1 // Copyright 2012 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_HTTP_HTTP_RESPONSE_HEADERS_H_ 6 #define NET_HTTP_HTTP_RESPONSE_HEADERS_H_ 7 8 #include <stddef.h> 9 #include <stdint.h> 10 11 #include <string> 12 #include <unordered_set> 13 #include <vector> 14 15 #include "base/functional/callback.h" 16 #include "base/memory/ref_counted.h" 17 #include "base/strings/string_piece.h" 18 #include "base/time/time.h" 19 #include "base/trace_event/base_tracing_forward.h" 20 #include "base/values.h" 21 #include "net/base/net_export.h" 22 #include "net/http/http_version.h" 23 #include "net/log/net_log_capture_mode.h" 24 25 namespace base { 26 class Pickle; 27 class PickleIterator; 28 class Time; 29 class TimeDelta; 30 } 31 32 namespace net { 33 34 class HttpByteRange; 35 36 enum ValidationType { 37 VALIDATION_NONE, // The resource is fresh. 38 VALIDATION_ASYNCHRONOUS, // The resource requires async revalidation. 39 VALIDATION_SYNCHRONOUS // The resource requires sync revalidation. 40 }; 41 42 // HttpResponseHeaders: parses and holds HTTP response headers. 43 class NET_EXPORT HttpResponseHeaders 44 : public base::RefCountedThreadSafe<HttpResponseHeaders> { 45 public: 46 // Persist options. 47 typedef int PersistOptions; 48 static const PersistOptions PERSIST_RAW = -1; // Raw, unparsed headers. 49 static const PersistOptions PERSIST_ALL = 0; // Parsed headers. 50 static const PersistOptions PERSIST_SANS_COOKIES = 1 << 0; 51 static const PersistOptions PERSIST_SANS_CHALLENGES = 1 << 1; 52 static const PersistOptions PERSIST_SANS_HOP_BY_HOP = 1 << 2; 53 static const PersistOptions PERSIST_SANS_NON_CACHEABLE = 1 << 3; 54 static const PersistOptions PERSIST_SANS_RANGES = 1 << 4; 55 static const PersistOptions PERSIST_SANS_SECURITY_STATE = 1 << 5; 56 57 struct FreshnessLifetimes { 58 // How long the resource will be fresh for. 59 base::TimeDelta freshness; 60 // How long after becoming not fresh that the resource will be stale but 61 // usable (if async revalidation is enabled). 62 base::TimeDelta staleness; 63 }; 64 65 static const char kContentRange[]; 66 static const char kLastModified[]; 67 static const char kVary[]; 68 69 HttpResponseHeaders() = delete; 70 71 // Parses the given raw_headers. raw_headers should be formatted thus: 72 // includes the http status response line, each line is \0-terminated, and 73 // it's terminated by an empty line (ie, 2 \0s in a row). 74 // (Note that line continuations should have already been joined; 75 // see HttpUtil::AssembleRawHeaders) 76 // 77 // HttpResponseHeaders does not perform any encoding changes on the input. 78 // 79 explicit HttpResponseHeaders(const std::string& raw_headers); 80 81 // Initializes from the representation stored in the given pickle. The data 82 // for this object is found relative to the given pickle_iter, which should 83 // be passed to the pickle's various Read* methods. 84 explicit HttpResponseHeaders(base::PickleIterator* pickle_iter); 85 86 // Takes headers as an ASCII string and tries to parse them as HTTP response 87 // headers. returns nullptr on failure. Unlike the HttpResponseHeaders 88 // constructor that takes a std::string, HttpUtil::AssembleRawHeaders should 89 // not be called on |headers| before calling this method. 90 static scoped_refptr<HttpResponseHeaders> TryToCreate( 91 base::StringPiece headers); 92 93 HttpResponseHeaders(const HttpResponseHeaders&) = delete; 94 HttpResponseHeaders& operator=(const HttpResponseHeaders&) = delete; 95 96 // Appends a representation of this object to the given pickle. 97 // The options argument can be a combination of PersistOptions. 98 void Persist(base::Pickle* pickle, PersistOptions options); 99 100 // Performs header merging as described in 13.5.3 of RFC 2616. 101 void Update(const HttpResponseHeaders& new_headers); 102 103 // Removes all instances of a particular header. 104 void RemoveHeader(base::StringPiece name); 105 106 // Removes all instances of particular headers. 107 void RemoveHeaders(const std::unordered_set<std::string>& header_names); 108 109 // Removes a particular header line. The header name is compared 110 // case-insensitively. 111 void RemoveHeaderLine(const std::string& name, const std::string& value); 112 113 // Adds the specified response header. If a header with the same name is 114 // already stored, the two headers are not merged together by this method; the 115 // one provided is simply put at the end of the list. 116 void AddHeader(base::StringPiece name, base::StringPiece value); 117 118 // Sets the specified response header, removing any matching old one if 119 // present. The new header is added to the end of the header list, rather than 120 // replacing the old one. This is the same as calling RemoveHeader() followed 121 // be SetHeader(). 122 void SetHeader(base::StringPiece name, base::StringPiece value); 123 124 // Adds a cookie header. |cookie_string| should be the header value without 125 // the header name (Set-Cookie). 126 void AddCookie(const std::string& cookie_string); 127 128 // Replaces the current status line with the provided one (|new_status| should 129 // not have any EOL). 130 void ReplaceStatusLine(const std::string& new_status); 131 132 // Updates headers (Content-Length and Content-Range) in the |headers| to 133 // include the right content length and range for |byte_range|. This also 134 // updates HTTP status line if |replace_status_line| is true. 135 // |byte_range| must have a valid, bounded range (i.e. coming from a valid 136 // response or should be usable for a response). 137 void UpdateWithNewRange(const HttpByteRange& byte_range, 138 int64_t resource_size, 139 bool replace_status_line); 140 141 // Fetches the "normalized" value of a single header, where all values for the 142 // header name are separated by commas. This will be the sequence of strings 143 // that would be returned from repeated calls to EnumerateHeader, joined by 144 // the string ", ". 145 // 146 // Returns false if this header wasn't found. 147 // 148 // Example: 149 // Foo: a, b,c 150 // Foo: d 151 // 152 // string value; 153 // GetNormalizedHeader("Foo", &value); // Now, |value| is "a, b, c, d". 154 // 155 // NOTE: Do not make any assumptions about the encoding of this output 156 // string. It may be non-ASCII, and the encoding used by the server is not 157 // necessarily known to us. Do not assume that this output is UTF-8! 158 bool GetNormalizedHeader(base::StringPiece name, std::string* value) const; 159 160 // Returns the normalized status line. 161 std::string GetStatusLine() const; 162 163 // Get the HTTP version of the normalized status line. GetHttpVersion()164 HttpVersion GetHttpVersion() const { 165 return http_version_; 166 } 167 168 // Get the HTTP status text of the normalized status line. 169 std::string GetStatusText() const; 170 171 // Enumerate the "lines" of the response headers. This skips over the status 172 // line. Use GetStatusLine if you are interested in that. Note that this 173 // method returns the un-coalesced response header lines, so if a response 174 // header appears on multiple lines, then it will appear multiple times in 175 // this enumeration (in the order the header lines were received from the 176 // server). Also, a given header might have an empty value. Initialize a 177 // 'size_t' variable to 0 and pass it by address to EnumerateHeaderLines. 178 // Call EnumerateHeaderLines repeatedly until it returns false. The 179 // out-params 'name' and 'value' are set upon success. 180 // 181 // WARNING: In effect, repeatedly calling EnumerateHeaderLines should return 182 // the same collection of (name, value) pairs that you'd obtain from passing 183 // each header name into EnumerateHeader and repeatedly calling 184 // EnumerateHeader. This means the output will *not* necessarily correspond to 185 // the verbatim lines of the headers. For instance, given 186 // Foo: a, b 187 // Foo: c 188 // EnumerateHeaderLines will output ("Foo", "a"), ("Foo", "b"), and 189 // ("Foo", "c"). 190 bool EnumerateHeaderLines(size_t* iter, 191 std::string* name, 192 std::string* value) const; 193 194 // Enumerate the values of the specified header. If you are only interested 195 // in the first header, then you can pass nullptr for the 'iter' parameter. 196 // Otherwise, to iterate across all values for the specified header, 197 // initialize a 'size_t' variable to 0 and pass it by address to 198 // EnumerateHeader. Note that a header might have an empty value. Call 199 // EnumerateHeader repeatedly until it returns false. 200 // 201 // Unless a header is explicitly marked as non-coalescing (see 202 // HttpUtil::IsNonCoalescingHeader), headers that contain 203 // comma-separated lists are treated "as if" they had been sent as 204 // distinct headers. That is, a header of "Foo: a, b, c" would 205 // enumerate into distinct values of "a", "b", and "c". This is also 206 // true for headers that occur multiple times in a response; unless 207 // they are marked non-coalescing, "Foo: a, b" followed by "Foo: c" 208 // will enumerate to "a", "b", "c". Commas inside quoted strings are ignored, 209 // for example a header of 'Foo: "a, b", "c"' would enumerate as '"a, b"', 210 // '"c"'. 211 // 212 // This can cause issues for headers that might have commas in fields that 213 // aren't quoted strings, for example a header of "Foo: <a, b>, <c>" would 214 // enumerate as '<a', 'b>', '<c>', rather than as '<a, b>', '<c>'. 215 // 216 // To handle cases such as this, use GetNormalizedHeader to return the full 217 // concatenated header, and then parse manually. 218 bool EnumerateHeader(size_t* iter, 219 base::StringPiece name, 220 std::string* value) const; 221 222 // Returns true if the response contains the specified header-value pair. 223 // Both name and value are compared case insensitively. 224 bool HasHeaderValue(base::StringPiece name, base::StringPiece value) const; 225 226 // Returns true if the response contains the specified header. 227 // The name is compared case insensitively. 228 bool HasHeader(base::StringPiece name) const; 229 230 // Get the mime type and charset values in lower case form from the headers. 231 // Empty strings are returned if the values are not present. 232 void GetMimeTypeAndCharset(std::string* mime_type, 233 std::string* charset) const; 234 235 // Get the mime type in lower case from the headers. If there's no mime 236 // type, returns false. 237 bool GetMimeType(std::string* mime_type) const; 238 239 // Get the charset in lower case from the headers. If there's no charset, 240 // returns false. 241 bool GetCharset(std::string* charset) const; 242 243 // Returns true if this response corresponds to a redirect. The target 244 // location of the redirect is optionally returned if location is non-null. 245 bool IsRedirect(std::string* location) const; 246 247 // Returns true if the HTTP response code passed in corresponds to a 248 // redirect. 249 static bool IsRedirectResponseCode(int response_code); 250 251 // Returns VALIDATION_NONE if the response can be reused without 252 // validation. VALIDATION_ASYNCHRONOUS means the response can be re-used, but 253 // asynchronous revalidation must be performed. VALIDATION_SYNCHRONOUS means 254 // that the result cannot be reused without revalidation. 255 // The result is relative to the current_time parameter, which is 256 // a parameter to support unit testing. The request_time parameter indicates 257 // the time at which the request was made that resulted in this response, 258 // which was received at response_time. 259 ValidationType RequiresValidation(const base::Time& request_time, 260 const base::Time& response_time, 261 const base::Time& current_time) const; 262 263 // Calculates the amount of time the server claims the response is fresh from 264 // the time the response was generated. See section 13.2.4 of RFC 2616. See 265 // RequiresValidation for a description of the response_time parameter. See 266 // the definition of FreshnessLifetimes above for the meaning of the return 267 // value. See RFC 5861 section 3 for the definition of 268 // stale-while-revalidate. 269 FreshnessLifetimes GetFreshnessLifetimes( 270 const base::Time& response_time) const; 271 272 // Returns the age of the response. See section 13.2.3 of RFC 2616. 273 // See RequiresValidation for a description of this method's parameters. 274 base::TimeDelta GetCurrentAge(const base::Time& request_time, 275 const base::Time& response_time, 276 const base::Time& current_time) const; 277 278 // The following methods extract values from the response headers. If a 279 // value is not present, or is invalid, then false is returned. Otherwise, 280 // true is returned and the out param is assigned to the corresponding value. 281 bool GetMaxAgeValue(base::TimeDelta* value) const; 282 bool GetAgeValue(base::TimeDelta* value) const; 283 bool GetDateValue(base::Time* value) const; 284 bool GetLastModifiedValue(base::Time* value) const; 285 bool GetExpiresValue(base::Time* value) const; 286 bool GetStaleWhileRevalidateValue(base::TimeDelta* value) const; 287 288 // Extracts the time value of a particular header. This method looks for the 289 // first matching header value and parses its value as a HTTP-date. 290 bool GetTimeValuedHeader(const std::string& name, base::Time* result) const; 291 292 // Determines if this response indicates a keep-alive connection. 293 bool IsKeepAlive() const; 294 295 // Returns true if this response has a strong etag or last-modified header. 296 // See section 13.3.3 of RFC 2616. 297 bool HasStrongValidators() const; 298 299 // Returns true if this response has any validator (either a Last-Modified or 300 // an ETag) regardless of whether it is strong or weak. See section 13.3.3 of 301 // RFC 2616. 302 bool HasValidators() const; 303 304 // Extracts the value of the Content-Length header or returns -1 if there is 305 // no such header in the response. 306 int64_t GetContentLength() const; 307 308 // Extracts the value of the specified header or returns -1 if there is no 309 // such header in the response. 310 int64_t GetInt64HeaderValue(const std::string& header) const; 311 312 // Extracts the values in a Content-Range header and returns true if all three 313 // values are present and valid for a 206 response; otherwise returns false. 314 // The following values will be outputted: 315 // |*first_byte_position| = inclusive position of the first byte of the range 316 // |*last_byte_position| = inclusive position of the last byte of the range 317 // |*instance_length| = size in bytes of the object requested 318 // If this method returns false, then all of the outputs will be -1. 319 bool GetContentRangeFor206(int64_t* first_byte_position, 320 int64_t* last_byte_position, 321 int64_t* instance_length) const; 322 323 // Returns true if the response is chunk-encoded. 324 bool IsChunkEncoded() const; 325 326 // Creates a Value for use with the NetLog containing the response headers. 327 base::Value::Dict NetLogParams(NetLogCaptureMode capture_mode) const; 328 329 // Returns the HTTP response code. This is 0 if the response code text seems 330 // to exist but could not be parsed. Otherwise, it defaults to 200 if the 331 // response code is not found in the raw headers. response_code()332 int response_code() const { return response_code_; } 333 334 // Returns the raw header string. raw_headers()335 const std::string& raw_headers() const { return raw_headers_; } 336 337 // Returns true if |name| is a cookie related header name. This is consistent 338 // with |PERSIST_SANS_COOKIES|. 339 static bool IsCookieResponseHeader(base::StringPiece name); 340 341 // Write a representation of this object into tracing proto. 342 void WriteIntoTrace(perfetto::TracedValue context) const; 343 344 private: 345 friend class base::RefCountedThreadSafe<HttpResponseHeaders>; 346 347 using HeaderSet = std::unordered_set<std::string>; 348 349 // The members of this structure point into raw_headers_. 350 struct ParsedHeader; 351 typedef std::vector<ParsedHeader> HeaderList; 352 353 ~HttpResponseHeaders(); 354 355 // Initializes from the given raw headers. 356 void Parse(const std::string& raw_input); 357 358 // Helper function for ParseStatusLine. 359 // Tries to extract the "HTTP/X.Y" from a status line formatted like: 360 // HTTP/1.1 200 OK 361 // with line_begin and end pointing at the begin and end of this line. If the 362 // status line is malformed, returns HttpVersion(0,0). 363 static HttpVersion ParseVersion(std::string::const_iterator line_begin, 364 std::string::const_iterator line_end); 365 366 // Tries to extract the status line from a header block, given the first 367 // line of said header block. If the status line is malformed, we'll 368 // construct a valid one. Example input: 369 // HTTP/1.1 200 OK 370 // with line_begin and end pointing at the begin and end of this line. 371 // Output will be a normalized version of this. 372 void ParseStatusLine(std::string::const_iterator line_begin, 373 std::string::const_iterator line_end, 374 bool has_headers); 375 376 // Find the header in our list (case-insensitive) starting with |parsed_| at 377 // index |from|. Returns string::npos if not found. 378 size_t FindHeader(size_t from, base::StringPiece name) const; 379 380 // Search the Cache-Control header for a directive matching |directive|. If 381 // present, treat its value as a time offset in seconds, write it to |result|, 382 // and return true. 383 bool GetCacheControlDirective(base::StringPiece directive, 384 base::TimeDelta* result) const; 385 386 // Add a header->value pair to our list. If we already have header in our 387 // list, append the value to it. 388 void AddHeader(std::string::const_iterator name_begin, 389 std::string::const_iterator name_end, 390 std::string::const_iterator value_begin, 391 std::string::const_iterator value_end); 392 393 // Add to parsed_ given the fields of a ParsedHeader object. 394 void AddToParsed(std::string::const_iterator name_begin, 395 std::string::const_iterator name_end, 396 std::string::const_iterator value_begin, 397 std::string::const_iterator value_end); 398 399 // Replaces the current headers with the merged version of `raw_headers` and 400 // the current headers without the headers in `headers_to_remove`. Note that 401 // `headers_to_remove` are removed from the current headers (before the 402 // merge), not after the merge. 403 // `raw_headers` is a std::string, not a const reference to a std::string, 404 // to avoid a potentially excessive copy. 405 void MergeWithHeaders(std::string raw_headers, 406 const HeaderSet& headers_to_remove); 407 408 // Adds the values from any 'cache-control: no-cache="foo,bar"' headers. 409 void AddNonCacheableHeaders(HeaderSet* header_names) const; 410 411 // Adds the set of header names that contain cookie values. 412 static void AddSensitiveHeaders(HeaderSet* header_names); 413 414 // Adds the set of rfc2616 hop-by-hop response headers. 415 static void AddHopByHopHeaders(HeaderSet* header_names); 416 417 // Adds the set of challenge response headers. 418 static void AddChallengeHeaders(HeaderSet* header_names); 419 420 // Adds the set of cookie response headers. 421 static void AddCookieHeaders(HeaderSet* header_names); 422 423 // Adds the set of content range response headers. 424 static void AddHopContentRangeHeaders(HeaderSet* header_names); 425 426 // Adds the set of transport security state headers. 427 static void AddSecurityStateHeaders(HeaderSet* header_names); 428 429 // We keep a list of ParsedHeader objects. These tell us where to locate the 430 // header-value pairs within raw_headers_. 431 HeaderList parsed_; 432 433 // The raw_headers_ consists of the normalized status line (terminated with a 434 // null byte) and then followed by the raw null-terminated headers from the 435 // input that was passed to our constructor. We preserve the input [*] to 436 // maintain as much ancillary fidelity as possible (since it is sometimes 437 // hard to tell what may matter down-stream to a consumer of XMLHttpRequest). 438 // [*] The status line may be modified. 439 std::string raw_headers_; 440 441 // This is the parsed HTTP response code. 442 int response_code_; 443 444 // The normalized http version (consistent with what GetStatusLine() returns). 445 HttpVersion http_version_; 446 }; 447 448 using ResponseHeadersCallback = 449 base::RepeatingCallback<void(scoped_refptr<const HttpResponseHeaders>)>; 450 451 } // namespace net 452 453 #endif // NET_HTTP_HTTP_RESPONSE_HEADERS_H_ 454