Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(184)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/modules/fetch/FetchResponseData.cpp

Issue 1526903002: Make FetchResponseData::createCORSFilteredResponse() consult isForbiddenResponseHeaderName() (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/modules/fetch/FetchResponseDataTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "config.h" 5 #include "config.h"
6 #include "modules/fetch/FetchResponseData.h" 6 #include "modules/fetch/FetchResponseData.h"
7 7
8 #include "core/dom/DOMArrayBuffer.h" 8 #include "core/dom/DOMArrayBuffer.h"
9 #include "core/fetch/CrossOriginAccessControl.h" 9 #include "core/fetch/CrossOriginAccessControl.h"
10 #include "core/fetch/FetchUtils.h"
10 #include "modules/fetch/BodyStreamBuffer.h" 11 #include "modules/fetch/BodyStreamBuffer.h"
11 #include "modules/fetch/DataConsumerHandleUtil.h" 12 #include "modules/fetch/DataConsumerHandleUtil.h"
12 #include "modules/fetch/DataConsumerTee.h" 13 #include "modules/fetch/DataConsumerTee.h"
13 #include "modules/fetch/FetchHeaderList.h" 14 #include "modules/fetch/FetchHeaderList.h"
14 #include "public/platform/modules/serviceworker/WebServiceWorkerResponse.h" 15 #include "public/platform/modules/serviceworker/WebServiceWorkerResponse.h"
15 16
16 namespace blink { 17 namespace blink {
17 18
18 namespace { 19 namespace {
19 20
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
69 70
70 FetchResponseData* FetchResponseData::createBasicFilteredResponse() 71 FetchResponseData* FetchResponseData::createBasicFilteredResponse()
71 { 72 {
72 // "A basic filtered response is a filtered response whose type is |basic|, 73 // "A basic filtered response is a filtered response whose type is |basic|,
73 // header list excludes any headers in internal response's header list whose 74 // header list excludes any headers in internal response's header list whose
74 // name is `Set-Cookie` or `Set-Cookie2`." 75 // name is `Set-Cookie` or `Set-Cookie2`."
75 FetchResponseData* response = new FetchResponseData(BasicType, m_status, m_s tatusMessage); 76 FetchResponseData* response = new FetchResponseData(BasicType, m_status, m_s tatusMessage);
76 response->m_url = m_url; 77 response->m_url = m_url;
77 for (size_t i = 0; i < m_headerList->size(); ++i) { 78 for (size_t i = 0; i < m_headerList->size(); ++i) {
78 const FetchHeaderList::Header* header = m_headerList->list()[i].get(); 79 const FetchHeaderList::Header* header = m_headerList->list()[i].get();
79 if (header->first == "set-cookie" || header->first == "set-cookie2") 80 if (FetchUtils::isForbiddenResponseHeaderName(header->first))
80 continue; 81 continue;
81 response->m_headerList->append(header->first, header->second); 82 response->m_headerList->append(header->first, header->second);
82 } 83 }
83 response->m_buffer = m_buffer; 84 response->m_buffer = m_buffer;
84 response->m_mimeType = m_mimeType; 85 response->m_mimeType = m_mimeType;
85 response->m_internalResponse = this; 86 response->m_internalResponse = this;
86 return response; 87 return response;
87 } 88 }
88 89
89 FetchResponseData* FetchResponseData::createCORSFilteredResponse() 90 FetchResponseData* FetchResponseData::createCORSFilteredResponse()
90 { 91 {
91 // "A CORS filtered response is a filtered response whose type is |CORS|, 92 // "A CORS filtered response is a filtered response whose type is |CORS|,
92 // header list excludes all headers in internal response's header list, 93 // header list excludes all headers in internal response's header list,
93 // except those whose name is either one of `Cache-Control`, 94 // except those whose name is either one of `Cache-Control`,
94 // `Content-Language`, `Content-Type`, `Expires`, `Last-Modified`, and 95 // `Content-Language`, `Content-Type`, `Expires`, `Last-Modified`, and
95 // `Pragma`, and except those whose name is one of the values resulting from 96 // `Pragma`, and except those whose name is one of the values resulting from
96 // parsing `Access-Control-Expose-Headers` in internal response's header 97 // parsing `Access-Control-Expose-Headers` in internal response's header
97 // list." 98 // list."
98 FetchResponseData* response = new FetchResponseData(CORSType, m_status, m_st atusMessage); 99 FetchResponseData* response = new FetchResponseData(CORSType, m_status, m_st atusMessage);
99 response->m_url = m_url; 100 response->m_url = m_url;
100 HTTPHeaderSet accessControlExposeHeaderSet; 101 HTTPHeaderSet accessControlExposeHeaderSet;
101 String accessControlExposeHeaders; 102 String accessControlExposeHeaders;
102 if (m_headerList->get("access-control-expose-headers", accessControlExposeHe aders)) 103 if (m_headerList->get("access-control-expose-headers", accessControlExposeHe aders))
103 parseAccessControlExposeHeadersAllowList(accessControlExposeHeaders, acc essControlExposeHeaderSet); 104 parseAccessControlExposeHeadersAllowList(accessControlExposeHeaders, acc essControlExposeHeaderSet);
104 for (size_t i = 0; i < m_headerList->size(); ++i) { 105 for (size_t i = 0; i < m_headerList->size(); ++i) {
105 const FetchHeaderList::Header* header = m_headerList->list()[i].get(); 106 const FetchHeaderList::Header* header = m_headerList->list()[i].get();
106 if (!isOnAccessControlResponseHeaderWhitelist(header->first) && !accessC ontrolExposeHeaderSet.contains(header->first)) 107 const String& name = header->first;
107 continue; 108 if (isOnAccessControlResponseHeaderWhitelist(name) || (accessControlExpo seHeaderSet.contains(name) && !FetchUtils::isForbiddenResponseHeaderName(name)))
108 response->m_headerList->append(header->first, header->second); 109 response->m_headerList->append(name, header->second);
109 } 110 }
110 response->m_buffer = m_buffer; 111 response->m_buffer = m_buffer;
111 response->m_mimeType = m_mimeType; 112 response->m_mimeType = m_mimeType;
112 response->m_internalResponse = this; 113 response->m_internalResponse = this;
113 return response; 114 return response;
114 } 115 }
115 116
116 FetchResponseData* FetchResponseData::createOpaqueFilteredResponse() 117 FetchResponseData* FetchResponseData::createOpaqueFilteredResponse()
117 { 118 {
118 // "An opaque filtered response is a filtered response whose type is 119 // "An opaque filtered response is a filtered response whose type is
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after
243 } 244 }
244 245
245 DEFINE_TRACE(FetchResponseData) 246 DEFINE_TRACE(FetchResponseData)
246 { 247 {
247 visitor->trace(m_headerList); 248 visitor->trace(m_headerList);
248 visitor->trace(m_internalResponse); 249 visitor->trace(m_internalResponse);
249 visitor->trace(m_buffer); 250 visitor->trace(m_buffer);
250 } 251 }
251 252
252 } // namespace blink 253 } // namespace blink
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/Source/modules/fetch/FetchResponseDataTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698