1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_request_headers.h"
6
7 #include <utility>
8
9 #include "base/logging.h"
10 #include "base/notreached.h"
11 #include "base/strings/escape.h"
12 #include "base/strings/strcat.h"
13 #include "base/strings/string_split.h"
14 #include "base/strings/string_util.h"
15 #include "base/strings/stringprintf.h"
16 #include "base/values.h"
17 #include "net/base/url_util.h"
18 #include "net/http/http_log_util.h"
19 #include "net/http/http_util.h"
20 #include "net/log/net_log_capture_mode.h"
21 #include "net/log/net_log_values.h"
22
23 namespace net {
24
25 namespace {
26
SupportsStreamType(const absl::optional<base::flat_set<SourceStream::SourceType>> & accepted_stream_types,SourceStream::SourceType type)27 bool SupportsStreamType(
28 const absl::optional<base::flat_set<SourceStream::SourceType>>&
29 accepted_stream_types,
30 SourceStream::SourceType type) {
31 if (!accepted_stream_types)
32 return true;
33 return accepted_stream_types->contains(type);
34 }
35
36 } // namespace
37
38 const char HttpRequestHeaders::kConnectMethod[] = "CONNECT";
39 const char HttpRequestHeaders::kDeleteMethod[] = "DELETE";
40 const char HttpRequestHeaders::kGetMethod[] = "GET";
41 const char HttpRequestHeaders::kHeadMethod[] = "HEAD";
42 const char HttpRequestHeaders::kOptionsMethod[] = "OPTIONS";
43 const char HttpRequestHeaders::kPatchMethod[] = "PATCH";
44 const char HttpRequestHeaders::kPostMethod[] = "POST";
45 const char HttpRequestHeaders::kPutMethod[] = "PUT";
46 const char HttpRequestHeaders::kTraceMethod[] = "TRACE";
47 const char HttpRequestHeaders::kTrackMethod[] = "TRACK";
48 const char HttpRequestHeaders::kAccept[] = "Accept";
49 const char HttpRequestHeaders::kAcceptCharset[] = "Accept-Charset";
50 const char HttpRequestHeaders::kAcceptEncoding[] = "Accept-Encoding";
51 const char HttpRequestHeaders::kAcceptLanguage[] = "Accept-Language";
52 const char HttpRequestHeaders::kAuthorization[] = "Authorization";
53 const char HttpRequestHeaders::kCacheControl[] = "Cache-Control";
54 const char HttpRequestHeaders::kConnection[] = "Connection";
55 const char HttpRequestHeaders::kContentLength[] = "Content-Length";
56 const char HttpRequestHeaders::kContentType[] = "Content-Type";
57 const char HttpRequestHeaders::kCookie[] = "Cookie";
58 const char HttpRequestHeaders::kHost[] = "Host";
59 const char HttpRequestHeaders::kIfMatch[] = "If-Match";
60 const char HttpRequestHeaders::kIfModifiedSince[] = "If-Modified-Since";
61 const char HttpRequestHeaders::kIfNoneMatch[] = "If-None-Match";
62 const char HttpRequestHeaders::kIfRange[] = "If-Range";
63 const char HttpRequestHeaders::kIfUnmodifiedSince[] = "If-Unmodified-Since";
64 const char HttpRequestHeaders::kOrigin[] = "Origin";
65 const char HttpRequestHeaders::kPragma[] = "Pragma";
66 const char HttpRequestHeaders::kProxyAuthorization[] = "Proxy-Authorization";
67 const char HttpRequestHeaders::kProxyConnection[] = "Proxy-Connection";
68 const char HttpRequestHeaders::kRange[] = "Range";
69 const char HttpRequestHeaders::kReferer[] = "Referer";
70 const char HttpRequestHeaders::kTransferEncoding[] = "Transfer-Encoding";
71 const char HttpRequestHeaders::kUserAgent[] = "User-Agent";
72
73 HttpRequestHeaders::HeaderKeyValuePair::HeaderKeyValuePair() = default;
74
HeaderKeyValuePair(base::StringPiece key,base::StringPiece value)75 HttpRequestHeaders::HeaderKeyValuePair::HeaderKeyValuePair(
76 base::StringPiece key,
77 base::StringPiece value)
78 : HeaderKeyValuePair(key, std::string(value)) {}
79
HeaderKeyValuePair(base::StringPiece key,std::string && value)80 HttpRequestHeaders::HeaderKeyValuePair::HeaderKeyValuePair(
81 base::StringPiece key,
82 std::string&& value)
83 : key(key), value(std::move(value)) {}
84
Iterator(const HttpRequestHeaders & headers)85 HttpRequestHeaders::Iterator::Iterator(const HttpRequestHeaders& headers)
86 : curr_(headers.headers_.begin()), end_(headers.headers_.end()) {}
87
88 HttpRequestHeaders::Iterator::~Iterator() = default;
89
GetNext()90 bool HttpRequestHeaders::Iterator::GetNext() {
91 if (!started_) {
92 started_ = true;
93 return curr_ != end_;
94 }
95
96 if (curr_ == end_)
97 return false;
98
99 ++curr_;
100 return curr_ != end_;
101 }
102
103 HttpRequestHeaders::HttpRequestHeaders() = default;
104 HttpRequestHeaders::HttpRequestHeaders(const HttpRequestHeaders& other) =
105 default;
106 HttpRequestHeaders::HttpRequestHeaders(HttpRequestHeaders&& other) = default;
107 HttpRequestHeaders::~HttpRequestHeaders() = default;
108
109 HttpRequestHeaders& HttpRequestHeaders::operator=(
110 const HttpRequestHeaders& other) = default;
111 HttpRequestHeaders& HttpRequestHeaders::operator=(HttpRequestHeaders&& other) =
112 default;
113
GetHeader(base::StringPiece key,std::string * out) const114 bool HttpRequestHeaders::GetHeader(base::StringPiece key,
115 std::string* out) const {
116 auto it = FindHeader(key);
117 if (it == headers_.end())
118 return false;
119 out->assign(it->value);
120 return true;
121 }
122
Clear()123 void HttpRequestHeaders::Clear() {
124 headers_.clear();
125 }
126
SetHeader(base::StringPiece key,base::StringPiece value)127 void HttpRequestHeaders::SetHeader(base::StringPiece key,
128 base::StringPiece value) {
129 SetHeader(key, std::string(value));
130 }
131
SetHeader(base::StringPiece key,std::string && value)132 void HttpRequestHeaders::SetHeader(base::StringPiece key, std::string&& value) {
133 // Invalid header names or values could mean clients can attach
134 // browser-internal headers.
135 CHECK(HttpUtil::IsValidHeaderName(key)) << key;
136 CHECK(HttpUtil::IsValidHeaderValue(value)) << key << ":" << value;
137
138 SetHeaderInternal(key, std::move(value));
139 }
140
SetHeaderWithoutCheckForTesting(base::StringPiece key,base::StringPiece value)141 void HttpRequestHeaders::SetHeaderWithoutCheckForTesting(
142 base::StringPiece key,
143 base::StringPiece value) {
144 SetHeaderInternal(key, std::string(value));
145 }
146
SetHeaderIfMissing(base::StringPiece key,base::StringPiece value)147 void HttpRequestHeaders::SetHeaderIfMissing(base::StringPiece key,
148 base::StringPiece value) {
149 // Invalid header names or values could mean clients can attach
150 // browser-internal headers.
151 CHECK(HttpUtil::IsValidHeaderName(key));
152 CHECK(HttpUtil::IsValidHeaderValue(value));
153 auto it = FindHeader(key);
154 if (it == headers_.end())
155 headers_.push_back(HeaderKeyValuePair(key, value));
156 }
157
RemoveHeader(base::StringPiece key)158 void HttpRequestHeaders::RemoveHeader(base::StringPiece key) {
159 auto it = FindHeader(key);
160 if (it != headers_.end())
161 headers_.erase(it);
162 }
163
AddHeaderFromString(base::StringPiece header_line)164 void HttpRequestHeaders::AddHeaderFromString(base::StringPiece header_line) {
165 DCHECK_EQ(std::string::npos, header_line.find("\r\n"))
166 << "\"" << header_line << "\" contains CRLF.";
167
168 const std::string::size_type key_end_index = header_line.find(":");
169 if (key_end_index == std::string::npos) {
170 LOG(DFATAL) << "\"" << header_line << "\" is missing colon delimiter.";
171 return;
172 }
173
174 if (key_end_index == 0) {
175 LOG(DFATAL) << "\"" << header_line << "\" is missing header key.";
176 return;
177 }
178
179 const base::StringPiece header_key(header_line.data(), key_end_index);
180 if (!HttpUtil::IsValidHeaderName(header_key)) {
181 LOG(DFATAL) << "\"" << header_line << "\" has invalid header key.";
182 return;
183 }
184
185 const std::string::size_type value_index = key_end_index + 1;
186
187 if (value_index < header_line.size()) {
188 base::StringPiece header_value(header_line.data() + value_index,
189 header_line.size() - value_index);
190 header_value = HttpUtil::TrimLWS(header_value);
191 if (!HttpUtil::IsValidHeaderValue(header_value)) {
192 LOG(DFATAL) << "\"" << header_line << "\" has invalid header value.";
193 return;
194 }
195 SetHeader(header_key, header_value);
196 } else if (value_index == header_line.size()) {
197 SetHeader(header_key, "");
198 } else {
199 NOTREACHED();
200 }
201 }
202
AddHeadersFromString(base::StringPiece headers)203 void HttpRequestHeaders::AddHeadersFromString(base::StringPiece headers) {
204 for (base::StringPiece header : base::SplitStringPieceUsingSubstr(
205 headers, "\r\n", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY)) {
206 AddHeaderFromString(header);
207 }
208 }
209
MergeFrom(const HttpRequestHeaders & other)210 void HttpRequestHeaders::MergeFrom(const HttpRequestHeaders& other) {
211 for (const auto& header : other.headers_) {
212 SetHeader(header.key, header.value);
213 }
214 }
215
ToString() const216 std::string HttpRequestHeaders::ToString() const {
217 std::string output;
218 for (const auto& header : headers_) {
219 base::StringAppendF(&output, "%s: %s\r\n", header.key.c_str(),
220 header.value.c_str());
221 }
222 output.append("\r\n");
223 return output;
224 }
225
NetLogParams(const std::string & request_line,NetLogCaptureMode capture_mode) const226 base::Value::Dict HttpRequestHeaders::NetLogParams(
227 const std::string& request_line,
228 NetLogCaptureMode capture_mode) const {
229 base::Value::Dict dict;
230 dict.Set("line", NetLogStringValue(request_line));
231 base::Value::List headers;
232 for (const auto& header : headers_) {
233 std::string log_value =
234 ElideHeaderValueForNetLog(capture_mode, header.key, header.value);
235 headers.Append(
236 NetLogStringValue(base::StrCat({header.key, ": ", log_value})));
237 }
238 dict.Set("headers", std::move(headers));
239 return dict;
240 }
241
SetAcceptEncodingIfMissing(const GURL & url,const absl::optional<base::flat_set<SourceStream::SourceType>> & accepted_stream_types,bool enable_brotli)242 void HttpRequestHeaders::SetAcceptEncodingIfMissing(
243 const GURL& url,
244 const absl::optional<base::flat_set<SourceStream::SourceType>>&
245 accepted_stream_types,
246 bool enable_brotli) {
247 if (HasHeader(kAcceptEncoding))
248 return;
249
250 // If a range is specifically requested, set the "Accepted Encoding" header to
251 // "identity".
252 if (HasHeader(kRange)) {
253 SetHeader(kAcceptEncoding, "identity");
254 return;
255 }
256
257 // Supply Accept-Encoding headers first so that it is more likely that they
258 // will be in the first transmitted packet. This can sometimes make it easier
259 // to filter and analyze the streams to assure that a proxy has not damaged
260 // these headers. Some proxies deliberately corrupt Accept-Encoding headers.
261 std::vector<std::string> advertised_encoding_names;
262 if (SupportsStreamType(accepted_stream_types,
263 SourceStream::SourceType::TYPE_GZIP)) {
264 advertised_encoding_names.push_back("gzip");
265 }
266 if (SupportsStreamType(accepted_stream_types,
267 SourceStream::SourceType::TYPE_DEFLATE)) {
268 advertised_encoding_names.push_back("deflate");
269 }
270 // Advertise "br" encoding only if transferred data is opaque to proxy.
271 if (enable_brotli &&
272 SupportsStreamType(accepted_stream_types,
273 SourceStream::SourceType::TYPE_BROTLI)) {
274 if (url.SchemeIsCryptographic() || IsLocalhost(url)) {
275 advertised_encoding_names.push_back("br");
276 }
277 }
278 if (!advertised_encoding_names.empty()) {
279 // Tell the server what compression formats are supported.
280 SetHeader(
281 kAcceptEncoding,
282 base::JoinString(base::make_span(advertised_encoding_names), ", "));
283 }
284 }
285
FindHeader(base::StringPiece key)286 HttpRequestHeaders::HeaderVector::iterator HttpRequestHeaders::FindHeader(
287 base::StringPiece key) {
288 for (auto it = headers_.begin(); it != headers_.end(); ++it) {
289 if (base::EqualsCaseInsensitiveASCII(key, it->key))
290 return it;
291 }
292
293 return headers_.end();
294 }
295
FindHeader(base::StringPiece key) const296 HttpRequestHeaders::HeaderVector::const_iterator HttpRequestHeaders::FindHeader(
297 base::StringPiece key) const {
298 for (auto it = headers_.begin(); it != headers_.end(); ++it) {
299 if (base::EqualsCaseInsensitiveASCII(key, it->key))
300 return it;
301 }
302
303 return headers_.end();
304 }
305
SetHeaderInternal(base::StringPiece key,std::string && value)306 void HttpRequestHeaders::SetHeaderInternal(base::StringPiece key,
307 std::string&& value) {
308 auto it = FindHeader(key);
309 if (it != headers_.end())
310 it->value = std::move(value);
311 else
312 headers_.emplace_back(key, std::move(value));
313 }
314
315 } // namespace net
316