| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 2 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
| 3 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. | 3 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. |
| 4 * Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 4 * Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
| 5 * Copyright (C) 2009 Google Inc. All rights reserved. | 5 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 6 * Copyright (C) 2011 Apple Inc. All Rights Reserved. | 6 * Copyright (C) 2011 Apple Inc. All Rights Reserved. |
| 7 * | 7 * |
| 8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
| 9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
| 10 * are met: | 10 * are met: |
| (...skipping 490 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 501 } | 501 } |
| 502 } | 502 } |
| 503 | 503 |
| 504 ContentTypeOptionsDisposition parseContentTypeOptionsHeader(const String& header
) | 504 ContentTypeOptionsDisposition parseContentTypeOptionsHeader(const String& header
) |
| 505 { | 505 { |
| 506 if (header.stripWhiteSpace().lower() == "nosniff") | 506 if (header.stripWhiteSpace().lower() == "nosniff") |
| 507 return ContentTypeOptionsNosniff; | 507 return ContentTypeOptionsNosniff; |
| 508 return ContentTypeOptionsNone; | 508 return ContentTypeOptionsNone; |
| 509 } | 509 } |
| 510 | 510 |
| 511 XFrameOptionsDisposition parseXFrameOptionsHeader(const String& header) | |
| 512 { | |
| 513 XFrameOptionsDisposition result = XFrameOptionsInvalid; | |
| 514 | |
| 515 if (header.isEmpty()) | |
| 516 return result; | |
| 517 | |
| 518 Vector<String> headers; | |
| 519 header.split(',', headers); | |
| 520 | |
| 521 bool hasValue = false; | |
| 522 for (size_t i = 0; i < headers.size(); i++) { | |
| 523 String currentHeader = headers[i].stripWhiteSpace(); | |
| 524 XFrameOptionsDisposition currentValue = XFrameOptionsInvalid; | |
| 525 if (equalIgnoringCase(currentHeader, "deny")) | |
| 526 currentValue = XFrameOptionsDeny; | |
| 527 else if (equalIgnoringCase(currentHeader, "sameorigin")) | |
| 528 currentValue = XFrameOptionsSameOrigin; | |
| 529 else if (equalIgnoringCase(currentHeader, "allowall")) | |
| 530 currentValue = XFrameOptionsAllowAll; | |
| 531 | |
| 532 if (!hasValue) | |
| 533 result = currentValue; | |
| 534 else if (result != currentValue) | |
| 535 return XFrameOptionsConflict; | |
| 536 hasValue = true; | |
| 537 } | |
| 538 return result; | |
| 539 } | |
| 540 | |
| 541 static bool isCacheHeaderSeparator(UChar c) | 511 static bool isCacheHeaderSeparator(UChar c) |
| 542 { | 512 { |
| 543 // See RFC 2616, Section 2.2 | 513 // See RFC 2616, Section 2.2 |
| 544 switch (c) { | 514 switch (c) { |
| 545 case '(': | 515 case '(': |
| 546 case ')': | 516 case ')': |
| 547 case '<': | 517 case '<': |
| 548 case '>': | 518 case '>': |
| 549 case '@': | 519 case '@': |
| 550 case ',': | 520 case ',': |
| (...skipping 198 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 749 return false; | 719 return false; |
| 750 } | 720 } |
| 751 | 721 |
| 752 position++; | 722 position++; |
| 753 } | 723 } |
| 754 | 724 |
| 755 return true; | 725 return true; |
| 756 } | 726 } |
| 757 | 727 |
| 758 } // namespace blink | 728 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1617043002:
Introduce AncestorThrottle, which will process 'X-Frame-Options' headers. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@block-response