Chromium Code Reviews Chromium Code Reviews
Issue 2258483002:
X-Chrome-Connected is stripped when it should not be in headers. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/signin/core/browser/signin_header_helper.h" | 5 #include "components/signin/core/browser/signin_header_helper.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
| 11 #include "base/strings/string_split.h" | 11 #include "base/strings/string_split.h" |
| 12 #include "base/strings/stringprintf.h" | 12 #include "base/strings/stringprintf.h" |
| 13 #include "build/build_config.h" | 13 #include "build/build_config.h" |
| 14 #include "components/content_settings/core/browser/cookie_settings.h" | 14 #include "components/content_settings/core/browser/cookie_settings.h" |
| 15 #include "components/google/core/browser/google_util.h" | 15 #include "components/google/core/browser/google_util.h" |
| 16 #include "components/signin/core/common/profile_management_switches.h" | 16 #include "components/signin/core/common/profile_management_switches.h" |
| 17 #include "google_apis/gaia/gaia_auth_util.h" | 17 #include "google_apis/gaia/gaia_auth_util.h" |
| 18 #include "google_apis/gaia/gaia_urls.h" | 18 #include "google_apis/gaia/gaia_urls.h" |
| 19 #include "net/base/escape.h" | 19 #include "net/base/escape.h" |
| 20 #include "net/http/http_response_headers.h" | 20 #include "net/http/http_response_headers.h" |
| 21 #include "net/url_request/url_request.h" | 21 #include "net/url_request/url_request.h" |
| 22 #include "url/gurl.h" | 22 #include "url/gurl.h" |
| 23 | 23 |
| 24 namespace { | 24 namespace { |
| 25 | 25 |
| 26 // Dictionary of fields in a mirror response header. | 26 // Dictionary of fields in a mirror response header. |
| 27 typedef std::map<std::string, std::string> MirrorResponseHeaderDictionary; | 27 typedef std::map<std::string, std::string> MirrorResponseHeaderDictionary; |
| 28 | 28 |
| 29 const char kChromeConnectedHeader[] = "X-Chrome-Connected"; | |
| 30 const char kChromeManageAccountsHeader[] = "X-Chrome-Manage-Accounts"; | 29 const char kChromeManageAccountsHeader[] = "X-Chrome-Manage-Accounts"; |
| 31 const char kContinueUrlAttrName[] = "continue_url"; | 30 const char kContinueUrlAttrName[] = "continue_url"; |
| 32 const char kEmailAttrName[] = "email"; | 31 const char kEmailAttrName[] = "email"; |
| 33 const char kEnableAccountConsistencyAttrName[] = "enable_account_consistency"; | 32 const char kEnableAccountConsistencyAttrName[] = "enable_account_consistency"; |
| 34 const char kGaiaIdAttrName[] = "id"; | 33 const char kGaiaIdAttrName[] = "id"; |
| 35 const char kProfileModeAttrName[] = "mode"; | 34 const char kProfileModeAttrName[] = "mode"; |
| 36 const char kIsSameTabAttrName[] = "is_same_tab"; | 35 const char kIsSameTabAttrName[] = "is_same_tab"; |
| 37 const char kIsSamlAttrName[] = "is_saml"; | 36 const char kIsSamlAttrName[] = "is_saml"; |
| 38 const char kServiceTypeAttrName[] = "action"; | 37 const char kServiceTypeAttrName[] = "action"; |
| 39 | 38 |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 102 | 101 |
| 103 // Only set the header for Drive and Gaia always, and other Google properties | 102 // Only set the header for Drive and Gaia always, and other Google properties |
| 104 // if account consistency is enabled. | 103 // if account consistency is enabled. |
| 105 // Vasquette, which is integrated with most Google properties, needs the | 104 // Vasquette, which is integrated with most Google properties, needs the |
| 106 // header to redirect certain user actions to Chrome native UI. Drive and Gaia | 105 // header to redirect certain user actions to Chrome native UI. Drive and Gaia |
| 107 // need the header to tell if the current user is connected. The drive path is | 106 // need the header to tell if the current user is connected. The drive path is |
| 108 // a temporary workaround until the more generic chrome.principals API is | 107 // a temporary workaround until the more generic chrome.principals API is |
| 109 // available. | 108 // available. |
| 110 GURL origin(url.GetOrigin()); | 109 GURL origin(url.GetOrigin()); |
| 111 bool is_enable_account_consistency = switches::IsEnableAccountConsistency(); | 110 bool is_enable_account_consistency = switches::IsEnableAccountConsistency(); |
| 112 bool is_google_url = is_enable_account_consistency && | 111 bool is_google_url = is_enable_account_consistency && |
|
eroman
2016/08/23 20:02:36
Separate issue: This doesn't seem right.... Isn't
Ramin Halavati
2016/08/26 17:04:32
Done.
| |
| 113 (google_util::IsGoogleDomainUrl( | 112 (google_util::IsGoogleDomainUrl( |
| 114 url, google_util::ALLOW_SUBDOMAIN, | 113 url, google_util::ALLOW_SUBDOMAIN, |
| 115 google_util::DISALLOW_NON_STANDARD_PORTS) || | 114 google_util::DISALLOW_NON_STANDARD_PORTS) || |
| 116 google_util::IsYoutubeDomainUrl( | 115 google_util::IsYoutubeDomainUrl( |
| 117 url, google_util::ALLOW_SUBDOMAIN, | 116 url, google_util::ALLOW_SUBDOMAIN, |
| 118 google_util::DISALLOW_NON_STANDARD_PORTS)); | 117 google_util::DISALLOW_NON_STANDARD_PORTS)); |
| 119 if (!is_google_url && !IsDriveOrigin(origin) && | 118 if (!is_google_url && !IsDriveOrigin(origin) && |
| 120 !gaia::IsGaiaSignonRealm(origin)) { | 119 !gaia::IsGaiaSignonRealm(origin)) { |
| 121 return std::string(); | 120 return std::string(); |
| 122 } | 121 } |
| 123 | 122 |
| 124 return base::StringPrintf(pattern, kGaiaIdAttrName, account_id.c_str(), | 123 return base::StringPrintf(pattern, kGaiaIdAttrName, account_id.c_str(), |
| 125 kProfileModeAttrName, | 124 kProfileModeAttrName, |
| 126 base::IntToString(profile_mode_mask).c_str(), | 125 base::IntToString(profile_mode_mask).c_str(), |
| 127 kEnableAccountConsistencyAttrName, | 126 kEnableAccountConsistencyAttrName, |
| 128 is_enable_account_consistency ? "true" : "false"); | 127 is_enable_account_consistency ? "true" : "false"); |
| 129 } | 128 } |
| 130 | 129 |
| 131 } // namespace | 130 } // namespace |
| 132 | 131 |
| 133 namespace signin { | 132 namespace signin { |
| 134 | 133 |
| 134 extern const char kChromeConnectedHeader[] = "X-Chrome-Connected"; | |
| 135 | |
| 135 ManageAccountsParams::ManageAccountsParams() | 136 ManageAccountsParams::ManageAccountsParams() |
| 136 : service_type(GAIA_SERVICE_TYPE_NONE), | 137 : service_type(GAIA_SERVICE_TYPE_NONE), |
| 137 email(""), | 138 email(""), |
| 138 is_saml(false), | 139 is_saml(false), |
| 139 continue_url(""), | 140 continue_url(""), |
| 140 is_same_tab(false) { | 141 is_same_tab(false) { |
| 141 #if !defined(OS_IOS) | 142 #if !defined(OS_IOS) |
| 142 child_id = 0; | 143 child_id = 0; |
| 143 route_id = 0; | 144 route_id = 0; |
| 144 #endif // !defined(OS_IOS) | 145 #endif // !defined(OS_IOS) |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 218 if (!request->response_headers()->GetNormalizedHeader( | 219 if (!request->response_headers()->GetNormalizedHeader( |
| 219 kChromeManageAccountsHeader, &header_value)) { | 220 kChromeManageAccountsHeader, &header_value)) { |
| 220 return empty_params; | 221 return empty_params; |
| 221 } | 222 } |
| 222 | 223 |
| 223 DCHECK(switches::IsEnableAccountConsistency() && !is_off_the_record); | 224 DCHECK(switches::IsEnableAccountConsistency() && !is_off_the_record); |
| 224 return BuildManageAccountsParams(header_value); | 225 return BuildManageAccountsParams(header_value); |
| 225 } | 226 } |
| 226 | 227 |
| 227 } // namespace signin | 228 } // namespace signin |
| OLD | NEW |
