chrome/browser/security/xfo_throttle.cc - Issue 1530393003: WIP: Move 'X-Frame-Options' checking to the browser.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: chrome/browser/security/xfo_throttle.cc

Issue 1530393003: WIP: Move 'X-Frame-Options' checking to the browser. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/security/xfo_throttle.h"

	6

	7 #include "base/strings/string_util.h"

	8 #include "content/public/browser/navigation_handle.h"

	9 #include "content/public/browser/navigation_throttle.h"

	10 #include "net/http/http_response_headers.h"

	11

	12 // static

	13 scoped_ptr<NavigationThrottle> XFOThrottle::MaybeCreateThrottleFor(

	14 NavigationHandle* handle) {

	15 DCHECK_CURRENTLY_ON(content::BrowserThread::UI);

	16

	17 if (handle->IsInMainFrame())

	18 return nullptr;

	19

	20 return scoped_ptr<NavigationThrottle>(new XFOThrottle(handle));

	21 }

	22

	23 XFOThrottle::XFOThrottle(NavigationHandle* handle)

	24 : NavigationThrottle(handle) {}

	25

	26 XFOThrottle::~XFOThrottle() {}

	27

	28 NavigationThrottle::ThrottleCheckResult XFOThrottle::WillProcessResponse() {

	29 DCHECK(!navigation_handle()->IsInMainFrame());

	30

	31 HeaderDisposition disposition =

	32 ParseHeader(navigation_handle()->GetResponseHeaders());

	33 switch (disposition) {

	34 case DENY:

	35 case CONFLICT:

	36 case INVALID:

	37 return NavigationThrottle::CANCEL_AND_IGNORE;

	38

	39 default:

	40 return NavigationThrottle::PROCEED;

	41 }

	42 return NavigationThrottle::PROCEED;

	43 }

	44

	45 XFOThrottle::HeaderDisposition XFOThrottle::ParseHeader(

	46 const net::HttpResponseHeaders* headers) {

	47 if (!headers)

	48 return NOT_PRESENT;

	49

	50 void* iter = nullptr;

	51 std::string value;

	52 HeaderDisposition result = NOT_PRESENT;

	53 while (headers->EnumerateHeader(&iter, "x-frame-options", &value)) {

	54 HeaderDisposition current = INVALID;

	55 base::StringPiece trimmed =

	56 base::TrimWhitespaceASCII(value, base::TRIM_ALL);

	57 if (base::LowerCaseEqualsASCII(trimmed, "deny"))

	58 current = DENY;

	59 else if (base::LowerCaseEqualsASCII(trimmed, "allowall"))

	60 current = ALLOWALL;

	61 else if (base::LowerCaseEqualsASCII(trimmed, "sameorigin"))

	62 current = SAMEORIGIN;

	63

	64 if (result == NOT_PRESENT)

	65 result = current;

	66 else if (result == current)

	67 continue;

	68 else

	69 return CONFLICT;

	70 }

	71 return result;

	72 }

OLD	NEW

« chrome/browser/security/xfo_throttle.h ('K') | « chrome/browser/security/xfo_throttle.h ('k') | chrome/chrome_browser.gypi » ('j') | content/browser/frame_host/navigation_handle_impl.h » ('J')