Index: net/http/http_security_headers.h |
diff --git a/net/http/http_security_headers.h b/net/http/http_security_headers.h |
index e03da85f38ffd36825b607bc2e9d6c08beb0785e..4870ba6cf5bf57db193af9a57b0874bdb8b88ca4 100644 |
--- a/net/http/http_security_headers.h |
+++ b/net/http/http_security_headers.h |
@@ -33,9 +33,9 @@ bool NET_EXPORT_PRIVATE ParseHSTSHeader(const std::string& value, |
bool* include_subdomains); |
// Parses |value| as a Public-Key-Pins header value. If successful, returns |
-// true and populates the |*max_age|, |*include_subdomains|, and |*hashes| |
-// values. Otherwise returns false and leaves the output parameters |
-// unchanged. |
+// true and populates the |*max_age|, |*include_subdomains|, |*hashes|, and |
+// |*report_uri| values. Otherwise returns false and leaves the output |
+// parameters unchanged. |
// |
// value is the right-hand side of: |
// |
@@ -58,6 +58,22 @@ bool NET_EXPORT_PRIVATE ParseHPKPHeader(const std::string& value, |
HashValueVector* hashes, |
GURL* report_uri); |
+// Parses |value| as a Public-Key-Pins-Report-Only header value. If |
+// successful, returns true and populates the |*hashes| and |
+// |*report_uri| values. Otherwise returns false and leaves the output |
+// parameters unchanged. |
+// |
+// value is the right-hand side of: |
+// |
+// "Public-Key-Pins-Report-Only" ":" |
+// [ "max-age" "=" delta-seconds ";" ] |
+// "pin-" algo "=" base64 [ ";" ... ] |
+// [ ";" "includeSubdomains" ] |
+// [ ";" "report-uri" "=" uri-reference ] |
+// |
+bool NET_EXPORT_PRIVATE ParseHPKPReportOnlyHeader(const std::string& value, |
+ HashValueVector* hashes, |
+ GURL* report_uri); |
Ryan Sleevi
2015/07/30 01:43:50
Is there any reason to introduce a separate method
estark
2015/07/30 02:43:49
The main reason is that ParseHPKPHeader() does som
Ryan Sleevi
2015/07/30 02:52:25
Both of these apply.
UAs MUST ignore any h
estark
2015/07/30 15:21:21
Yep, sorry, I meant the presence check.
|
} // namespace net |
#endif // NET_HTTP_HTTP_SECURITY_HEADERS_H_ |