chrome/browser/security/xfo_throttle.cc - Issue 1530393003: WIP: Move 'X-Frame-Options' checking to the browser.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/security/xfo_throttle.cc

Issue 1530393003: WIP: Move 'X-Frame-Options' checking to the browser. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/browser/security/xfo_throttle.h ('K') | « chrome/browser/security/xfo_throttle.h ('k') | chrome/chrome_browser.gypi » ('j') | content/browser/frame_host/navigation_handle_impl.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/security/xfo_throttle.cc

diff --git a/chrome/browser/security/xfo_throttle.cc b/chrome/browser/security/xfo_throttle.cc

new file mode 100644

index 0000000000000000000000000000000000000000..7708e0d0a09df15f55f7f46641ff1eccccc613ee

--- /dev/null

+++ b/chrome/browser/security/xfo_throttle.cc

@@ -0,0 +1,72 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "chrome/browser/security/xfo_throttle.h"

+#include "base/strings/string_util.h"

+#include "content/public/browser/navigation_handle.h"

+#include "content/public/browser/navigation_throttle.h"

+#include "net/http/http_response_headers.h"

+// static

+scoped_ptr<NavigationThrottle> XFOThrottle::MaybeCreateThrottleFor(

+ NavigationHandle* handle) {

+ DCHECK_CURRENTLY_ON(content::BrowserThread::UI);

+ if (handle->IsInMainFrame())

+ return nullptr;

+ return scoped_ptr<NavigationThrottle>(new XFOThrottle(handle));

+XFOThrottle::XFOThrottle(NavigationHandle* handle)

+ : NavigationThrottle(handle) {}

+XFOThrottle::~XFOThrottle() {}

+NavigationThrottle::ThrottleCheckResult XFOThrottle::WillProcessResponse() {

+ DCHECK(!navigation_handle()->IsInMainFrame());

+ HeaderDisposition disposition =

+ ParseHeader(navigation_handle()->GetResponseHeaders());

+ switch (disposition) {

+ case DENY:

+ case CONFLICT:

+ case INVALID:

+ return NavigationThrottle::CANCEL_AND_IGNORE;

+ default:

+ return NavigationThrottle::PROCEED;

+ }

+ return NavigationThrottle::PROCEED;

+XFOThrottle::HeaderDisposition XFOThrottle::ParseHeader(

+ const net::HttpResponseHeaders* headers) {

+ if (!headers)

+ return NOT_PRESENT;

+ void* iter = nullptr;

+ std::string value;

+ HeaderDisposition result = NOT_PRESENT;

+ while (headers->EnumerateHeader(&iter, "x-frame-options", &value)) {

+ HeaderDisposition current = INVALID;

+ base::StringPiece trimmed =

+ base::TrimWhitespaceASCII(value, base::TRIM_ALL);

+ if (base::LowerCaseEqualsASCII(trimmed, "deny"))

+ current = DENY;

+ else if (base::LowerCaseEqualsASCII(trimmed, "allowall"))

+ current = ALLOWALL;

+ else if (base::LowerCaseEqualsASCII(trimmed, "sameorigin"))

+ current = SAMEORIGIN;

+ if (result == NOT_PRESENT)

+ result = current;

+ else if (result == current)

+ continue;

+ else

+ return CONFLICT;

+ }

+ return result;

« chrome/browser/security/xfo_throttle.h ('K') | « chrome/browser/security/xfo_throttle.h ('k') | chrome/chrome_browser.gypi » ('j') | content/browser/frame_host/navigation_handle_impl.h » ('J')