Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1696)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/frame_host/ancestor_throttle.h

Issue 1617043002: Introduce AncestorThrottle, which will process 'X-Frame-Options' headers. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@block-response
Patch Set: Fix. Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | content/browser/frame_host/ancestor_throttle.cc » ('j') | content/browser/frame_host/ancestor_throttle_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/ancestor_throttle.h
diff --git a/content/browser/frame_host/ancestor_throttle.h b/content/browser/frame_host/ancestor_throttle.h
new file mode 100644
index 0000000000000000000000000000000000000000..efd8e86d15e22a7e9e5b39355d56b198b231d317
--- /dev/null
+++ b/content/browser/frame_host/ancestor_throttle.h
@@ -0,0 +1,63 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SECURITY_ANCESTOR_THROTTLE_H_
nasko 2016/04/12 22:21:19 Mismatched include guard and file path/name.
Mike West 2016/04/13 13:28:08 Done, thanks!
nasko 2016/04/29 18:56:02 Hmm, I must be getting really old. I don't see thi
Mike West 2016/05/02 09:37:51 Yeah. Sorry. I'm old too and forgot. :/
+#define CHROME_BROWSER_SECURITY_ANCESTOR_THROTTLE_H_
+
+#include <memory>
+
+#include "base/gtest_prod_util.h"
+#include "base/macros.h"
+#include "content/public/browser/navigation_throttle.h"
+
+namespace content {
+class NavigationHandle;
+}
+
+namespace net {
+class HttpResponseHeaders;
+}
+
+namespace content {
+
+// An AncestorThrottle is responsible for enforcing a resource's embedding
+// rules, and blocking requests which violate them.
+class CONTENT_EXPORT AncestorThrottle : public NavigationThrottle {
+ public:
+ enum HeaderDisposition {
+ NONE,
+ DENY,
+ SAMEORIGIN,
+ ALLOWALL,
+ INVALID,
+ CONFLICT
+ };
+
+ static std::unique_ptr<NavigationThrottle> MaybeCreateThrottleFor(
+ NavigationHandle* handle);
+
+ explicit AncestorThrottle(NavigationHandle* handle);
+ ~AncestorThrottle() override;
+
+ NavigationThrottle::ThrottleCheckResult WillProcessResponse() override;
+
+ private:
+ FRIEND_TEST_ALL_PREFIXES(AncestorThrottleTest, Parsing);
+ FRIEND_TEST_ALL_PREFIXES(AncestorThrottleTest, ParseErrors);
+
+ void ParseError(const std::string& value, HeaderDisposition disposition);
+ void ConsoleError(HeaderDisposition disposition);
+
+ // Parses an 'X-Frame-Options' header. If the result is either CONFLICT
+ // or INVALID, |header_value| will be populated with the value which caused
+ // the parse error.
+ HeaderDisposition ParseHeader(const net::HttpResponseHeaders* headers,
+ std::string* header_value);
+
+ DISALLOW_COPY_AND_ASSIGN(AncestorThrottle);
+};
+
+} // namespace content
+
+#endif // CHROME_BROWSER_SECURITY_Ancestor_THROTTLE_H_
« no previous file with comments | « no previous file | content/browser/frame_host/ancestor_throttle.cc » ('j') | content/browser/frame_host/ancestor_throttle_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698