1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // The rules for header parsing were borrowed from Firefox: 6 // http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpResponseHead.cpp 7 // The rules for parsing content-types were also borrowed from Firefox: 8 // http://lxr.mozilla.org/mozilla/source/netwerk/base/src/nsURLHelper.cpp#834 9 10 #include "net/http/http_response_headers.h" 11 12 #include <algorithm> 13 14 #include "base/format_macros.h" 15 #include "base/logging.h" 16 #include "base/metrics/histogram.h" 17 #include "base/pickle.h" 18 #include "base/strings/string_number_conversions.h" 19 #include "base/strings/string_piece.h" 20 #include "base/strings/string_util.h" 21 #include "base/strings/stringprintf.h" 22 #include "base/time/time.h" 23 #include "base/values.h" 24 #include "net/base/escape.h" 25 #include "net/http/http_byte_range.h" 26 #include "net/http/http_log_util.h" 27 #include "net/http/http_util.h" 28 29 using base::StringPiece; 30 using base::Time; 31 using base::TimeDelta; 32 33 namespace net { 34 35 //----------------------------------------------------------------------------- 36 37 namespace { 38 39 // These headers are RFC 2616 hop-by-hop headers; 40 // not to be stored by caches. 41 const char* const kHopByHopResponseHeaders[] = { 42 "connection", 43 "proxy-connection", 44 "keep-alive", 45 "trailer", 46 "transfer-encoding", 47 "upgrade" 48 }; 49 50 // These headers are challenge response headers; 51 // not to be stored by caches. 52 const char* const kChallengeResponseHeaders[] = { 53 "www-authenticate", 54 "proxy-authenticate" 55 }; 56 57 // These headers are cookie setting headers; 58 // not to be stored by caches or disclosed otherwise. 59 const char* const kCookieResponseHeaders[] = { 60 "set-cookie", 61 "set-cookie2" 62 }; 63 64 // By default, do not cache Strict-Transport-Security or Public-Key-Pins. 65 // This avoids erroneously re-processing them on page loads from cache --- 66 // they are defined to be valid only on live and error-free HTTPS 67 // connections. 68 const char* const kSecurityStateHeaders[] = { 69 "strict-transport-security", 70 "public-key-pins" 71 }; 72 73 // These response headers are not copied from a 304/206 response to the cached 74 // response headers. This list is based on Mozilla's nsHttpResponseHead.cpp. 75 const char* const kNonUpdatedHeaders[] = { 76 "connection", 77 "proxy-connection", 78 "keep-alive", 79 "www-authenticate", 80 "proxy-authenticate", 81 "trailer", 82 "transfer-encoding", 83 "upgrade", 84 "etag", 85 "x-frame-options", 86 "x-xss-protection", 87 }; 88 89 // Some header prefixes mean "Don't copy this header from a 304 response.". 90 // Rather than listing all the relevant headers, we can consolidate them into 91 // this list: 92 const char* const kNonUpdatedHeaderPrefixes[] = { 93 "content-", 94 "x-content-", 95 "x-webkit-" 96 }; 97 98 bool ShouldUpdateHeader(const std::string::const_iterator& name_begin, 99 const std::string::const_iterator& name_end) { 100 for (size_t i = 0; i < arraysize(kNonUpdatedHeaders); ++i) { 101 if (LowerCaseEqualsASCII(name_begin, name_end, kNonUpdatedHeaders[i])) 102 return false; 103 } 104 for (size_t i = 0; i < arraysize(kNonUpdatedHeaderPrefixes); ++i) { 105 if (StartsWithASCII(std::string(name_begin, name_end), 106 kNonUpdatedHeaderPrefixes[i], false)) 107 return false; 108 } 109 return true; 110 } 111 112 void CheckDoesNotHaveEmbededNulls(const std::string& str) { 113 // Care needs to be taken when adding values to the raw headers string to 114 // make sure it does not contain embeded NULLs. Any embeded '\0' may be 115 // understood as line terminators and change how header lines get tokenized. 116 CHECK(str.find('\0') == std::string::npos); 117 } 118 119 } // namespace 120 121 const char HttpResponseHeaders::kContentRange[] = "Content-Range"; 122 123 struct HttpResponseHeaders::ParsedHeader { 124 // A header "continuation" contains only a subsequent value for the 125 // preceding header. (Header values are comma separated.) 126 bool is_continuation() const { return name_begin == name_end; } 127 128 std::string::const_iterator name_begin; 129 std::string::const_iterator name_end; 130 std::string::const_iterator value_begin; 131 std::string::const_iterator value_end; 132 }; 133 134 //----------------------------------------------------------------------------- 135 136 HttpResponseHeaders::HttpResponseHeaders(const std::string& raw_input) 137 : response_code_(-1) { 138 Parse(raw_input); 139 140 // The most important thing to do with this histogram is find out 141 // the existence of unusual HTTP status codes. As it happens 142 // right now, there aren't double-constructions of response headers 143 // using this constructor, so our counts should also be accurate, 144 // without instantiating the histogram in two places. It is also 145 // important that this histogram not collect data in the other 146 // constructor, which rebuilds an histogram from a pickle, since 147 // that would actually create a double call between the original 148 // HttpResponseHeader that was serialized, and initialization of the 149 // new object from that pickle. 150 UMA_HISTOGRAM_CUSTOM_ENUMERATION("Net.HttpResponseCode", 151 HttpUtil::MapStatusCodeForHistogram( 152 response_code_), 153 // Note the third argument is only 154 // evaluated once, see macro 155 // definition for details. 156 HttpUtil::GetStatusCodesForHistogram()); 157 } 158 159 HttpResponseHeaders::HttpResponseHeaders(const Pickle& pickle, 160 PickleIterator* iter) 161 : response_code_(-1) { 162 std::string raw_input; 163 if (pickle.ReadString(iter, &raw_input)) 164 Parse(raw_input); 165 } 166 167 void HttpResponseHeaders::Persist(Pickle* pickle, PersistOptions options) { 168 if (options == PERSIST_RAW) { 169 pickle->WriteString(raw_headers_); 170 return; // Done. 171 } 172 173 HeaderSet filter_headers; 174 175 // Construct set of headers to filter out based on options. 176 if ((options & PERSIST_SANS_NON_CACHEABLE) == PERSIST_SANS_NON_CACHEABLE) 177 AddNonCacheableHeaders(&filter_headers); 178 179 if ((options & PERSIST_SANS_COOKIES) == PERSIST_SANS_COOKIES) 180 AddCookieHeaders(&filter_headers); 181 182 if ((options & PERSIST_SANS_CHALLENGES) == PERSIST_SANS_CHALLENGES) 183 AddChallengeHeaders(&filter_headers); 184 185 if ((options & PERSIST_SANS_HOP_BY_HOP) == PERSIST_SANS_HOP_BY_HOP) 186 AddHopByHopHeaders(&filter_headers); 187 188 if ((options & PERSIST_SANS_RANGES) == PERSIST_SANS_RANGES) 189 AddHopContentRangeHeaders(&filter_headers); 190 191 if ((options & PERSIST_SANS_SECURITY_STATE) == PERSIST_SANS_SECURITY_STATE) 192 AddSecurityStateHeaders(&filter_headers); 193 194 std::string blob; 195 blob.reserve(raw_headers_.size()); 196 197 // This copies the status line w/ terminator null. 198 // Note raw_headers_ has embedded nulls instead of \n, 199 // so this just copies the first header line. 200 blob.assign(raw_headers_.c_str(), strlen(raw_headers_.c_str()) + 1); 201 202 for (size_t i = 0; i < parsed_.size(); ++i) { 203 DCHECK(!parsed_[i].is_continuation()); 204 205 // Locate the start of the next header. 206 size_t k = i; 207 while (++k < parsed_.size() && parsed_[k].is_continuation()) {} 208 --k; 209 210 std::string header_name(parsed_[i].name_begin, parsed_[i].name_end); 211 base::StringToLowerASCII(&header_name); 212 213 if (filter_headers.find(header_name) == filter_headers.end()) { 214 // Make sure there is a null after the value. 215 blob.append(parsed_[i].name_begin, parsed_[k].value_end); 216 blob.push_back('\0'); 217 } 218 219 i = k; 220 } 221 blob.push_back('\0'); 222 223 pickle->WriteString(blob); 224 } 225 226 void HttpResponseHeaders::Update(const HttpResponseHeaders& new_headers) { 227 DCHECK(new_headers.response_code() == 304 || 228 new_headers.response_code() == 206); 229 230 // Copy up to the null byte. This just copies the status line. 231 std::string new_raw_headers(raw_headers_.c_str()); 232 new_raw_headers.push_back('\0'); 233 234 HeaderSet updated_headers; 235 236 // NOTE: we write the new headers then the old headers for convenience. The 237 // order should not matter. 238 239 // Figure out which headers we want to take from new_headers: 240 for (size_t i = 0; i < new_headers.parsed_.size(); ++i) { 241 const HeaderList& new_parsed = new_headers.parsed_; 242 243 DCHECK(!new_parsed[i].is_continuation()); 244 245 // Locate the start of the next header. 246 size_t k = i; 247 while (++k < new_parsed.size() && new_parsed[k].is_continuation()) {} 248 --k; 249 250 const std::string::const_iterator& name_begin = new_parsed[i].name_begin; 251 const std::string::const_iterator& name_end = new_parsed[i].name_end; 252 if (ShouldUpdateHeader(name_begin, name_end)) { 253 std::string name(name_begin, name_end); 254 base::StringToLowerASCII(&name); 255 updated_headers.insert(name); 256 257 // Preserve this header line in the merged result, making sure there is 258 // a null after the value. 259 new_raw_headers.append(name_begin, new_parsed[k].value_end); 260 new_raw_headers.push_back('\0'); 261 } 262 263 i = k; 264 } 265 266 // Now, build the new raw headers. 267 MergeWithHeaders(new_raw_headers, updated_headers); 268 } 269 270 void HttpResponseHeaders::MergeWithHeaders(const std::string& raw_headers, 271 const HeaderSet& headers_to_remove) { 272 std::string new_raw_headers(raw_headers); 273 for (size_t i = 0; i < parsed_.size(); ++i) { 274 DCHECK(!parsed_[i].is_continuation()); 275 276 // Locate the start of the next header. 277 size_t k = i; 278 while (++k < parsed_.size() && parsed_[k].is_continuation()) {} 279 --k; 280 281 std::string name(parsed_[i].name_begin, parsed_[i].name_end); 282 base::StringToLowerASCII(&name); 283 if (headers_to_remove.find(name) == headers_to_remove.end()) { 284 // It's ok to preserve this header in the final result. 285 new_raw_headers.append(parsed_[i].name_begin, parsed_[k].value_end); 286 new_raw_headers.push_back('\0'); 287 } 288 289 i = k; 290 } 291 new_raw_headers.push_back('\0'); 292 293 // Make this object hold the new data. 294 raw_headers_.clear(); 295 parsed_.clear(); 296 Parse(new_raw_headers); 297 } 298 299 void HttpResponseHeaders::RemoveHeader(const std::string& name) { 300 // Copy up to the null byte. This just copies the status line. 301 std::string new_raw_headers(raw_headers_.c_str()); 302 new_raw_headers.push_back('\0'); 303 304 std::string lowercase_name(name); 305 base::StringToLowerASCII(&lowercase_name); 306 HeaderSet to_remove; 307 to_remove.insert(lowercase_name); 308 MergeWithHeaders(new_raw_headers, to_remove); 309 } 310 311 void HttpResponseHeaders::RemoveHeaderLine(const std::string& name, 312 const std::string& value) { 313 std::string name_lowercase(name); 314 base::StringToLowerASCII(&name_lowercase); 315 316 std::string new_raw_headers(GetStatusLine()); 317 new_raw_headers.push_back('\0'); 318 319 new_raw_headers.reserve(raw_headers_.size()); 320 321 void* iter = NULL; 322 std::string old_header_name; 323 std::string old_header_value; 324 while (EnumerateHeaderLines(&iter, &old_header_name, &old_header_value)) { 325 std::string old_header_name_lowercase(name); 326 base::StringToLowerASCII(&old_header_name_lowercase); 327 328 if (name_lowercase == old_header_name_lowercase && 329 value == old_header_value) 330 continue; 331 332 new_raw_headers.append(old_header_name); 333 new_raw_headers.push_back(':'); 334 new_raw_headers.push_back(' '); 335 new_raw_headers.append(old_header_value); 336 new_raw_headers.push_back('\0'); 337 } 338 new_raw_headers.push_back('\0'); 339 340 // Make this object hold the new data. 341 raw_headers_.clear(); 342 parsed_.clear(); 343 Parse(new_raw_headers); 344 } 345 346 void HttpResponseHeaders::AddHeader(const std::string& header) { 347 CheckDoesNotHaveEmbededNulls(header); 348 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]); 349 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]); 350 // Don't copy the last null. 351 std::string new_raw_headers(raw_headers_, 0, raw_headers_.size() - 1); 352 new_raw_headers.append(header); 353 new_raw_headers.push_back('\0'); 354 new_raw_headers.push_back('\0'); 355 356 // Make this object hold the new data. 357 raw_headers_.clear(); 358 parsed_.clear(); 359 Parse(new_raw_headers); 360 } 361 362 void HttpResponseHeaders::ReplaceStatusLine(const std::string& new_status) { 363 CheckDoesNotHaveEmbededNulls(new_status); 364 // Copy up to the null byte. This just copies the status line. 365 std::string new_raw_headers(new_status); 366 new_raw_headers.push_back('\0'); 367 368 HeaderSet empty_to_remove; 369 MergeWithHeaders(new_raw_headers, empty_to_remove); 370 } 371 372 void HttpResponseHeaders::UpdateWithNewRange( 373 const HttpByteRange& byte_range, 374 int64 resource_size, 375 bool replace_status_line) { 376 DCHECK(byte_range.IsValid()); 377 DCHECK(byte_range.HasFirstBytePosition()); 378 DCHECK(byte_range.HasLastBytePosition()); 379 380 const char kLengthHeader[] = "Content-Length"; 381 const char kRangeHeader[] = "Content-Range"; 382 383 RemoveHeader(kLengthHeader); 384 RemoveHeader(kRangeHeader); 385 386 int64 start = byte_range.first_byte_position(); 387 int64 end = byte_range.last_byte_position(); 388 int64 range_len = end - start + 1; 389 390 if (replace_status_line) 391 ReplaceStatusLine("HTTP/1.1 206 Partial Content"); 392 393 AddHeader(base::StringPrintf("%s: bytes %" PRId64 "-%" PRId64 "/%" PRId64, 394 kRangeHeader, start, end, resource_size)); 395 AddHeader(base::StringPrintf("%s: %" PRId64, kLengthHeader, range_len)); 396 } 397 398 void HttpResponseHeaders::Parse(const std::string& raw_input) { 399 raw_headers_.reserve(raw_input.size()); 400 401 // ParseStatusLine adds a normalized status line to raw_headers_ 402 std::string::const_iterator line_begin = raw_input.begin(); 403 std::string::const_iterator line_end = 404 std::find(line_begin, raw_input.end(), '\0'); 405 // has_headers = true, if there is any data following the status line. 406 // Used by ParseStatusLine() to decide if a HTTP/0.9 is really a HTTP/1.0. 407 bool has_headers = (line_end != raw_input.end() && 408 (line_end + 1) != raw_input.end() && 409 *(line_end + 1) != '\0'); 410 ParseStatusLine(line_begin, line_end, has_headers); 411 raw_headers_.push_back('\0'); // Terminate status line with a null. 412 413 if (line_end == raw_input.end()) { 414 raw_headers_.push_back('\0'); // Ensure the headers end with a double null. 415 416 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]); 417 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]); 418 return; 419 } 420 421 // Including a terminating null byte. 422 size_t status_line_len = raw_headers_.size(); 423 424 // Now, we add the rest of the raw headers to raw_headers_, and begin parsing 425 // it (to populate our parsed_ vector). 426 raw_headers_.append(line_end + 1, raw_input.end()); 427 428 // Ensure the headers end with a double null. 429 while (raw_headers_.size() < 2 || 430 raw_headers_[raw_headers_.size() - 2] != '\0' || 431 raw_headers_[raw_headers_.size() - 1] != '\0') { 432 raw_headers_.push_back('\0'); 433 } 434 435 // Adjust to point at the null byte following the status line 436 line_end = raw_headers_.begin() + status_line_len - 1; 437 438 HttpUtil::HeadersIterator headers(line_end + 1, raw_headers_.end(), 439 std::string(1, '\0')); 440 while (headers.GetNext()) { 441 AddHeader(headers.name_begin(), 442 headers.name_end(), 443 headers.values_begin(), 444 headers.values_end()); 445 } 446 447 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]); 448 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]); 449 } 450 451 // Append all of our headers to the final output string. 452 void HttpResponseHeaders::GetNormalizedHeaders(std::string* output) const { 453 // copy up to the null byte. this just copies the status line. 454 output->assign(raw_headers_.c_str()); 455 456 // headers may appear multiple times (not necessarily in succession) in the 457 // header data, so we build a map from header name to generated header lines. 458 // to preserve the order of the original headers, the actual values are kept 459 // in a separate list. finally, the list of headers is flattened to form 460 // the normalized block of headers. 461 // 462 // NOTE: We take special care to preserve the whitespace around any commas 463 // that may occur in the original response headers. Because our consumer may 464 // be a web app, we cannot be certain of the semantics of commas despite the 465 // fact that RFC 2616 says that they should be regarded as value separators. 466 // 467 typedef base::hash_map<std::string, size_t> HeadersMap; 468 HeadersMap headers_map; 469 HeadersMap::iterator iter = headers_map.end(); 470 471 std::vector<std::string> headers; 472 473 for (size_t i = 0; i < parsed_.size(); ++i) { 474 DCHECK(!parsed_[i].is_continuation()); 475 476 std::string name(parsed_[i].name_begin, parsed_[i].name_end); 477 std::string lower_name = base::StringToLowerASCII(name); 478 479 iter = headers_map.find(lower_name); 480 if (iter == headers_map.end()) { 481 iter = headers_map.insert( 482 HeadersMap::value_type(lower_name, headers.size())).first; 483 headers.push_back(name + ": "); 484 } else { 485 headers[iter->second].append(", "); 486 } 487 488 std::string::const_iterator value_begin = parsed_[i].value_begin; 489 std::string::const_iterator value_end = parsed_[i].value_end; 490 while (++i < parsed_.size() && parsed_[i].is_continuation()) 491 value_end = parsed_[i].value_end; 492 --i; 493 494 headers[iter->second].append(value_begin, value_end); 495 } 496 497 for (size_t i = 0; i < headers.size(); ++i) { 498 output->push_back('\n'); 499 output->append(headers[i]); 500 } 501 502 output->push_back('\n'); 503 } 504 505 bool HttpResponseHeaders::GetNormalizedHeader(const std::string& name, 506 std::string* value) const { 507 // If you hit this assertion, please use EnumerateHeader instead! 508 DCHECK(!HttpUtil::IsNonCoalescingHeader(name)); 509 510 value->clear(); 511 512 bool found = false; 513 size_t i = 0; 514 while (i < parsed_.size()) { 515 i = FindHeader(i, name); 516 if (i == std::string::npos) 517 break; 518 519 found = true; 520 521 if (!value->empty()) 522 value->append(", "); 523 524 std::string::const_iterator value_begin = parsed_[i].value_begin; 525 std::string::const_iterator value_end = parsed_[i].value_end; 526 while (++i < parsed_.size() && parsed_[i].is_continuation()) 527 value_end = parsed_[i].value_end; 528 value->append(value_begin, value_end); 529 } 530 531 return found; 532 } 533 534 std::string HttpResponseHeaders::GetStatusLine() const { 535 // copy up to the null byte. 536 return std::string(raw_headers_.c_str()); 537 } 538 539 std::string HttpResponseHeaders::GetStatusText() const { 540 // GetStatusLine() is already normalized, so it has the format: 541 // <http_version> SP <response_code> SP <status_text> 542 std::string status_text = GetStatusLine(); 543 std::string::const_iterator begin = status_text.begin(); 544 std::string::const_iterator end = status_text.end(); 545 for (int i = 0; i < 2; ++i) 546 begin = std::find(begin, end, ' ') + 1; 547 return std::string(begin, end); 548 } 549 550 bool HttpResponseHeaders::EnumerateHeaderLines(void** iter, 551 std::string* name, 552 std::string* value) const { 553 size_t i = reinterpret_cast<size_t>(*iter); 554 if (i == parsed_.size()) 555 return false; 556 557 DCHECK(!parsed_[i].is_continuation()); 558 559 name->assign(parsed_[i].name_begin, parsed_[i].name_end); 560 561 std::string::const_iterator value_begin = parsed_[i].value_begin; 562 std::string::const_iterator value_end = parsed_[i].value_end; 563 while (++i < parsed_.size() && parsed_[i].is_continuation()) 564 value_end = parsed_[i].value_end; 565 566 value->assign(value_begin, value_end); 567 568 *iter = reinterpret_cast<void*>(i); 569 return true; 570 } 571 572 bool HttpResponseHeaders::EnumerateHeader(void** iter, 573 const base::StringPiece& name, 574 std::string* value) const { 575 size_t i; 576 if (!iter || !*iter) { 577 i = FindHeader(0, name); 578 } else { 579 i = reinterpret_cast<size_t>(*iter); 580 if (i >= parsed_.size()) { 581 i = std::string::npos; 582 } else if (!parsed_[i].is_continuation()) { 583 i = FindHeader(i, name); 584 } 585 } 586 587 if (i == std::string::npos) { 588 value->clear(); 589 return false; 590 } 591 592 if (iter) 593 *iter = reinterpret_cast<void*>(i + 1); 594 value->assign(parsed_[i].value_begin, parsed_[i].value_end); 595 return true; 596 } 597 598 bool HttpResponseHeaders::HasHeaderValue(const base::StringPiece& name, 599 const base::StringPiece& value) const { 600 // The value has to be an exact match. This is important since 601 // 'cache-control: no-cache' != 'cache-control: no-cache="foo"' 602 void* iter = NULL; 603 std::string temp; 604 while (EnumerateHeader(&iter, name, &temp)) { 605 if (value.size() == temp.size() && 606 std::equal(temp.begin(), temp.end(), value.begin(), 607 base::CaseInsensitiveCompare<char>())) 608 return true; 609 } 610 return false; 611 } 612 613 bool HttpResponseHeaders::HasHeader(const base::StringPiece& name) const { 614 return FindHeader(0, name) != std::string::npos; 615 } 616 617 HttpResponseHeaders::HttpResponseHeaders() : response_code_(-1) { 618 } 619 620 HttpResponseHeaders::~HttpResponseHeaders() { 621 } 622 623 // Note: this implementation implicitly assumes that line_end points at a valid 624 // sentinel character (such as '\0'). 625 // static 626 HttpVersion HttpResponseHeaders::ParseVersion( 627 std::string::const_iterator line_begin, 628 std::string::const_iterator line_end) { 629 std::string::const_iterator p = line_begin; 630 631 // RFC2616 sec 3.1: HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT 632 // TODO: (1*DIGIT apparently means one or more digits, but we only handle 1). 633 // TODO: handle leading zeros, which is allowed by the rfc1616 sec 3.1. 634 635 if ((line_end - p < 4) || !LowerCaseEqualsASCII(p, p + 4, "http")) { 636 DVLOG(1) << "missing status line"; 637 return HttpVersion(); 638 } 639 640 p += 4; 641 642 if (p >= line_end || *p != '/') { 643 DVLOG(1) << "missing version"; 644 return HttpVersion(); 645 } 646 647 std::string::const_iterator dot = std::find(p, line_end, '.'); 648 if (dot == line_end) { 649 DVLOG(1) << "malformed version"; 650 return HttpVersion(); 651 } 652 653 ++p; // from / to first digit. 654 ++dot; // from . to second digit. 655 656 if (!(*p >= '0' && *p <= '9' && *dot >= '0' && *dot <= '9')) { 657 DVLOG(1) << "malformed version number"; 658 return HttpVersion(); 659 } 660 661 uint16 major = *p - '0'; 662 uint16 minor = *dot - '0'; 663 664 return HttpVersion(major, minor); 665 } 666 667 // Note: this implementation implicitly assumes that line_end points at a valid 668 // sentinel character (such as '\0'). 669 void HttpResponseHeaders::ParseStatusLine( 670 std::string::const_iterator line_begin, 671 std::string::const_iterator line_end, 672 bool has_headers) { 673 // Extract the version number 674 parsed_http_version_ = ParseVersion(line_begin, line_end); 675 676 // Clamp the version number to one of: {0.9, 1.0, 1.1} 677 if (parsed_http_version_ == HttpVersion(0, 9) && !has_headers) { 678 http_version_ = HttpVersion(0, 9); 679 raw_headers_ = "HTTP/0.9"; 680 } else if (parsed_http_version_ >= HttpVersion(1, 1)) { 681 http_version_ = HttpVersion(1, 1); 682 raw_headers_ = "HTTP/1.1"; 683 } else { 684 // Treat everything else like HTTP 1.0 685 http_version_ = HttpVersion(1, 0); 686 raw_headers_ = "HTTP/1.0"; 687 } 688 if (parsed_http_version_ != http_version_) { 689 DVLOG(1) << "assuming HTTP/" << http_version_.major_value() << "." 690 << http_version_.minor_value(); 691 } 692 693 // TODO(eroman): this doesn't make sense if ParseVersion failed. 694 std::string::const_iterator p = std::find(line_begin, line_end, ' '); 695 696 if (p == line_end) { 697 DVLOG(1) << "missing response status; assuming 200 OK"; 698 raw_headers_.append(" 200 OK"); 699 response_code_ = 200; 700 return; 701 } 702 703 // Skip whitespace. 704 while (*p == ' ') 705 ++p; 706 707 std::string::const_iterator code = p; 708 while (*p >= '0' && *p <= '9') 709 ++p; 710 711 if (p == code) { 712 DVLOG(1) << "missing response status number; assuming 200"; 713 raw_headers_.append(" 200 OK"); 714 response_code_ = 200; 715 return; 716 } 717 raw_headers_.push_back(' '); 718 raw_headers_.append(code, p); 719 raw_headers_.push_back(' '); 720 base::StringToInt(StringPiece(code, p), &response_code_); 721 722 // Skip whitespace. 723 while (*p == ' ') 724 ++p; 725 726 // Trim trailing whitespace. 727 while (line_end > p && line_end[-1] == ' ') 728 --line_end; 729 730 if (p == line_end) { 731 DVLOG(1) << "missing response status text; assuming OK"; 732 // Not super critical what we put here. Just use "OK" 733 // even if it isn't descriptive of response_code_. 734 raw_headers_.append("OK"); 735 } else { 736 raw_headers_.append(p, line_end); 737 } 738 } 739 740 size_t HttpResponseHeaders::FindHeader(size_t from, 741 const base::StringPiece& search) const { 742 for (size_t i = from; i < parsed_.size(); ++i) { 743 if (parsed_[i].is_continuation()) 744 continue; 745 const std::string::const_iterator& name_begin = parsed_[i].name_begin; 746 const std::string::const_iterator& name_end = parsed_[i].name_end; 747 if (static_cast<size_t>(name_end - name_begin) == search.size() && 748 std::equal(name_begin, name_end, search.begin(), 749 base::CaseInsensitiveCompare<char>())) 750 return i; 751 } 752 753 return std::string::npos; 754 } 755 756 bool HttpResponseHeaders::GetCacheControlDirective(const StringPiece& directive, 757 TimeDelta* result) const { 758 StringPiece name("cache-control"); 759 std::string value; 760 761 size_t directive_size = directive.size(); 762 763 void* iter = NULL; 764 while (EnumerateHeader(&iter, name, &value)) { 765 if (value.size() > directive_size + 1 && 766 LowerCaseEqualsASCII(value.begin(), 767 value.begin() + directive_size, 768 directive.begin()) && 769 value[directive_size] == '=') { 770 int64 seconds; 771 base::StringToInt64( 772 StringPiece(value.begin() + directive_size + 1, value.end()), 773 &seconds); 774 *result = TimeDelta::FromSeconds(seconds); 775 return true; 776 } 777 } 778 779 return false; 780 } 781 782 void HttpResponseHeaders::AddHeader(std::string::const_iterator name_begin, 783 std::string::const_iterator name_end, 784 std::string::const_iterator values_begin, 785 std::string::const_iterator values_end) { 786 // If the header can be coalesced, then we should split it up. 787 if (values_begin == values_end || 788 HttpUtil::IsNonCoalescingHeader(name_begin, name_end)) { 789 AddToParsed(name_begin, name_end, values_begin, values_end); 790 } else { 791 HttpUtil::ValuesIterator it(values_begin, values_end, ','); 792 while (it.GetNext()) { 793 AddToParsed(name_begin, name_end, it.value_begin(), it.value_end()); 794 // clobber these so that subsequent values are treated as continuations 795 name_begin = name_end = raw_headers_.end(); 796 } 797 } 798 } 799 800 void HttpResponseHeaders::AddToParsed(std::string::const_iterator name_begin, 801 std::string::const_iterator name_end, 802 std::string::const_iterator value_begin, 803 std::string::const_iterator value_end) { 804 ParsedHeader header; 805 header.name_begin = name_begin; 806 header.name_end = name_end; 807 header.value_begin = value_begin; 808 header.value_end = value_end; 809 parsed_.push_back(header); 810 } 811 812 void HttpResponseHeaders::AddNonCacheableHeaders(HeaderSet* result) const { 813 // Add server specified transients. Any 'cache-control: no-cache="foo,bar"' 814 // headers present in the response specify additional headers that we should 815 // not store in the cache. 816 const char kCacheControl[] = "cache-control"; 817 const char kPrefix[] = "no-cache=\""; 818 const size_t kPrefixLen = sizeof(kPrefix) - 1; 819 820 std::string value; 821 void* iter = NULL; 822 while (EnumerateHeader(&iter, kCacheControl, &value)) { 823 // If the value is smaller than the prefix and a terminal quote, skip 824 // it. 825 if (value.size() <= kPrefixLen || 826 value.compare(0, kPrefixLen, kPrefix) != 0) { 827 continue; 828 } 829 // if it doesn't end with a quote, then treat as malformed 830 if (value[value.size()-1] != '\"') 831 continue; 832 833 // process the value as a comma-separated list of items. Each 834 // item can be wrapped by linear white space. 835 std::string::const_iterator item = value.begin() + kPrefixLen; 836 std::string::const_iterator end = value.end() - 1; 837 while (item != end) { 838 // Find the comma to compute the length of the current item, 839 // and the position of the next one. 840 std::string::const_iterator item_next = std::find(item, end, ','); 841 std::string::const_iterator item_end = end; 842 if (item_next != end) { 843 // Skip over comma for next position. 844 item_end = item_next; 845 item_next++; 846 } 847 // trim off leading and trailing whitespace in this item. 848 HttpUtil::TrimLWS(&item, &item_end); 849 850 // assuming the header is not empty, lowercase and insert into set 851 if (item_end > item) { 852 std::string name(&*item, item_end - item); 853 base::StringToLowerASCII(&name); 854 result->insert(name); 855 } 856 857 // Continue to next item. 858 item = item_next; 859 } 860 } 861 } 862 863 void HttpResponseHeaders::AddHopByHopHeaders(HeaderSet* result) { 864 for (size_t i = 0; i < arraysize(kHopByHopResponseHeaders); ++i) 865 result->insert(std::string(kHopByHopResponseHeaders[i])); 866 } 867 868 void HttpResponseHeaders::AddCookieHeaders(HeaderSet* result) { 869 for (size_t i = 0; i < arraysize(kCookieResponseHeaders); ++i) 870 result->insert(std::string(kCookieResponseHeaders[i])); 871 } 872 873 void HttpResponseHeaders::AddChallengeHeaders(HeaderSet* result) { 874 for (size_t i = 0; i < arraysize(kChallengeResponseHeaders); ++i) 875 result->insert(std::string(kChallengeResponseHeaders[i])); 876 } 877 878 void HttpResponseHeaders::AddHopContentRangeHeaders(HeaderSet* result) { 879 result->insert(kContentRange); 880 } 881 882 void HttpResponseHeaders::AddSecurityStateHeaders(HeaderSet* result) { 883 for (size_t i = 0; i < arraysize(kSecurityStateHeaders); ++i) 884 result->insert(std::string(kSecurityStateHeaders[i])); 885 } 886 887 void HttpResponseHeaders::GetMimeTypeAndCharset(std::string* mime_type, 888 std::string* charset) const { 889 mime_type->clear(); 890 charset->clear(); 891 892 std::string name = "content-type"; 893 std::string value; 894 895 bool had_charset = false; 896 897 void* iter = NULL; 898 while (EnumerateHeader(&iter, name, &value)) 899 HttpUtil::ParseContentType(value, mime_type, charset, &had_charset, NULL); 900 } 901 902 bool HttpResponseHeaders::GetMimeType(std::string* mime_type) const { 903 std::string unused; 904 GetMimeTypeAndCharset(mime_type, &unused); 905 return !mime_type->empty(); 906 } 907 908 bool HttpResponseHeaders::GetCharset(std::string* charset) const { 909 std::string unused; 910 GetMimeTypeAndCharset(&unused, charset); 911 return !charset->empty(); 912 } 913 914 bool HttpResponseHeaders::IsRedirect(std::string* location) const { 915 if (!IsRedirectResponseCode(response_code_)) 916 return false; 917 918 // If we lack a Location header, then we can't treat this as a redirect. 919 // We assume that the first non-empty location value is the target URL that 920 // we want to follow. TODO(darin): Is this consistent with other browsers? 921 size_t i = std::string::npos; 922 do { 923 i = FindHeader(++i, "location"); 924 if (i == std::string::npos) 925 return false; 926 // If the location value is empty, then it doesn't count. 927 } while (parsed_[i].value_begin == parsed_[i].value_end); 928 929 if (location) { 930 // Escape any non-ASCII characters to preserve them. The server should 931 // only be returning ASCII here, but for compat we need to do this. 932 *location = EscapeNonASCII( 933 std::string(parsed_[i].value_begin, parsed_[i].value_end)); 934 } 935 936 return true; 937 } 938 939 // static 940 bool HttpResponseHeaders::IsRedirectResponseCode(int response_code) { 941 // Users probably want to see 300 (multiple choice) pages, so we don't count 942 // them as redirects that need to be followed. 943 return (response_code == 301 || 944 response_code == 302 || 945 response_code == 303 || 946 response_code == 307 || 947 response_code == 308); 948 } 949 950 // From RFC 2616 section 13.2.4: 951 // 952 // The calculation to determine if a response has expired is quite simple: 953 // 954 // response_is_fresh = (freshness_lifetime > current_age) 955 // 956 // Of course, there are other factors that can force a response to always be 957 // validated or re-fetched. 958 // 959 bool HttpResponseHeaders::RequiresValidation(const Time& request_time, 960 const Time& response_time, 961 const Time& current_time) const { 962 TimeDelta lifetime = 963 GetFreshnessLifetime(response_time); 964 if (lifetime == TimeDelta()) 965 return true; 966 967 return lifetime <= GetCurrentAge(request_time, response_time, current_time); 968 } 969 970 // From RFC 2616 section 13.2.4: 971 // 972 // The max-age directive takes priority over Expires, so if max-age is present 973 // in a response, the calculation is simply: 974 // 975 // freshness_lifetime = max_age_value 976 // 977 // Otherwise, if Expires is present in the response, the calculation is: 978 // 979 // freshness_lifetime = expires_value - date_value 980 // 981 // Note that neither of these calculations is vulnerable to clock skew, since 982 // all of the information comes from the origin server. 983 // 984 // Also, if the response does have a Last-Modified time, the heuristic 985 // expiration value SHOULD be no more than some fraction of the interval since 986 // that time. A typical setting of this fraction might be 10%: 987 // 988 // freshness_lifetime = (date_value - last_modified_value) * 0.10 989 // 990 TimeDelta HttpResponseHeaders::GetFreshnessLifetime( 991 const Time& response_time) const { 992 // Check for headers that force a response to never be fresh. For backwards 993 // compat, we treat "Pragma: no-cache" as a synonym for "Cache-Control: 994 // no-cache" even though RFC 2616 does not specify it. 995 if (HasHeaderValue("cache-control", "no-cache") || 996 HasHeaderValue("cache-control", "no-store") || 997 HasHeaderValue("pragma", "no-cache") || 998 HasHeaderValue("vary", "*")) // see RFC 2616 section 13.6 999 return TimeDelta(); // not fresh 1000 1001 // NOTE: "Cache-Control: max-age" overrides Expires, so we only check the 1002 // Expires header after checking for max-age in GetFreshnessLifetime. This 1003 // is important since "Expires: <date in the past>" means not fresh, but 1004 // it should not trump a max-age value. 1005 1006 TimeDelta max_age_value; 1007 if (GetMaxAgeValue(&max_age_value)) 1008 return max_age_value; 1009 1010 // If there is no Date header, then assume that the server response was 1011 // generated at the time when we received the response. 1012 Time date_value; 1013 if (!GetDateValue(&date_value)) 1014 date_value = response_time; 1015 1016 Time expires_value; 1017 if (GetExpiresValue(&expires_value)) { 1018 // The expires value can be a date in the past! 1019 if (expires_value > date_value) 1020 return expires_value - date_value; 1021 1022 return TimeDelta(); // not fresh 1023 } 1024 1025 // From RFC 2616 section 13.4: 1026 // 1027 // A response received with a status code of 200, 203, 206, 300, 301 or 410 1028 // MAY be stored by a cache and used in reply to a subsequent request, 1029 // subject to the expiration mechanism, unless a cache-control directive 1030 // prohibits caching. 1031 // ... 1032 // A response received with any other status code (e.g. status codes 302 1033 // and 307) MUST NOT be returned in a reply to a subsequent request unless 1034 // there are cache-control directives or another header(s) that explicitly 1035 // allow it. 1036 // 1037 // From RFC 2616 section 14.9.4: 1038 // 1039 // When the must-revalidate directive is present in a response received by 1040 // a cache, that cache MUST NOT use the entry after it becomes stale to 1041 // respond to a subsequent request without first revalidating it with the 1042 // origin server. (I.e., the cache MUST do an end-to-end revalidation every 1043 // time, if, based solely on the origin server's Expires or max-age value, 1044 // the cached response is stale.) 1045 // 1046 // https://datatracker.ietf.org/doc/draft-reschke-http-status-308/ is an 1047 // experimental RFC that adds 308 permanent redirect as well, for which "any 1048 // future references ... SHOULD use one of the returned URIs." 1049 if ((response_code_ == 200 || response_code_ == 203 || 1050 response_code_ == 206) && 1051 !HasHeaderValue("cache-control", "must-revalidate")) { 1052 // TODO(darin): Implement a smarter heuristic. 1053 Time last_modified_value; 1054 if (GetLastModifiedValue(&last_modified_value)) { 1055 // The last-modified value can be a date in the past! 1056 if (last_modified_value <= date_value) 1057 return (date_value - last_modified_value) / 10; 1058 } 1059 } 1060 1061 // These responses are implicitly fresh (unless otherwise overruled): 1062 if (response_code_ == 300 || response_code_ == 301 || response_code_ == 308 || 1063 response_code_ == 410) { 1064 return TimeDelta::Max(); 1065 } 1066 1067 return TimeDelta(); // not fresh 1068 } 1069 1070 // From RFC 2616 section 13.2.3: 1071 // 1072 // Summary of age calculation algorithm, when a cache receives a response: 1073 // 1074 // /* 1075 // * age_value 1076 // * is the value of Age: header received by the cache with 1077 // * this response. 1078 // * date_value 1079 // * is the value of the origin server's Date: header 1080 // * request_time 1081 // * is the (local) time when the cache made the request 1082 // * that resulted in this cached response 1083 // * response_time 1084 // * is the (local) time when the cache received the 1085 // * response 1086 // * now 1087 // * is the current (local) time 1088 // */ 1089 // apparent_age = max(0, response_time - date_value); 1090 // corrected_received_age = max(apparent_age, age_value); 1091 // response_delay = response_time - request_time; 1092 // corrected_initial_age = corrected_received_age + response_delay; 1093 // resident_time = now - response_time; 1094 // current_age = corrected_initial_age + resident_time; 1095 // 1096 TimeDelta HttpResponseHeaders::GetCurrentAge(const Time& request_time, 1097 const Time& response_time, 1098 const Time& current_time) const { 1099 // If there is no Date header, then assume that the server response was 1100 // generated at the time when we received the response. 1101 Time date_value; 1102 if (!GetDateValue(&date_value)) 1103 date_value = response_time; 1104 1105 // If there is no Age header, then assume age is zero. GetAgeValue does not 1106 // modify its out param if the value does not exist. 1107 TimeDelta age_value; 1108 GetAgeValue(&age_value); 1109 1110 TimeDelta apparent_age = std::max(TimeDelta(), response_time - date_value); 1111 TimeDelta corrected_received_age = std::max(apparent_age, age_value); 1112 TimeDelta response_delay = response_time - request_time; 1113 TimeDelta corrected_initial_age = corrected_received_age + response_delay; 1114 TimeDelta resident_time = current_time - response_time; 1115 TimeDelta current_age = corrected_initial_age + resident_time; 1116 1117 return current_age; 1118 } 1119 1120 bool HttpResponseHeaders::GetMaxAgeValue(TimeDelta* result) const { 1121 return GetCacheControlDirective("max-age", result); 1122 } 1123 1124 bool HttpResponseHeaders::GetAgeValue(TimeDelta* result) const { 1125 std::string value; 1126 if (!EnumerateHeader(NULL, "Age", &value)) 1127 return false; 1128 1129 int64 seconds; 1130 base::StringToInt64(value, &seconds); 1131 *result = TimeDelta::FromSeconds(seconds); 1132 return true; 1133 } 1134 1135 bool HttpResponseHeaders::GetDateValue(Time* result) const { 1136 return GetTimeValuedHeader("Date", result); 1137 } 1138 1139 bool HttpResponseHeaders::GetLastModifiedValue(Time* result) const { 1140 return GetTimeValuedHeader("Last-Modified", result); 1141 } 1142 1143 bool HttpResponseHeaders::GetExpiresValue(Time* result) const { 1144 return GetTimeValuedHeader("Expires", result); 1145 } 1146 1147 bool HttpResponseHeaders::GetStaleWhileRevalidateValue( 1148 TimeDelta* result) const { 1149 return GetCacheControlDirective("stale-while-revalidate", result); 1150 } 1151 1152 bool HttpResponseHeaders::GetTimeValuedHeader(const std::string& name, 1153 Time* result) const { 1154 std::string value; 1155 if (!EnumerateHeader(NULL, name, &value)) 1156 return false; 1157 1158 // When parsing HTTP dates it's beneficial to default to GMT because: 1159 // 1. RFC2616 3.3.1 says times should always be specified in GMT 1160 // 2. Only counter-example incorrectly appended "UTC" (crbug.com/153759) 1161 // 3. When adjusting cookie expiration times for clock skew 1162 // (crbug.com/135131) this better matches our cookie expiration 1163 // time parser which ignores timezone specifiers and assumes GMT. 1164 // 4. This is exactly what Firefox does. 1165 // TODO(pauljensen): The ideal solution would be to return false if the 1166 // timezone could not be understood so as to avoid makeing other calculations 1167 // based on an incorrect time. This would require modifying the time 1168 // library or duplicating the code. (http://crbug.com/158327) 1169 return Time::FromUTCString(value.c_str(), result); 1170 } 1171 1172 bool HttpResponseHeaders::IsKeepAlive() const { 1173 if (http_version_ < HttpVersion(1, 0)) 1174 return false; 1175 1176 // NOTE: It is perhaps risky to assume that a Proxy-Connection header is 1177 // meaningful when we don't know that this response was from a proxy, but 1178 // Mozilla also does this, so we'll do the same. 1179 std::string connection_val; 1180 if (!EnumerateHeader(NULL, "connection", &connection_val)) 1181 EnumerateHeader(NULL, "proxy-connection", &connection_val); 1182 1183 bool keep_alive; 1184 1185 if (http_version_ == HttpVersion(1, 0)) { 1186 // HTTP/1.0 responses default to NOT keep-alive 1187 keep_alive = LowerCaseEqualsASCII(connection_val, "keep-alive"); 1188 } else { 1189 // HTTP/1.1 responses default to keep-alive 1190 keep_alive = !LowerCaseEqualsASCII(connection_val, "close"); 1191 } 1192 1193 return keep_alive; 1194 } 1195 1196 bool HttpResponseHeaders::HasStrongValidators() const { 1197 std::string etag_header; 1198 EnumerateHeader(NULL, "etag", &etag_header); 1199 std::string last_modified_header; 1200 EnumerateHeader(NULL, "Last-Modified", &last_modified_header); 1201 std::string date_header; 1202 EnumerateHeader(NULL, "Date", &date_header); 1203 return HttpUtil::HasStrongValidators(GetHttpVersion(), 1204 etag_header, 1205 last_modified_header, 1206 date_header); 1207 } 1208 1209 // From RFC 2616: 1210 // Content-Length = "Content-Length" ":" 1*DIGIT 1211 int64 HttpResponseHeaders::GetContentLength() const { 1212 return GetInt64HeaderValue("content-length"); 1213 } 1214 1215 int64 HttpResponseHeaders::GetInt64HeaderValue( 1216 const std::string& header) const { 1217 void* iter = NULL; 1218 std::string content_length_val; 1219 if (!EnumerateHeader(&iter, header, &content_length_val)) 1220 return -1; 1221 1222 if (content_length_val.empty()) 1223 return -1; 1224 1225 if (content_length_val[0] == '+') 1226 return -1; 1227 1228 int64 result; 1229 bool ok = base::StringToInt64(content_length_val, &result); 1230 if (!ok || result < 0) 1231 return -1; 1232 1233 return result; 1234 } 1235 1236 // From RFC 2616 14.16: 1237 // content-range-spec = 1238 // bytes-unit SP byte-range-resp-spec "/" ( instance-length | "*" ) 1239 // byte-range-resp-spec = (first-byte-pos "-" last-byte-pos) | "*" 1240 // instance-length = 1*DIGIT 1241 // bytes-unit = "bytes" 1242 bool HttpResponseHeaders::GetContentRange(int64* first_byte_position, 1243 int64* last_byte_position, 1244 int64* instance_length) const { 1245 void* iter = NULL; 1246 std::string content_range_spec; 1247 *first_byte_position = *last_byte_position = *instance_length = -1; 1248 if (!EnumerateHeader(&iter, kContentRange, &content_range_spec)) 1249 return false; 1250 1251 // If the header value is empty, we have an invalid header. 1252 if (content_range_spec.empty()) 1253 return false; 1254 1255 size_t space_position = content_range_spec.find(' '); 1256 if (space_position == std::string::npos) 1257 return false; 1258 1259 // Invalid header if it doesn't contain "bytes-unit". 1260 std::string::const_iterator content_range_spec_begin = 1261 content_range_spec.begin(); 1262 std::string::const_iterator content_range_spec_end = 1263 content_range_spec.begin() + space_position; 1264 HttpUtil::TrimLWS(&content_range_spec_begin, &content_range_spec_end); 1265 if (!LowerCaseEqualsASCII(content_range_spec_begin, 1266 content_range_spec_end, 1267 "bytes")) { 1268 return false; 1269 } 1270 1271 size_t slash_position = content_range_spec.find('/', space_position + 1); 1272 if (slash_position == std::string::npos) 1273 return false; 1274 1275 // Obtain the part behind the space and before slash. 1276 std::string::const_iterator byte_range_resp_spec_begin = 1277 content_range_spec.begin() + space_position + 1; 1278 std::string::const_iterator byte_range_resp_spec_end = 1279 content_range_spec.begin() + slash_position; 1280 HttpUtil::TrimLWS(&byte_range_resp_spec_begin, &byte_range_resp_spec_end); 1281 1282 // Parse the byte-range-resp-spec part. 1283 std::string byte_range_resp_spec(byte_range_resp_spec_begin, 1284 byte_range_resp_spec_end); 1285 // If byte-range-resp-spec != "*". 1286 if (!LowerCaseEqualsASCII(byte_range_resp_spec, "*")) { 1287 size_t minus_position = byte_range_resp_spec.find('-'); 1288 if (minus_position != std::string::npos) { 1289 // Obtain first-byte-pos. 1290 std::string::const_iterator first_byte_pos_begin = 1291 byte_range_resp_spec.begin(); 1292 std::string::const_iterator first_byte_pos_end = 1293 byte_range_resp_spec.begin() + minus_position; 1294 HttpUtil::TrimLWS(&first_byte_pos_begin, &first_byte_pos_end); 1295 1296 bool ok = base::StringToInt64(StringPiece(first_byte_pos_begin, 1297 first_byte_pos_end), 1298 first_byte_position); 1299 1300 // Obtain last-byte-pos. 1301 std::string::const_iterator last_byte_pos_begin = 1302 byte_range_resp_spec.begin() + minus_position + 1; 1303 std::string::const_iterator last_byte_pos_end = 1304 byte_range_resp_spec.end(); 1305 HttpUtil::TrimLWS(&last_byte_pos_begin, &last_byte_pos_end); 1306 1307 ok &= base::StringToInt64(StringPiece(last_byte_pos_begin, 1308 last_byte_pos_end), 1309 last_byte_position); 1310 if (!ok) { 1311 *first_byte_position = *last_byte_position = -1; 1312 return false; 1313 } 1314 if (*first_byte_position < 0 || *last_byte_position < 0 || 1315 *first_byte_position > *last_byte_position) 1316 return false; 1317 } else { 1318 return false; 1319 } 1320 } 1321 1322 // Parse the instance-length part. 1323 // If instance-length == "*". 1324 std::string::const_iterator instance_length_begin = 1325 content_range_spec.begin() + slash_position + 1; 1326 std::string::const_iterator instance_length_end = 1327 content_range_spec.end(); 1328 HttpUtil::TrimLWS(&instance_length_begin, &instance_length_end); 1329 1330 if (LowerCaseEqualsASCII(instance_length_begin, instance_length_end, "*")) { 1331 return false; 1332 } else if (!base::StringToInt64(StringPiece(instance_length_begin, 1333 instance_length_end), 1334 instance_length)) { 1335 *instance_length = -1; 1336 return false; 1337 } 1338 1339 // We have all the values; let's verify that they make sense for a 206 1340 // response. 1341 if (*first_byte_position < 0 || *last_byte_position < 0 || 1342 *instance_length < 0 || *instance_length - 1 < *last_byte_position) 1343 return false; 1344 1345 return true; 1346 } 1347 1348 base::Value* HttpResponseHeaders::NetLogCallback( 1349 NetLog::LogLevel log_level) const { 1350 base::DictionaryValue* dict = new base::DictionaryValue(); 1351 base::ListValue* headers = new base::ListValue(); 1352 headers->Append(new base::StringValue(GetStatusLine())); 1353 void* iterator = NULL; 1354 std::string name; 1355 std::string value; 1356 while (EnumerateHeaderLines(&iterator, &name, &value)) { 1357 std::string log_value = ElideHeaderValueForNetLog(log_level, name, value); 1358 std::string escaped_name = EscapeNonASCII(name); 1359 std::string escaped_value = EscapeNonASCII(log_value); 1360 headers->Append( 1361 new base::StringValue( 1362 base::StringPrintf("%s: %s", escaped_name.c_str(), 1363 escaped_value.c_str()))); 1364 } 1365 dict->Set("headers", headers); 1366 return dict; 1367 } 1368 1369 // static 1370 bool HttpResponseHeaders::FromNetLogParam( 1371 const base::Value* event_param, 1372 scoped_refptr<HttpResponseHeaders>* http_response_headers) { 1373 *http_response_headers = NULL; 1374 1375 const base::DictionaryValue* dict = NULL; 1376 const base::ListValue* header_list = NULL; 1377 1378 if (!event_param || 1379 !event_param->GetAsDictionary(&dict) || 1380 !dict->GetList("headers", &header_list)) { 1381 return false; 1382 } 1383 1384 std::string raw_headers; 1385 for (base::ListValue::const_iterator it = header_list->begin(); 1386 it != header_list->end(); 1387 ++it) { 1388 std::string header_line; 1389 if (!(*it)->GetAsString(&header_line)) 1390 return false; 1391 1392 raw_headers.append(header_line); 1393 raw_headers.push_back('\0'); 1394 } 1395 raw_headers.push_back('\0'); 1396 *http_response_headers = new HttpResponseHeaders(raw_headers); 1397 return true; 1398 } 1399 1400 bool HttpResponseHeaders::IsChunkEncoded() const { 1401 // Ignore spurious chunked responses from HTTP/1.0 servers and proxies. 1402 return GetHttpVersion() >= HttpVersion(1, 1) && 1403 HasHeaderValue("Transfer-Encoding", "chunked"); 1404 } 1405 1406 } // namespace net 1407
