Chromium Code Reviews Chromium Code Reviews
Issue 2353923003:
Fix Mirror header on Drive domains. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/signin/core/browser/signin_header_helper.h" | 5 #include "components/signin/core/browser/signin_header_helper.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
| 11 #include "base/strings/string_split.h" | 11 #include "base/strings/string_split.h" |
| 12 #include "base/strings/string_util.h" | 12 #include "base/strings/string_util.h" |
| 13 #include "base/strings/stringprintf.h" | 13 #include "base/strings/stringprintf.h" |
| 14 #include "build/build_config.h" | 14 #include "build/build_config.h" |
| 15 #include "components/content_settings/core/browser/cookie_settings.h" | 15 #include "components/content_settings/core/browser/cookie_settings.h" |
| 16 #include "components/google/core/browser/google_util.h" | 16 #include "components/google/core/browser/google_util.h" |
| 17 #include "components/signin/core/common/profile_management_switches.h" | 17 #include "components/signin/core/common/profile_management_switches.h" |
| 18 #include "google_apis/gaia/gaia_auth_util.h" | 18 #include "google_apis/gaia/gaia_auth_util.h" |
| 19 #include "google_apis/gaia/gaia_urls.h" | 19 #include "google_apis/gaia/gaia_urls.h" |
| 20 #include "net/base/escape.h" | 20 #include "net/base/escape.h" |
| 21 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" | |
| 21 #include "net/http/http_response_headers.h" | 22 #include "net/http/http_response_headers.h" |
| 22 #include "net/url_request/url_request.h" | 23 #include "net/url_request/url_request.h" |
| 23 #include "url/gurl.h" | 24 #include "url/gurl.h" |
| 24 | 25 |
| 25 namespace { | 26 namespace { |
| 26 | 27 |
| 27 // Dictionary of fields in a mirror response header. | 28 // Dictionary of fields in a mirror response header. |
| 28 typedef std::map<std::string, std::string> MirrorResponseHeaderDictionary; | 29 typedef std::map<std::string, std::string> MirrorResponseHeaderDictionary; |
| 29 | 30 |
| 30 const char kChromeManageAccountsHeader[] = "X-Chrome-Manage-Accounts"; | 31 const char kChromeManageAccountsHeader[] = "X-Chrome-Manage-Accounts"; |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 42 return false; | 43 return false; |
| 43 | 44 |
| 44 const GURL kGoogleDriveURL("https://drive.google.com"); | 45 const GURL kGoogleDriveURL("https://drive.google.com"); |
| 45 const GURL kGoogleDocsURL("https://docs.google.com"); | 46 const GURL kGoogleDocsURL("https://docs.google.com"); |
| 46 return url == kGoogleDriveURL || url == kGoogleDocsURL; | 47 return url == kGoogleDriveURL || url == kGoogleDocsURL; |
| 47 } | 48 } |
| 48 | 49 |
| 49 bool IsUrlEligibleToIncludeGaiaId(const GURL& url, bool is_header_request) { | 50 bool IsUrlEligibleToIncludeGaiaId(const GURL& url, bool is_header_request) { |
| 50 if (is_header_request) { | 51 if (is_header_request) { |
| 51 // GAIA Id is only necessary for Drive. Don't set it otherwise. | 52 // GAIA Id is only necessary for Drive. Don't set it otherwise. |
| 52 return IsDriveOrigin(url); | 53 return IsDriveOrigin(url.GetOrigin()); |
| 53 } | 54 } |
| 54 | 55 |
| 55 // Cookie requests don't have the granularity to only include the GAIA Id for | 56 // Cookie requests don't have the granularity to only include the GAIA Id for |
| 56 // Drive origin. Set it on all google.com instead. | 57 // Drive origin. Set it on all google.com instead. |
| 57 if (!url.SchemeIsCryptographic()) | 58 if (!url.SchemeIsCryptographic()) |
| 58 return false; | 59 return false; |
| 59 | 60 |
| 60 const GURL kGoogleDotComURL("https://google.com"); | 61 std::string domain = net::registry_controlled_domains::GetDomainAndRegistry( |
| 61 return url == kGoogleDotComURL; | 62 url, net::registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); |
| 63 return domain == "google.com"; | |
|
Roger Tawa OOO till Jul 10th
2016/09/20 15:07:56
Nit: instead of hardcoding the string, should we i
bzanotti
2016/09/21 13:44:44
The domain is not the same thing as the origin, I
| |
| 62 } | 64 } |
| 63 | 65 |
| 64 // Determines the service type that has been passed from GAIA in the header. | 66 // Determines the service type that has been passed from GAIA in the header. |
| 65 signin::GAIAServiceType GetGAIAServiceTypeFromHeader( | 67 signin::GAIAServiceType GetGAIAServiceTypeFromHeader( |
| 66 const std::string& header_value) { | 68 const std::string& header_value) { |
| 67 if (header_value == "SIGNOUT") | 69 if (header_value == "SIGNOUT") |
| 68 return signin::GAIA_SERVICE_TYPE_SIGNOUT; | 70 return signin::GAIA_SERVICE_TYPE_SIGNOUT; |
| 69 else if (header_value == "INCOGNITO") | 71 else if (header_value == "INCOGNITO") |
| 70 return signin::GAIA_SERVICE_TYPE_INCOGNITO; | 72 return signin::GAIA_SERVICE_TYPE_INCOGNITO; |
| 71 else if (header_value == "ADDSESSION") | 73 else if (header_value == "ADDSESSION") |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 114 if (!signin::SettingsAllowSigninCookies(cookie_settings)) { | 116 if (!signin::SettingsAllowSigninCookies(cookie_settings)) { |
| 115 return std::string(); | 117 return std::string(); |
| 116 } | 118 } |
| 117 | 119 |
| 118 // Check if url is elligible for the header. | 120 // Check if url is elligible for the header. |
| 119 if (!signin::IsUrlEligibleForXChromeConnectedHeader(url)) | 121 if (!signin::IsUrlEligibleForXChromeConnectedHeader(url)) |
| 120 return std::string(); | 122 return std::string(); |
| 121 | 123 |
| 122 std::vector<std::string> parts; | 124 std::vector<std::string> parts; |
| 123 if (IsUrlEligibleToIncludeGaiaId(url, is_header_request)) { | 125 if (IsUrlEligibleToIncludeGaiaId(url, is_header_request)) { |
| 124 // Only google.com requires the GAIA ID, don't send it to other domains. | 126 // Only set the GAIA Id on domains that actually requires it. |
| 125 parts.push_back( | 127 parts.push_back( |
| 126 base::StringPrintf("%s=%s", kGaiaIdAttrName, account_id.c_str())); | 128 base::StringPrintf("%s=%s", kGaiaIdAttrName, account_id.c_str())); |
| 127 } | 129 } |
| 128 parts.push_back( | 130 parts.push_back( |
| 129 base::StringPrintf("%s=%s", kProfileModeAttrName, | 131 base::StringPrintf("%s=%s", kProfileModeAttrName, |
| 130 base::IntToString(profile_mode_mask).c_str())); | 132 base::IntToString(profile_mode_mask).c_str())); |
| 131 parts.push_back(base::StringPrintf( | 133 parts.push_back(base::StringPrintf( |
| 132 "%s=%s", kEnableAccountConsistencyAttrName, | 134 "%s=%s", kEnableAccountConsistencyAttrName, |
| 133 switches::IsEnableAccountConsistency() ? "true" : "false")); | 135 switches::IsEnableAccountConsistency() ? "true" : "false")); |
| 134 | 136 |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 270 url, google_util::ALLOW_SUBDOMAIN, | 272 url, google_util::ALLOW_SUBDOMAIN, |
| 271 google_util::DISALLOW_NON_STANDARD_PORTS) || | 273 google_util::DISALLOW_NON_STANDARD_PORTS) || |
| 272 google_util::IsYoutubeDomainUrl( | 274 google_util::IsYoutubeDomainUrl( |
| 273 url, google_util::ALLOW_SUBDOMAIN, | 275 url, google_util::ALLOW_SUBDOMAIN, |
| 274 google_util::DISALLOW_NON_STANDARD_PORTS)); | 276 google_util::DISALLOW_NON_STANDARD_PORTS)); |
| 275 return is_google_url || IsDriveOrigin(origin) || | 277 return is_google_url || IsDriveOrigin(origin) || |
| 276 gaia::IsGaiaSignonRealm(origin); | 278 gaia::IsGaiaSignonRealm(origin); |
| 277 } | 279 } |
| 278 | 280 |
| 279 } // namespace signin | 281 } // namespace signin |
| OLD | NEW |
