chrome/browser/security/xfo_throttle.cc - Issue 1530393003: WIP: Move 'X-Frame-Options' checking to the browser.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: chrome/browser/security/xfo_throttle.cc

Issue 1530393003: WIP: Move 'X-Frame-Options' checking to the browser. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Rebase. Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/security/xfo_throttle.h"

	6

	7 #include "base/strings/string_util.h"

	8 #include "content/public/browser/browser_thread.h"

	9 #include "content/public/browser/navigation_handle.h"

	10 #include "content/public/browser/navigation_throttle.h"

	11 #include "net/http/http_response_headers.h"

	12

	13 // static

	14 scoped_ptr<NavigationThrottle> XFOThrottle::MaybeCreateThrottleFor(

	15 NavigationHandle* handle) {

	16 DCHECK_CURRENTLY_ON(content::BrowserThread::UI);

	17

	18 if (handle->IsInMainFrame())

	19 return nullptr;

	20

	21 return scoped_ptr<NavigationThrottle>(new XFOThrottle(handle));

	22 }

	23

	24 XFOThrottle::XFOThrottle(NavigationHandle* handle)

	25 : NavigationThrottle(handle) {}

	26

	27 XFOThrottle::~XFOThrottle() {}

	28

	29 NavigationThrottle::ThrottleCheckResult XFOThrottle::WillProcessResponse() {

	30 DCHECK(!navigation_handle()->IsInMainFrame());

	31

	32 HeaderDisposition disposition =

	33 ParseHeader(navigation_handle()->GetResponseHeaders());

	34 switch (disposition) {

	35 case DENY:

	36 case CONFLICT:

	37 case INVALID:

	38 return NavigationThrottle::CANCEL_AND_IGNORE;

	39
	Mike West 2015/12/17 13:37:54 Here, I need to grab the frame tree in order to ch Here, I need to grab the frame tree in order to check the ancestors against the XFO rule. I can do this by exposing the `frame_tree_node_` on NavigationHandle, but there's probably a more elegant mechanism... Halp? :) clamy 2015/12/21 10:13:29 I think you should move this to content/ (the fram Show quoted text On 2015/12/17 13:37:54, Mike West (OOO) wrote: > Here, I need to grab the frame tree in order to check the ancestors against the > XFO rule. I can do this by exposing the `frame_tree_node_` on NavigationHandle, > but there's probably a more elegant mechanism... Halp? :) I think you should move this to content/ (the frame tree is not accessible outside of content). Then you can cast the NavigationHandle to a NavigationHandleImpl, an get the FrameTreeNode from there.
	40 default:

	41 return NavigationThrottle::PROCEED;

	42 }

	43 return NavigationThrottle::PROCEED;

	44 }

	45

	46 XFOThrottle::HeaderDisposition XFOThrottle::ParseHeader(

	47 const net::HttpResponseHeaders* headers) {

	48 if (!headers)

	49 return NOT_PRESENT;

	50

	51 void* iter = nullptr;

	52 std::string value;

	53 HeaderDisposition result = NOT_PRESENT;

	54 while (headers->EnumerateHeader(&iter, "x-frame-options", &value)) {

	55 HeaderDisposition current = INVALID;

	56 base::StringPiece trimmed =

	57 base::TrimWhitespaceASCII(value, base::TRIM_ALL);

	58 if (base::LowerCaseEqualsASCII(trimmed, "deny"))

	59 current = DENY;

	60 else if (base::LowerCaseEqualsASCII(trimmed, "allowall"))

	61 current = ALLOWALL;

	62 else if (base::LowerCaseEqualsASCII(trimmed, "sameorigin"))

	63 current = SAMEORIGIN;

	64

	65 if (result == NOT_PRESENT)

	66 result = current;

	67 else if (result == current)

	68 continue;

	69 else

	70 return CONFLICT;

	71 }

	72 return result;

	73 }

OLD	NEW

« no previous file with comments | « chrome/browser/security/xfo_throttle.h ('k') | chrome/chrome_browser.gypi » ('j') | content/browser/frame_host/navigation_handle_impl.cc » ('J')