Chromium Code Reviews Chromium Code Reviews
Issue 387353003:
Modify data_reduction_proxy_header to support tamper detection logic. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@work| Index: components/data_reduction_proxy/common/data_reduction_proxy_headers.cc |
| diff --git a/components/data_reduction_proxy/common/data_reduction_proxy_headers.cc b/components/data_reduction_proxy/common/data_reduction_proxy_headers.cc |
| index 15d35301f390f19d44de969bb7208a787ba03da2..830a5425b6407484ef4968265a07a8f744209800 100644 |
| --- a/components/data_reduction_proxy/common/data_reduction_proxy_headers.cc |
| +++ b/components/data_reduction_proxy/common/data_reduction_proxy_headers.cc |
| @@ -18,24 +18,60 @@ using base::StringPiece; |
| using base::TimeDelta; |
| using net::ProxyService; |
| +namespace { |
| +const char kChromeProxyHeader[] = "chrome-proxy"; |
| +} // namespace |
| + |
| namespace data_reduction_proxy { |
| +const char kChromeProxyActionFingerprintChromeProxy[] = "fcp"; |
| +const char kChromeProxyActionFingerprintVia[] = "fvia"; |
| +const char kChromeProxyActionFingerprintOtherHeaders[] = "foh"; |
| +const char kChromeProxyActionFingerprintContentLength[] = "fcl"; |
| + |
| +bool GetDataReductionProxyActionValue( |
| + const net::HttpResponseHeaders* headers, |
| + const std::string& action_prefix, |
| + std::string* action_value) { |
| + DCHECK(!action_prefix.empty()); |
| + DCHECK(action_prefix[action_prefix.size() - 1] != '='); |
|
bolian
2014/07/28 22:59:18
I don't think you need this DCHECK. Unnecessary re
xingx1
2014/07/29 00:47:40
Done.
bolian
2014/07/29 01:36:20
I don't see this and other comments are addressed.
|
| + void* iter = NULL; |
| + std::string value; |
| + std::string prefix = action_prefix + "="; |
| + |
| + while (headers->EnumerateHeader(&iter, kChromeProxyHeader, &value)) { |
| + // ">=" to allow empty action value. |
| + if (value.size() >= prefix.size()) { |
| + if (LowerCaseEqualsASCII(value.begin(), |
| + value.begin() + prefix.size(), |
| + prefix.c_str())) { |
| + if (action_value) |
| + *action_value = value.substr(prefix.size()); |
| + return true; |
| + } |
| + } |
| + } |
| + return false; |
| +} |
| + |
| bool GetDataReductionProxyBypassDuration( |
| const net::HttpResponseHeaders* headers, |
| const std::string& action_prefix, |
| base::TimeDelta* duration) { |
| + DCHECK(!action_prefix.empty()); |
| + DCHECK(action_prefix[action_prefix.size() - 1] != '='); |
| void* iter = NULL; |
| std::string value; |
| - std::string name = "chrome-proxy"; |
| + std::string prefix = action_prefix + "="; |
| - while (headers->EnumerateHeader(&iter, name, &value)) { |
| - if (value.size() > action_prefix.size()) { |
| + while (headers->EnumerateHeader(&iter, kChromeProxyHeader, &value)) { |
| + if (value.size() > prefix.size()) { |
| if (LowerCaseEqualsASCII(value.begin(), |
| - value.begin() + action_prefix.size(), |
| - action_prefix.c_str())) { |
| + value.begin() + prefix.size(), |
| + prefix.c_str())) { |
| int64 seconds; |
| if (!base::StringToInt64( |
| - StringPiece(value.begin() + action_prefix.size(), value.end()), |
| + StringPiece(value.begin() + prefix.size(), value.end()), |
| &seconds) || seconds < 0) { |
| continue; // In case there is a well formed instruction. |
| } |
| @@ -63,20 +99,21 @@ bool GetDataReductionProxyInfo(const net::HttpResponseHeaders* headers, |
| // 'block' takes precedence over 'bypass', so look for it first. |
| // TODO(bengr): Reduce checks for 'block' and 'bypass' to a single loop. |
| if (GetDataReductionProxyBypassDuration( |
| - headers, "block=", &proxy_info->bypass_duration)) { |
| + headers, "block", &proxy_info->bypass_duration)) { |
| proxy_info->bypass_all = true; |
| return true; |
| } |
| // Next, look for 'bypass'. |
| if (GetDataReductionProxyBypassDuration( |
| - headers, "bypass=", &proxy_info->bypass_duration)) { |
| + headers, "bypass", &proxy_info->bypass_duration)) { |
| return true; |
| } |
| return false; |
| } |
| -bool HasDataReductionProxyViaHeader(const net::HttpResponseHeaders* headers) { |
| +bool HasDataReductionProxyViaHeader(const net::HttpResponseHeaders* headers, |
| + bool* has_intermediary) { |
| const size_t kVersionSize = 4; |
| const char kDataReductionProxyViaValue[] = "Chrome-Compression-Proxy"; |
| size_t value_len = strlen(kDataReductionProxyViaValue); |
| @@ -88,8 +125,11 @@ bool HasDataReductionProxyViaHeader(const net::HttpResponseHeaders* headers) { |
| // 'Via: 1.1 Chrome-Compression-Proxy' |
| while (headers->EnumerateHeader(&iter, "via", &value)) { |
| if (value.size() >= kVersionSize + value_len && |
| - !value.compare(kVersionSize, value_len, kDataReductionProxyViaValue)) |
| + !value.compare(kVersionSize, value_len, kDataReductionProxyViaValue)) { |
| + if (has_intermediary) |
| + *has_intermediary = !(headers->EnumerateHeader(&iter, "via", &value)); |
|
bolian
2014/07/28 22:59:18
Are you sure it is ok to call EnumerateHeader insi
xingx1
2014/07/29 00:47:40
Yes, it should be fine, |iter| will be updated.
|
| return true; |
| + } |
| } |
| // TODO(bengr): Remove deprecated header value. |
| @@ -97,8 +137,11 @@ bool HasDataReductionProxyViaHeader(const net::HttpResponseHeaders* headers) { |
| "1.1 Chrome Compression Proxy"; |
| iter = NULL; |
| while (headers->EnumerateHeader(&iter, "via", &value)) |
| - if (value == kDeprecatedDataReductionProxyViaValue) |
| + if (value == kDeprecatedDataReductionProxyViaValue) { |
| + if (has_intermediary) |
| + *has_intermediary = !(headers->EnumerateHeader(&iter, "via", &value)); |
| return true; |
| + } |
| return false; |
| } |
| @@ -136,7 +179,7 @@ GetDataReductionProxyBypassType( |
| !headers->HasHeader("Proxy-Authenticate")) { |
| return ProxyService::MALFORMED_407; |
| } |
| - if (!HasDataReductionProxyViaHeader(headers) && |
| + if (!HasDataReductionProxyViaHeader(headers, NULL) && |
| (headers->response_code() != net::HTTP_NOT_MODIFIED)) { |
| // A Via header might not be present in a 304. Since the goal of a 304 |
| // response is to minimize information transfer, a sender in general |
