| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/pepper/url_request_info_util.h" | 5 #include "content/renderer/pepper/url_request_info_util.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
| 9 #include "content/child/request_extra_data.h" | 9 #include "content/child/request_extra_data.h" |
| 10 #include "content/common/fileapi/file_system_messages.h" | 10 #include "content/common/fileapi/file_system_messages.h" |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 96 bool ValidateURLRequestData(const URLRequestInfoData& data) { | 96 bool ValidateURLRequestData(const URLRequestInfoData& data) { |
| 97 if (data.prefetch_buffer_lower_threshold < 0 || | 97 if (data.prefetch_buffer_lower_threshold < 0 || |
| 98 data.prefetch_buffer_upper_threshold < 0 || | 98 data.prefetch_buffer_upper_threshold < 0 || |
| 99 data.prefetch_buffer_upper_threshold <= | 99 data.prefetch_buffer_upper_threshold <= |
| 100 data.prefetch_buffer_lower_threshold) { | 100 data.prefetch_buffer_lower_threshold) { |
| 101 return false; | 101 return false; |
| 102 } | 102 } |
| 103 return true; | 103 return true; |
| 104 } | 104 } |
| 105 | 105 |
| 106 std::string FilterStringForXRequestedWithValue(const std::string& s) { |
| 107 std::string rv; |
| 108 rv.reserve(s.length()); |
| 109 for (size_t i = 0; i < s.length(); i++) { |
| 110 char c = s[i]; |
| 111 // Allow ASCII digits, letters, periods, commas, and underscores. (Ignore |
| 112 // all other characters.) |
| 113 if ((c >= '0' && c <= '9') || (c >= 'A' && c <= 'Z') || |
| 114 (c >= 'a' && c <= 'z') || (c == '.') || (c == ',') || (c == '_')) |
| 115 rv.push_back(c); |
| 116 } |
| 117 return rv; |
| 118 } |
| 119 |
| 120 // Returns an appropriate value for the X-Requested-With header for plugins that |
| 121 // present an X-Requested-With header. Returns a blank string for other plugins. |
| 122 // We produce a user-agent-like string (eating spaces and other undesired |
| 123 // characters) like "ShockwaveFlash/11.5.31.135" from the plugin name and |
| 124 // version. |
| 125 std::string MakeXRequestedWithValue(const std::string& name, |
| 126 const std::string& version) { |
| 127 std::string rv = FilterStringForXRequestedWithValue(name); |
| 128 if (rv.empty()) |
| 129 return std::string(); |
| 130 |
| 131 // Apply to a narrow list of plugins only. |
| 132 if (rv != "ShockwaveFlash" && rv != "PPAPITests") |
| 133 return std::string(); |
| 134 |
| 135 std::string filtered_version = FilterStringForXRequestedWithValue(version); |
| 136 if (!filtered_version.empty()) |
| 137 rv += "/" + filtered_version; |
| 138 |
| 139 return rv; |
| 140 } |
| 141 |
| 106 } // namespace | 142 } // namespace |
| 107 | 143 |
| 108 bool CreateWebURLRequest(PP_Instance instance, | 144 bool CreateWebURLRequest(PP_Instance instance, |
| 109 URLRequestInfoData* data, | 145 URLRequestInfoData* data, |
| 110 WebFrame* frame, | 146 WebFrame* frame, |
| 111 WebURLRequest* dest) { | 147 WebURLRequest* dest) { |
| 112 // In the out-of-process case, we've received the URLRequestInfoData | 148 // In the out-of-process case, we've received the URLRequestInfoData |
| 113 // from the untrusted plugin and done no validation on it. We need to be | 149 // from the untrusted plugin and done no validation on it. We need to be |
| 114 // sure it's not being malicious by checking everything for consistency. | 150 // sure it's not being malicious by checking everything for consistency. |
| 115 if (!ValidateURLRequestData(*data)) | 151 if (!ValidateURLRequestData(*data)) |
| 116 return false; | 152 return false; |
| 117 | 153 |
| 154 std::string name_version; |
| 155 |
| 156 // Allow instance to be 0 or -1 for testing purposes. |
| 157 if (instance && instance != -1) { |
| 158 PepperPluginInstanceImpl* instance_impl = |
| 159 HostGlobals::Get()->GetInstance(instance); |
| 160 if (instance_impl) { |
| 161 name_version = MakeXRequestedWithValue( |
| 162 instance_impl->module()->name(), |
| 163 instance_impl->module()->version()); |
| 164 } |
| 165 } else { |
| 166 name_version = "internal_testing_only"; |
| 167 } |
| 168 |
| 118 dest->initialize(); | 169 dest->initialize(); |
| 119 dest->setURL(frame->document().completeURL(WebString::fromUTF8(data->url))); | 170 dest->setURL(frame->document().completeURL(WebString::fromUTF8(data->url))); |
| 120 dest->setDownloadToFile(data->stream_to_file); | 171 dest->setDownloadToFile(data->stream_to_file); |
| 121 dest->setReportUploadProgress(data->record_upload_progress); | 172 dest->setReportUploadProgress(data->record_upload_progress); |
| 122 | 173 |
| 123 if (!data->method.empty()) | 174 if (!data->method.empty()) |
| 124 dest->setHTTPMethod(WebString::fromUTF8(data->method)); | 175 dest->setHTTPMethod(WebString::fromUTF8(data->method)); |
| 125 | 176 |
| 126 dest->setFirstPartyForCookies(frame->document().firstPartyForCookies()); | 177 dest->setFirstPartyForCookies(frame->document().firstPartyForCookies()); |
| 127 | 178 |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 164 if (data->has_custom_referrer_url && !data->custom_referrer_url.empty()) | 215 if (data->has_custom_referrer_url && !data->custom_referrer_url.empty()) |
| 165 frame->setReferrerForRequest(*dest, GURL(data->custom_referrer_url)); | 216 frame->setReferrerForRequest(*dest, GURL(data->custom_referrer_url)); |
| 166 | 217 |
| 167 if (data->has_custom_content_transfer_encoding && | 218 if (data->has_custom_content_transfer_encoding && |
| 168 !data->custom_content_transfer_encoding.empty()) { | 219 !data->custom_content_transfer_encoding.empty()) { |
| 169 dest->addHTTPHeaderField( | 220 dest->addHTTPHeaderField( |
| 170 WebString::fromUTF8("Content-Transfer-Encoding"), | 221 WebString::fromUTF8("Content-Transfer-Encoding"), |
| 171 WebString::fromUTF8(data->custom_content_transfer_encoding)); | 222 WebString::fromUTF8(data->custom_content_transfer_encoding)); |
| 172 } | 223 } |
| 173 | 224 |
| 174 if (data->has_custom_user_agent) { | 225 if (data->has_custom_user_agent || !name_version.empty()) { |
| 175 RequestExtraData* extra_data = new RequestExtraData(); | 226 RequestExtraData* extra_data = new RequestExtraData(); |
| 176 extra_data->set_custom_user_agent( | 227 if (data->has_custom_user_agent) { |
| 177 WebString::fromUTF8(data->custom_user_agent)); | 228 extra_data->set_custom_user_agent( |
| 229 WebString::fromUTF8(data->custom_user_agent)); |
| 230 } |
| 231 if (!name_version.empty()) { |
| 232 extra_data->set_requested_with(WebString::fromUTF8(name_version)); |
| 233 } |
| 178 dest->setExtraData(extra_data); | 234 dest->setExtraData(extra_data); |
| 179 } | 235 } |
| 180 | 236 |
| 181 return true; | 237 return true; |
| 182 } | 238 } |
| 183 | 239 |
| 184 bool URLRequestRequiresUniversalAccess(const URLRequestInfoData& data) { | 240 bool URLRequestRequiresUniversalAccess(const URLRequestInfoData& data) { |
| 185 return data.has_custom_referrer_url || | 241 return data.has_custom_referrer_url || |
| 186 data.has_custom_content_transfer_encoding || | 242 data.has_custom_content_transfer_encoding || |
| 187 data.has_custom_user_agent || | 243 data.has_custom_user_agent || |
| 188 url::FindAndCompareScheme(data.url, "javascript", NULL); | 244 url::FindAndCompareScheme(data.url, "javascript", NULL); |
| 189 } | 245 } |
| 190 | 246 |
| 191 } // namespace content | 247 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 451923002:
Add a X-Requested-With header to URL requests for PPAPI Flash (only). (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src