(Re-)introduce AncestorThrottle to handle 'X-Frame-Options'.

content/browser/frame_host/ancestor_throttle.h

Index: content/browser/frame_host/ancestor_throttle.h
diff --git a/content/browser/frame_host/ancestor_throttle.h b/content/browser/frame_host/ancestor_throttle.h
new file mode 100644
index 0000000000000000000000000000000000000000..18513e078656d696541ea815492668a1793225e3
--- /dev/null
+++ b/content/browser/frame_host/ancestor_throttle.h
@@ -0,0 +1,74 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_FRAME_HOST_ANCESTOR_THROTTLE_H_
+#define CONTENT_BROWSER_FRAME_HOST_ANCESTOR_THROTTLE_H_
+
+#include <memory>
+#include <string>
+
+#include "base/gtest_prod_util.h"
+#include "base/macros.h"
+#include "content/public/browser/navigation_throttle.h"
+
+namespace net {
+class HttpResponseHeaders;
+}
+
+namespace content {
+class NavigationHandle;
+
+// An AncestorThrottle is responsible for enforcing a resource's embedding
+// rules, and blocking requests which violate them.
+class CONTENT_EXPORT AncestorThrottle : public NavigationThrottle {
+ public:
+  enum class HeaderDisposition {
+    NONE = 0,
+    DENY,
+    SAMEORIGIN,
+    ALLOWALL,
+    INVALID,
+    CONFLICT,
+    BYPASS
+  };
+
+  // This enum is used for UMA metrics. Keep these enums up to date with
+  // tools/metrics/histograms/histograms.xml.
+  enum XFrameOptionsSameOrigin {

[clamy, 2016/12/16 15:21:43]

I don't think this is needed outside of the class right? If not, it can be moved
to the anonymous namespace inside the .cc file (this is generally the practice
for histogram enums).

[arthursonzogni, 2016/12/19 12:01:18]

Done.

+    TOTAL = 0,
+    SAME_ORIGIN = 1,
+    SAME_ORIGIN_BLOCKED = 2,
+    SAME_ORIGIN_WITH_BAD_ANCESTOR_CHAIN = 3,
+    XFRAMEOPTIONS_SAMEORIGIN_COUNT

[clamy, 2016/12/16 15:21:43]

I think this should be XFRAMEOPTIONS_SAMEORIGIN_MAX =
SAME_ORIGIN_WITH_BAD_ANCESTOR_CHAIN. Otherwise, it would be possible to register
a value of 4, which would mean nothing here.

[arthursonzogni, 2016/12/19 12:01:18]

Done.

+  };
+
+  static std::unique_ptr<NavigationThrottle> MaybeCreateThrottleFor(
+      NavigationHandle* handle);
+
+  ~AncestorThrottle() override;
+
+  NavigationThrottle::ThrottleCheckResult WillProcessResponse() override;
+
+ private:
+  FRIEND_TEST_ALL_PREFIXES(AncestorThrottleTest, ParsingXFrameOptions);
+  FRIEND_TEST_ALL_PREFIXES(AncestorThrottleTest, ErrorsParsingXFrameOptions);
+  FRIEND_TEST_ALL_PREFIXES(AncestorThrottleTest,
+                           IgnoreWhenFrameAncestorsPresent);
+
+  explicit AncestorThrottle(NavigationHandle* handle);
+  void ParseError(const std::string& value, HeaderDisposition disposition);
+  void ConsoleError(HeaderDisposition disposition);
+
+  // Parses an 'X-Frame-Options' header. If the result is either CONFLICT
+  // or INVALID, |header_value| will be populated with the value which caused
+  // the parse error.
+  HeaderDisposition ParseHeader(const net::HttpResponseHeaders* headers,
+                                std::string* header_value);
+
+  DISALLOW_COPY_AND_ASSIGN(AncestorThrottle);
+};
+
+}  // namespace content
+
+#endif  // CONTENT_BROWSER_FRAME_HOST_ANCESTOR_THROTTLE_H_