| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
| 6 | 6 |
| 7 #include "base/format_macros.h" | 7 #include "base/format_macros.h" |
| 8 #include "base/scoped_ptr.h" | 8 #include "base/scoped_ptr.h" |
| 9 #include "base/compiler_specific.h" | 9 #include "base/compiler_specific.h" |
| 10 #include "base/field_trial.h" | 10 #include "base/field_trial.h" |
| (...skipping 30 matching lines...) Expand all Loading... |
| 41 | 41 |
| 42 namespace net { | 42 namespace net { |
| 43 | 43 |
| 44 namespace { | 44 namespace { |
| 45 | 45 |
| 46 void BuildRequestHeaders(const HttpRequestInfo* request_info, | 46 void BuildRequestHeaders(const HttpRequestInfo* request_info, |
| 47 const std::string& authorization_headers, | 47 const std::string& authorization_headers, |
| 48 const UploadDataStream* upload_data_stream, | 48 const UploadDataStream* upload_data_stream, |
| 49 bool using_proxy, | 49 bool using_proxy, |
| 50 std::string* request_headers) { | 50 std::string* request_headers) { |
| 51 // Headers that will be stripped from request_info->extra_headers to prevent, |
| 52 // e.g., plugins from overriding headers that are controlled using other |
| 53 // means. Otherwise a plugin could set a referrer although sending the |
| 54 // referrer is inhibited. |
| 55 // TODO(jochen): check whether also other headers should be stripped. |
| 56 static const char* const kExtraHeadersToBeStripped[] = { |
| 57 "Referer" |
| 58 }; |
| 59 |
| 51 const std::string path = using_proxy ? | 60 const std::string path = using_proxy ? |
| 52 HttpUtil::SpecForRequest(request_info->url) : | 61 HttpUtil::SpecForRequest(request_info->url) : |
| 53 HttpUtil::PathForRequest(request_info->url); | 62 HttpUtil::PathForRequest(request_info->url); |
| 54 *request_headers = | 63 *request_headers = |
| 55 StringPrintf("%s %s HTTP/1.1\r\nHost: %s\r\n", | 64 StringPrintf("%s %s HTTP/1.1\r\nHost: %s\r\n", |
| 56 request_info->method.c_str(), path.c_str(), | 65 request_info->method.c_str(), path.c_str(), |
| 57 GetHostAndOptionalPort(request_info->url).c_str()); | 66 GetHostAndOptionalPort(request_info->url).c_str()); |
| 58 | 67 |
| 59 // For compat with HTTP/1.0 servers and proxies: | 68 // For compat with HTTP/1.0 servers and proxies: |
| 60 if (using_proxy) | 69 if (using_proxy) |
| (...skipping 30 matching lines...) Expand all Loading... |
| 91 } else if (request_info->load_flags & LOAD_VALIDATE_CACHE) { | 100 } else if (request_info->load_flags & LOAD_VALIDATE_CACHE) { |
| 92 *request_headers += "Cache-Control: max-age=0\r\n"; | 101 *request_headers += "Cache-Control: max-age=0\r\n"; |
| 93 } | 102 } |
| 94 | 103 |
| 95 if (!authorization_headers.empty()) { | 104 if (!authorization_headers.empty()) { |
| 96 *request_headers += authorization_headers; | 105 *request_headers += authorization_headers; |
| 97 } | 106 } |
| 98 | 107 |
| 99 // TODO(darin): Need to prune out duplicate headers. | 108 // TODO(darin): Need to prune out duplicate headers. |
| 100 | 109 |
| 101 *request_headers += request_info->extra_headers; | 110 *request_headers += HttpUtil::StripHeaders(request_info->extra_headers, |
| 111 kExtraHeadersToBeStripped, arraysize(kExtraHeadersToBeStripped)); |
| 102 *request_headers += "\r\n"; | 112 *request_headers += "\r\n"; |
| 103 } | 113 } |
| 104 | 114 |
| 105 // The HTTP CONNECT method for establishing a tunnel connection is documented | 115 // The HTTP CONNECT method for establishing a tunnel connection is documented |
| 106 // in draft-luotonen-web-proxy-tunneling-01.txt and RFC 2817, Sections 5.2 and | 116 // in draft-luotonen-web-proxy-tunneling-01.txt and RFC 2817, Sections 5.2 and |
| 107 // 5.3. | 117 // 5.3. |
| 108 void BuildTunnelRequest(const HttpRequestInfo* request_info, | 118 void BuildTunnelRequest(const HttpRequestInfo* request_info, |
| 109 const std::string& authorization_headers, | 119 const std::string& authorization_headers, |
| 110 std::string* request_headers) { | 120 std::string* request_headers) { |
| 111 // RFC 2616 Section 9 says the Host request-header field MUST accompany all | 121 // RFC 2616 Section 9 says the Host request-header field MUST accompany all |
| (...skipping 1754 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1866 AuthChallengeInfo* auth_info = new AuthChallengeInfo; | 1876 AuthChallengeInfo* auth_info = new AuthChallengeInfo; |
| 1867 auth_info->is_proxy = target == HttpAuth::AUTH_PROXY; | 1877 auth_info->is_proxy = target == HttpAuth::AUTH_PROXY; |
| 1868 auth_info->host_and_port = ASCIIToWide(GetHostAndPort(auth_origin)); | 1878 auth_info->host_and_port = ASCIIToWide(GetHostAndPort(auth_origin)); |
| 1869 auth_info->scheme = ASCIIToWide(auth_handler_[target]->scheme()); | 1879 auth_info->scheme = ASCIIToWide(auth_handler_[target]->scheme()); |
| 1870 // TODO(eroman): decode realm according to RFC 2047. | 1880 // TODO(eroman): decode realm according to RFC 2047. |
| 1871 auth_info->realm = ASCIIToWide(auth_handler_[target]->realm()); | 1881 auth_info->realm = ASCIIToWide(auth_handler_[target]->realm()); |
| 1872 response_.auth_challenge = auth_info; | 1882 response_.auth_challenge = auth_info; |
| 1873 } | 1883 } |
| 1874 | 1884 |
| 1875 } // namespace net | 1885 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 600008:
Add option to suppress HTTP Referer header. (Closed)
