Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1334)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/frame_host/xfo_throttle.h

Issue 1530393003: WIP: Move 'X-Frame-Options' checking to the browser. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Ugh. Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/frame_host/navigation_request.cc ('K') | « content/browser/frame_host/navigator_impl.cc ('k') | content/browser/frame_host/xfo_throttle.cc » ('j') | content/browser/frame_host/xfo_throttle.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/xfo_throttle.h
diff --git a/content/browser/frame_host/xfo_throttle.h b/content/browser/frame_host/xfo_throttle.h
new file mode 100644
index 0000000000000000000000000000000000000000..d4382fdfeb21dfc18bfc1081dea8d17f802a6efc
--- /dev/null
+++ b/content/browser/frame_host/xfo_throttle.h
@@ -0,0 +1,54 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
nasko 2016/01/20 23:15:07 2016 :)
Mike West 2016/01/21 14:51:24 It was 2015 when I started. :)
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SECURITY_XFO_THROTTLE_H_
+#define CHROME_BROWSER_SECURITY_XFO_THROTTLE_H_
+
+#include "base/memory/scoped_ptr.h"
+#include "content/public/browser/navigation_throttle.h"
+
+namespace content {
+class NavigationHandle;
+}
+
+namespace net {
+class HttpResponseHeaders;
+}
+
+namespace content {
+
+class CONTENT_EXPORT XFOThrottle : public NavigationThrottle {
nasko 2016/01/20 23:15:07 XfoThrottle, as per semi-recent chromium-dev@ disc
Mike West 2016/01/21 14:51:24 ... Style rules never get better, do they? They j
+ public:
+ enum HeaderDisposition {
+ NOT_PRESENT,
+ DENY,
+ SAMEORIGIN,
nasko 2016/01/20 23:15:07 Why use _ in NOT_PRESENT, but not in SAME_ORITIN a
Mike West 2016/01/21 14:51:24 Changed to `NONE` to avoid the question.
+ ALLOWALL,
+ INVALID,
+ CONFLICT
+ };
+
+ explicit XFOThrottle(NavigationHandle* handle);
+ ~XFOThrottle() override;
+
+ NavigationThrottle::ThrottleCheckResult WillProcessResponse() override;
+ static scoped_ptr<NavigationThrottle> MaybeCreateThrottleFor(
nasko 2016/01/20 23:15:07 Static methods go first in the class, especially c
Mike West 2016/01/21 14:51:24 Done.
+ NavigationHandle* handle);
+
+ // Parses an 'X-Frame-Options' header. If the result is either CONFLICT
+ // or INVALID, |failed_parse| will be populated with the value which caused
+ // the parse error.
+ static HeaderDisposition ParseHeader(const net::HttpResponseHeaders* headers,
+ std::string* failed_parse);
+
+ private:
+ void ParseError(const std::string& value, HeaderDisposition disposition);
+ void ConsoleError(HeaderDisposition disposition);
+
+ DISALLOW_COPY_AND_ASSIGN(XFOThrottle);
+};
+
+} // namespace content
+
+#endif // CHROME_BROWSER_SECURITY_XFO_THROTTLE_H_
« content/browser/frame_host/navigation_request.cc ('K') | « content/browser/frame_host/navigator_impl.cc ('k') | content/browser/frame_host/xfo_throttle.cc » ('j') | content/browser/frame_host/xfo_throttle.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698