diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-07-17 13:57:45 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-07-19 13:44:40 +0000 |
| commit | 6ec7b8da05d21a3878bd21c691b41e675d74bb1c (patch) | |
| tree | b87f250bc19413750b9bb9cdbf2da20ef5014820 /chromium/net/http/http_security_headers.cc | |
| parent | ec02ee4181c49b61fce1c8fb99292dbb8139cc90 (diff) | |
| download | qtwebengine-chromium-6ec7b8da05d21a3878bd21c691b41e675d74bb1c.tar.gz | |
BASELINE: Update Chromium to 60.0.3112.70
Change-Id: I9911c2280a014d4632f254857876a395d4baed2d
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Diffstat (limited to 'chromium/net/http/http_security_headers.cc')
| -rw-r--r-- | chromium/net/http/http_security_headers.cc | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/chromium/net/http/http_security_headers.cc b/chromium/net/http/http_security_headers.cc index 8225385ee8a..e67eadf7feb 100644 --- a/chromium/net/http/http_security_headers.cc +++ b/chromium/net/http/http_security_headers.cc @@ -365,4 +365,75 @@ bool ParseHPKPReportOnlyHeader(const std::string& value, include_subdomains, hashes, report_uri); } +// "Expect-CT" ":" +// "max-age" "=" delta-seconds +// [ "," "enforce" ] +// [ "," "report-uri" "=" absolute-URI ] +bool ParseExpectCTHeader(const std::string& value, + base::TimeDelta* max_age, + bool* enforce, + GURL* report_uri) { + bool parsed_max_age = false; + bool enforce_candidate = false; + bool has_report_uri = false; + uint32_t max_age_candidate = 0; + GURL parsed_report_uri; + + HttpUtil::NameValuePairsIterator name_value_pairs( + value.begin(), value.end(), ',', + HttpUtil::NameValuePairsIterator::Values::NOT_REQUIRED, + // Use STRICT_QUOTES because "UAs must not attempt to fix malformed header + // fields." + HttpUtil::NameValuePairsIterator::Quotes::STRICT_QUOTES); + + while (name_value_pairs.GetNext()) { + base::StringPiece name(name_value_pairs.name_begin(), + name_value_pairs.name_end()); + if (base::LowerCaseEqualsASCII(name, "max-age")) { + // "A given directive MUST NOT appear more than once in a given header + // field." + if (parsed_max_age) + return false; + if (!MaxAgeToLimitedInt(name_value_pairs.value_begin(), + name_value_pairs.value_end(), kMaxExpectCTAgeSecs, + &max_age_candidate)) { + return false; + } + parsed_max_age = true; + } else if (base::LowerCaseEqualsASCII(name, "enforce")) { + // "A given directive MUST NOT appear more than once in a given header + // field." + if (enforce_candidate) + return false; + if (!name_value_pairs.value().empty()) + return false; + enforce_candidate = true; + } else if (base::LowerCaseEqualsASCII(name, "report-uri")) { + // "A given directive MUST NOT appear more than once in a given header + // field." + if (has_report_uri) + return false; + + has_report_uri = true; + parsed_report_uri = GURL(base::StringPiece(name_value_pairs.value_begin(), + name_value_pairs.value_end())); + if (parsed_report_uri.is_empty() || !parsed_report_uri.is_valid()) + return false; + } else { + // Silently ignore unknown directives for forward compatibility. + } + } + + if (!name_value_pairs.valid()) + return false; + + if (!parsed_max_age) + return false; + + *max_age = base::TimeDelta::FromSeconds(max_age_candidate); + *enforce = enforce_candidate; + *report_uri = parsed_report_uri; + return true; +} + } // namespace net |