android_webview/browser/network_service/aw_url_loader_throttle.cc - chromium/src - Git at Google

 // Copyright 2019 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "android_webview/browser/network_service/aw_url_loader_throttle.h"

 #include "android_webview/browser/aw_resource_context.h"
 #include "android_webview/common/aw_features.h"
 #include "base/feature_list.h"
 #include "base/strings/string_util.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/http/http_request_headers.h"
 #include "net/url_request/redirect_info.h"
 #include "services/network/public/cpp/resource_request.h"

 namespace android_webview {

 AwURLLoaderThrottle::AwURLLoaderThrottle(AwResourceContext* aw_resource_context)
     : aw_resource_context_(aw_resource_context) {}

 AwURLLoaderThrottle::~AwURLLoaderThrottle() = default;

 void AwURLLoaderThrottle::WillStartRequest(network::ResourceRequest* request,
                                            bool* defer) {
   AddExtraHeadersIfNeeded(request->url, &request->headers);
   if (!added_headers_.empty()) {
     original_origin_ = url::Origin::Create(request->url);
   }
 }

 void AwURLLoaderThrottle::WillRedirectRequest(
     net::RedirectInfo* redirect_info,
     const network::mojom::URLResponseHead& response_head,
     bool* defer,
     std::vector<std::string>* to_be_removed_request_headers,
     net::HttpRequestHeaders* modified_request_headers,
     net::HttpRequestHeaders* modified_cors_exempt_request_headers) {
   bool same_origin_only = base::FeatureList::IsEnabled(
       features::kWebViewExtraHeadersSameOriginOnly);

   if (!added_headers_.empty()) {
     bool is_same_origin =
         original_origin_.CanBeDerivedFrom(redirect_info->new_url);
     bool is_same_domain = net::registry_controlled_domains::SameDomainOrHost(
         redirect_info->new_url, original_origin_,
         net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);

     if ((same_origin_only && !is_same_origin) || !is_same_domain) {
       // The headers we added must be removed.
       to_be_removed_request_headers->insert(
           to_be_removed_request_headers->end(),
           std::make_move_iterator(added_headers_.begin()),
           std::make_move_iterator(added_headers_.end()));
       added_headers_.clear();
     }
   }
 }

 void AwURLLoaderThrottle::AddExtraHeadersIfNeeded(
     const GURL& url,
     net::HttpRequestHeaders* headers) {
   std::string extra_headers = aw_resource_context_->GetExtraHeaders(url);
   if (extra_headers.empty())
     return;

   net::HttpRequestHeaders temp_headers;
   temp_headers.AddHeadersFromString(extra_headers);
   for (net::HttpRequestHeaders::Iterator it(temp_headers); it.GetNext();) {
     if (headers->HasHeader(it.name()))
       continue;

     headers->SetHeader(it.name(), it.value());
     added_headers_.push_back(it.name());
   }
 }

 }  // namespace android_webview
	// Copyright 2019 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "android_webview/browser/network_service/aw_url_loader_throttle.h"

	#include "android_webview/browser/aw_resource_context.h"
	#include "android_webview/common/aw_features.h"
	#include "base/feature_list.h"
	#include "base/strings/string_util.h"
	#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
	#include "net/http/http_request_headers.h"
	#include "net/url_request/redirect_info.h"
	#include "services/network/public/cpp/resource_request.h"

	namespace android_webview {

	AwURLLoaderThrottle::AwURLLoaderThrottle(AwResourceContext* aw_resource_context)
	: aw_resource_context_(aw_resource_context) {}

	AwURLLoaderThrottle::~AwURLLoaderThrottle() = default;

	void AwURLLoaderThrottle::WillStartRequest(network::ResourceRequest* request,
	bool* defer) {
	AddExtraHeadersIfNeeded(request->url, &request->headers);
	if (!added_headers_.empty()) {
	original_origin_ = url::Origin::Create(request->url);
	}
	}

	void AwURLLoaderThrottle::WillRedirectRequest(
	net::RedirectInfo* redirect_info,
	const network::mojom::URLResponseHead& response_head,
	bool* defer,
	std::vector<std::string>* to_be_removed_request_headers,
	net::HttpRequestHeaders* modified_request_headers,
	net::HttpRequestHeaders* modified_cors_exempt_request_headers) {
	bool same_origin_only = base::FeatureList::IsEnabled(
	features::kWebViewExtraHeadersSameOriginOnly);

	if (!added_headers_.empty()) {
	bool is_same_origin =
	original_origin_.CanBeDerivedFrom(redirect_info->new_url);
	bool is_same_domain = net::registry_controlled_domains::SameDomainOrHost(
	redirect_info->new_url, original_origin_,
	net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);

	if ((same_origin_only && !is_same_origin) \|\| !is_same_domain) {
	// The headers we added must be removed.
	to_be_removed_request_headers->insert(
	to_be_removed_request_headers->end(),
	std::make_move_iterator(added_headers_.begin()),
	std::make_move_iterator(added_headers_.end()));
	added_headers_.clear();
	}
	}
	}

	void AwURLLoaderThrottle::AddExtraHeadersIfNeeded(
	const GURL& url,
	net::HttpRequestHeaders* headers) {
	std::string extra_headers = aw_resource_context_->GetExtraHeaders(url);
	if (extra_headers.empty())
	return;

	net::HttpRequestHeaders temp_headers;
	temp_headers.AddHeadersFromString(extra_headers);
	for (net::HttpRequestHeaders::Iterator it(temp_headers); it.GetNext();) {
	if (headers->HasHeader(it.name()))
	continue;

	headers->SetHeader(it.name(), it.value());
	added_headers_.push_back(it.name());
	}
	}

	} // namespace android_webview