OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "content/browser/frame_host/ancestor_throttle.h" | |
6 | |
7 #include "base/strings/string_split.h" | |
8 #include "base/strings/string_util.h" | |
9 #include "base/strings/stringprintf.h" | |
10 #include "content/browser/frame_host/frame_tree.h" | |
11 #include "content/browser/frame_host/frame_tree_node.h" | |
12 #include "content/browser/frame_host/navigation_handle_impl.h" | |
13 #include "content/public/browser/browser_thread.h" | |
14 #include "content/public/browser/navigation_handle.h" | |
15 #include "content/public/browser/navigation_throttle.h" | |
16 #include "content/public/common/console_message_level.h" | |
17 #include "net/http/http_response_headers.h" | |
18 #include "url/origin.h" | |
19 | |
20 namespace content { | |
21 | |
22 // static | |
23 std::unique_ptr<NavigationThrottle> AncestorThrottle::MaybeCreateThrottleFor( | |
24 NavigationHandle* handle) { | |
25 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | |
26 | |
27 if (handle->IsInMainFrame()) | |
28 return nullptr; | |
29 | |
30 return std::unique_ptr<NavigationThrottle>(new AncestorThrottle(handle)); | |
31 } | |
32 | |
33 AncestorThrottle::AncestorThrottle(NavigationHandle* handle) | |
clamy
2016/12/16 15:21:42
Actually you can keep the constructor here. We gen
| |
34 : NavigationThrottle(handle) {} | |
35 | |
36 AncestorThrottle::~AncestorThrottle() {} | |
37 | |
38 NavigationThrottle::ThrottleCheckResult | |
39 AncestorThrottle::WillProcessResponse() { | |
40 DCHECK(!navigation_handle()->IsInMainFrame()); | |
41 | |
42 NavigationHandleImpl* handle = | |
43 static_cast<NavigationHandleImpl*>(navigation_handle()); | |
44 | |
45 std::string header_value; | |
46 HeaderDisposition disposition = | |
47 ParseHeader(handle->GetResponseHeaders(), &header_value); | |
48 switch (disposition) { | |
49 case HeaderDisposition::CONFLICT: | |
50 ParseError(header_value, disposition); | |
51 return NavigationThrottle::BLOCK_RESPONSE; | |
52 | |
53 case HeaderDisposition::INVALID: | |
54 ParseError(header_value, disposition); | |
55 // TODO(mkwst): Consider failing here. | |
56 return NavigationThrottle::PROCEED; | |
57 | |
58 case HeaderDisposition::DENY: | |
59 ConsoleError(disposition); | |
60 return NavigationThrottle::BLOCK_RESPONSE; | |
61 | |
62 case HeaderDisposition::SAMEORIGIN: { | |
63 url::Origin current_origin(navigation_handle()->GetURL()); | |
64 url::Origin top_origin = | |
65 handle->frame_tree_node()->frame_tree()->root()->current_origin(); | |
clamy
2016/12/09 17:14:01
@mkwst: sanity check. I see that we're going to th
arthursonzogni
2016/12/13 15:32:13
The specification doesn't specify what should be d
| |
66 if (top_origin.IsSameOriginWith(current_origin)) | |
67 return NavigationThrottle::PROCEED; | |
68 ConsoleError(disposition); | |
69 return NavigationThrottle::BLOCK_RESPONSE; | |
70 } | |
71 | |
72 case HeaderDisposition::NONE: | |
73 case HeaderDisposition::BYPASS: | |
74 case HeaderDisposition::ALLOWALL: | |
75 return NavigationThrottle::PROCEED; | |
76 } | |
77 NOTREACHED(); | |
78 return NavigationThrottle::BLOCK_RESPONSE; | |
79 } | |
80 | |
81 void AncestorThrottle::ParseError(const std::string& value, | |
82 HeaderDisposition disposition) { | |
83 DCHECK(disposition == HeaderDisposition::CONFLICT || | |
84 disposition == HeaderDisposition::INVALID); | |
85 | |
86 std::string message; | |
87 if (disposition == HeaderDisposition::CONFLICT) { | |
88 message = base::StringPrintf( | |
89 "Refused to display '%s' in a frame because it set multiple " | |
90 "'X-Frame-Options' headers with conflicting values " | |
91 "('%s'). Falling back to 'deny'.", | |
92 navigation_handle()->GetURL().spec().c_str(), value.c_str()); | |
93 } else { | |
94 message = base::StringPrintf( | |
95 "Invalid 'X-Frame-Options' header encountered when loading '%s': " | |
96 "'%s' is not a recognized directive. The header will be ignored.", | |
97 navigation_handle()->GetURL().spec().c_str(), value.c_str()); | |
98 } | |
99 | |
100 // Log a console error in the parent of the current RenderFrameHost (as | |
101 // the current RenderFrameHost itself doesn't yet have a document). | |
102 navigation_handle()->GetRenderFrameHost()->GetParent()->AddMessageToConsole( | |
103 CONSOLE_MESSAGE_LEVEL_ERROR, message); | |
104 } | |
105 | |
106 void AncestorThrottle::ConsoleError(HeaderDisposition disposition) { | |
107 DCHECK(disposition == HeaderDisposition::DENY || | |
108 disposition == HeaderDisposition::SAMEORIGIN); | |
109 std::string message = base::StringPrintf( | |
110 "Refused to display '%s' in a frame because it set 'X-Frame-Options' " | |
111 "to '%s'.", | |
112 navigation_handle()->GetURL().spec().c_str(), | |
113 disposition == HeaderDisposition::DENY ? "deny" : "sameorigin"); | |
114 | |
115 // Log a console error in the parent of the current RenderFrameHost (as | |
116 // the current RenderFrameHost itself doesn't yet have a document). | |
117 navigation_handle()->GetRenderFrameHost()->GetParent()->AddMessageToConsole( | |
118 CONSOLE_MESSAGE_LEVEL_ERROR, message); | |
119 } | |
120 | |
121 AncestorThrottle::HeaderDisposition AncestorThrottle::ParseHeader( | |
122 const net::HttpResponseHeaders* headers, | |
123 std::string* header_value) { | |
124 DCHECK(header_value); | |
125 if (!headers) | |
126 return HeaderDisposition::NONE; | |
127 | |
128 // Process the 'X-Frame-Options header as per Section 2 of RFC7034: | |
129 // https://tools.ietf.org/html/rfc7034#section-2 | |
130 // | |
131 // Note that we do not support the 'ALLOW-FROM' value, and we special-case | |
132 // the invalid "ALLOWALL" value due to its prevalance in the wild. | |
133 HeaderDisposition result = HeaderDisposition::NONE; | |
134 size_t iter = 0; | |
135 std::string value; | |
136 while (headers->EnumerateHeader(&iter, "x-frame-options", &value)) { | |
137 HeaderDisposition current = HeaderDisposition::INVALID; | |
138 | |
139 base::StringPiece trimmed = | |
140 base::TrimWhitespaceASCII(value, base::TRIM_ALL); | |
141 if (!header_value->empty()) | |
142 header_value->append(", "); | |
143 header_value->append(trimmed.as_string()); | |
144 | |
145 if (base::LowerCaseEqualsASCII(trimmed, "deny")) | |
146 current = HeaderDisposition::DENY; | |
147 else if (base::LowerCaseEqualsASCII(trimmed, "allowall")) | |
148 current = HeaderDisposition::ALLOWALL; | |
149 else if (base::LowerCaseEqualsASCII(trimmed, "sameorigin")) | |
150 current = HeaderDisposition::SAMEORIGIN; | |
151 else | |
152 current = HeaderDisposition::INVALID; | |
153 | |
154 if (result == HeaderDisposition::NONE) | |
155 result = current; | |
156 else if (result != current) | |
157 result = HeaderDisposition::CONFLICT; | |
158 } | |
159 | |
160 // If 'X-Frame-Options' would potentially block the response, check whether | |
161 // the 'frame-ancestors' CSP directive should take effect instead. See | |
162 // https://www.w3.org/TR/CSP/#frame-ancestors-and-frame-options | |
163 if (result != HeaderDisposition::NONE && | |
164 result != HeaderDisposition::ALLOWALL) { | |
165 iter = 0; | |
166 value = std::string(); | |
167 while (headers->EnumerateHeader(&iter, "content-security-policy", &value)) { | |
168 // TODO(mkwst): 'frame-ancestors' is currently handled in Blink. We should | |
169 // handle it here instead. Until then, don't block the request, and let | |
170 // Blink handle it. https://crbug.com/555418 | |
171 std::vector<std::string> tokens = base::SplitString( | |
172 value, ";", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY); | |
173 if (std::count_if(tokens.begin(), tokens.end(), [](std::string token) { | |
174 // The trailing " " is intentional; we'd otherwise match | |
175 // "frame-ancestors-is-not-this-directive". | |
176 return base::StartsWith(token, "frame-ancestors ", | |
177 base::CompareCase::INSENSITIVE_ASCII); | |
178 })) { | |
179 return HeaderDisposition::BYPASS; | |
180 } | |
181 } | |
182 } | |
183 return result; | |
184 } | |
185 | |
186 } // namespace content | |
OLD | NEW |