third_party/WebKit/Source/core/loader/HttpEquiv.cpp - chromium/src - Git at Google

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "core/loader/HttpEquiv.h"

 #include "core/dom/Document.h"
 #include "core/dom/ScriptableDocumentParser.h"
 #include "core/dom/StyleEngine.h"
 #include "core/fetch/ClientHintsPreferences.h"
 #include "core/frame/UseCounter.h"
 #include "core/frame/csp/ContentSecurityPolicy.h"
 #include "core/inspector/ConsoleMessage.h"
 #include "core/loader/DocumentLoader.h"
 #include "core/origin_trials/OriginTrialContext.h"
 #include "platform/HTTPNames.h"
 #include "platform/network/HTTPParsers.h"
 #include "platform/weborigin/KURL.h"

 namespace blink {

 void HttpEquiv::process(Document& document, const AtomicString& equiv, const AtomicString& content, bool inDocumentHeadElement)
 {
     ASSERT(!equiv.isNull() && !content.isNull());

     if (equalIgnoringCase(equiv, "default-style")) {
         processHttpEquivDefaultStyle(document, content);
     } else if (equalIgnoringCase(equiv, "refresh")) {
         processHttpEquivRefresh(document, content);
     } else if (equalIgnoringCase(equiv, "set-cookie")) {
         processHttpEquivSetCookie(document, content);
     } else if (equalIgnoringCase(equiv, "content-language")) {
         document.setContentLanguage(content);
     } else if (equalIgnoringCase(equiv, "x-dns-prefetch-control")) {
         document.parseDNSPrefetchControlHeader(content);
     } else if (equalIgnoringCase(equiv, "x-frame-options")) {
         document.addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>."));
     } else if (equalIgnoringCase(equiv, "accept-ch")) {
         processHttpEquivAcceptCH(document, content);
     } else if (equalIgnoringCase(equiv, "content-security-policy") || equalIgnoringCase(equiv, "content-security-policy-report-only")) {
         if (inDocumentHeadElement)
             processHttpEquivContentSecurityPolicy(document, equiv, content);
         else
             document.contentSecurityPolicy()->reportMetaOutsideHead(content);
     } else if (equalIgnoringCase(equiv, "suborigin")) {
         document.addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Error with Suborigin header: Suborigin header with value '" + content + "' was delivered via a <meta> element and not an HTTP header, which is disallowed. The Suborigin has been ignored."));
     } else if (equalIgnoringCase(equiv, HTTPNames::Origin_Trial)) {
         if (inDocumentHeadElement)
             OriginTrialContext::from(&document)->addToken(content);
     }
 }

 void HttpEquiv::processHttpEquivContentSecurityPolicy(Document& document, const AtomicString& equiv, const AtomicString& content)
 {
     if (document.importLoader())
         return;
     if (equalIgnoringCase(equiv, "content-security-policy"))
         document.contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicyHeaderTypeEnforce, ContentSecurityPolicyHeaderSourceMeta);
     else if (equalIgnoringCase(equiv, "content-security-policy-report-only"))
         document.contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicyHeaderTypeReport, ContentSecurityPolicyHeaderSourceMeta);
     else
         ASSERT_NOT_REACHED();
 }

 void HttpEquiv::processHttpEquivAcceptCH(Document& document, const AtomicString& content)
 {
     if (!document.frame())
         return;

     UseCounter::count(document, UseCounter::ClientHintsMetaAcceptCH);
     document.clientHintsPreferences().updateFromAcceptClientHintsHeader(content, document.fetcher());
 }

 void HttpEquiv::processHttpEquivDefaultStyle(Document& document, const AtomicString& content)
 {
     document.styleEngine().setHttpDefaultStyle(content);
 }

 void HttpEquiv::processHttpEquivRefresh(Document& document, const AtomicString& content)
 {
     document.maybeHandleHttpRefresh(content, Document::HttpRefreshFromMetaTag);
 }

 void HttpEquiv::processHttpEquivSetCookie(Document& document, const AtomicString& content)
 {
     // FIXME: make setCookie work on XML documents too; e.g. in case of <html:meta .....>
     if (!document.isHTMLDocument())
         return;

     // Exception (for sandboxed documents) ignored.
     document.setCookie(content, IGNORE_EXCEPTION);
 }

 } // namespace blink
	// Copyright 2015 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "core/loader/HttpEquiv.h"

	#include "core/dom/Document.h"
	#include "core/dom/ScriptableDocumentParser.h"
	#include "core/dom/StyleEngine.h"
	#include "core/fetch/ClientHintsPreferences.h"
	#include "core/frame/UseCounter.h"
	#include "core/frame/csp/ContentSecurityPolicy.h"
	#include "core/inspector/ConsoleMessage.h"
	#include "core/loader/DocumentLoader.h"
	#include "core/origin_trials/OriginTrialContext.h"
	#include "platform/HTTPNames.h"
	#include "platform/network/HTTPParsers.h"
	#include "platform/weborigin/KURL.h"

	namespace blink {

	void HttpEquiv::process(Document& document, const AtomicString& equiv, const AtomicString& content, bool inDocumentHeadElement)
	{
	ASSERT(!equiv.isNull() && !content.isNull());

	if (equalIgnoringCase(equiv, "default-style")) {
	processHttpEquivDefaultStyle(document, content);
	} else if (equalIgnoringCase(equiv, "refresh")) {
	processHttpEquivRefresh(document, content);
	} else if (equalIgnoringCase(equiv, "set-cookie")) {
	processHttpEquivSetCookie(document, content);
	} else if (equalIgnoringCase(equiv, "content-language")) {
	document.setContentLanguage(content);
	} else if (equalIgnoringCase(equiv, "x-dns-prefetch-control")) {
	document.parseDNSPrefetchControlHeader(content);
	} else if (equalIgnoringCase(equiv, "x-frame-options")) {
	document.addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>."));
	} else if (equalIgnoringCase(equiv, "accept-ch")) {
	processHttpEquivAcceptCH(document, content);
	} else if (equalIgnoringCase(equiv, "content-security-policy") \|\| equalIgnoringCase(equiv, "content-security-policy-report-only")) {
	if (inDocumentHeadElement)
	processHttpEquivContentSecurityPolicy(document, equiv, content);
	else
	document.contentSecurityPolicy()->reportMetaOutsideHead(content);
	} else if (equalIgnoringCase(equiv, "suborigin")) {
	document.addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Error with Suborigin header: Suborigin header with value '" + content + "' was delivered via a <meta> element and not an HTTP header, which is disallowed. The Suborigin has been ignored."));
	} else if (equalIgnoringCase(equiv, HTTPNames::Origin_Trial)) {
	if (inDocumentHeadElement)
	OriginTrialContext::from(&document)->addToken(content);
	}
	}

	void HttpEquiv::processHttpEquivContentSecurityPolicy(Document& document, const AtomicString& equiv, const AtomicString& content)
	{
	if (document.importLoader())
	return;
	if (equalIgnoringCase(equiv, "content-security-policy"))
	document.contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicyHeaderTypeEnforce, ContentSecurityPolicyHeaderSourceMeta);
	else if (equalIgnoringCase(equiv, "content-security-policy-report-only"))
	document.contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicyHeaderTypeReport, ContentSecurityPolicyHeaderSourceMeta);
	else
	ASSERT_NOT_REACHED();
	}

	void HttpEquiv::processHttpEquivAcceptCH(Document& document, const AtomicString& content)
	{
	if (!document.frame())
	return;

	UseCounter::count(document, UseCounter::ClientHintsMetaAcceptCH);
	document.clientHintsPreferences().updateFromAcceptClientHintsHeader(content, document.fetcher());
	}

	void HttpEquiv::processHttpEquivDefaultStyle(Document& document, const AtomicString& content)
	{
	document.styleEngine().setHttpDefaultStyle(content);
	}

	void HttpEquiv::processHttpEquivRefresh(Document& document, const AtomicString& content)
	{
	document.maybeHandleHttpRefresh(content, Document::HttpRefreshFromMetaTag);
	}

	void HttpEquiv::processHttpEquivSetCookie(Document& document, const AtomicString& content)
	{
	// FIXME: make setCookie work on XML documents too; e.g. in case of <html:meta .....>
	if (!document.isHTMLDocument())
	return;

	// Exception (for sandboxed documents) ignored.
	document.setCookie(content, IGNORE_EXCEPTION);
	}

	} // namespace blink