Index: net/http/http_response_headers.cc |
diff --git a/net/http/http_response_headers.cc b/net/http/http_response_headers.cc |
index 0072976ada2e16891a487683d7c2ed1dd214be71..adc072b070877158a3bbcfa6a5c8a8b37ce06f15 100644 |
--- a/net/http/http_response_headers.cc |
+++ b/net/http/http_response_headers.cc |
@@ -899,6 +899,35 @@ bool HttpResponseHeaders::IsRedirectResponseCode(int response_code) { |
response_code == 307); |
} |
+void HttpResponseHeaders::SetSafeRedirect(GURL new_url) { |
+ DCHECK(new_url.is_valid()); |
+ // Replace the status line and Location header |
+ std::string new_raw_headers("HTTP/1.1 307 Temporary Redirect"); |
+ new_raw_headers.push_back('\0'); |
+ new_raw_headers.append("Location: " + new_url.spec()); |
+ new_raw_headers.push_back('\0'); |
+ |
+ HeaderSet to_remove; |
+ to_remove.insert("location"); |
+ |
+ MergeWithHeaders(new_raw_headers, to_remove); |
+ |
+ allowed_unsafe_redirect_url_ = new_url; |
+} |
+ |
+bool HttpResponseHeaders::IsSafeRedirect(const GURL& location) const { |
+ if (allowed_unsafe_redirect_url_.is_valid()) { |
+ GURL::Replacements replacements; |
+ replacements.ClearRef(); |
mmenke
2014/03/20 16:13:32
Hrm... Is this needed?
robwu
2014/03/20 16:21:11
Yes, URLRequestJob::NotifyHeadersComplete() copies
mmenke
2014/03/20 16:40:28
Thanks for the pointer! Then we should clear the
robwu
2014/03/20 17:28:14
The ref is already cleared on both URLs.
|
+ return location.ReplaceComponents(replacements) == |
+ allowed_unsafe_redirect_url_.ReplaceComponents(replacements); |
+ } |
+ return false; |
+} |
+bool HttpResponseHeaders::HasSafeRedirect() const { |
+ return allowed_unsafe_redirect_url_.is_valid(); |
+} |
+ |
// From RFC 2616 section 13.2.4: |
// |
// The calculation to determine if a response has expired is quite simple: |