OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
6 | 6 |
7 #include "base/format_macros.h" | 7 #include "base/format_macros.h" |
8 #include "base/scoped_ptr.h" | 8 #include "base/scoped_ptr.h" |
9 #include "base/compiler_specific.h" | 9 #include "base/compiler_specific.h" |
10 #include "base/field_trial.h" | 10 #include "base/field_trial.h" |
(...skipping 30 matching lines...) Expand all Loading... |
41 | 41 |
42 namespace net { | 42 namespace net { |
43 | 43 |
44 namespace { | 44 namespace { |
45 | 45 |
46 void BuildRequestHeaders(const HttpRequestInfo* request_info, | 46 void BuildRequestHeaders(const HttpRequestInfo* request_info, |
47 const std::string& authorization_headers, | 47 const std::string& authorization_headers, |
48 const UploadDataStream* upload_data_stream, | 48 const UploadDataStream* upload_data_stream, |
49 bool using_proxy, | 49 bool using_proxy, |
50 std::string* request_headers) { | 50 std::string* request_headers) { |
| 51 // Headers that will be stripped from request_info->extra_headers to prevent, |
| 52 // e.g., plugins from overriding headers that are controlled using other |
| 53 // means. Otherwise a plugin could set a referrer although sending the |
| 54 // referrer is inhibited. |
| 55 // TODO(jochen): check whether also other headers should be stripped. |
| 56 static const char* const kExtraHeadersToBeStripped[] = { |
| 57 "Referer" |
| 58 }; |
| 59 |
51 const std::string path = using_proxy ? | 60 const std::string path = using_proxy ? |
52 HttpUtil::SpecForRequest(request_info->url) : | 61 HttpUtil::SpecForRequest(request_info->url) : |
53 HttpUtil::PathForRequest(request_info->url); | 62 HttpUtil::PathForRequest(request_info->url); |
54 *request_headers = | 63 *request_headers = |
55 StringPrintf("%s %s HTTP/1.1\r\nHost: %s\r\n", | 64 StringPrintf("%s %s HTTP/1.1\r\nHost: %s\r\n", |
56 request_info->method.c_str(), path.c_str(), | 65 request_info->method.c_str(), path.c_str(), |
57 GetHostAndOptionalPort(request_info->url).c_str()); | 66 GetHostAndOptionalPort(request_info->url).c_str()); |
58 | 67 |
59 // For compat with HTTP/1.0 servers and proxies: | 68 // For compat with HTTP/1.0 servers and proxies: |
60 if (using_proxy) | 69 if (using_proxy) |
(...skipping 30 matching lines...) Expand all Loading... |
91 } else if (request_info->load_flags & LOAD_VALIDATE_CACHE) { | 100 } else if (request_info->load_flags & LOAD_VALIDATE_CACHE) { |
92 *request_headers += "Cache-Control: max-age=0\r\n"; | 101 *request_headers += "Cache-Control: max-age=0\r\n"; |
93 } | 102 } |
94 | 103 |
95 if (!authorization_headers.empty()) { | 104 if (!authorization_headers.empty()) { |
96 *request_headers += authorization_headers; | 105 *request_headers += authorization_headers; |
97 } | 106 } |
98 | 107 |
99 // TODO(darin): Need to prune out duplicate headers. | 108 // TODO(darin): Need to prune out duplicate headers. |
100 | 109 |
101 *request_headers += request_info->extra_headers; | 110 *request_headers += HttpUtil::StripHeaders(request_info->extra_headers, |
| 111 kExtraHeadersToBeStripped, arraysize(kExtraHeadersToBeStripped)); |
102 *request_headers += "\r\n"; | 112 *request_headers += "\r\n"; |
103 } | 113 } |
104 | 114 |
105 // The HTTP CONNECT method for establishing a tunnel connection is documented | 115 // The HTTP CONNECT method for establishing a tunnel connection is documented |
106 // in draft-luotonen-web-proxy-tunneling-01.txt and RFC 2817, Sections 5.2 and | 116 // in draft-luotonen-web-proxy-tunneling-01.txt and RFC 2817, Sections 5.2 and |
107 // 5.3. | 117 // 5.3. |
108 void BuildTunnelRequest(const HttpRequestInfo* request_info, | 118 void BuildTunnelRequest(const HttpRequestInfo* request_info, |
109 const std::string& authorization_headers, | 119 const std::string& authorization_headers, |
110 std::string* request_headers) { | 120 std::string* request_headers) { |
111 // RFC 2616 Section 9 says the Host request-header field MUST accompany all | 121 // RFC 2616 Section 9 says the Host request-header field MUST accompany all |
(...skipping 1754 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1866 AuthChallengeInfo* auth_info = new AuthChallengeInfo; | 1876 AuthChallengeInfo* auth_info = new AuthChallengeInfo; |
1867 auth_info->is_proxy = target == HttpAuth::AUTH_PROXY; | 1877 auth_info->is_proxy = target == HttpAuth::AUTH_PROXY; |
1868 auth_info->host_and_port = ASCIIToWide(GetHostAndPort(auth_origin)); | 1878 auth_info->host_and_port = ASCIIToWide(GetHostAndPort(auth_origin)); |
1869 auth_info->scheme = ASCIIToWide(auth_handler_[target]->scheme()); | 1879 auth_info->scheme = ASCIIToWide(auth_handler_[target]->scheme()); |
1870 // TODO(eroman): decode realm according to RFC 2047. | 1880 // TODO(eroman): decode realm according to RFC 2047. |
1871 auth_info->realm = ASCIIToWide(auth_handler_[target]->realm()); | 1881 auth_info->realm = ASCIIToWide(auth_handler_[target]->realm()); |
1872 response_.auth_challenge = auth_info; | 1882 response_.auth_challenge = auth_info; |
1873 } | 1883 } |
1874 | 1884 |
1875 } // namespace net | 1885 } // namespace net |
OLD | NEW |