Add a X-Requested-With header to URL requests for PPAPI Flash (only).

content/renderer/pepper/url_request_info_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/pepper/url_request_info_util.h"
 
 #include "base/logging.h"
 #include "base/strings/string_util.h"
 #include "content/child/request_extra_data.h"
 #include "content/common/fileapi/file_system_messages.h"
@@ skipping 85 matching lines @@
 bool ValidateURLRequestData(const URLRequestInfoData& data) {
   if (data.prefetch_buffer_lower_threshold < 0 ||
       data.prefetch_buffer_upper_threshold < 0 ||
       data.prefetch_buffer_upper_threshold <=
           data.prefetch_buffer_lower_threshold) {
     return false;
   }
   return true;
 }
 
+std::string FilterStringForXRequestedWithValue(const std::string& s) {
+  std::string rv;
+  rv.reserve(s.length());
+  for (size_t i = 0; i < s.length(); i++) {
+    char c = s[i];
+    // Allow ASCII digits, letters, periods, commas, and underscores. (Ignore
+    // all other characters.)
+    if ((c >= '0' && c <= '9') || (c >= 'A' && c <= 'Z') ||
+        (c >= 'a' && c <= 'z') || (c == '.') || (c == ',') || (c == '_'))
+      rv.push_back(c);
+  }
+  return rv;
+}
+
+// Returns an appropriate value for the X-Requested-With header for plugins that
+// present an X-Requested-With header. Returns a blank string for other plugins.
+// We produce a user-agent-like string (eating spaces and other undesired
+// characters) like "ShockwaveFlash/11.5.31.135" from the plugin name and
+// version.
+std::string MakeXRequestedWithValue(const std::string& name,
+                                    const std::string& version) {
+  std::string rv = FilterStringForXRequestedWithValue(name);
+  if (rv.empty())
+    return "";

[brettw, 2014/08/18 21:22:48]

When returning an empty string, can you do
  return std::string();
instead? This saves generated code in my tests, and is also more precise w.r.t.
types.

[Tom Sepez, 2014/08/18 22:15:23]

Done.

+
+  // Apply to a narrow list of plugins only.
+  if (rv != "ShockwaveFlash" && rv != "PPAPITests")
+    return "";
+
+  std::string filtered_version = FilterStringForXRequestedWithValue(version);
+  if (!filtered_version.empty())
+    rv += "/" + filtered_version;
+
+  return rv;
+}
+
 }  // namespace
 
 bool CreateWebURLRequest(PP_Instance instance,
                          URLRequestInfoData* data,
                          WebFrame* frame,
                          WebURLRequest* dest) {
   // In the out-of-process case, we've received the URLRequestInfoData
   // from the untrusted plugin and done no validation on it. We need to be
   // sure it's not being malicious by checking everything for consistency.
   if (!ValidateURLRequestData(*data))
     return false;
 
+   std::string name_version;
+
+   // Allow null instances for testing purposes.
+   if (instance) {
+     PepperPluginInstanceImpl* instance_impl =
+         HostGlobals::Get()->GetInstance(instance);
+     if (instance_impl) {
+       name_version = MakeXRequestedWithValue(
+           instance_impl->module()->name(),
+           instance_impl->module()->version());
+     }
+   } else {
+     name_version = "internal_testing_only";
+   }
+
   dest->initialize();
   dest->setURL(frame->document().completeURL(WebString::fromUTF8(data->url)));
   dest->setDownloadToFile(data->stream_to_file);
   dest->setReportUploadProgress(data->record_upload_progress);
 
   if (!data->method.empty())
     dest->setHTTPMethod(WebString::fromUTF8(data->method));
 
   dest->setFirstPartyForCookies(frame->document().firstPartyForCookies());
 
@@ skipping 36 matching lines @@
   if (data->has_custom_referrer_url && !data->custom_referrer_url.empty())
     frame->setReferrerForRequest(*dest, GURL(data->custom_referrer_url));
 
   if (data->has_custom_content_transfer_encoding &&
       !data->custom_content_transfer_encoding.empty()) {
     dest->addHTTPHeaderField(
         WebString::fromUTF8("Content-Transfer-Encoding"),
         WebString::fromUTF8(data->custom_content_transfer_encoding));
   }
 
-  if (data->has_custom_user_agent) {
+  if (data->has_custom_user_agent || !name_version.empty()) {
     RequestExtraData* extra_data = new RequestExtraData();
-    extra_data->set_custom_user_agent(
-        WebString::fromUTF8(data->custom_user_agent));
+    if (data->has_custom_user_agent) {
+      extra_data->set_custom_user_agent(
+          WebString::fromUTF8(data->custom_user_agent));
+    }
+    if (!name_version.empty()) {
+      extra_data->set_x_requested_with(
+          WebString::fromUTF8(name_version));
+    }
     dest->setExtraData(extra_data);
   }
 
   return true;
 }
 
 bool URLRequestRequiresUniversalAccess(const URLRequestInfoData& data) {
   return data.has_custom_referrer_url ||
          data.has_custom_content_transfer_encoding ||
          data.has_custom_user_agent ||
          url::FindAndCompareScheme(data.url, "javascript", NULL);
 }
 
 }  // namespace content