First experimental implementation of the Clear-Site-Data header

content/browser/browsing_data/clear_site_data_throttle.cc

Index: content/browser/browsing_data/clear_site_data_throttle.cc
diff --git a/content/browser/browsing_data/clear_site_data_throttle.cc b/content/browser/browsing_data/clear_site_data_throttle.cc
new file mode 100644
index 0000000000000000000000000000000000000000..7adce6ac0584577a6084d564c123cbc7d093c8ea
--- /dev/null
+++ b/content/browser/browsing_data/clear_site_data_throttle.cc
@@ -0,0 +1,152 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/browsing_data/clear_site_data_throttle.h"
+
+#include "base/json/json_reader.h"
+#include "base/json/json_string_value_serializer.h"
+#include "base/strings/stringprintf.h"
+#include "base/values.h"
+#include "content/browser/frame_host/navigation_handle_impl.h"
+#include "content/public/browser/browser_context.h"
+#include "content/public/browser/content_browser_client.h"
+#include "content/public/browser/navigation_handle.h"
+#include "content/public/browser/web_contents.h"
+#include "content/public/common/content_client.h"
+#include "net/http/http_response_headers.h"
+#include "url/gurl.h"
+#include "url/origin.h"
+
+namespace content {
+
+namespace {
+
+static const char* kClearSiteDataHeader = "Clear-Site-Data";
+
+static const char* kConsoleMessageFormat =
+    "Clear-Site-Data header on '%s': %s";
+
+static const char* kTypesKey = "types";
+
+}  // namespace
+
+// static
+std::unique_ptr<NavigationThrottle>
+    ClearSiteDataThrottle::CreateThrottleFor(NavigationHandle* handle) {
+  return std::unique_ptr<NavigationThrottle>(new ClearSiteDataThrottle(handle));
+}
+
+ClearSiteDataThrottle::~ClearSiteDataThrottle() {}
+
+void ClearSiteDataThrottle::DidFinishNavigation(NavigationHandle* handle) {
+  // When the navigation is finished, we can access RenderFrameHost
+  // and output console logs.
+  DCHECK_EQ(navigation_handle(), handle);
+
+  for (const ConsoleMessage& message : messages_) {
+    navigation_handle()->GetRenderFrameHost()->AddMessageToConsole(
+        message.error
+            ? CONSOLE_MESSAGE_LEVEL_ERROR
+            : CONSOLE_MESSAGE_LEVEL_LOG,
+        base::StringPrintf(
+            kConsoleMessageFormat, handle->GetURL().spec().c_str(),
+            message.text.c_str()));
+  }
+}
+
+ClearSiteDataThrottle::ThrottleCheckResult
+    ClearSiteDataThrottle::WillProcessResponse() {
+  NavigationHandleImpl* handle =
+      static_cast<NavigationHandleImpl*>(navigation_handle());

[Mike West, 2016/06/02 07:00:08]

We should skip all of this if the URL is insecure.

[msramek, 2016/06/14 20:12:07]

Done.

+
+  // Extract the header.
+  std::string header;
+  handle->GetResponseHeaders()->GetNormalizedHeader(

[Mike West, 2016/06/02 07:00:08]

This will return a comma separated list if more than one header is present in
the response. That is:

Clear-Site-Data: a
Clear-Site-Data: b

will be normalized to:

Clear-Site-Data: a,b

I don't think your parser handles this? Or maybe it does. Would you mind adding
tests in any event?

[msramek, 2016/06/14 20:12:07]

EnumerateHeader() will cut the JSON on every comma, which I don't want.

GetNormalizedHeader() will merge all lines into one, which I also don't want.
Well, I could cut it back into a vector of valid JSONs manually with a push-down
automaton, if you think we should support that.

But it's easiest to declare that we want one valid JSON per line, and use
EnumerateHeaderLines().

+      kClearSiteDataHeader, &header);
+  if (header.empty())
+    return PROCEED;
+
+  // Parse the header.
+  bool clear_cookies;
+  bool clear_storage;
+  bool clear_cache;
+  if (!ParseHeader(header, &clear_cookies, &clear_storage, &clear_cache))
+    return PROCEED;
+
+  // Clear the data for this browser context and origin.
+  BrowserContext* browser_context =
+      handle->GetWebContents()->GetBrowserContext();
+  url::Origin origin(handle->GetURL());
+
+  GetContentClient()->browser()->ClearSiteData(
+      browser_context, origin, clear_cookies, clear_storage, clear_cache);
+
+  return PROCEED;
+}
+
+ClearSiteDataThrottle::ClearSiteDataThrottle(NavigationHandle* handle)
+    : NavigationThrottle(handle),
+      WebContentsObserver(handle ? handle->GetWebContents() : nullptr) {}
+
+bool ClearSiteDataThrottle::ParseHeader(
+    const std::string& header,
+    bool* clear_cookies, bool* clear_storage, bool* clear_cache) {
+  std::unique_ptr<base::Value> parsed_header =
+      base::JSONReader::Read(header);
+
+  if (!parsed_header) {
+    ConsoleLog("The value is not a valid JSON.", true /* error */);

[Mike West, 2016/06/02 07:00:08]

Can you output the header value so that it's clear what the message is referring
to (ditto for the other errors).

[msramek, 2016/06/14 20:12:07]

Done.

+    return false;
+  }
+
+  if (!parsed_header->GetAsDictionary(nullptr)) {
+    ConsoleLog("The value is not a dictionary.", true /* error */);
+    return false;
+  }
+
+  const base::ListValue* types;
+  if (!static_cast<base::DictionaryValue*>(parsed_header.get())
+          ->GetListWithoutPathExpansion(kTypesKey, &types)) {
+    ConsoleLog("No 'types' field present.", true /* error */);
+    return false;
+  }
+
+  *clear_cookies = false;
+  *clear_storage = false;
+  *clear_cache = false;
+
+  for (const std::unique_ptr<base::Value>& value : *types) {
+    std::string type;
+    value->GetAsString(&type);
+
+    if (type == "cookies") {
+      *clear_cookies = true;
+      ConsoleLog("Clearing cookies.", false /* error */);

[Mike West, 2016/06/02 07:00:08]

Can you do the extra work to combine these into one "Clearing X, Y, and Z"
message?

[msramek, 2016/06/14 20:12:07]

Done.

+    } else if (type == "storage") {
+      *clear_storage = true;
+      ConsoleLog("Clearing storage.", false /* error */);
+    } else if (type == "cache") {
+      *clear_cache = true;
+      ConsoleLog("Clearing cache.", false /* error */);
+    } else {
+      std::string serialized_type;
+      JSONStringValueSerializer serializer(&serialized_type);
+      serializer.Serialize(*value);
+      ConsoleLog("Invalid type: " + serialized_type, true /* error */);
+    }
+  }
+
+  if (!*clear_cookies && !*clear_storage && !*clear_cache) {
+    ConsoleLog("No valid types specified for clearing.", true /* error */);
+    return false;
+  }
+
+  return true;
+}
+
+void ClearSiteDataThrottle::ConsoleLog(const std::string& text, bool error) {

[Mike West, 2016/06/02 07:00:08]

Sprinkling `/* error */` throughout the code is pretty ugly. Could you make this
an enum instead? Or just use `CONSOLE_MESSAGE_LEVEL_{ERROR,LOG}` outright?

[msramek, 2016/06/14 20:12:08]

Done.

+  messages_.push_back({text, error});
+}
+
+}  // namespace content