Google Git
Sign in
chromium / chromium / src / 6036187a1d76f93d870769db672a39bfece18b4d / . / chrome / common / google_url_loader_throttle.cc
blob: 3ce38cb1ee3a2e58d81dd3403d5d8d4cc1a50ef4 [file] [log] [blame]
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/common/google_url_loader_throttle.h"
#include "chrome/common/net/safe_search_util.h"
#include "components/variations/net/variations_http_headers.h"
#include "services/network/public/cpp/resource_response.h"
#if BUILDFLAG(ENABLE_EXTENSIONS)
#include "extensions/common/extension_urls.h"
#endif
GoogleURLLoaderThrottle::GoogleURLLoaderThrottle(
bool is_off_the_record,
chrome::mojom::DynamicParams dynamic_params)
: is_off_the_record_(is_off_the_record),
dynamic_params_(std::move(dynamic_params)) {}
GoogleURLLoaderThrottle::~GoogleURLLoaderThrottle() {}
void GoogleURLLoaderThrottle::DetachFromCurrentSequence() {}
void GoogleURLLoaderThrottle::WillStartRequest(
network::ResourceRequest* request,
bool* defer) {
variations::AppendVariationsHeaderWithCustomValue(
request->url,
is_off_the_record_ ? variations::InIncognito::kYes
: variations::InIncognito::kNo,
dynamic_params_.variation_ids_header, request);
if (dynamic_params_.force_safe_search) {
GURL new_url;
safe_search_util::ForceGoogleSafeSearch(request->url, &new_url);
if (!new_url.is_empty())
request->url = new_url;
}
static_assert(safe_search_util::YOUTUBE_RESTRICT_OFF == 0,
"OFF must be first");
if (dynamic_params_.youtube_restrict >
safe_search_util::YOUTUBE_RESTRICT_OFF &&
dynamic_params_.youtube_restrict <
safe_search_util::YOUTUBE_RESTRICT_COUNT) {
safe_search_util::ForceYouTubeRestrict(
request->url, &request->headers,
static_cast<safe_search_util::YouTubeRestrictMode>(
dynamic_params_.youtube_restrict));
}
if (!dynamic_params_.allowed_domains_for_apps.empty() &&
request->url.DomainIs("google.com")) {
request->headers.SetHeader(safe_search_util::kGoogleAppsAllowedDomains,
dynamic_params_.allowed_domains_for_apps);
}
}
void GoogleURLLoaderThrottle::WillRedirectRequest(
net::RedirectInfo* redirect_info,
const network::ResourceResponseHead& response_head,
bool* /* defer */,
std::vector<std::string>* to_be_removed_headers,
net::HttpRequestHeaders* modified_headers) {
variations::RemoveVariationsHeaderIfNeeded(*redirect_info, response_head,
to_be_removed_headers);
// URLLoaderThrottles can only change the redirect URL when the network
// service is enabled. The non-network service path handles this in
// ChromeNetworkDelegate.
if (dynamic_params_.force_safe_search) {
safe_search_util::ForceGoogleSafeSearch(redirect_info->new_url,
&redirect_info->new_url);
}
if (dynamic_params_.youtube_restrict >
safe_search_util::YOUTUBE_RESTRICT_OFF &&
dynamic_params_.youtube_restrict <
safe_search_util::YOUTUBE_RESTRICT_COUNT) {
safe_search_util::ForceYouTubeRestrict(
redirect_info->new_url, modified_headers,
static_cast<safe_search_util::YouTubeRestrictMode>(
dynamic_params_.youtube_restrict));
}
if (!dynamic_params_.allowed_domains_for_apps.empty() &&
redirect_info->new_url.DomainIs("google.com")) {
modified_headers->SetHeader(safe_search_util::kGoogleAppsAllowedDomains,
dynamic_params_.allowed_domains_for_apps);
}
}
#if BUILDFLAG(ENABLE_EXTENSIONS)
void GoogleURLLoaderThrottle::WillProcessResponse(
const GURL& response_url,
network::ResourceResponseHead* response_head,
bool* defer) {
// Built-in additional protection for the chrome web store origin.
GURL webstore_url(extension_urls::GetWebstoreLaunchURL());
if (response_url.SchemeIsHTTPOrHTTPS() &&
response_url.DomainIs(webstore_url.host_piece())) {
if (response_head && response_head->headers &&
!response_head->headers->HasHeaderValue("x-frame-options", "deny") &&
!response_head->headers->HasHeaderValue("x-frame-options",
"sameorigin")) {
response_head->headers->RemoveHeader("x-frame-options");
response_head->headers->AddHeader("x-frame-options: sameorigin");
}
}
}
#endif