1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // The rules for header parsing were borrowed from Firefox:
6 // http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpResponseHead.cpp
7 // The rules for parsing content-types were also borrowed from Firefox:
8 // http://lxr.mozilla.org/mozilla/source/netwerk/base/src/nsURLHelper.cpp#834
9
10 #include "net/http/http_response_headers.h"
11
12 #include <algorithm>
13
14 #include "base/format_macros.h"
15 #include "base/logging.h"
16 #include "base/metrics/histogram.h"
17 #include "base/pickle.h"
18 #include "base/strings/string_number_conversions.h"
19 #include "base/strings/string_piece.h"
20 #include "base/strings/string_util.h"
21 #include "base/strings/stringprintf.h"
22 #include "base/time/time.h"
23 #include "base/values.h"
24 #include "net/base/escape.h"
25 #include "net/http/http_byte_range.h"
26 #include "net/http/http_log_util.h"
27 #include "net/http/http_util.h"
28
29 using base::StringPiece;
30 using base::Time;
31 using base::TimeDelta;
32
33 namespace net {
34
35 //-----------------------------------------------------------------------------
36
37 namespace {
38
39 // These headers are RFC 2616 hop-by-hop headers;
40 // not to be stored by caches.
41 const char* const kHopByHopResponseHeaders[] = {
42 "connection",
43 "proxy-connection",
44 "keep-alive",
45 "trailer",
46 "transfer-encoding",
47 "upgrade"
48 };
49
50 // These headers are challenge response headers;
51 // not to be stored by caches.
52 const char* const kChallengeResponseHeaders[] = {
53 "www-authenticate",
54 "proxy-authenticate"
55 };
56
57 // These headers are cookie setting headers;
58 // not to be stored by caches or disclosed otherwise.
59 const char* const kCookieResponseHeaders[] = {
60 "set-cookie",
61 "set-cookie2"
62 };
63
64 // By default, do not cache Strict-Transport-Security or Public-Key-Pins.
65 // This avoids erroneously re-processing them on page loads from cache ---
66 // they are defined to be valid only on live and error-free HTTPS
67 // connections.
68 const char* const kSecurityStateHeaders[] = {
69 "strict-transport-security",
70 "public-key-pins"
71 };
72
73 // These response headers are not copied from a 304/206 response to the cached
74 // response headers. This list is based on Mozilla's nsHttpResponseHead.cpp.
75 const char* const kNonUpdatedHeaders[] = {
76 "connection",
77 "proxy-connection",
78 "keep-alive",
79 "www-authenticate",
80 "proxy-authenticate",
81 "trailer",
82 "transfer-encoding",
83 "upgrade",
84 "etag",
85 "x-frame-options",
86 "x-xss-protection",
87 };
88
89 // Some header prefixes mean "Don't copy this header from a 304 response.".
90 // Rather than listing all the relevant headers, we can consolidate them into
91 // this list:
92 const char* const kNonUpdatedHeaderPrefixes[] = {
93 "content-",
94 "x-content-",
95 "x-webkit-"
96 };
97
ShouldUpdateHeader(const std::string::const_iterator & name_begin,const std::string::const_iterator & name_end)98 bool ShouldUpdateHeader(const std::string::const_iterator& name_begin,
99 const std::string::const_iterator& name_end) {
100 for (size_t i = 0; i < arraysize(kNonUpdatedHeaders); ++i) {
101 if (LowerCaseEqualsASCII(name_begin, name_end, kNonUpdatedHeaders[i]))
102 return false;
103 }
104 for (size_t i = 0; i < arraysize(kNonUpdatedHeaderPrefixes); ++i) {
105 if (StartsWithASCII(std::string(name_begin, name_end),
106 kNonUpdatedHeaderPrefixes[i], false))
107 return false;
108 }
109 return true;
110 }
111
CheckDoesNotHaveEmbededNulls(const std::string & str)112 void CheckDoesNotHaveEmbededNulls(const std::string& str) {
113 // Care needs to be taken when adding values to the raw headers string to
114 // make sure it does not contain embeded NULLs. Any embeded '\0' may be
115 // understood as line terminators and change how header lines get tokenized.
116 CHECK(str.find('\0') == std::string::npos);
117 }
118
119 } // namespace
120
121 const char HttpResponseHeaders::kContentRange[] = "Content-Range";
122
123 struct HttpResponseHeaders::ParsedHeader {
124 // A header "continuation" contains only a subsequent value for the
125 // preceding header. (Header values are comma separated.)
is_continuationnet::HttpResponseHeaders::ParsedHeader126 bool is_continuation() const { return name_begin == name_end; }
127
128 std::string::const_iterator name_begin;
129 std::string::const_iterator name_end;
130 std::string::const_iterator value_begin;
131 std::string::const_iterator value_end;
132 };
133
134 //-----------------------------------------------------------------------------
135
HttpResponseHeaders(const std::string & raw_input)136 HttpResponseHeaders::HttpResponseHeaders(const std::string& raw_input)
137 : response_code_(-1) {
138 Parse(raw_input);
139
140 // The most important thing to do with this histogram is find out
141 // the existence of unusual HTTP status codes. As it happens
142 // right now, there aren't double-constructions of response headers
143 // using this constructor, so our counts should also be accurate,
144 // without instantiating the histogram in two places. It is also
145 // important that this histogram not collect data in the other
146 // constructor, which rebuilds an histogram from a pickle, since
147 // that would actually create a double call between the original
148 // HttpResponseHeader that was serialized, and initialization of the
149 // new object from that pickle.
150 UMA_HISTOGRAM_CUSTOM_ENUMERATION("Net.HttpResponseCode",
151 HttpUtil::MapStatusCodeForHistogram(
152 response_code_),
153 // Note the third argument is only
154 // evaluated once, see macro
155 // definition for details.
156 HttpUtil::GetStatusCodesForHistogram());
157 }
158
HttpResponseHeaders(const Pickle & pickle,PickleIterator * iter)159 HttpResponseHeaders::HttpResponseHeaders(const Pickle& pickle,
160 PickleIterator* iter)
161 : response_code_(-1) {
162 std::string raw_input;
163 if (pickle.ReadString(iter, &raw_input))
164 Parse(raw_input);
165 }
166
Persist(Pickle * pickle,PersistOptions options)167 void HttpResponseHeaders::Persist(Pickle* pickle, PersistOptions options) {
168 if (options == PERSIST_RAW) {
169 pickle->WriteString(raw_headers_);
170 return; // Done.
171 }
172
173 HeaderSet filter_headers;
174
175 // Construct set of headers to filter out based on options.
176 if ((options & PERSIST_SANS_NON_CACHEABLE) == PERSIST_SANS_NON_CACHEABLE)
177 AddNonCacheableHeaders(&filter_headers);
178
179 if ((options & PERSIST_SANS_COOKIES) == PERSIST_SANS_COOKIES)
180 AddCookieHeaders(&filter_headers);
181
182 if ((options & PERSIST_SANS_CHALLENGES) == PERSIST_SANS_CHALLENGES)
183 AddChallengeHeaders(&filter_headers);
184
185 if ((options & PERSIST_SANS_HOP_BY_HOP) == PERSIST_SANS_HOP_BY_HOP)
186 AddHopByHopHeaders(&filter_headers);
187
188 if ((options & PERSIST_SANS_RANGES) == PERSIST_SANS_RANGES)
189 AddHopContentRangeHeaders(&filter_headers);
190
191 if ((options & PERSIST_SANS_SECURITY_STATE) == PERSIST_SANS_SECURITY_STATE)
192 AddSecurityStateHeaders(&filter_headers);
193
194 std::string blob;
195 blob.reserve(raw_headers_.size());
196
197 // This copies the status line w/ terminator null.
198 // Note raw_headers_ has embedded nulls instead of \n,
199 // so this just copies the first header line.
200 blob.assign(raw_headers_.c_str(), strlen(raw_headers_.c_str()) + 1);
201
202 for (size_t i = 0; i < parsed_.size(); ++i) {
203 DCHECK(!parsed_[i].is_continuation());
204
205 // Locate the start of the next header.
206 size_t k = i;
207 while (++k < parsed_.size() && parsed_[k].is_continuation()) {}
208 --k;
209
210 std::string header_name(parsed_[i].name_begin, parsed_[i].name_end);
211 base::StringToLowerASCII(&header_name);
212
213 if (filter_headers.find(header_name) == filter_headers.end()) {
214 // Make sure there is a null after the value.
215 blob.append(parsed_[i].name_begin, parsed_[k].value_end);
216 blob.push_back('\0');
217 }
218
219 i = k;
220 }
221 blob.push_back('\0');
222
223 pickle->WriteString(blob);
224 }
225
Update(const HttpResponseHeaders & new_headers)226 void HttpResponseHeaders::Update(const HttpResponseHeaders& new_headers) {
227 DCHECK(new_headers.response_code() == 304 ||
228 new_headers.response_code() == 206);
229
230 // Copy up to the null byte. This just copies the status line.
231 std::string new_raw_headers(raw_headers_.c_str());
232 new_raw_headers.push_back('\0');
233
234 HeaderSet updated_headers;
235
236 // NOTE: we write the new headers then the old headers for convenience. The
237 // order should not matter.
238
239 // Figure out which headers we want to take from new_headers:
240 for (size_t i = 0; i < new_headers.parsed_.size(); ++i) {
241 const HeaderList& new_parsed = new_headers.parsed_;
242
243 DCHECK(!new_parsed[i].is_continuation());
244
245 // Locate the start of the next header.
246 size_t k = i;
247 while (++k < new_parsed.size() && new_parsed[k].is_continuation()) {}
248 --k;
249
250 const std::string::const_iterator& name_begin = new_parsed[i].name_begin;
251 const std::string::const_iterator& name_end = new_parsed[i].name_end;
252 if (ShouldUpdateHeader(name_begin, name_end)) {
253 std::string name(name_begin, name_end);
254 base::StringToLowerASCII(&name);
255 updated_headers.insert(name);
256
257 // Preserve this header line in the merged result, making sure there is
258 // a null after the value.
259 new_raw_headers.append(name_begin, new_parsed[k].value_end);
260 new_raw_headers.push_back('\0');
261 }
262
263 i = k;
264 }
265
266 // Now, build the new raw headers.
267 MergeWithHeaders(new_raw_headers, updated_headers);
268 }
269
MergeWithHeaders(const std::string & raw_headers,const HeaderSet & headers_to_remove)270 void HttpResponseHeaders::MergeWithHeaders(const std::string& raw_headers,
271 const HeaderSet& headers_to_remove) {
272 std::string new_raw_headers(raw_headers);
273 for (size_t i = 0; i < parsed_.size(); ++i) {
274 DCHECK(!parsed_[i].is_continuation());
275
276 // Locate the start of the next header.
277 size_t k = i;
278 while (++k < parsed_.size() && parsed_[k].is_continuation()) {}
279 --k;
280
281 std::string name(parsed_[i].name_begin, parsed_[i].name_end);
282 base::StringToLowerASCII(&name);
283 if (headers_to_remove.find(name) == headers_to_remove.end()) {
284 // It's ok to preserve this header in the final result.
285 new_raw_headers.append(parsed_[i].name_begin, parsed_[k].value_end);
286 new_raw_headers.push_back('\0');
287 }
288
289 i = k;
290 }
291 new_raw_headers.push_back('\0');
292
293 // Make this object hold the new data.
294 raw_headers_.clear();
295 parsed_.clear();
296 Parse(new_raw_headers);
297 }
298
RemoveHeader(const std::string & name)299 void HttpResponseHeaders::RemoveHeader(const std::string& name) {
300 // Copy up to the null byte. This just copies the status line.
301 std::string new_raw_headers(raw_headers_.c_str());
302 new_raw_headers.push_back('\0');
303
304 std::string lowercase_name(name);
305 base::StringToLowerASCII(&lowercase_name);
306 HeaderSet to_remove;
307 to_remove.insert(lowercase_name);
308 MergeWithHeaders(new_raw_headers, to_remove);
309 }
310
RemoveHeaderLine(const std::string & name,const std::string & value)311 void HttpResponseHeaders::RemoveHeaderLine(const std::string& name,
312 const std::string& value) {
313 std::string name_lowercase(name);
314 base::StringToLowerASCII(&name_lowercase);
315
316 std::string new_raw_headers(GetStatusLine());
317 new_raw_headers.push_back('\0');
318
319 new_raw_headers.reserve(raw_headers_.size());
320
321 void* iter = NULL;
322 std::string old_header_name;
323 std::string old_header_value;
324 while (EnumerateHeaderLines(&iter, &old_header_name, &old_header_value)) {
325 std::string old_header_name_lowercase(name);
326 base::StringToLowerASCII(&old_header_name_lowercase);
327
328 if (name_lowercase == old_header_name_lowercase &&
329 value == old_header_value)
330 continue;
331
332 new_raw_headers.append(old_header_name);
333 new_raw_headers.push_back(':');
334 new_raw_headers.push_back(' ');
335 new_raw_headers.append(old_header_value);
336 new_raw_headers.push_back('\0');
337 }
338 new_raw_headers.push_back('\0');
339
340 // Make this object hold the new data.
341 raw_headers_.clear();
342 parsed_.clear();
343 Parse(new_raw_headers);
344 }
345
AddHeader(const std::string & header)346 void HttpResponseHeaders::AddHeader(const std::string& header) {
347 CheckDoesNotHaveEmbededNulls(header);
348 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]);
349 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]);
350 // Don't copy the last null.
351 std::string new_raw_headers(raw_headers_, 0, raw_headers_.size() - 1);
352 new_raw_headers.append(header);
353 new_raw_headers.push_back('\0');
354 new_raw_headers.push_back('\0');
355
356 // Make this object hold the new data.
357 raw_headers_.clear();
358 parsed_.clear();
359 Parse(new_raw_headers);
360 }
361
ReplaceStatusLine(const std::string & new_status)362 void HttpResponseHeaders::ReplaceStatusLine(const std::string& new_status) {
363 CheckDoesNotHaveEmbededNulls(new_status);
364 // Copy up to the null byte. This just copies the status line.
365 std::string new_raw_headers(new_status);
366 new_raw_headers.push_back('\0');
367
368 HeaderSet empty_to_remove;
369 MergeWithHeaders(new_raw_headers, empty_to_remove);
370 }
371
UpdateWithNewRange(const HttpByteRange & byte_range,int64 resource_size,bool replace_status_line)372 void HttpResponseHeaders::UpdateWithNewRange(
373 const HttpByteRange& byte_range,
374 int64 resource_size,
375 bool replace_status_line) {
376 DCHECK(byte_range.IsValid());
377 DCHECK(byte_range.HasFirstBytePosition());
378 DCHECK(byte_range.HasLastBytePosition());
379
380 const char kLengthHeader[] = "Content-Length";
381 const char kRangeHeader[] = "Content-Range";
382
383 RemoveHeader(kLengthHeader);
384 RemoveHeader(kRangeHeader);
385
386 int64 start = byte_range.first_byte_position();
387 int64 end = byte_range.last_byte_position();
388 int64 range_len = end - start + 1;
389
390 if (replace_status_line)
391 ReplaceStatusLine("HTTP/1.1 206 Partial Content");
392
393 AddHeader(base::StringPrintf("%s: bytes %" PRId64 "-%" PRId64 "/%" PRId64,
394 kRangeHeader, start, end, resource_size));
395 AddHeader(base::StringPrintf("%s: %" PRId64, kLengthHeader, range_len));
396 }
397
Parse(const std::string & raw_input)398 void HttpResponseHeaders::Parse(const std::string& raw_input) {
399 raw_headers_.reserve(raw_input.size());
400
401 // ParseStatusLine adds a normalized status line to raw_headers_
402 std::string::const_iterator line_begin = raw_input.begin();
403 std::string::const_iterator line_end =
404 std::find(line_begin, raw_input.end(), '\0');
405 // has_headers = true, if there is any data following the status line.
406 // Used by ParseStatusLine() to decide if a HTTP/0.9 is really a HTTP/1.0.
407 bool has_headers = (line_end != raw_input.end() &&
408 (line_end + 1) != raw_input.end() &&
409 *(line_end + 1) != '\0');
410 ParseStatusLine(line_begin, line_end, has_headers);
411 raw_headers_.push_back('\0'); // Terminate status line with a null.
412
413 if (line_end == raw_input.end()) {
414 raw_headers_.push_back('\0'); // Ensure the headers end with a double null.
415
416 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]);
417 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]);
418 return;
419 }
420
421 // Including a terminating null byte.
422 size_t status_line_len = raw_headers_.size();
423
424 // Now, we add the rest of the raw headers to raw_headers_, and begin parsing
425 // it (to populate our parsed_ vector).
426 raw_headers_.append(line_end + 1, raw_input.end());
427
428 // Ensure the headers end with a double null.
429 while (raw_headers_.size() < 2 ||
430 raw_headers_[raw_headers_.size() - 2] != '\0' ||
431 raw_headers_[raw_headers_.size() - 1] != '\0') {
432 raw_headers_.push_back('\0');
433 }
434
435 // Adjust to point at the null byte following the status line
436 line_end = raw_headers_.begin() + status_line_len - 1;
437
438 HttpUtil::HeadersIterator headers(line_end + 1, raw_headers_.end(),
439 std::string(1, '\0'));
440 while (headers.GetNext()) {
441 AddHeader(headers.name_begin(),
442 headers.name_end(),
443 headers.values_begin(),
444 headers.values_end());
445 }
446
447 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]);
448 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]);
449 }
450
451 // Append all of our headers to the final output string.
GetNormalizedHeaders(std::string * output) const452 void HttpResponseHeaders::GetNormalizedHeaders(std::string* output) const {
453 // copy up to the null byte. this just copies the status line.
454 output->assign(raw_headers_.c_str());
455
456 // headers may appear multiple times (not necessarily in succession) in the
457 // header data, so we build a map from header name to generated header lines.
458 // to preserve the order of the original headers, the actual values are kept
459 // in a separate list. finally, the list of headers is flattened to form
460 // the normalized block of headers.
461 //
462 // NOTE: We take special care to preserve the whitespace around any commas
463 // that may occur in the original response headers. Because our consumer may
464 // be a web app, we cannot be certain of the semantics of commas despite the
465 // fact that RFC 2616 says that they should be regarded as value separators.
466 //
467 typedef base::hash_map<std::string, size_t> HeadersMap;
468 HeadersMap headers_map;
469 HeadersMap::iterator iter = headers_map.end();
470
471 std::vector<std::string> headers;
472
473 for (size_t i = 0; i < parsed_.size(); ++i) {
474 DCHECK(!parsed_[i].is_continuation());
475
476 std::string name(parsed_[i].name_begin, parsed_[i].name_end);
477 std::string lower_name = base::StringToLowerASCII(name);
478
479 iter = headers_map.find(lower_name);
480 if (iter == headers_map.end()) {
481 iter = headers_map.insert(
482 HeadersMap::value_type(lower_name, headers.size())).first;
483 headers.push_back(name + ": ");
484 } else {
485 headers[iter->second].append(", ");
486 }
487
488 std::string::const_iterator value_begin = parsed_[i].value_begin;
489 std::string::const_iterator value_end = parsed_[i].value_end;
490 while (++i < parsed_.size() && parsed_[i].is_continuation())
491 value_end = parsed_[i].value_end;
492 --i;
493
494 headers[iter->second].append(value_begin, value_end);
495 }
496
497 for (size_t i = 0; i < headers.size(); ++i) {
498 output->push_back('\n');
499 output->append(headers[i]);
500 }
501
502 output->push_back('\n');
503 }
504
GetNormalizedHeader(const std::string & name,std::string * value) const505 bool HttpResponseHeaders::GetNormalizedHeader(const std::string& name,
506 std::string* value) const {
507 // If you hit this assertion, please use EnumerateHeader instead!
508 DCHECK(!HttpUtil::IsNonCoalescingHeader(name));
509
510 value->clear();
511
512 bool found = false;
513 size_t i = 0;
514 while (i < parsed_.size()) {
515 i = FindHeader(i, name);
516 if (i == std::string::npos)
517 break;
518
519 found = true;
520
521 if (!value->empty())
522 value->append(", ");
523
524 std::string::const_iterator value_begin = parsed_[i].value_begin;
525 std::string::const_iterator value_end = parsed_[i].value_end;
526 while (++i < parsed_.size() && parsed_[i].is_continuation())
527 value_end = parsed_[i].value_end;
528 value->append(value_begin, value_end);
529 }
530
531 return found;
532 }
533
GetStatusLine() const534 std::string HttpResponseHeaders::GetStatusLine() const {
535 // copy up to the null byte.
536 return std::string(raw_headers_.c_str());
537 }
538
GetStatusText() const539 std::string HttpResponseHeaders::GetStatusText() const {
540 // GetStatusLine() is already normalized, so it has the format:
541 // <http_version> SP <response_code> SP <status_text>
542 std::string status_text = GetStatusLine();
543 std::string::const_iterator begin = status_text.begin();
544 std::string::const_iterator end = status_text.end();
545 for (int i = 0; i < 2; ++i)
546 begin = std::find(begin, end, ' ') + 1;
547 return std::string(begin, end);
548 }
549
EnumerateHeaderLines(void ** iter,std::string * name,std::string * value) const550 bool HttpResponseHeaders::EnumerateHeaderLines(void** iter,
551 std::string* name,
552 std::string* value) const {
553 size_t i = reinterpret_cast<size_t>(*iter);
554 if (i == parsed_.size())
555 return false;
556
557 DCHECK(!parsed_[i].is_continuation());
558
559 name->assign(parsed_[i].name_begin, parsed_[i].name_end);
560
561 std::string::const_iterator value_begin = parsed_[i].value_begin;
562 std::string::const_iterator value_end = parsed_[i].value_end;
563 while (++i < parsed_.size() && parsed_[i].is_continuation())
564 value_end = parsed_[i].value_end;
565
566 value->assign(value_begin, value_end);
567
568 *iter = reinterpret_cast<void*>(i);
569 return true;
570 }
571
EnumerateHeader(void ** iter,const base::StringPiece & name,std::string * value) const572 bool HttpResponseHeaders::EnumerateHeader(void** iter,
573 const base::StringPiece& name,
574 std::string* value) const {
575 size_t i;
576 if (!iter || !*iter) {
577 i = FindHeader(0, name);
578 } else {
579 i = reinterpret_cast<size_t>(*iter);
580 if (i >= parsed_.size()) {
581 i = std::string::npos;
582 } else if (!parsed_[i].is_continuation()) {
583 i = FindHeader(i, name);
584 }
585 }
586
587 if (i == std::string::npos) {
588 value->clear();
589 return false;
590 }
591
592 if (iter)
593 *iter = reinterpret_cast<void*>(i + 1);
594 value->assign(parsed_[i].value_begin, parsed_[i].value_end);
595 return true;
596 }
597
HasHeaderValue(const base::StringPiece & name,const base::StringPiece & value) const598 bool HttpResponseHeaders::HasHeaderValue(const base::StringPiece& name,
599 const base::StringPiece& value) const {
600 // The value has to be an exact match. This is important since
601 // 'cache-control: no-cache' != 'cache-control: no-cache="foo"'
602 void* iter = NULL;
603 std::string temp;
604 while (EnumerateHeader(&iter, name, &temp)) {
605 if (value.size() == temp.size() &&
606 std::equal(temp.begin(), temp.end(), value.begin(),
607 base::CaseInsensitiveCompare<char>()))
608 return true;
609 }
610 return false;
611 }
612
HasHeader(const base::StringPiece & name) const613 bool HttpResponseHeaders::HasHeader(const base::StringPiece& name) const {
614 return FindHeader(0, name) != std::string::npos;
615 }
616
HttpResponseHeaders()617 HttpResponseHeaders::HttpResponseHeaders() : response_code_(-1) {
618 }
619
~HttpResponseHeaders()620 HttpResponseHeaders::~HttpResponseHeaders() {
621 }
622
623 // Note: this implementation implicitly assumes that line_end points at a valid
624 // sentinel character (such as '\0').
625 // static
ParseVersion(std::string::const_iterator line_begin,std::string::const_iterator line_end)626 HttpVersion HttpResponseHeaders::ParseVersion(
627 std::string::const_iterator line_begin,
628 std::string::const_iterator line_end) {
629 std::string::const_iterator p = line_begin;
630
631 // RFC2616 sec 3.1: HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT
632 // TODO: (1*DIGIT apparently means one or more digits, but we only handle 1).
633 // TODO: handle leading zeros, which is allowed by the rfc1616 sec 3.1.
634
635 if ((line_end - p < 4) || !LowerCaseEqualsASCII(p, p + 4, "http")) {
636 DVLOG(1) << "missing status line";
637 return HttpVersion();
638 }
639
640 p += 4;
641
642 if (p >= line_end || *p != '/') {
643 DVLOG(1) << "missing version";
644 return HttpVersion();
645 }
646
647 std::string::const_iterator dot = std::find(p, line_end, '.');
648 if (dot == line_end) {
649 DVLOG(1) << "malformed version";
650 return HttpVersion();
651 }
652
653 ++p; // from / to first digit.
654 ++dot; // from . to second digit.
655
656 if (!(*p >= '0' && *p <= '9' && *dot >= '0' && *dot <= '9')) {
657 DVLOG(1) << "malformed version number";
658 return HttpVersion();
659 }
660
661 uint16 major = *p - '0';
662 uint16 minor = *dot - '0';
663
664 return HttpVersion(major, minor);
665 }
666
667 // Note: this implementation implicitly assumes that line_end points at a valid
668 // sentinel character (such as '\0').
ParseStatusLine(std::string::const_iterator line_begin,std::string::const_iterator line_end,bool has_headers)669 void HttpResponseHeaders::ParseStatusLine(
670 std::string::const_iterator line_begin,
671 std::string::const_iterator line_end,
672 bool has_headers) {
673 // Extract the version number
674 parsed_http_version_ = ParseVersion(line_begin, line_end);
675
676 // Clamp the version number to one of: {0.9, 1.0, 1.1}
677 if (parsed_http_version_ == HttpVersion(0, 9) && !has_headers) {
678 http_version_ = HttpVersion(0, 9);
679 raw_headers_ = "HTTP/0.9";
680 } else if (parsed_http_version_ >= HttpVersion(1, 1)) {
681 http_version_ = HttpVersion(1, 1);
682 raw_headers_ = "HTTP/1.1";
683 } else {
684 // Treat everything else like HTTP 1.0
685 http_version_ = HttpVersion(1, 0);
686 raw_headers_ = "HTTP/1.0";
687 }
688 if (parsed_http_version_ != http_version_) {
689 DVLOG(1) << "assuming HTTP/" << http_version_.major_value() << "."
690 << http_version_.minor_value();
691 }
692
693 // TODO(eroman): this doesn't make sense if ParseVersion failed.
694 std::string::const_iterator p = std::find(line_begin, line_end, ' ');
695
696 if (p == line_end) {
697 DVLOG(1) << "missing response status; assuming 200 OK";
698 raw_headers_.append(" 200 OK");
699 response_code_ = 200;
700 return;
701 }
702
703 // Skip whitespace.
704 while (*p == ' ')
705 ++p;
706
707 std::string::const_iterator code = p;
708 while (*p >= '0' && *p <= '9')
709 ++p;
710
711 if (p == code) {
712 DVLOG(1) << "missing response status number; assuming 200";
713 raw_headers_.append(" 200 OK");
714 response_code_ = 200;
715 return;
716 }
717 raw_headers_.push_back(' ');
718 raw_headers_.append(code, p);
719 raw_headers_.push_back(' ');
720 base::StringToInt(StringPiece(code, p), &response_code_);
721
722 // Skip whitespace.
723 while (*p == ' ')
724 ++p;
725
726 // Trim trailing whitespace.
727 while (line_end > p && line_end[-1] == ' ')
728 --line_end;
729
730 if (p == line_end) {
731 DVLOG(1) << "missing response status text; assuming OK";
732 // Not super critical what we put here. Just use "OK"
733 // even if it isn't descriptive of response_code_.
734 raw_headers_.append("OK");
735 } else {
736 raw_headers_.append(p, line_end);
737 }
738 }
739
FindHeader(size_t from,const base::StringPiece & search) const740 size_t HttpResponseHeaders::FindHeader(size_t from,
741 const base::StringPiece& search) const {
742 for (size_t i = from; i < parsed_.size(); ++i) {
743 if (parsed_[i].is_continuation())
744 continue;
745 const std::string::const_iterator& name_begin = parsed_[i].name_begin;
746 const std::string::const_iterator& name_end = parsed_[i].name_end;
747 if (static_cast<size_t>(name_end - name_begin) == search.size() &&
748 std::equal(name_begin, name_end, search.begin(),
749 base::CaseInsensitiveCompare<char>()))
750 return i;
751 }
752
753 return std::string::npos;
754 }
755
GetCacheControlDirective(const StringPiece & directive,TimeDelta * result) const756 bool HttpResponseHeaders::GetCacheControlDirective(const StringPiece& directive,
757 TimeDelta* result) const {
758 StringPiece name("cache-control");
759 std::string value;
760
761 size_t directive_size = directive.size();
762
763 void* iter = NULL;
764 while (EnumerateHeader(&iter, name, &value)) {
765 if (value.size() > directive_size + 1 &&
766 LowerCaseEqualsASCII(value.begin(),
767 value.begin() + directive_size,
768 directive.begin()) &&
769 value[directive_size] == '=') {
770 int64 seconds;
771 base::StringToInt64(
772 StringPiece(value.begin() + directive_size + 1, value.end()),
773 &seconds);
774 *result = TimeDelta::FromSeconds(seconds);
775 return true;
776 }
777 }
778
779 return false;
780 }
781
AddHeader(std::string::const_iterator name_begin,std::string::const_iterator name_end,std::string::const_iterator values_begin,std::string::const_iterator values_end)782 void HttpResponseHeaders::AddHeader(std::string::const_iterator name_begin,
783 std::string::const_iterator name_end,
784 std::string::const_iterator values_begin,
785 std::string::const_iterator values_end) {
786 // If the header can be coalesced, then we should split it up.
787 if (values_begin == values_end ||
788 HttpUtil::IsNonCoalescingHeader(name_begin, name_end)) {
789 AddToParsed(name_begin, name_end, values_begin, values_end);
790 } else {
791 HttpUtil::ValuesIterator it(values_begin, values_end, ',');
792 while (it.GetNext()) {
793 AddToParsed(name_begin, name_end, it.value_begin(), it.value_end());
794 // clobber these so that subsequent values are treated as continuations
795 name_begin = name_end = raw_headers_.end();
796 }
797 }
798 }
799
AddToParsed(std::string::const_iterator name_begin,std::string::const_iterator name_end,std::string::const_iterator value_begin,std::string::const_iterator value_end)800 void HttpResponseHeaders::AddToParsed(std::string::const_iterator name_begin,
801 std::string::const_iterator name_end,
802 std::string::const_iterator value_begin,
803 std::string::const_iterator value_end) {
804 ParsedHeader header;
805 header.name_begin = name_begin;
806 header.name_end = name_end;
807 header.value_begin = value_begin;
808 header.value_end = value_end;
809 parsed_.push_back(header);
810 }
811
AddNonCacheableHeaders(HeaderSet * result) const812 void HttpResponseHeaders::AddNonCacheableHeaders(HeaderSet* result) const {
813 // Add server specified transients. Any 'cache-control: no-cache="foo,bar"'
814 // headers present in the response specify additional headers that we should
815 // not store in the cache.
816 const char kCacheControl[] = "cache-control";
817 const char kPrefix[] = "no-cache=\"";
818 const size_t kPrefixLen = sizeof(kPrefix) - 1;
819
820 std::string value;
821 void* iter = NULL;
822 while (EnumerateHeader(&iter, kCacheControl, &value)) {
823 // If the value is smaller than the prefix and a terminal quote, skip
824 // it.
825 if (value.size() <= kPrefixLen ||
826 value.compare(0, kPrefixLen, kPrefix) != 0) {
827 continue;
828 }
829 // if it doesn't end with a quote, then treat as malformed
830 if (value[value.size()-1] != '\"')
831 continue;
832
833 // process the value as a comma-separated list of items. Each
834 // item can be wrapped by linear white space.
835 std::string::const_iterator item = value.begin() + kPrefixLen;
836 std::string::const_iterator end = value.end() - 1;
837 while (item != end) {
838 // Find the comma to compute the length of the current item,
839 // and the position of the next one.
840 std::string::const_iterator item_next = std::find(item, end, ',');
841 std::string::const_iterator item_end = end;
842 if (item_next != end) {
843 // Skip over comma for next position.
844 item_end = item_next;
845 item_next++;
846 }
847 // trim off leading and trailing whitespace in this item.
848 HttpUtil::TrimLWS(&item, &item_end);
849
850 // assuming the header is not empty, lowercase and insert into set
851 if (item_end > item) {
852 std::string name(&*item, item_end - item);
853 base::StringToLowerASCII(&name);
854 result->insert(name);
855 }
856
857 // Continue to next item.
858 item = item_next;
859 }
860 }
861 }
862
AddHopByHopHeaders(HeaderSet * result)863 void HttpResponseHeaders::AddHopByHopHeaders(HeaderSet* result) {
864 for (size_t i = 0; i < arraysize(kHopByHopResponseHeaders); ++i)
865 result->insert(std::string(kHopByHopResponseHeaders[i]));
866 }
867
AddCookieHeaders(HeaderSet * result)868 void HttpResponseHeaders::AddCookieHeaders(HeaderSet* result) {
869 for (size_t i = 0; i < arraysize(kCookieResponseHeaders); ++i)
870 result->insert(std::string(kCookieResponseHeaders[i]));
871 }
872
AddChallengeHeaders(HeaderSet * result)873 void HttpResponseHeaders::AddChallengeHeaders(HeaderSet* result) {
874 for (size_t i = 0; i < arraysize(kChallengeResponseHeaders); ++i)
875 result->insert(std::string(kChallengeResponseHeaders[i]));
876 }
877
AddHopContentRangeHeaders(HeaderSet * result)878 void HttpResponseHeaders::AddHopContentRangeHeaders(HeaderSet* result) {
879 result->insert(kContentRange);
880 }
881
AddSecurityStateHeaders(HeaderSet * result)882 void HttpResponseHeaders::AddSecurityStateHeaders(HeaderSet* result) {
883 for (size_t i = 0; i < arraysize(kSecurityStateHeaders); ++i)
884 result->insert(std::string(kSecurityStateHeaders[i]));
885 }
886
GetMimeTypeAndCharset(std::string * mime_type,std::string * charset) const887 void HttpResponseHeaders::GetMimeTypeAndCharset(std::string* mime_type,
888 std::string* charset) const {
889 mime_type->clear();
890 charset->clear();
891
892 std::string name = "content-type";
893 std::string value;
894
895 bool had_charset = false;
896
897 void* iter = NULL;
898 while (EnumerateHeader(&iter, name, &value))
899 HttpUtil::ParseContentType(value, mime_type, charset, &had_charset, NULL);
900 }
901
GetMimeType(std::string * mime_type) const902 bool HttpResponseHeaders::GetMimeType(std::string* mime_type) const {
903 std::string unused;
904 GetMimeTypeAndCharset(mime_type, &unused);
905 return !mime_type->empty();
906 }
907
GetCharset(std::string * charset) const908 bool HttpResponseHeaders::GetCharset(std::string* charset) const {
909 std::string unused;
910 GetMimeTypeAndCharset(&unused, charset);
911 return !charset->empty();
912 }
913
IsRedirect(std::string * location) const914 bool HttpResponseHeaders::IsRedirect(std::string* location) const {
915 if (!IsRedirectResponseCode(response_code_))
916 return false;
917
918 // If we lack a Location header, then we can't treat this as a redirect.
919 // We assume that the first non-empty location value is the target URL that
920 // we want to follow. TODO(darin): Is this consistent with other browsers?
921 size_t i = std::string::npos;
922 do {
923 i = FindHeader(++i, "location");
924 if (i == std::string::npos)
925 return false;
926 // If the location value is empty, then it doesn't count.
927 } while (parsed_[i].value_begin == parsed_[i].value_end);
928
929 if (location) {
930 // Escape any non-ASCII characters to preserve them. The server should
931 // only be returning ASCII here, but for compat we need to do this.
932 *location = EscapeNonASCII(
933 std::string(parsed_[i].value_begin, parsed_[i].value_end));
934 }
935
936 return true;
937 }
938
939 // static
IsRedirectResponseCode(int response_code)940 bool HttpResponseHeaders::IsRedirectResponseCode(int response_code) {
941 // Users probably want to see 300 (multiple choice) pages, so we don't count
942 // them as redirects that need to be followed.
943 return (response_code == 301 ||
944 response_code == 302 ||
945 response_code == 303 ||
946 response_code == 307 ||
947 response_code == 308);
948 }
949
950 // From RFC 2616 section 13.2.4:
951 //
952 // The calculation to determine if a response has expired is quite simple:
953 //
954 // response_is_fresh = (freshness_lifetime > current_age)
955 //
956 // Of course, there are other factors that can force a response to always be
957 // validated or re-fetched.
958 //
RequiresValidation(const Time & request_time,const Time & response_time,const Time & current_time) const959 bool HttpResponseHeaders::RequiresValidation(const Time& request_time,
960 const Time& response_time,
961 const Time& current_time) const {
962 TimeDelta lifetime =
963 GetFreshnessLifetime(response_time);
964 if (lifetime == TimeDelta())
965 return true;
966
967 return lifetime <= GetCurrentAge(request_time, response_time, current_time);
968 }
969
970 // From RFC 2616 section 13.2.4:
971 //
972 // The max-age directive takes priority over Expires, so if max-age is present
973 // in a response, the calculation is simply:
974 //
975 // freshness_lifetime = max_age_value
976 //
977 // Otherwise, if Expires is present in the response, the calculation is:
978 //
979 // freshness_lifetime = expires_value - date_value
980 //
981 // Note that neither of these calculations is vulnerable to clock skew, since
982 // all of the information comes from the origin server.
983 //
984 // Also, if the response does have a Last-Modified time, the heuristic
985 // expiration value SHOULD be no more than some fraction of the interval since
986 // that time. A typical setting of this fraction might be 10%:
987 //
988 // freshness_lifetime = (date_value - last_modified_value) * 0.10
989 //
GetFreshnessLifetime(const Time & response_time) const990 TimeDelta HttpResponseHeaders::GetFreshnessLifetime(
991 const Time& response_time) const {
992 // Check for headers that force a response to never be fresh. For backwards
993 // compat, we treat "Pragma: no-cache" as a synonym for "Cache-Control:
994 // no-cache" even though RFC 2616 does not specify it.
995 if (HasHeaderValue("cache-control", "no-cache") ||
996 HasHeaderValue("cache-control", "no-store") ||
997 HasHeaderValue("pragma", "no-cache") ||
998 HasHeaderValue("vary", "*")) // see RFC 2616 section 13.6
999 return TimeDelta(); // not fresh
1000
1001 // NOTE: "Cache-Control: max-age" overrides Expires, so we only check the
1002 // Expires header after checking for max-age in GetFreshnessLifetime. This
1003 // is important since "Expires: <date in the past>" means not fresh, but
1004 // it should not trump a max-age value.
1005
1006 TimeDelta max_age_value;
1007 if (GetMaxAgeValue(&max_age_value))
1008 return max_age_value;
1009
1010 // If there is no Date header, then assume that the server response was
1011 // generated at the time when we received the response.
1012 Time date_value;
1013 if (!GetDateValue(&date_value))
1014 date_value = response_time;
1015
1016 Time expires_value;
1017 if (GetExpiresValue(&expires_value)) {
1018 // The expires value can be a date in the past!
1019 if (expires_value > date_value)
1020 return expires_value - date_value;
1021
1022 return TimeDelta(); // not fresh
1023 }
1024
1025 // From RFC 2616 section 13.4:
1026 //
1027 // A response received with a status code of 200, 203, 206, 300, 301 or 410
1028 // MAY be stored by a cache and used in reply to a subsequent request,
1029 // subject to the expiration mechanism, unless a cache-control directive
1030 // prohibits caching.
1031 // ...
1032 // A response received with any other status code (e.g. status codes 302
1033 // and 307) MUST NOT be returned in a reply to a subsequent request unless
1034 // there are cache-control directives or another header(s) that explicitly
1035 // allow it.
1036 //
1037 // From RFC 2616 section 14.9.4:
1038 //
1039 // When the must-revalidate directive is present in a response received by
1040 // a cache, that cache MUST NOT use the entry after it becomes stale to
1041 // respond to a subsequent request without first revalidating it with the
1042 // origin server. (I.e., the cache MUST do an end-to-end revalidation every
1043 // time, if, based solely on the origin server's Expires or max-age value,
1044 // the cached response is stale.)
1045 //
1046 // https://datatracker.ietf.org/doc/draft-reschke-http-status-308/ is an
1047 // experimental RFC that adds 308 permanent redirect as well, for which "any
1048 // future references ... SHOULD use one of the returned URIs."
1049 if ((response_code_ == 200 || response_code_ == 203 ||
1050 response_code_ == 206) &&
1051 !HasHeaderValue("cache-control", "must-revalidate")) {
1052 // TODO(darin): Implement a smarter heuristic.
1053 Time last_modified_value;
1054 if (GetLastModifiedValue(&last_modified_value)) {
1055 // The last-modified value can be a date in the past!
1056 if (last_modified_value <= date_value)
1057 return (date_value - last_modified_value) / 10;
1058 }
1059 }
1060
1061 // These responses are implicitly fresh (unless otherwise overruled):
1062 if (response_code_ == 300 || response_code_ == 301 || response_code_ == 308 ||
1063 response_code_ == 410) {
1064 return TimeDelta::Max();
1065 }
1066
1067 return TimeDelta(); // not fresh
1068 }
1069
1070 // From RFC 2616 section 13.2.3:
1071 //
1072 // Summary of age calculation algorithm, when a cache receives a response:
1073 //
1074 // /*
1075 // * age_value
1076 // * is the value of Age: header received by the cache with
1077 // * this response.
1078 // * date_value
1079 // * is the value of the origin server's Date: header
1080 // * request_time
1081 // * is the (local) time when the cache made the request
1082 // * that resulted in this cached response
1083 // * response_time
1084 // * is the (local) time when the cache received the
1085 // * response
1086 // * now
1087 // * is the current (local) time
1088 // */
1089 // apparent_age = max(0, response_time - date_value);
1090 // corrected_received_age = max(apparent_age, age_value);
1091 // response_delay = response_time - request_time;
1092 // corrected_initial_age = corrected_received_age + response_delay;
1093 // resident_time = now - response_time;
1094 // current_age = corrected_initial_age + resident_time;
1095 //
GetCurrentAge(const Time & request_time,const Time & response_time,const Time & current_time) const1096 TimeDelta HttpResponseHeaders::GetCurrentAge(const Time& request_time,
1097 const Time& response_time,
1098 const Time& current_time) const {
1099 // If there is no Date header, then assume that the server response was
1100 // generated at the time when we received the response.
1101 Time date_value;
1102 if (!GetDateValue(&date_value))
1103 date_value = response_time;
1104
1105 // If there is no Age header, then assume age is zero. GetAgeValue does not
1106 // modify its out param if the value does not exist.
1107 TimeDelta age_value;
1108 GetAgeValue(&age_value);
1109
1110 TimeDelta apparent_age = std::max(TimeDelta(), response_time - date_value);
1111 TimeDelta corrected_received_age = std::max(apparent_age, age_value);
1112 TimeDelta response_delay = response_time - request_time;
1113 TimeDelta corrected_initial_age = corrected_received_age + response_delay;
1114 TimeDelta resident_time = current_time - response_time;
1115 TimeDelta current_age = corrected_initial_age + resident_time;
1116
1117 return current_age;
1118 }
1119
GetMaxAgeValue(TimeDelta * result) const1120 bool HttpResponseHeaders::GetMaxAgeValue(TimeDelta* result) const {
1121 return GetCacheControlDirective("max-age", result);
1122 }
1123
GetAgeValue(TimeDelta * result) const1124 bool HttpResponseHeaders::GetAgeValue(TimeDelta* result) const {
1125 std::string value;
1126 if (!EnumerateHeader(NULL, "Age", &value))
1127 return false;
1128
1129 int64 seconds;
1130 base::StringToInt64(value, &seconds);
1131 *result = TimeDelta::FromSeconds(seconds);
1132 return true;
1133 }
1134
GetDateValue(Time * result) const1135 bool HttpResponseHeaders::GetDateValue(Time* result) const {
1136 return GetTimeValuedHeader("Date", result);
1137 }
1138
GetLastModifiedValue(Time * result) const1139 bool HttpResponseHeaders::GetLastModifiedValue(Time* result) const {
1140 return GetTimeValuedHeader("Last-Modified", result);
1141 }
1142
GetExpiresValue(Time * result) const1143 bool HttpResponseHeaders::GetExpiresValue(Time* result) const {
1144 return GetTimeValuedHeader("Expires", result);
1145 }
1146
GetStaleWhileRevalidateValue(TimeDelta * result) const1147 bool HttpResponseHeaders::GetStaleWhileRevalidateValue(
1148 TimeDelta* result) const {
1149 return GetCacheControlDirective("stale-while-revalidate", result);
1150 }
1151
GetTimeValuedHeader(const std::string & name,Time * result) const1152 bool HttpResponseHeaders::GetTimeValuedHeader(const std::string& name,
1153 Time* result) const {
1154 std::string value;
1155 if (!EnumerateHeader(NULL, name, &value))
1156 return false;
1157
1158 // When parsing HTTP dates it's beneficial to default to GMT because:
1159 // 1. RFC2616 3.3.1 says times should always be specified in GMT
1160 // 2. Only counter-example incorrectly appended "UTC" (crbug.com/153759)
1161 // 3. When adjusting cookie expiration times for clock skew
1162 // (crbug.com/135131) this better matches our cookie expiration
1163 // time parser which ignores timezone specifiers and assumes GMT.
1164 // 4. This is exactly what Firefox does.
1165 // TODO(pauljensen): The ideal solution would be to return false if the
1166 // timezone could not be understood so as to avoid makeing other calculations
1167 // based on an incorrect time. This would require modifying the time
1168 // library or duplicating the code. (http://crbug.com/158327)
1169 return Time::FromUTCString(value.c_str(), result);
1170 }
1171
IsKeepAlive() const1172 bool HttpResponseHeaders::IsKeepAlive() const {
1173 if (http_version_ < HttpVersion(1, 0))
1174 return false;
1175
1176 // NOTE: It is perhaps risky to assume that a Proxy-Connection header is
1177 // meaningful when we don't know that this response was from a proxy, but
1178 // Mozilla also does this, so we'll do the same.
1179 std::string connection_val;
1180 if (!EnumerateHeader(NULL, "connection", &connection_val))
1181 EnumerateHeader(NULL, "proxy-connection", &connection_val);
1182
1183 bool keep_alive;
1184
1185 if (http_version_ == HttpVersion(1, 0)) {
1186 // HTTP/1.0 responses default to NOT keep-alive
1187 keep_alive = LowerCaseEqualsASCII(connection_val, "keep-alive");
1188 } else {
1189 // HTTP/1.1 responses default to keep-alive
1190 keep_alive = !LowerCaseEqualsASCII(connection_val, "close");
1191 }
1192
1193 return keep_alive;
1194 }
1195
HasStrongValidators() const1196 bool HttpResponseHeaders::HasStrongValidators() const {
1197 std::string etag_header;
1198 EnumerateHeader(NULL, "etag", &etag_header);
1199 std::string last_modified_header;
1200 EnumerateHeader(NULL, "Last-Modified", &last_modified_header);
1201 std::string date_header;
1202 EnumerateHeader(NULL, "Date", &date_header);
1203 return HttpUtil::HasStrongValidators(GetHttpVersion(),
1204 etag_header,
1205 last_modified_header,
1206 date_header);
1207 }
1208
1209 // From RFC 2616:
1210 // Content-Length = "Content-Length" ":" 1*DIGIT
GetContentLength() const1211 int64 HttpResponseHeaders::GetContentLength() const {
1212 return GetInt64HeaderValue("content-length");
1213 }
1214
GetInt64HeaderValue(const std::string & header) const1215 int64 HttpResponseHeaders::GetInt64HeaderValue(
1216 const std::string& header) const {
1217 void* iter = NULL;
1218 std::string content_length_val;
1219 if (!EnumerateHeader(&iter, header, &content_length_val))
1220 return -1;
1221
1222 if (content_length_val.empty())
1223 return -1;
1224
1225 if (content_length_val[0] == '+')
1226 return -1;
1227
1228 int64 result;
1229 bool ok = base::StringToInt64(content_length_val, &result);
1230 if (!ok || result < 0)
1231 return -1;
1232
1233 return result;
1234 }
1235
1236 // From RFC 2616 14.16:
1237 // content-range-spec =
1238 // bytes-unit SP byte-range-resp-spec "/" ( instance-length | "*" )
1239 // byte-range-resp-spec = (first-byte-pos "-" last-byte-pos) | "*"
1240 // instance-length = 1*DIGIT
1241 // bytes-unit = "bytes"
GetContentRange(int64 * first_byte_position,int64 * last_byte_position,int64 * instance_length) const1242 bool HttpResponseHeaders::GetContentRange(int64* first_byte_position,
1243 int64* last_byte_position,
1244 int64* instance_length) const {
1245 void* iter = NULL;
1246 std::string content_range_spec;
1247 *first_byte_position = *last_byte_position = *instance_length = -1;
1248 if (!EnumerateHeader(&iter, kContentRange, &content_range_spec))
1249 return false;
1250
1251 // If the header value is empty, we have an invalid header.
1252 if (content_range_spec.empty())
1253 return false;
1254
1255 size_t space_position = content_range_spec.find(' ');
1256 if (space_position == std::string::npos)
1257 return false;
1258
1259 // Invalid header if it doesn't contain "bytes-unit".
1260 std::string::const_iterator content_range_spec_begin =
1261 content_range_spec.begin();
1262 std::string::const_iterator content_range_spec_end =
1263 content_range_spec.begin() + space_position;
1264 HttpUtil::TrimLWS(&content_range_spec_begin, &content_range_spec_end);
1265 if (!LowerCaseEqualsASCII(content_range_spec_begin,
1266 content_range_spec_end,
1267 "bytes")) {
1268 return false;
1269 }
1270
1271 size_t slash_position = content_range_spec.find('/', space_position + 1);
1272 if (slash_position == std::string::npos)
1273 return false;
1274
1275 // Obtain the part behind the space and before slash.
1276 std::string::const_iterator byte_range_resp_spec_begin =
1277 content_range_spec.begin() + space_position + 1;
1278 std::string::const_iterator byte_range_resp_spec_end =
1279 content_range_spec.begin() + slash_position;
1280 HttpUtil::TrimLWS(&byte_range_resp_spec_begin, &byte_range_resp_spec_end);
1281
1282 // Parse the byte-range-resp-spec part.
1283 std::string byte_range_resp_spec(byte_range_resp_spec_begin,
1284 byte_range_resp_spec_end);
1285 // If byte-range-resp-spec != "*".
1286 if (!LowerCaseEqualsASCII(byte_range_resp_spec, "*")) {
1287 size_t minus_position = byte_range_resp_spec.find('-');
1288 if (minus_position != std::string::npos) {
1289 // Obtain first-byte-pos.
1290 std::string::const_iterator first_byte_pos_begin =
1291 byte_range_resp_spec.begin();
1292 std::string::const_iterator first_byte_pos_end =
1293 byte_range_resp_spec.begin() + minus_position;
1294 HttpUtil::TrimLWS(&first_byte_pos_begin, &first_byte_pos_end);
1295
1296 bool ok = base::StringToInt64(StringPiece(first_byte_pos_begin,
1297 first_byte_pos_end),
1298 first_byte_position);
1299
1300 // Obtain last-byte-pos.
1301 std::string::const_iterator last_byte_pos_begin =
1302 byte_range_resp_spec.begin() + minus_position + 1;
1303 std::string::const_iterator last_byte_pos_end =
1304 byte_range_resp_spec.end();
1305 HttpUtil::TrimLWS(&last_byte_pos_begin, &last_byte_pos_end);
1306
1307 ok &= base::StringToInt64(StringPiece(last_byte_pos_begin,
1308 last_byte_pos_end),
1309 last_byte_position);
1310 if (!ok) {
1311 *first_byte_position = *last_byte_position = -1;
1312 return false;
1313 }
1314 if (*first_byte_position < 0 || *last_byte_position < 0 ||
1315 *first_byte_position > *last_byte_position)
1316 return false;
1317 } else {
1318 return false;
1319 }
1320 }
1321
1322 // Parse the instance-length part.
1323 // If instance-length == "*".
1324 std::string::const_iterator instance_length_begin =
1325 content_range_spec.begin() + slash_position + 1;
1326 std::string::const_iterator instance_length_end =
1327 content_range_spec.end();
1328 HttpUtil::TrimLWS(&instance_length_begin, &instance_length_end);
1329
1330 if (LowerCaseEqualsASCII(instance_length_begin, instance_length_end, "*")) {
1331 return false;
1332 } else if (!base::StringToInt64(StringPiece(instance_length_begin,
1333 instance_length_end),
1334 instance_length)) {
1335 *instance_length = -1;
1336 return false;
1337 }
1338
1339 // We have all the values; let's verify that they make sense for a 206
1340 // response.
1341 if (*first_byte_position < 0 || *last_byte_position < 0 ||
1342 *instance_length < 0 || *instance_length - 1 < *last_byte_position)
1343 return false;
1344
1345 return true;
1346 }
1347
NetLogCallback(NetLog::LogLevel log_level) const1348 base::Value* HttpResponseHeaders::NetLogCallback(
1349 NetLog::LogLevel log_level) const {
1350 base::DictionaryValue* dict = new base::DictionaryValue();
1351 base::ListValue* headers = new base::ListValue();
1352 headers->Append(new base::StringValue(GetStatusLine()));
1353 void* iterator = NULL;
1354 std::string name;
1355 std::string value;
1356 while (EnumerateHeaderLines(&iterator, &name, &value)) {
1357 std::string log_value = ElideHeaderValueForNetLog(log_level, name, value);
1358 std::string escaped_name = EscapeNonASCII(name);
1359 std::string escaped_value = EscapeNonASCII(log_value);
1360 headers->Append(
1361 new base::StringValue(
1362 base::StringPrintf("%s: %s", escaped_name.c_str(),
1363 escaped_value.c_str())));
1364 }
1365 dict->Set("headers", headers);
1366 return dict;
1367 }
1368
1369 // static
FromNetLogParam(const base::Value * event_param,scoped_refptr<HttpResponseHeaders> * http_response_headers)1370 bool HttpResponseHeaders::FromNetLogParam(
1371 const base::Value* event_param,
1372 scoped_refptr<HttpResponseHeaders>* http_response_headers) {
1373 *http_response_headers = NULL;
1374
1375 const base::DictionaryValue* dict = NULL;
1376 const base::ListValue* header_list = NULL;
1377
1378 if (!event_param ||
1379 !event_param->GetAsDictionary(&dict) ||
1380 !dict->GetList("headers", &header_list)) {
1381 return false;
1382 }
1383
1384 std::string raw_headers;
1385 for (base::ListValue::const_iterator it = header_list->begin();
1386 it != header_list->end();
1387 ++it) {
1388 std::string header_line;
1389 if (!(*it)->GetAsString(&header_line))
1390 return false;
1391
1392 raw_headers.append(header_line);
1393 raw_headers.push_back('\0');
1394 }
1395 raw_headers.push_back('\0');
1396 *http_response_headers = new HttpResponseHeaders(raw_headers);
1397 return true;
1398 }
1399
IsChunkEncoded() const1400 bool HttpResponseHeaders::IsChunkEncoded() const {
1401 // Ignore spurious chunked responses from HTTP/1.0 servers and proxies.
1402 return GetHttpVersion() >= HttpVersion(1, 1) &&
1403 HasHeaderValue("Transfer-Encoding", "chunked");
1404 }
1405
1406 } // namespace net
1407