| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 2 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
| 3 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. | 3 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. |
| 4 * Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 4 * Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
| 5 * Copyright (C) 2009 Google Inc. All rights reserved. | 5 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 6 * Copyright (C) 2011 Apple Inc. All Rights Reserved. | 6 * Copyright (C) 2011 Apple Inc. All Rights Reserved. |
| 7 * | 7 * |
| 8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
| 9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
| 10 * are met: | 10 * are met: |
| (...skipping 561 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 572 } | 572 } |
| 573 } | 573 } |
| 574 | 574 |
| 575 ContentTypeOptionsDisposition parseContentTypeOptionsHeader( | 575 ContentTypeOptionsDisposition parseContentTypeOptionsHeader( |
| 576 const String& header) { | 576 const String& header) { |
| 577 if (header.stripWhiteSpace().lower() == "nosniff") | 577 if (header.stripWhiteSpace().lower() == "nosniff") |
| 578 return ContentTypeOptionsNosniff; | 578 return ContentTypeOptionsNosniff; |
| 579 return ContentTypeOptionsNone; | 579 return ContentTypeOptionsNone; |
| 580 } | 580 } |
| 581 | 581 |
| 582 XFrameOptionsDisposition parseXFrameOptionsHeader(const String& header) { | |
| 583 XFrameOptionsDisposition result = XFrameOptionsInvalid; | |
| 584 | |
| 585 if (header.isEmpty()) | |
| 586 return result; | |
| 587 | |
| 588 Vector<String> headers; | |
| 589 header.split(',', headers); | |
| 590 | |
| 591 bool hasValue = false; | |
| 592 for (size_t i = 0; i < headers.size(); i++) { | |
| 593 String currentHeader = headers[i].stripWhiteSpace(); | |
| 594 XFrameOptionsDisposition currentValue = XFrameOptionsInvalid; | |
| 595 if (equalIgnoringCase(currentHeader, "deny")) | |
| 596 currentValue = XFrameOptionsDeny; | |
| 597 else if (equalIgnoringCase(currentHeader, "sameorigin")) | |
| 598 currentValue = XFrameOptionsSameOrigin; | |
| 599 else if (equalIgnoringCase(currentHeader, "allowall")) | |
| 600 currentValue = XFrameOptionsAllowAll; | |
| 601 | |
| 602 if (!hasValue) | |
| 603 result = currentValue; | |
| 604 else if (result != currentValue) | |
| 605 return XFrameOptionsConflict; | |
| 606 hasValue = true; | |
| 607 } | |
| 608 return result; | |
| 609 } | |
| 610 | |
| 611 static bool isCacheHeaderSeparator(UChar c) { | 582 static bool isCacheHeaderSeparator(UChar c) { |
| 612 // See RFC 2616, Section 2.2 | 583 // See RFC 2616, Section 2.2 |
| 613 switch (c) { | 584 switch (c) { |
| 614 case '(': | 585 case '(': |
| 615 case ')': | 586 case ')': |
| 616 case '<': | 587 case '<': |
| 617 case '>': | 588 case '>': |
| 618 case '@': | 589 case '@': |
| 619 case ',': | 590 case ',': |
| 620 case ';': | 591 case ';': |
| (...skipping 280 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 901 StringBuilder sb; | 872 StringBuilder sb; |
| 902 sb.append("["); | 873 sb.append("["); |
| 903 sb.append(header); | 874 sb.append(header); |
| 904 sb.append("]"); | 875 sb.append("]"); |
| 905 std::unique_ptr<JSONValue> headerValue = | 876 std::unique_ptr<JSONValue> headerValue = |
| 906 parseJSON(sb.toString(), maxParseDepth); | 877 parseJSON(sb.toString(), maxParseDepth); |
| 907 return JSONArray::from(std::move(headerValue)); | 878 return JSONArray::from(std::move(headerValue)); |
| 908 } | 879 } |
| 909 | 880 |
| 910 } // namespace blink | 881 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2488743003:
(Re-)introduce AncestorThrottle to handle 'X-Frame-Options'. (Closed)
