third_party/WebKit/Source/platform/loader/fetch/FetchUtils.cpp - chromium/src - Git at Google

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "platform/loader/fetch/FetchUtils.h"

 #include "platform/HTTPNames.h"
 #include "platform/network/HTTPHeaderMap.h"
 #include "platform/network/HTTPParsers.h"
 #include "wtf/HashSet.h"
 #include "wtf/Threading.h"
 #include "wtf/text/AtomicString.h"
 #include "wtf/text/WTFString.h"

 namespace blink {

 namespace {

 bool isHTTPWhitespace(UChar chr) {
   return chr == ' ' || chr == '\n' || chr == '\t' || chr == '\r';
 }

 class ForbiddenHeaderNames {
   WTF_MAKE_NONCOPYABLE(ForbiddenHeaderNames);
   USING_FAST_MALLOC(ForbiddenHeaderNames);

  public:
   bool has(const String& name) const {
     return m_fixedNames.contains(name) ||
            name.startsWith(m_proxyHeaderPrefix, TextCaseASCIIInsensitive) ||
            name.startsWith(m_secHeaderPrefix, TextCaseASCIIInsensitive);
   }

   static const ForbiddenHeaderNames& get();

  private:
   ForbiddenHeaderNames();

   String m_proxyHeaderPrefix;
   String m_secHeaderPrefix;
   HashSet<String, CaseFoldingHash> m_fixedNames;
 };

 ForbiddenHeaderNames::ForbiddenHeaderNames()
     : m_proxyHeaderPrefix("proxy-"), m_secHeaderPrefix("sec-") {
   m_fixedNames = {
       "accept-charset",
       "accept-encoding",
       "access-control-request-headers",
       "access-control-request-method",
       "connection",
       "content-length",
       "cookie",
       "cookie2",
       "date",
       "dnt",
       "expect",
       "host",
       "keep-alive",
       "origin",
       "referer",
       "te",
       "trailer",
       "transfer-encoding",
       "upgrade",
       "user-agent",
       "via",
   };
 }

 const ForbiddenHeaderNames& ForbiddenHeaderNames::get() {
   DEFINE_THREAD_SAFE_STATIC_LOCAL(const ForbiddenHeaderNames, instance,
                                   new ForbiddenHeaderNames);
   return instance;
 }

 }  // namespace

 bool FetchUtils::isSimpleMethod(const String& method) {
   // http://fetch.spec.whatwg.org/#simple-method
   // "A simple method is a method that is `GET`, `HEAD`, or `POST`."
   return method == "GET" || method == "HEAD" || method == "POST";
 }

 bool FetchUtils::isSimpleHeader(const AtomicString& name,
                                 const AtomicString& value) {
   // http://fetch.spec.whatwg.org/#simple-header
   // "A simple header is a header whose name is either one of `Accept`,
   // `Accept-Language`, and `Content-Language`, or whose name is
   // `Content-Type` and value, once parsed, is one of
   // `application/x-www-form-urlencoded`, `multipart/form-data`, and
   // `text/plain`."
   // Treat 'Save-Data' as a simple header, since it is added by Chrome when
   // Data Saver feature is enabled.
   // Treat inspector headers as a simple headers, since they are added by blink
   // when the inspector is open.

   if (equalIgnoringCase(name, "accept") ||
       equalIgnoringCase(name, "accept-language") ||
       equalIgnoringCase(name, "content-language") ||
       equalIgnoringCase(
           name, HTTPNames::X_DevTools_Emulate_Network_Conditions_Client_Id) ||
       equalIgnoringCase(name, HTTPNames::X_DevTools_Request_Id) ||
       equalIgnoringCase(name, "save-data"))
     return true;

   if (equalIgnoringCase(name, "content-type"))
     return isSimpleContentType(value);

   return false;
 }

 bool FetchUtils::isSimpleContentType(const AtomicString& mediaType) {
   AtomicString mimeType = extractMIMETypeFromMediaType(mediaType);
   return equalIgnoringCase(mimeType, "application/x-www-form-urlencoded") ||
          equalIgnoringCase(mimeType, "multipart/form-data") ||
          equalIgnoringCase(mimeType, "text/plain");
 }

 bool FetchUtils::isSimpleRequest(const String& method,
                                  const HTTPHeaderMap& headerMap) {
   if (!isSimpleMethod(method))
     return false;

   for (const auto& header : headerMap) {
     // Preflight is required for MIME types that can not be sent via form
     // submission.
     if (!isSimpleHeader(header.key, header.value))
       return false;
   }

   return true;
 }

 bool FetchUtils::isForbiddenMethod(const String& method) {
   // http://fetch.spec.whatwg.org/#forbidden-method
   // "A forbidden method is a method that is a byte case-insensitive match"
   //  for one of `CONNECT`, `TRACE`, and `TRACK`."
   return equalIgnoringCase(method, "TRACE") ||
          equalIgnoringCase(method, "TRACK") ||
          equalIgnoringCase(method, "CONNECT");
 }

 bool FetchUtils::isForbiddenHeaderName(const String& name) {
   // http://fetch.spec.whatwg.org/#forbidden-header-name
   // "A forbidden header name is a header names that is one of:
   //   `Accept-Charset`, `Accept-Encoding`, `Access-Control-Request-Headers`,
   //   `Access-Control-Request-Method`, `Connection`,
   //   `Content-Length, Cookie`, `Cookie2`, `Date`, `DNT`, `Expect`, `Host`,
   //   `Keep-Alive`, `Origin`, `Referer`, `TE`, `Trailer`,
   //   `Transfer-Encoding`, `Upgrade`, `User-Agent`, `Via`
   // or starts with `Proxy-` or `Sec-` (including when it is just `Proxy-` or
   // `Sec-`)."

   return ForbiddenHeaderNames::get().has(name);
 }

 bool FetchUtils::isForbiddenResponseHeaderName(const String& name) {
   // http://fetch.spec.whatwg.org/#forbidden-response-header-name
   // "A forbidden response header name is a header name that is one of:
   // `Set-Cookie`, `Set-Cookie2`"

   return equalIgnoringCase(name, "set-cookie") ||
          equalIgnoringCase(name, "set-cookie2");
 }

 bool FetchUtils::isSimpleOrForbiddenRequest(const String& method,
                                             const HTTPHeaderMap& headerMap) {
   if (!isSimpleMethod(method))
     return false;

   for (const auto& header : headerMap) {
     if (!isSimpleHeader(header.key, header.value) &&
         !isForbiddenHeaderName(header.key))
       return false;
   }

   return true;
 }

 AtomicString FetchUtils::normalizeMethod(const AtomicString& method) {
   // https://fetch.spec.whatwg.org/#concept-method-normalize

   // We place GET and POST first because they are more commonly used than
   // others.
   const char* const methods[] = {
       "GET", "POST", "DELETE", "HEAD", "OPTIONS", "PUT",
   };

   for (const auto& known : methods) {
     if (equalIgnoringCase(method, known)) {
       // Don't bother allocating a new string if it's already all
       // uppercase.
       return method == known ? method : known;
     }
   }
   return method;
 }

 String FetchUtils::normalizeHeaderValue(const String& value) {
   // https://fetch.spec.whatwg.org/#concept-header-value-normalize
   // Strip leading and trailing whitespace from header value.
   // HTTP whitespace bytes are 0x09, 0x0A, 0x0D, and 0x20.

   return value.stripWhiteSpace(isHTTPWhitespace);
 }

 }  // namespace blink
	// Copyright 2014 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "platform/loader/fetch/FetchUtils.h"

	#include "platform/HTTPNames.h"
	#include "platform/network/HTTPHeaderMap.h"
	#include "platform/network/HTTPParsers.h"
	#include "wtf/HashSet.h"
	#include "wtf/Threading.h"
	#include "wtf/text/AtomicString.h"
	#include "wtf/text/WTFString.h"

	namespace blink {

	namespace {

	bool isHTTPWhitespace(UChar chr) {
	return chr == ' ' \|\| chr == '\n' \|\| chr == '\t' \|\| chr == '\r';
	}

	class ForbiddenHeaderNames {
	WTF_MAKE_NONCOPYABLE(ForbiddenHeaderNames);
	USING_FAST_MALLOC(ForbiddenHeaderNames);

	public:
	bool has(const String& name) const {
	return m_fixedNames.contains(name) \|\|
	name.startsWith(m_proxyHeaderPrefix, TextCaseASCIIInsensitive) \|\|
	name.startsWith(m_secHeaderPrefix, TextCaseASCIIInsensitive);
	}

	static const ForbiddenHeaderNames& get();

	private:
	ForbiddenHeaderNames();

	String m_proxyHeaderPrefix;
	String m_secHeaderPrefix;
	HashSet<String, CaseFoldingHash> m_fixedNames;
	};

	ForbiddenHeaderNames::ForbiddenHeaderNames()
	: m_proxyHeaderPrefix("proxy-"), m_secHeaderPrefix("sec-") {
	m_fixedNames = {
	"accept-charset",
	"accept-encoding",
	"access-control-request-headers",
	"access-control-request-method",
	"connection",
	"content-length",
	"cookie",
	"cookie2",
	"date",
	"dnt",
	"expect",
	"host",
	"keep-alive",
	"origin",
	"referer",
	"te",
	"trailer",
	"transfer-encoding",
	"upgrade",
	"user-agent",
	"via",
	};
	}

	const ForbiddenHeaderNames& ForbiddenHeaderNames::get() {
	DEFINE_THREAD_SAFE_STATIC_LOCAL(const ForbiddenHeaderNames, instance,
	new ForbiddenHeaderNames);
	return instance;
	}

	} // namespace

	bool FetchUtils::isSimpleMethod(const String& method) {
	// http://fetch.spec.whatwg.org/#simple-method
	// "A simple method is a method that is `GET`, `HEAD`, or `POST`."
	return method == "GET" \|\| method == "HEAD" \|\| method == "POST";
	}

	bool FetchUtils::isSimpleHeader(const AtomicString& name,
	const AtomicString& value) {
	// http://fetch.spec.whatwg.org/#simple-header
	// "A simple header is a header whose name is either one of `Accept`,
	// `Accept-Language`, and `Content-Language`, or whose name is
	// `Content-Type` and value, once parsed, is one of
	// `application/x-www-form-urlencoded`, `multipart/form-data`, and
	// `text/plain`."
	// Treat 'Save-Data' as a simple header, since it is added by Chrome when
	// Data Saver feature is enabled.
	// Treat inspector headers as a simple headers, since they are added by blink
	// when the inspector is open.

	if (equalIgnoringCase(name, "accept") \|\|
	equalIgnoringCase(name, "accept-language") \|\|
	equalIgnoringCase(name, "content-language") \|\|
	equalIgnoringCase(
	name, HTTPNames::X_DevTools_Emulate_Network_Conditions_Client_Id) \|\|
	equalIgnoringCase(name, HTTPNames::X_DevTools_Request_Id) \|\|
	equalIgnoringCase(name, "save-data"))
	return true;

	if (equalIgnoringCase(name, "content-type"))
	return isSimpleContentType(value);

	return false;
	}

	bool FetchUtils::isSimpleContentType(const AtomicString& mediaType) {
	AtomicString mimeType = extractMIMETypeFromMediaType(mediaType);
	return equalIgnoringCase(mimeType, "application/x-www-form-urlencoded") \|\|
	equalIgnoringCase(mimeType, "multipart/form-data") \|\|
	equalIgnoringCase(mimeType, "text/plain");
	}

	bool FetchUtils::isSimpleRequest(const String& method,
	const HTTPHeaderMap& headerMap) {
	if (!isSimpleMethod(method))
	return false;

	for (const auto& header : headerMap) {
	// Preflight is required for MIME types that can not be sent via form
	// submission.
	if (!isSimpleHeader(header.key, header.value))
	return false;
	}

	return true;
	}

	bool FetchUtils::isForbiddenMethod(const String& method) {
	// http://fetch.spec.whatwg.org/#forbidden-method
	// "A forbidden method is a method that is a byte case-insensitive match"
	// for one of `CONNECT`, `TRACE`, and `TRACK`."
	return equalIgnoringCase(method, "TRACE") \|\|
	equalIgnoringCase(method, "TRACK") \|\|
	equalIgnoringCase(method, "CONNECT");
	}

	bool FetchUtils::isForbiddenHeaderName(const String& name) {
	// http://fetch.spec.whatwg.org/#forbidden-header-name
	// "A forbidden header name is a header names that is one of:
	// `Accept-Charset`, `Accept-Encoding`, `Access-Control-Request-Headers`,
	// `Access-Control-Request-Method`, `Connection`,
	// `Content-Length, Cookie`, `Cookie2`, `Date`, `DNT`, `Expect`, `Host`,
	// `Keep-Alive`, `Origin`, `Referer`, `TE`, `Trailer`,
	// `Transfer-Encoding`, `Upgrade`, `User-Agent`, `Via`
	// or starts with `Proxy-` or `Sec-` (including when it is just `Proxy-` or
	// `Sec-`)."

	return ForbiddenHeaderNames::get().has(name);
	}

	bool FetchUtils::isForbiddenResponseHeaderName(const String& name) {
	// http://fetch.spec.whatwg.org/#forbidden-response-header-name
	// "A forbidden response header name is a header name that is one of:
	// `Set-Cookie`, `Set-Cookie2`"

	return equalIgnoringCase(name, "set-cookie") \|\|
	equalIgnoringCase(name, "set-cookie2");
	}

	bool FetchUtils::isSimpleOrForbiddenRequest(const String& method,
	const HTTPHeaderMap& headerMap) {
	if (!isSimpleMethod(method))
	return false;

	for (const auto& header : headerMap) {
	if (!isSimpleHeader(header.key, header.value) &&
	!isForbiddenHeaderName(header.key))
	return false;
	}

	return true;
	}

	AtomicString FetchUtils::normalizeMethod(const AtomicString& method) {
	// https://fetch.spec.whatwg.org/#concept-method-normalize

	// We place GET and POST first because they are more commonly used than
	// others.
	const char* const methods[] = {
	"GET", "POST", "DELETE", "HEAD", "OPTIONS", "PUT",
	};

	for (const auto& known : methods) {
	if (equalIgnoringCase(method, known)) {
	// Don't bother allocating a new string if it's already all
	// uppercase.
	return method == known ? method : known;
	}
	}
	return method;
	}

	String FetchUtils::normalizeHeaderValue(const String& value) {
	// https://fetch.spec.whatwg.org/#concept-header-value-normalize
	// Strip leading and trailing whitespace from header value.
	// HTTP whitespace bytes are 0x09, 0x0A, 0x0D, and 0x20.

	return value.stripWhiteSpace(isHTTPWhitespace);
	}

	} // namespace blink