dwReserved, m_spInternetProtocol);
+  return OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, m_spInternetProtocol);
 }
 
- STDMETHODIMP WBPassthru::Read( /* [in, out] */ void *pv,/* [in] */ ULONG cb,/* [out] */ ULONG *pcbRead)
- {
-   
-   WBPassthruSink* pSink = GetSink();
-   return pSink->Read(pv, cb, pcbRead);
- }
+STDMETHODIMP WBPassthru::Read(/* [in, out] */ void *pv,/* [in] */ ULONG cb,/* [out] */ ULONG *pcbRead)
+{
+  WBPassthruSink* pSink = GetSink();
+  return pSink->OnRead(pv, cb, pcbRead);
+}
+
+STDMETHODIMP WBPassthru::LockRequest(/* [in] */ DWORD options)
+{
+  if (!m_hasOriginalStartCalled)
+  {
+    return S_OK;
+  }
+  return BaseClass::LockRequest(options);
+}
+
+STDMETHODIMP WBPassthru::UnlockRequest()
+{
+  if (!m_hasOriginalStartCalled)
+  {
+    return S_OK;
+  }
+  return BaseClass::UnlockRequest();
+}