Pepper: Add a X-Requested-With header to URL requests done for Pepper plugins.

webkit/plugins/ppapi/url_request_info_util.cc

Index: webkit/plugins/ppapi/url_request_info_util.cc
diff --git a/webkit/plugins/ppapi/url_request_info_util.cc b/webkit/plugins/ppapi/url_request_info_util.cc
index a99c8f4a4d7adc2a7c2ee31172538930a4af35fc..edf83220dd0ea6fbc57c69cdf98c8da8cf745edb 100644
--- a/webkit/plugins/ppapi/url_request_info_util.cc
+++ b/webkit/plugins/ppapi/url_request_info_util.cc
@@ -21,7 +21,9 @@
 #include "webkit/base/file_path_string_conversions.h"
 #include "webkit/glue/weburlrequest_extradata_impl.h"
 #include "webkit/plugins/ppapi/common.h"
+#include "webkit/plugins/ppapi/host_globals.h"
 #include "webkit/plugins/ppapi/plugin_module.h"
+#include "webkit/plugins/ppapi/ppapi_plugin_instance.h"
 #include "webkit/plugins/ppapi/ppb_file_ref_impl.h"
 #include "webkit/plugins/ppapi/ppb_file_system_impl.h"
 #include "webkit/plugins/ppapi/resource_helper.h"
@@ -118,11 +120,56 @@ bool EnsureFileRefObjectsPopulated(::ppapi::URLRequestInfoData* data) {
   return true;
 }
 
+std::string FilterStringForXRequestedWithValue(const std::string& s) {
+  std::string rv;
+  rv.reserve(s.length());
+  for (size_t i = 0; i < s.length(); i++) {
+    char c = s[i];
+    // Allow ASCII digits, letters, periods, commas, and underscores. (Ignore
+    // all other characters.)
+    if ((c >= '0' && c <= '9') || (c >= 'A' && c <= 'Z') ||
+        (c >= 'a' && c <= 'z') || (c == '.') || (c == ',') || (c == '_'))
+      rv.push_back(c);
+  }
+  return rv;
+}
+
+// Makes an appropriate value for the X-Requested-With header. We produce a
+// user-agent-like string (eating spaces and other undesired characters) like
+// "ShockwaveFlash/11.5.31.135" from the plugin name and version.
+std::string MakeXRequestedWithValue(const std::string& name,
+                                    const std::string& version) {
+  std::string rv = FilterStringForXRequestedWithValue(name);
+  if (rv.empty())
+    rv = "unknown_plugin";
+
+  std::string filtered_version = FilterStringForXRequestedWithValue(version);
+  if (!filtered_version.empty())
+    rv += "/" + filtered_version;
+
+  return rv;
+}
+
 }  // namespace
 
-bool CreateWebURLRequest(::ppapi::URLRequestInfoData* data,
+bool CreateWebURLRequest(PP_Instance pp_instance,
+                         ::ppapi::URLRequestInfoData* data,
                          WebFrame* frame,
                          WebURLRequest* dest) {
+  std::string name_version;
+
+  // Allow null instances for testing purposes.
+  if (pp_instance) {
+    PluginInstance* instance = HostGlobals::Get()->GetInstance(pp_instance);
+    if (!instance)
+      return false;
+
+    name_version = MakeXRequestedWithValue(instance->module()->name(),
+                                           instance->module()->version());
+  } else {
+    name_version = "internal_testing_only";
+  }
+
   // In the out-of-process case, we've received the URLRequestInfoData
   // from the untrusted plugin and done no validation on it. We need to be
   // sure it's not being malicious by checking everything for consistency.
@@ -185,11 +232,11 @@ bool CreateWebURLRequest(::ppapi::URLRequestInfoData* data,
         WebString::fromUTF8(data->custom_content_transfer_encoding));
   }
 
-  if (data->has_custom_user_agent) {
-    dest->setExtraData(new webkit_glue::WebURLRequestExtraDataImpl(
-        WebKit::WebReferrerPolicyDefault,  // Ignored.
-        WebString::fromUTF8(data->custom_user_agent)));
-  }
+  dest->setExtraData(new webkit_glue::WebURLRequestExtraDataImpl(
+      WebKit::WebReferrerPolicyDefault,  // Ignored.
+      data->has_custom_user_agent ?
+          WebString::fromUTF8(data->custom_user_agent) : WebString(),
+          WebString::fromUTF8(name_version)));
 
   return true;
 }