| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 2 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
| 3 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. | 3 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. |
| 4 * Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 4 * Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
| 5 * Copyright (C) 2009 Google Inc. All rights reserved. | 5 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 6 * Copyright (C) 2011 Apple Inc. All Rights Reserved. | 6 * Copyright (C) 2011 Apple Inc. All Rights Reserved. |
| 7 * | 7 * |
| 8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
| 9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
| 10 * are met: | 10 * are met: |
| (...skipping 546 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 557 } | 557 } |
| 558 } | 558 } |
| 559 | 559 |
| 560 ContentTypeOptionsDisposition parseContentTypeOptionsHeader( | 560 ContentTypeOptionsDisposition parseContentTypeOptionsHeader( |
| 561 const String& header) { | 561 const String& header) { |
| 562 if (header.stripWhiteSpace().lower() == "nosniff") | 562 if (header.stripWhiteSpace().lower() == "nosniff") |
| 563 return ContentTypeOptionsNosniff; | 563 return ContentTypeOptionsNosniff; |
| 564 return ContentTypeOptionsNone; | 564 return ContentTypeOptionsNone; |
| 565 } | 565 } |
| 566 | 566 |
| 567 XFrameOptionsDisposition parseXFrameOptionsHeader(const String& header) { | |
| 568 XFrameOptionsDisposition result = XFrameOptionsInvalid; | |
| 569 | |
| 570 if (header.isEmpty()) | |
| 571 return result; | |
| 572 | |
| 573 Vector<String> headers; | |
| 574 header.split(',', headers); | |
| 575 | |
| 576 bool hasValue = false; | |
| 577 for (size_t i = 0; i < headers.size(); i++) { | |
| 578 String currentHeader = headers[i].stripWhiteSpace(); | |
| 579 XFrameOptionsDisposition currentValue = XFrameOptionsInvalid; | |
| 580 if (equalIgnoringCase(currentHeader, "deny")) | |
| 581 currentValue = XFrameOptionsDeny; | |
| 582 else if (equalIgnoringCase(currentHeader, "sameorigin")) | |
| 583 currentValue = XFrameOptionsSameOrigin; | |
| 584 else if (equalIgnoringCase(currentHeader, "allowall")) | |
| 585 currentValue = XFrameOptionsAllowAll; | |
| 586 | |
| 587 if (!hasValue) | |
| 588 result = currentValue; | |
| 589 else if (result != currentValue) | |
| 590 return XFrameOptionsConflict; | |
| 591 hasValue = true; | |
| 592 } | |
| 593 return result; | |
| 594 } | |
| 595 | |
| 596 static bool isCacheHeaderSeparator(UChar c) { | 567 static bool isCacheHeaderSeparator(UChar c) { |
| 597 // See RFC 2616, Section 2.2 | 568 // See RFC 2616, Section 2.2 |
| 598 switch (c) { | 569 switch (c) { |
| 599 case '(': | 570 case '(': |
| 600 case ')': | 571 case ')': |
| 601 case '<': | 572 case '<': |
| 602 case '>': | 573 case '>': |
| 603 case '@': | 574 case '@': |
| 604 case ',': | 575 case ',': |
| 605 case ';': | 576 case ';': |
| (...skipping 268 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 874 response->clearHTTPHeaderField(header); | 845 response->clearHTTPHeaderField(header); |
| 875 while (responseHeaders->EnumerateHeader(&iterator, headerStringPiece, | 846 while (responseHeaders->EnumerateHeader(&iterator, headerStringPiece, |
| 876 &value)) { | 847 &value)) { |
| 877 response->addHTTPHeaderField(header, WebString::fromLatin1(value)); | 848 response->addHTTPHeaderField(header, WebString::fromLatin1(value)); |
| 878 } | 849 } |
| 879 } | 850 } |
| 880 return true; | 851 return true; |
| 881 } | 852 } |
| 882 | 853 |
| 883 } // namespace blink | 854 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2321503002:
(Re-)introduce AncestorThrottle to handle 'X-Frame-Options'. (Closed)
