WIP: Move 'X-Frame-Options' checking to the browser.

chrome/browser/security/xfo_throttle.cc

Index: chrome/browser/security/xfo_throttle.cc
diff --git a/chrome/browser/security/xfo_throttle.cc b/chrome/browser/security/xfo_throttle.cc
new file mode 100644
index 0000000000000000000000000000000000000000..a1c459fb9004a7c0a28b2767cf35fe6a5e16f7b9
--- /dev/null
+++ b/chrome/browser/security/xfo_throttle.cc
@@ -0,0 +1,73 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/security/xfo_throttle.h"
+
+#include "base/strings/string_util.h"
+#include "content/public/browser/browser_thread.h"
+#include "content/public/browser/navigation_handle.h"
+#include "content/public/browser/navigation_throttle.h"
+#include "net/http/http_response_headers.h"
+
+// static
+scoped_ptr<NavigationThrottle> XFOThrottle::MaybeCreateThrottleFor(
+    NavigationHandle* handle) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+
+  if (handle->IsInMainFrame())
+    return nullptr;
+
+  return scoped_ptr<NavigationThrottle>(new XFOThrottle(handle));
+}
+
+XFOThrottle::XFOThrottle(NavigationHandle* handle)
+    : NavigationThrottle(handle) {}
+
+XFOThrottle::~XFOThrottle() {}
+
+NavigationThrottle::ThrottleCheckResult XFOThrottle::WillProcessResponse() {
+  DCHECK(!navigation_handle()->IsInMainFrame());
+
+  HeaderDisposition disposition =
+      ParseHeader(navigation_handle()->GetResponseHeaders());
+  switch (disposition) {
+    case DENY:
+    case CONFLICT:
+    case INVALID:
+      return NavigationThrottle::CANCEL_AND_IGNORE;
+

[Mike West, 2015/12/17 13:37:54]

Here, I need to grab the frame tree in order to check the ancestors against the
XFO rule. I can do this by exposing the `frame_tree_node_` on NavigationHandle,
but there's probably a more elegant mechanism... Halp? :)

[clamy, 2015/12/21 10:13:29]

I think you should move this to content/ (the frame tree is not accessible
outside of content). Then you can cast the NavigationHandle to a
NavigationHandleImpl, an get the FrameTreeNode from there.

+    default:
+      return NavigationThrottle::PROCEED;
+  }
+  return NavigationThrottle::PROCEED;
+}
+
+XFOThrottle::HeaderDisposition XFOThrottle::ParseHeader(
+    const net::HttpResponseHeaders* headers) {
+  if (!headers)
+    return NOT_PRESENT;
+
+  void* iter = nullptr;
+  std::string value;
+  HeaderDisposition result = NOT_PRESENT;
+  while (headers->EnumerateHeader(&iter, "x-frame-options", &value)) {
+    HeaderDisposition current = INVALID;
+    base::StringPiece trimmed =
+        base::TrimWhitespaceASCII(value, base::TRIM_ALL);
+    if (base::LowerCaseEqualsASCII(trimmed, "deny"))
+      current = DENY;
+    else if (base::LowerCaseEqualsASCII(trimmed, "allowall"))
+      current = ALLOWALL;
+    else if (base::LowerCaseEqualsASCII(trimmed, "sameorigin"))
+      current = SAMEORIGIN;
+
+    if (result == NOT_PRESENT)
+      result = current;
+    else if (result == current)
+      continue;
+    else
+      return CONFLICT;
+  }
+  return result;
+}