Skip to content
Snippets Groups Projects
Commit f7093e0d authored by bbudge@google.com's avatar bbudge@google.com
Browse files

Restrict HTTP headers by checking in URLRequestInfo::SetProperty. 

BUG=47354
TEST=none
Review URL: http://codereview.chromium.org/5138010

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69590 0039d316-1c4b-4281-b951-d872f2087c98
parent ed41b49d
No related merge requests found
Hide whitespace changes
Inline Side-by-side
webkit/plugins/ppapi/ppb_url_request_info_impl.cc
+ 47
15
View file @ f7093e0d
...@@ -34,18 +34,51 @@ namespace ppapi { ...@@ -34,18 +34,51 @@ namespace ppapi {
namespace { namespace {
// If any of these request headers are specified, they will not be sent. // A header string containing any of the following fields will cause
// TODO(darin): Add more based on security considerations? // an error. The list comes from the XMLHttpRequest standard.
const char* const kIgnoredRequestHeaders[] = { // http://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader-method
"content-length" const char* const kForbiddenHeaderFields[] = {
"accept-charset",
"accept-encoding",
"connection",
"content-length",
"cookie",
"cookie2",
"content-transfer-encoding",
"date",
"expect",
"host",
"keep-alive",
"origin",
"referer",
"te",
"trailer",
"transfer-encoding",
"upgrade",
"user-agent",
"via",
}; };
PP_Bool IsIgnoredRequestHeader(const std::string& name) { bool IsValidHeaderField(const std::string& name) {
for (size_t i = 0; i < arraysize(kIgnoredRequestHeaders); ++i) { for (size_t i = 0; i < arraysize(kForbiddenHeaderFields); ++i) {
if (LowerCaseEqualsASCII(name, kIgnoredRequestHeaders[i])) if (LowerCaseEqualsASCII(name, kForbiddenHeaderFields[i]))
return PP_TRUE; return false;
} }
return PP_FALSE; if (StartsWithASCII(name, "proxy-", false))
return false;
if (StartsWithASCII(name, "sec-", false))
return false;
return true;
}
bool AreValidHeaders(const std::string& headers) {
net::HttpUtil::HeadersIterator it(headers.begin(), headers.end(), "\n");
while (it.GetNext()) {
if (!IsValidHeaderField(it.name()))
return false;
}
return true;
} }
PP_Resource Create(PP_Module module_id) { PP_Resource Create(PP_Module module_id) {
...@@ -190,7 +223,6 @@ bool PPB_URLRequestInfo_Impl::SetBooleanProperty(PP_URLRequestProperty property, ...@@ -190,7 +223,6 @@ bool PPB_URLRequestInfo_Impl::SetBooleanProperty(PP_URLRequestProperty property,
record_upload_progress_ = value; record_upload_progress_ = value;
return true; return true;
default: default:
//NOTIMPLEMENTED(); // TODO(darin): Implement me!
return false; return false;
} }
} }
...@@ -206,6 +238,8 @@ bool PPB_URLRequestInfo_Impl::SetStringProperty(PP_URLRequestProperty property, ...@@ -206,6 +238,8 @@ bool PPB_URLRequestInfo_Impl::SetStringProperty(PP_URLRequestProperty property,
method_ = value; method_ = value;
return true; return true;
case PP_URLREQUESTPROPERTY_HEADERS: case PP_URLREQUESTPROPERTY_HEADERS:
if (!AreValidHeaders(value))
return false;
headers_ = value; headers_ = value;
return true; return true;
default: default:
...@@ -251,11 +285,9 @@ WebURLRequest PPB_URLRequestInfo_Impl::ToWebURLRequest(WebFrame* frame) const { ...@@ -251,11 +285,9 @@ WebURLRequest PPB_URLRequestInfo_Impl::ToWebURLRequest(WebFrame* frame) const {
if (!headers_.empty()) { if (!headers_.empty()) {
net::HttpUtil::HeadersIterator it(headers_.begin(), headers_.end(), "\n"); net::HttpUtil::HeadersIterator it(headers_.begin(), headers_.end(), "\n");
while (it.GetNext()) { while (it.GetNext()) {
if (!IsIgnoredRequestHeader(it.name())) { web_request.addHTTPHeaderField(
web_request.addHTTPHeaderField( WebString::fromUTF8(it.name()),
WebString::fromUTF8(it.name()), WebString::fromUTF8(it.values()));
WebString::fromUTF8(it.values()));
}
} }
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment