| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 2 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
| 3 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. | 3 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. |
| 4 * Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 4 * Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
| 5 * Copyright (C) 2009 Google Inc. All rights reserved. | 5 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 6 * Copyright (C) 2011 Apple Inc. All Rights Reserved. | 6 * Copyright (C) 2011 Apple Inc. All Rights Reserved. |
| 7 * | 7 * |
| 8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
| 9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
| 10 * are met: | 10 * are met: |
| (...skipping 502 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 513 } | 513 } |
| 514 } | 514 } |
| 515 | 515 |
| 516 ContentTypeOptionsDisposition parseContentTypeOptionsHeader(const String& header
) | 516 ContentTypeOptionsDisposition parseContentTypeOptionsHeader(const String& header
) |
| 517 { | 517 { |
| 518 if (header.stripWhiteSpace().lower() == "nosniff") | 518 if (header.stripWhiteSpace().lower() == "nosniff") |
| 519 return ContentTypeOptionsNosniff; | 519 return ContentTypeOptionsNosniff; |
| 520 return ContentTypeOptionsNone; | 520 return ContentTypeOptionsNone; |
| 521 } | 521 } |
| 522 | 522 |
| 523 XFrameOptionsDisposition parseXFrameOptionsHeader(const String& header) | |
| 524 { | |
| 525 XFrameOptionsDisposition result = XFrameOptionsInvalid; | |
| 526 | |
| 527 if (header.isEmpty()) | |
| 528 return result; | |
| 529 | |
| 530 Vector<String> headers; | |
| 531 header.split(',', headers); | |
| 532 | |
| 533 bool hasValue = false; | |
| 534 for (size_t i = 0; i < headers.size(); i++) { | |
| 535 String currentHeader = headers[i].stripWhiteSpace(); | |
| 536 XFrameOptionsDisposition currentValue = XFrameOptionsInvalid; | |
| 537 if (equalIgnoringCase(currentHeader, "deny")) | |
| 538 currentValue = XFrameOptionsDeny; | |
| 539 else if (equalIgnoringCase(currentHeader, "sameorigin")) | |
| 540 currentValue = XFrameOptionsSameOrigin; | |
| 541 else if (equalIgnoringCase(currentHeader, "allowall")) | |
| 542 currentValue = XFrameOptionsAllowAll; | |
| 543 | |
| 544 if (!hasValue) | |
| 545 result = currentValue; | |
| 546 else if (result != currentValue) | |
| 547 return XFrameOptionsConflict; | |
| 548 hasValue = true; | |
| 549 } | |
| 550 return result; | |
| 551 } | |
| 552 | |
| 553 static bool isCacheHeaderSeparator(UChar c) | 523 static bool isCacheHeaderSeparator(UChar c) |
| 554 { | 524 { |
| 555 // See RFC 2616, Section 2.2 | 525 // See RFC 2616, Section 2.2 |
| 556 switch (c) { | 526 switch (c) { |
| 557 case '(': | 527 case '(': |
| 558 case ')': | 528 case ')': |
| 559 case '<': | 529 case '<': |
| 560 case '>': | 530 case '>': |
| 561 case '@': | 531 case '@': |
| 562 case ',': | 532 case ',': |
| (...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 751 if (option == Suborigin::SuboriginPolicyOptions::None) | 721 if (option == Suborigin::SuboriginPolicyOptions::None) |
| 752 messages.append("Ignoring unknown suborigin policy option " + option
Name + "."); | 722 messages.append("Ignoring unknown suborigin policy option " + option
Name + "."); |
| 753 else | 723 else |
| 754 suborigin->addPolicyOption(option); | 724 suborigin->addPolicyOption(option); |
| 755 } | 725 } |
| 756 | 726 |
| 757 return true; | 727 return true; |
| 758 } | 728 } |
| 759 | 729 |
| 760 } // namespace blink | 730 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2321503002:
(Re-)introduce AncestorThrottle to handle 'X-Frame-Options'. (Closed)
