chrome/common/google_url_loader_throttle.cc - chromium/src.git - Git at Google

 // Copyright 2018 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "chrome/common/google_url_loader_throttle.h"

 #include "chrome/common/net/safe_search_util.h"
 #include "components/variations/net/variations_http_headers.h"
 #include "services/network/public/cpp/features.h"

 #if BUILDFLAG(ENABLE_EXTENSIONS)
 #include "extensions/common/extension_urls.h"
 #endif

 GoogleURLLoaderThrottle::GoogleURLLoaderThrottle(
     bool is_off_the_record,
     chrome::mojom::DynamicParams dynamic_params)
     : is_off_the_record_(is_off_the_record),
       dynamic_params_(std::move(dynamic_params)) {}

 GoogleURLLoaderThrottle::~GoogleURLLoaderThrottle() {}

 void GoogleURLLoaderThrottle::DetachFromCurrentSequence() {}

 void GoogleURLLoaderThrottle::WillStartRequest(
     network::ResourceRequest* request,
     bool* defer) {
   if (!is_off_the_record_ &&
       variations::ShouldAppendVariationHeaders(request->url) &&
       !dynamic_params_.variation_ids_header.empty()) {
     request->client_data_header = dynamic_params_.variation_ids_header;
   }

   if (dynamic_params_.force_safe_search) {
     GURL new_url;
     safe_search_util::ForceGoogleSafeSearch(request->url, &new_url);
     if (!new_url.is_empty())
       request->url = new_url;
   }

   static_assert(safe_search_util::YOUTUBE_RESTRICT_OFF == 0,
                 "OFF must be first");
   if (dynamic_params_.youtube_restrict >
           safe_search_util::YOUTUBE_RESTRICT_OFF &&
       dynamic_params_.youtube_restrict <
           safe_search_util::YOUTUBE_RESTRICT_COUNT) {
     safe_search_util::ForceYouTubeRestrict(
         request->url, &request->headers,
         static_cast<safe_search_util::YouTubeRestrictMode>(
             dynamic_params_.youtube_restrict));
   }

   if (!dynamic_params_.allowed_domains_for_apps.empty() &&
       request->url.DomainIs("google.com")) {
     request->headers.SetHeader(safe_search_util::kGoogleAppsAllowedDomains,
                                dynamic_params_.allowed_domains_for_apps);
   }
 }

 void GoogleURLLoaderThrottle::WillRedirectRequest(
     net::RedirectInfo* redirect_info,
     const network::ResourceResponseHead& /* response_head */,
     bool* /* defer */,
     std::vector<std::string>* to_be_removed_headers,
     net::HttpRequestHeaders* modified_headers) {
   if (!variations::ShouldAppendVariationHeaders(redirect_info->new_url))
     to_be_removed_headers->push_back(variations::kClientDataHeader);

   // URLLoaderThrottles can only change the redirect URL when the network
   // service is enabled. The non-network service path handles this in
   // ChromeNetworkDelegate.
   if (dynamic_params_.force_safe_search &&
       base::FeatureList::IsEnabled(network::features::kNetworkService)) {
     safe_search_util::ForceGoogleSafeSearch(redirect_info->new_url,
                                             &redirect_info->new_url);
   }

   if (dynamic_params_.youtube_restrict >
           safe_search_util::YOUTUBE_RESTRICT_OFF &&
       dynamic_params_.youtube_restrict <
           safe_search_util::YOUTUBE_RESTRICT_COUNT) {
     safe_search_util::ForceYouTubeRestrict(
         redirect_info->new_url, modified_headers,
         static_cast<safe_search_util::YouTubeRestrictMode>(
             dynamic_params_.youtube_restrict));
   }

   if (!dynamic_params_.allowed_domains_for_apps.empty() &&
       redirect_info->new_url.DomainIs("google.com")) {
     modified_headers->SetHeader(safe_search_util::kGoogleAppsAllowedDomains,
                                 dynamic_params_.allowed_domains_for_apps);
   }
 }

 #if BUILDFLAG(ENABLE_EXTENSIONS)
 void GoogleURLLoaderThrottle::WillProcessResponse(
     const GURL& response_url,
     network::ResourceResponseHead* response_head,
     bool* defer) {
   // Built-in additional protection for the chrome web store origin.
   GURL webstore_url(extension_urls::GetWebstoreLaunchURL());
   if (response_url.SchemeIsHTTPOrHTTPS() &&
       response_url.DomainIs(webstore_url.host_piece())) {
     if (response_head && response_head->headers &&
         !response_head->headers->HasHeaderValue("x-frame-options", "deny") &&
         !response_head->headers->HasHeaderValue("x-frame-options",
                                                 "sameorigin")) {
       response_head->headers->RemoveHeader("x-frame-options");
       response_head->headers->AddHeader("x-frame-options: sameorigin");
     }
   }
 }
 #endif
	// Copyright 2018 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "chrome/common/google_url_loader_throttle.h"

	#include "chrome/common/net/safe_search_util.h"
	#include "components/variations/net/variations_http_headers.h"
	#include "services/network/public/cpp/features.h"

	#if BUILDFLAG(ENABLE_EXTENSIONS)
	#include "extensions/common/extension_urls.h"
	#endif

	GoogleURLLoaderThrottle::GoogleURLLoaderThrottle(
	bool is_off_the_record,
	chrome::mojom::DynamicParams dynamic_params)
	: is_off_the_record_(is_off_the_record),
	dynamic_params_(std::move(dynamic_params)) {}

	GoogleURLLoaderThrottle::~GoogleURLLoaderThrottle() {}

	void GoogleURLLoaderThrottle::DetachFromCurrentSequence() {}

	void GoogleURLLoaderThrottle::WillStartRequest(
	network::ResourceRequest* request,
	bool* defer) {
	if (!is_off_the_record_ &&
	variations::ShouldAppendVariationHeaders(request->url) &&
	!dynamic_params_.variation_ids_header.empty()) {
	request->client_data_header = dynamic_params_.variation_ids_header;
	}

	if (dynamic_params_.force_safe_search) {
	GURL new_url;
	safe_search_util::ForceGoogleSafeSearch(request->url, &new_url);
	if (!new_url.is_empty())
	request->url = new_url;
	}

	static_assert(safe_search_util::YOUTUBE_RESTRICT_OFF == 0,
	"OFF must be first");
	if (dynamic_params_.youtube_restrict >
	safe_search_util::YOUTUBE_RESTRICT_OFF &&
	dynamic_params_.youtube_restrict <
	safe_search_util::YOUTUBE_RESTRICT_COUNT) {
	safe_search_util::ForceYouTubeRestrict(
	request->url, &request->headers,
	static_cast<safe_search_util::YouTubeRestrictMode>(
	dynamic_params_.youtube_restrict));
	}

	if (!dynamic_params_.allowed_domains_for_apps.empty() &&
	request->url.DomainIs("google.com")) {
	request->headers.SetHeader(safe_search_util::kGoogleAppsAllowedDomains,
	dynamic_params_.allowed_domains_for_apps);
	}
	}

	void GoogleURLLoaderThrottle::WillRedirectRequest(
	net::RedirectInfo* redirect_info,
	const network::ResourceResponseHead& /* response_head */,
	bool* /* defer */,
	std::vector<std::string>* to_be_removed_headers,
	net::HttpRequestHeaders* modified_headers) {
	if (!variations::ShouldAppendVariationHeaders(redirect_info->new_url))
	to_be_removed_headers->push_back(variations::kClientDataHeader);

	// URLLoaderThrottles can only change the redirect URL when the network
	// service is enabled. The non-network service path handles this in
	// ChromeNetworkDelegate.
	if (dynamic_params_.force_safe_search &&
	base::FeatureList::IsEnabled(network::features::kNetworkService)) {
	safe_search_util::ForceGoogleSafeSearch(redirect_info->new_url,
	&redirect_info->new_url);
	}

	if (dynamic_params_.youtube_restrict >
	safe_search_util::YOUTUBE_RESTRICT_OFF &&
	dynamic_params_.youtube_restrict <
	safe_search_util::YOUTUBE_RESTRICT_COUNT) {
	safe_search_util::ForceYouTubeRestrict(
	redirect_info->new_url, modified_headers,
	static_cast<safe_search_util::YouTubeRestrictMode>(
	dynamic_params_.youtube_restrict));
	}

	if (!dynamic_params_.allowed_domains_for_apps.empty() &&
	redirect_info->new_url.DomainIs("google.com")) {
	modified_headers->SetHeader(safe_search_util::kGoogleAppsAllowedDomains,
	dynamic_params_.allowed_domains_for_apps);
	}
	}

	#if BUILDFLAG(ENABLE_EXTENSIONS)
	void GoogleURLLoaderThrottle::WillProcessResponse(
	const GURL& response_url,
	network::ResourceResponseHead* response_head,
	bool* defer) {
	// Built-in additional protection for the chrome web store origin.
	GURL webstore_url(extension_urls::GetWebstoreLaunchURL());
	if (response_url.SchemeIsHTTPOrHTTPS() &&
	response_url.DomainIs(webstore_url.host_piece())) {
	if (response_head && response_head->headers &&
	!response_head->headers->HasHeaderValue("x-frame-options", "deny") &&
	!response_head->headers->HasHeaderValue("x-frame-options",
	"sameorigin")) {
	response_head->headers->RemoveHeader("x-frame-options");
	response_head->headers->AddHeader("x-frame-options: sameorigin");
	}
	}
	}
	#endif