Chromium Code Reviews Chromium Code Reviews
Issue 769043003:
Sanitize headers in Proxy Authentication Required responses (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/http/proxy_client_socket.cc |
| diff --git a/net/http/proxy_client_socket.cc b/net/http/proxy_client_socket.cc |
| index dcfae037ce721c92bd95dfa3aeded77bd2f6bf62..d4af8e37747641ef4c5e01d37c840fcb726dc0d8 100644 |
| --- a/net/http/proxy_client_socket.cc |
| +++ b/net/http/proxy_client_socket.cc |
| @@ -72,19 +72,25 @@ void ProxyClientSocket::LogBlockedTunnelResponse(int http_status_code, |
| } |
| // static |
| -bool ProxyClientSocket::SanitizeProxyRedirect(HttpResponseInfo* response, |
| - const GURL& url) { |
| +bool ProxyClientSocket::SanitizeProxyAuth(HttpResponseInfo* response) { |
| + DCHECK(response && response->headers.get()); |
| + response->headers->RemoveHeader("set-cookie"); |
| + return true; |
|
Ryan Sleevi
2014/12/01 21:28:49
I have trouble convincing myself a blacklist is th
Ryan Hamilton
2014/12/02 01:50:52
Sounds reasonable! You probably want Proxy-Authent
Deprecated (see juliatuttle)
2014/12/02 20:10:21
Yeah, agreed.
Is there a way that is more efficie
Ryan Hamilton
2014/12/02 20:14:25
As far as kludges go, the "assemble new fake raw h
|
| +} |
| + |
| +// static |
| +bool ProxyClientSocket::SanitizeProxyRedirect(HttpResponseInfo* response) { |
| DCHECK(response && response->headers.get()); |
| std::string location; |
| if (!response->headers->IsRedirect(&location)) |
| return false; |
| - // Return minimal headers; set "Content-length: 0" to ignore response body. |
| + // Return minimal headers; set "Content-Length: 0" to ignore response body. |
| std::string fake_response_headers = |
| - base::StringPrintf("HTTP/1.0 302 Found\n" |
| + base::StringPrintf("HTTP/1.1 302 Found\n" |
| "Location: %s\n" |
| - "Content-length: 0\n" |
| + "Content-Length: 0\n" |
| "Connection: close\n" |
| "\n", |
| location.c_str()); |
