From b766f11049d98f54980f64a6261914610e4e5116 Mon Sep 17 00:00:00 2001 From: Gustavo Noronha Silva Date: Sun, 8 Dec 2013 20:04:48 +0100 Subject: sniffing: Implement handling of the X-Content-Type-Options header --- libsoup/soup-content-sniffer.c | 6 +++++- tests/sniffing-test.c | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c index e16658ba..6dec3e30 100644 --- a/libsoup/soup-content-sniffer.c +++ b/libsoup/soup-content-sniffer.c @@ -477,6 +477,7 @@ soup_content_sniffer_real_sniff (SoupContentSniffer *sniffer, SoupMessage *msg, SoupBuffer *buffer, GHashTable **params) { const char *content_type; + const char *x_content_type_options; content_type = soup_message_headers_get_content_type (msg->response_headers, params); @@ -489,7 +490,10 @@ soup_content_sniffer_real_sniff (SoupContentSniffer *sniffer, SoupMessage *msg, !g_ascii_strcasecmp (content_type, "*/*")) return sniff_unknown (sniffer, buffer, FALSE); - /* TODO: 2. no-sniff flag handling. */ + /* 2. If nosniff is specified in X-Content-Type-Options use the supplied MIME type. */ + x_content_type_options = soup_message_headers_get_one (msg->response_headers, "X-Content-Type-Options"); + if (!g_strcmp0 (x_content_type_options, "nosniff")) + return g_strdup (content_type); /* 3. check-for-apache-bug */ if ((content_type != NULL) && diff --git a/tests/sniffing-test.c b/tests/sniffing-test.c index b668f403..a8bc3ffc 100644 --- a/tests/sniffing-test.c +++ b/tests/sniffing-test.c @@ -49,6 +49,20 @@ server_callback (SoupServer *server, SoupMessage *msg, "Content-Type", "text/plain"); } + if (g_str_has_prefix (path, "/nosniff/")) { + char *base_name = g_path_get_basename (path); + + response = soup_test_load_resource (base_name, &error); + g_assert_no_error (error); + g_free (base_name); + + soup_message_headers_append (msg->response_headers, + "X-Content-Type-Options", "nosniff"); + + soup_message_headers_append (msg->response_headers, + "Content-Type", "no/sniffing-allowed"); + } + if (g_str_has_prefix (path, "/text_or_binary/") || g_str_has_prefix (path, "/apache_bug/")) { char *base_name = g_path_get_basename (path); @@ -450,6 +464,11 @@ main (int argc, char **argv) "/apache_bug/text.txt => text/plain", do_sniffing_test); + /* X-Content-Type-Options: nosniff */ + g_test_add_data_func ("/sniffing/nosniff", + "nosniff/home.gif => no/sniffing-allowed", + do_sniffing_test); + /* GIF is a 'safe' type */ g_test_add_data_func ("/sniffing/type/gif", "text_or_binary/home.gif => image/gif", -- cgit v1.2.1