content/browser/frame_host/xfo_throttle.h - Issue 1530393003: WIP: Move 'X-Frame-Options' checking to the browser.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: content/browser/frame_host/xfo_throttle.h

Issue 1530393003: WIP: Move 'X-Frame-Options' checking to the browser. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Ugh. Created 4 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« content/browser/frame_host/navigation_request.cc ('K') | « content/browser/frame_host/navigator_impl.cc ('k') | content/browser/frame_host/xfo_throttle.cc » ('j') | content/browser/frame_host/xfo_throttle.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.
	nasko 2016/01/20 23:15:07 2016 :) 2016 :) Mike West 2016/01/21 14:51:24 It was 2015 when I started. :) Show quoted text On 2016/01/20 at 23:15:07, nasko wrote: > 2016 :) It was 2015 when I started. :)
	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef CHROME_BROWSER_SECURITY_XFO_THROTTLE_H_

	6 #define CHROME_BROWSER_SECURITY_XFO_THROTTLE_H_

	7

	8 #include "base/memory/scoped_ptr.h"

	9 #include "content/public/browser/navigation_throttle.h"

	10

	11 namespace content {

	12 class NavigationHandle;

	13 }

	14

	15 namespace net {

	16 class HttpResponseHeaders;

	17 }

	18

	19 namespace content {

	20

	21 class CONTENT_EXPORT XFOThrottle : public NavigationThrottle {
	nasko 2016/01/20 23:15:07 XfoThrottle, as per semi-recent chromium-dev@ disc XfoThrottle, as per semi-recent chromium-dev@ discussions on capitalization. Mike West 2016/01/21 14:51:24 ... Style rules never get better, do they? They j Show quoted text On 2016/01/20 at 23:15:07, nasko wrote: > XfoThrottle, as per semi-recent chromium-dev@ discussions on capitalization. ... Style rules never get better, do they? They just trend slowly and inexorably towards terribleness. :(
	22 public:

	23 enum HeaderDisposition {

	24 NOT_PRESENT,

	25 DENY,

	26 SAMEORIGIN,
	nasko 2016/01/20 23:15:07 Why use _ in NOT_PRESENT, but not in SAME_ORITIN a Why use _ in NOT_PRESENT, but not in SAME_ORITIN and ALLOW_ALL? Mike West 2016/01/21 14:51:24 Changed to `NONE` to avoid the question. Show quoted text On 2016/01/20 at 23:15:07, nasko wrote: > Why use _ in NOT_PRESENT, but not in SAME_ORITIN and ALLOW_ALL? Changed to `NONE` to avoid the question.
	27 ALLOWALL,

	28 INVALID,

	29 CONFLICT

	30 };

	31

	32 explicit XFOThrottle(NavigationHandle* handle);

	33 ~XFOThrottle() override;

	34

	35 NavigationThrottle::ThrottleCheckResult WillProcessResponse() override;

	36 static scoped_ptr<NavigationThrottle> MaybeCreateThrottleFor(
	nasko 2016/01/20 23:15:07 Static methods go first in the class, especially c Static methods go first in the class, especially creation related ones. Mike West 2016/01/21 14:51:24 Done. Show quoted text On 2016/01/20 at 23:15:07, nasko wrote: > Static methods go first in the class, especially creation related ones. Done.
	37 NavigationHandle* handle);

	38

	39 // Parses an 'X-Frame-Options' header. If the result is either CONFLICT

	40 // or INVALID, \|failed_parse\| will be populated with the value which caused

	41 // the parse error.

	42 static HeaderDisposition ParseHeader(const net::HttpResponseHeaders* headers,

	43 std::string* failed_parse);

	44

	45 private:

	46 void ParseError(const std::string& value, HeaderDisposition disposition);

	47 void ConsoleError(HeaderDisposition disposition);

	48

	49 DISALLOW_COPY_AND_ASSIGN(XFOThrottle);

	50 };

	51

	52 } // namespace content

	53

	54 #endif // CHROME_BROWSER_SECURITY_XFO_THROTTLE_H_

OLD	NEW