Chromium Code Reviews Chromium Code Reviews
Issue 2258483002:
X-Chrome-Connected is stripped when it should not be in headers. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/signin/core/browser/signin_header_helper.h" | 5 #include "components/signin/core/browser/signin_header_helper.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
| 11 #include "base/strings/string_split.h" | 11 #include "base/strings/string_split.h" |
| 12 #include "base/strings/stringprintf.h" | 12 #include "base/strings/stringprintf.h" |
| 13 #include "build/build_config.h" | 13 #include "build/build_config.h" |
| 14 #include "components/content_settings/core/browser/cookie_settings.h" | 14 #include "components/content_settings/core/browser/cookie_settings.h" |
| 15 #include "components/google/core/browser/google_util.h" | 15 #include "components/google/core/browser/google_util.h" |
| 16 #include "components/signin/core/common/profile_management_switches.h" | 16 #include "components/signin/core/common/profile_management_switches.h" |
| 17 #include "google_apis/gaia/gaia_auth_util.h" | 17 #include "google_apis/gaia/gaia_auth_util.h" |
| 18 #include "google_apis/gaia/gaia_urls.h" | 18 #include "google_apis/gaia/gaia_urls.h" |
| 19 #include "net/base/escape.h" | 19 #include "net/base/escape.h" |
| 20 #include "net/http/http_response_headers.h" | 20 #include "net/http/http_response_headers.h" |
| 21 #include "net/url_request/url_request.h" | 21 #include "net/url_request/url_request.h" |
| 22 #include "url/gurl.h" | 22 #include "url/gurl.h" |
| 23 | 23 |
| 24 namespace { | 24 namespace { |
| 25 | 25 |
| 26 // Dictionary of fields in a mirror response header. | 26 // Dictionary of fields in a mirror response header. |
| 27 typedef std::map<std::string, std::string> MirrorResponseHeaderDictionary; | 27 typedef std::map<std::string, std::string> MirrorResponseHeaderDictionary; |
| 28 | 28 |
| 29 const char kChromeConnectedHeader[] = "X-Chrome-Connected"; | |
| 30 const char kChromeManageAccountsHeader[] = "X-Chrome-Manage-Accounts"; | 29 const char kChromeManageAccountsHeader[] = "X-Chrome-Manage-Accounts"; |
| 31 const char kContinueUrlAttrName[] = "continue_url"; | 30 const char kContinueUrlAttrName[] = "continue_url"; |
| 32 const char kEmailAttrName[] = "email"; | 31 const char kEmailAttrName[] = "email"; |
| 33 const char kEnableAccountConsistencyAttrName[] = "enable_account_consistency"; | 32 const char kEnableAccountConsistencyAttrName[] = "enable_account_consistency"; |
| 34 const char kGaiaIdAttrName[] = "id"; | 33 const char kGaiaIdAttrName[] = "id"; |
| 35 const char kProfileModeAttrName[] = "mode"; | 34 const char kProfileModeAttrName[] = "mode"; |
| 36 const char kIsSameTabAttrName[] = "is_same_tab"; | 35 const char kIsSameTabAttrName[] = "is_same_tab"; |
| 37 const char kIsSamlAttrName[] = "is_saml"; | 36 const char kIsSamlAttrName[] = "is_saml"; |
| 38 const char kServiceTypeAttrName[] = "action"; | 37 const char kServiceTypeAttrName[] = "action"; |
| 39 | 38 |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 93 const content_settings::CookieSettings* cookie_settings, | 92 const content_settings::CookieSettings* cookie_settings, |
| 94 int profile_mode_mask) { | 93 int profile_mode_mask) { |
| 95 if (account_id.empty()) | 94 if (account_id.empty()) |
| 96 return std::string(); | 95 return std::string(); |
| 97 | 96 |
| 98 // If signin cookies are not allowed, don't add the header. | 97 // If signin cookies are not allowed, don't add the header. |
| 99 if (!signin::SettingsAllowSigninCookies(cookie_settings)) { | 98 if (!signin::SettingsAllowSigninCookies(cookie_settings)) { |
| 100 return std::string(); | 99 return std::string(); |
| 101 } | 100 } |
| 102 | 101 |
| 103 // Only set the header for Drive and Gaia always, and other Google properties | 102 // Check if url is elligible for the header. |
| 104 // if account consistency is enabled. | 103 if (!signin::IsUrlElligibleForXChromeConnectedHeader(url)) |
| 105 // Vasquette, which is integrated with most Google properties, needs the | |
| 106 // header to redirect certain user actions to Chrome native UI. Drive and Gaia | |
| 107 // need the header to tell if the current user is connected. The drive path is | |
| 108 // a temporary workaround until the more generic chrome.principals API is | |
| 109 // available. | |
| 110 GURL origin(url.GetOrigin()); | |
| 111 bool is_enable_account_consistency = switches::IsEnableAccountConsistency(); | |
| 112 bool is_google_url = is_enable_account_consistency && | |
| 113 (google_util::IsGoogleDomainUrl( | |
| 114 url, google_util::ALLOW_SUBDOMAIN, | |
| 115 google_util::DISALLOW_NON_STANDARD_PORTS) || | |
| 116 google_util::IsYoutubeDomainUrl( | |
| 117 url, google_util::ALLOW_SUBDOMAIN, | |
| 118 google_util::DISALLOW_NON_STANDARD_PORTS)); | |
| 119 if (!is_google_url && !IsDriveOrigin(origin) && | |
| 120 !gaia::IsGaiaSignonRealm(origin)) { | |
| 121 return std::string(); | 104 return std::string(); |
| 122 } | |
| 123 | 105 |
| 124 return base::StringPrintf(pattern, kGaiaIdAttrName, account_id.c_str(), | 106 return base::StringPrintf( |
| 125 kProfileModeAttrName, | 107 pattern, kGaiaIdAttrName, account_id.c_str(), kProfileModeAttrName, |
| 126 base::IntToString(profile_mode_mask).c_str(), | 108 base::IntToString(profile_mode_mask).c_str(), |
| 127 kEnableAccountConsistencyAttrName, | 109 kEnableAccountConsistencyAttrName, |
| 128 is_enable_account_consistency ? "true" : "false"); | 110 switches::IsEnableAccountConsistency() ? "true" : "false"); |
| 129 } | 111 } |
| 130 | 112 |
| 131 } // namespace | 113 } // namespace |
| 132 | 114 |
| 133 namespace signin { | 115 namespace signin { |
| 134 | 116 |
| 117 extern const char kChromeConnectedHeader[] = "X-Chrome-Connected"; | |
| 118 | |
| 135 ManageAccountsParams::ManageAccountsParams() | 119 ManageAccountsParams::ManageAccountsParams() |
| 136 : service_type(GAIA_SERVICE_TYPE_NONE), | 120 : service_type(GAIA_SERVICE_TYPE_NONE), |
| 137 email(""), | 121 email(""), |
| 138 is_saml(false), | 122 is_saml(false), |
| 139 continue_url(""), | 123 continue_url(""), |
| 140 is_same_tab(false) { | 124 is_same_tab(false) { |
| 141 #if !defined(OS_IOS) | 125 #if !defined(OS_IOS) |
| 142 child_id = 0; | 126 child_id = 0; |
| 143 route_id = 0; | 127 route_id = 0; |
| 144 #endif // !defined(OS_IOS) | 128 #endif // !defined(OS_IOS) |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 217 std::string header_value; | 201 std::string header_value; |
| 218 if (!request->response_headers()->GetNormalizedHeader( | 202 if (!request->response_headers()->GetNormalizedHeader( |
| 219 kChromeManageAccountsHeader, &header_value)) { | 203 kChromeManageAccountsHeader, &header_value)) { |
| 220 return empty_params; | 204 return empty_params; |
| 221 } | 205 } |
| 222 | 206 |
| 223 DCHECK(switches::IsEnableAccountConsistency() && !is_off_the_record); | 207 DCHECK(switches::IsEnableAccountConsistency() && !is_off_the_record); |
| 224 return BuildManageAccountsParams(header_value); | 208 return BuildManageAccountsParams(header_value); |
| 225 } | 209 } |
| 226 | 210 |
| 211 // Checks if the url has the required properties to have an | |
| 212 // X-CHROME-CONNECTED header. | |
| 213 bool IsUrlElligibleForXChromeConnectedHeader(const GURL& url) { | |
| 214 // Only set the header for Drive and Gaia always, and other Google properties | |
| 215 // if account consistency is enabled. | |
| 216 // Vasquette, which is integrated with most Google properties, needs the | |
| 217 // header to redirect certain user actions to Chrome native UI. Drive and Gaia | |
| 218 // need the header to tell if the current user is connected. The drive path is | |
| 219 // a temporary workaround until the more generic chrome.principals API is | |
| 220 // available. | |
| 221 GURL origin(url.GetOrigin()); | |
| 222 bool is_enable_account_consistency = switches::IsEnableAccountConsistency(); | |
| 223 bool is_google_url = is_enable_account_consistency && | |
| 224 (google_util::IsGoogleDomainUrl( | |
| 225 url, google_util::ALLOW_SUBDOMAIN, | |
| 226 google_util::DISALLOW_NON_STANDARD_PORTS) || | |
| 227 google_util::IsYoutubeDomainUrl( | |
| 228 url, google_util::ALLOW_SUBDOMAIN, | |
| 229 google_util::DISALLOW_NON_STANDARD_PORTS)); | |
| 230 if (!is_google_url && !IsDriveOrigin(origin) && | |
| 231 !gaia::IsGaiaSignonRealm(origin)) { | |
| 232 return false; | |
| 233 } | |
| 234 | |
| 235 // Consider the account id sensitive and limit it to secure domains. | |
| 236 return url.SchemeIsCryptographic(); | |
|
mmenke
2016/08/30 19:12:27
Suggest putting this first. Think that makes this
Ramin Halavati
2016/09/01 10:41:44
Done.
| |
| 237 } | |
| 227 } // namespace signin | 238 } // namespace signin |
|
mmenke
2016/08/30 19:12:27
nit: Blank line before end of namespace.
Ramin Halavati
2016/09/01 10:41:44
Done.
| |
| OLD | NEW |
