net/http/http_security_headers.cc - Issue 2895373002: Do not require Expect-CT report-uris to be quoted

Side by Side Diff: net/http/http_security_headers.cc

Issue 2895373002: Do not require Expect-CT report-uris to be quoted (Closed)

Patch Set: Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <limits>	5 #include <limits>

6	6

7 #include "base/base64.h"	7 #include "base/base64.h"

8 #include "base/strings/string_piece.h"	8 #include "base/strings/string_piece.h"

9 #include "base/strings/string_tokenizer.h"	9 #include "base/strings/string_tokenizer.h"

10 #include "base/strings/string_util.h"	10 #include "base/strings/string_util.h"

(...skipping 350 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
361 GURL* report_uri) {	361 GURL* report_uri) {

362 // max-age is irrelevant for Report-Only headers.	362 // max-age is irrelevant for Report-Only headers.

363 base::TimeDelta unused_max_age;	363 base::TimeDelta unused_max_age;

364 return ParseHPKPHeaderImpl(value, DO_NOT_REQUIRE_MAX_AGE, &unused_max_age,	364 return ParseHPKPHeaderImpl(value, DO_NOT_REQUIRE_MAX_AGE, &unused_max_age,

365 include_subdomains, hashes, report_uri);	365 include_subdomains, hashes, report_uri);

366 }	366 }

367	367

368 // "Expect-CT" ":"	368 // "Expect-CT" ":"

369 // "max-age" "=" delta-seconds	369 // "max-age" "=" delta-seconds

370 // [ "," "enforce" ]	370 // [ "," "enforce" ]

371 // [ "," "report-uri" "=" uri-reference ]	371 // [ "," "report-uri" "=" absolute-URI ]

372 bool ParseExpectCTHeader(const std::string& value,	372 bool ParseExpectCTHeader(const std::string& value,

373 base::TimeDelta* max_age,	373 base::TimeDelta* max_age,

374 bool* enforce,	374 bool* enforce,

375 GURL* report_uri) {	375 GURL* report_uri) {

376 bool parsed_max_age = false;	376 bool parsed_max_age = false;

377 bool enforce_candidate = false;	377 bool enforce_candidate = false;

378 bool has_report_uri = false;	378 bool has_report_uri = false;

379 uint32_t max_age_candidate = 0;	379 uint32_t max_age_candidate = 0;

380 GURL parsed_report_uri;	380 GURL parsed_report_uri;

381	381

(...skipping 24 matching lines...) Expand all Loading...
406 if (enforce_candidate)	406 if (enforce_candidate)

407 return false;	407 return false;

408 if (!name_value_pairs.value().empty())	408 if (!name_value_pairs.value().empty())

409 return false;	409 return false;

410 enforce_candidate = true;	410 enforce_candidate = true;

411 } else if (base::LowerCaseEqualsASCII(name, "report-uri")) {	411 } else if (base::LowerCaseEqualsASCII(name, "report-uri")) {

412 // "A given directive MUST NOT appear more than once in a given header	412 // "A given directive MUST NOT appear more than once in a given header

413 // field."	413 // field."

414 if (has_report_uri)	414 if (has_report_uri)

415 return false;	415 return false;

416 // report-uris are always quoted.

417 if (!name_value_pairs.value_is_quoted())

418 return false;

419	416

420 has_report_uri = true;	417 has_report_uri = true;

421 parsed_report_uri = GURL(base::StringPiece(name_value_pairs.value_begin(),	418 parsed_report_uri = GURL(base::StringPiece(name_value_pairs.value_begin(),

422 name_value_pairs.value_end()));	419 name_value_pairs.value_end()));

423 if (parsed_report_uri.is_empty() \|\| !parsed_report_uri.is_valid())	420 if (parsed_report_uri.is_empty() \|\| !parsed_report_uri.is_valid())

424 return false;	421 return false;

425 } else {	422 } else {

426 // Silently ignore unknown directives for forward compatibility.	423 // Silently ignore unknown directives for forward compatibility.

427 }	424 }

428 }	425 }

429	426

430 if (!name_value_pairs.valid())	427 if (!name_value_pairs.valid())

431 return false;	428 return false;

432	429

433 if (!parsed_max_age)	430 if (!parsed_max_age)

434 return false;	431 return false;

435	432

436 *max_age = base::TimeDelta::FromSeconds(max_age_candidate);	433 *max_age = base::TimeDelta::FromSeconds(max_age_candidate);

437 *enforce = enforce_candidate;	434 *enforce = enforce_candidate;

438 *report_uri = parsed_report_uri;	435 *report_uri = parsed_report_uri;

439 return true;	436 return true;

440 }	437 }

441	438

442 } // namespace net	439 } // namespace net

OLD	NEW

« no previous file with comments | « no previous file | net/http/http_security_headers_unittest.cc » ('j') | no next file with comments »