Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(103)

Side by Side Diff: chrome/browser/security/xfo_throttle.cc

Issue 1530393003: WIP: Move 'X-Frame-Options' checking to the browser. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase. Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/security/xfo_throttle.h"
6
7 #include "base/strings/string_util.h"
8 #include "content/public/browser/browser_thread.h"
9 #include "content/public/browser/navigation_handle.h"
10 #include "content/public/browser/navigation_throttle.h"
11 #include "net/http/http_response_headers.h"
12
13 // static
14 scoped_ptr<NavigationThrottle> XFOThrottle::MaybeCreateThrottleFor(
15 NavigationHandle* handle) {
16 DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
17
18 if (handle->IsInMainFrame())
19 return nullptr;
20
21 return scoped_ptr<NavigationThrottle>(new XFOThrottle(handle));
22 }
23
24 XFOThrottle::XFOThrottle(NavigationHandle* handle)
25 : NavigationThrottle(handle) {}
26
27 XFOThrottle::~XFOThrottle() {}
28
29 NavigationThrottle::ThrottleCheckResult XFOThrottle::WillProcessResponse() {
30 DCHECK(!navigation_handle()->IsInMainFrame());
31
32 HeaderDisposition disposition =
33 ParseHeader(navigation_handle()->GetResponseHeaders());
34 switch (disposition) {
35 case DENY:
36 case CONFLICT:
37 case INVALID:
38 return NavigationThrottle::CANCEL_AND_IGNORE;
39
Mike West 2015/12/17 13:37:54 Here, I need to grab the frame tree in order to ch
clamy 2015/12/21 10:13:29 I think you should move this to content/ (the fram
40 default:
41 return NavigationThrottle::PROCEED;
42 }
43 return NavigationThrottle::PROCEED;
44 }
45
46 XFOThrottle::HeaderDisposition XFOThrottle::ParseHeader(
47 const net::HttpResponseHeaders* headers) {
48 if (!headers)
49 return NOT_PRESENT;
50
51 void* iter = nullptr;
52 std::string value;
53 HeaderDisposition result = NOT_PRESENT;
54 while (headers->EnumerateHeader(&iter, "x-frame-options", &value)) {
55 HeaderDisposition current = INVALID;
56 base::StringPiece trimmed =
57 base::TrimWhitespaceASCII(value, base::TRIM_ALL);
58 if (base::LowerCaseEqualsASCII(trimmed, "deny"))
59 current = DENY;
60 else if (base::LowerCaseEqualsASCII(trimmed, "allowall"))
61 current = ALLOWALL;
62 else if (base::LowerCaseEqualsASCII(trimmed, "sameorigin"))
63 current = SAMEORIGIN;
64
65 if (result == NOT_PRESENT)
66 result = current;
67 else if (result == current)
68 continue;
69 else
70 return CONFLICT;
71 }
72 return result;
73 }
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698