Add Content-Type header to net::ReportSender reports

net/http/transport_security_state.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
 
 #include <stdint.h>
 
 #include <map>
@@ skipping 231 matching lines @@
     // The domain which matched during a search for this Expect-Staple entry
     std::string domain;
 
     // The URI reports are sent to if a valid OCSP response is not stapled
     GURL report_uri;
 
     // True if subdomains are subject to this policy
     bool include_subdomains;
   };
 
-  // An interface for asynchronously sending HPKP violation reports.
+  // An interface for asynchronously sending reports of domain security
+  // policy violations that TransportSecurityState observes.
   class NET_EXPORT ReportSenderInterface {
    public:
     // Sends the given serialized |report| to |report_uri|.
     virtual void Send(const GURL& report_uri, const std::string& report) = 0;
 
+    // Sets a Content-Type header to be sent on outgoing reports.
+    virtual void SetContentTypeHeader(const std::string& content_type) = 0;

[eroman, 2016/09/26 18:37:24]

API question: Why not make this a parameter of the Send() method?

[estark, 2016/09/26 18:38:45]

There are other users of this class that don't care about setting a Content-Type
header. I could either force them to care (maybe that's a good thing to do), or
I could add a new SendWithContentType() method that TransportSecurityState uses.
Any preference among those options?

[eroman, 2016/09/26 18:55:11]

I think it would be clearer for Send() to capture this information.
Right now the |report| parameter (at least in the comments) is an opaque blob,
and doesn't answer the questions of what is the content-type, and what is the
text encoding (charset).

What are the other content types that need to be supported? I am assuming
UTF-encoded JSON, is there anything else?

My thinking would be to either internalize this and mandate what |report|
represents. Or if that is not possible, then make it a required parameter in
Send().

If the UTF-8 JSON is the common case can have a non-virtual implementation that
feeds the right parameters:

 SendUtf8Json(uri, json) {...}

WDYT?

+
     // Sets a callback to be called when report sending fails.
     virtual void SetErrorCallback(
         const base::Callback<void(const GURL&, int)>& error_callback) = 0;
 
    protected:
     virtual ~ReportSenderInterface() {}
   };
 
   // An interface for building and asynchronously sending reports when a
   // site expects valid Certificate Transparency information but it
@@ skipping 321 matching lines @@
   // rate-limiting.
   ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>>
       sent_reports_cache_;
 
   DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
 };
 
 }  // namespace net
 
 #endif  // NET_HTTP_TRANSPORT_SECURITY_STATE_H_