OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/security/xfo_throttle.h" | |
6 | |
7 #include "base/strings/string_util.h" | |
8 #include "content/public/browser/browser_thread.h" | |
9 #include "content/public/browser/navigation_handle.h" | |
10 #include "content/public/browser/navigation_throttle.h" | |
11 #include "net/http/http_response_headers.h" | |
12 | |
13 // static | |
14 scoped_ptr<NavigationThrottle> XFOThrottle::MaybeCreateThrottleFor( | |
15 NavigationHandle* handle) { | |
16 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | |
17 | |
18 if (handle->IsInMainFrame()) | |
19 return nullptr; | |
20 | |
21 return scoped_ptr<NavigationThrottle>(new XFOThrottle(handle)); | |
22 } | |
23 | |
24 XFOThrottle::XFOThrottle(NavigationHandle* handle) | |
25 : NavigationThrottle(handle) {} | |
26 | |
27 XFOThrottle::~XFOThrottle() {} | |
28 | |
29 NavigationThrottle::ThrottleCheckResult XFOThrottle::WillProcessResponse() { | |
30 DCHECK(!navigation_handle()->IsInMainFrame()); | |
31 | |
32 HeaderDisposition disposition = | |
33 ParseHeader(navigation_handle()->GetResponseHeaders()); | |
34 switch (disposition) { | |
35 case DENY: | |
36 case CONFLICT: | |
37 case INVALID: | |
38 return NavigationThrottle::CANCEL_AND_IGNORE; | |
39 | |
Mike West
2015/12/17 13:37:54
Here, I need to grab the frame tree in order to ch
clamy
2015/12/21 10:13:29
I think you should move this to content/ (the fram
| |
40 default: | |
41 return NavigationThrottle::PROCEED; | |
42 } | |
43 return NavigationThrottle::PROCEED; | |
44 } | |
45 | |
46 XFOThrottle::HeaderDisposition XFOThrottle::ParseHeader( | |
47 const net::HttpResponseHeaders* headers) { | |
48 if (!headers) | |
49 return NOT_PRESENT; | |
50 | |
51 void* iter = nullptr; | |
52 std::string value; | |
53 HeaderDisposition result = NOT_PRESENT; | |
54 while (headers->EnumerateHeader(&iter, "x-frame-options", &value)) { | |
55 HeaderDisposition current = INVALID; | |
56 base::StringPiece trimmed = | |
57 base::TrimWhitespaceASCII(value, base::TRIM_ALL); | |
58 if (base::LowerCaseEqualsASCII(trimmed, "deny")) | |
59 current = DENY; | |
60 else if (base::LowerCaseEqualsASCII(trimmed, "allowall")) | |
61 current = ALLOWALL; | |
62 else if (base::LowerCaseEqualsASCII(trimmed, "sameorigin")) | |
63 current = SAMEORIGIN; | |
64 | |
65 if (result == NOT_PRESENT) | |
66 result = current; | |
67 else if (result == current) | |
68 continue; | |
69 else | |
70 return CONFLICT; | |
71 } | |
72 return result; | |
73 } | |
OLD | NEW |