blob: 7241385a577e499cc37af1266676dee10a5f3315 [file] [log] [blame]
// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "services/network/sec_header_helpers.h"
#include <algorithm>
#include <string>
#include "base/feature_list.h"
#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
#include "net/http/http_request_headers.h"
#include "net/url_request/url_request.h"
#include "services/network/initiator_lock_compatibility.h"
#include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/is_potentially_trustworthy.h"
#include "services/network/public/mojom/network_context.mojom.h"
namespace network {
namespace {
bool IsSameSite(const url::Origin& initiator,
const url::Origin& target_origin) {
// Cross-scheme initiator should be considered cross-site (even if it's host
// is same-site with the target). See also
if (initiator.scheme() != target_origin.scheme())
return false;
return net::registry_controlled_domains::SameDomainOrHost(
initiator, target_origin,
// Possible values of Sec-Fetch-Site header.
// Note that the order of enum values below is significant - it is important for
// std::max invocations that kSameOrigin < kSameSite < kCrossSite.
enum class HeaderValue {
HeaderValue CalculateHeaderValue(const GURL& target_url,
const url::Origin& initiator) {
url::Origin target_origin = url::Origin::Create(target_url);
if (target_origin == initiator)
return HeaderValue::kSameOrigin;
if (IsSameSite(initiator, target_origin))
return HeaderValue::kSameSite;
return HeaderValue::kCrossSite;
HeaderValue CalculateHeaderValue(
const net::URLRequest& request,
const GURL* pending_redirect_url,
const mojom::URLLoaderFactoryParams& factory_params) {
// Use `Sec-Fetch-Site: none` for browser-initiated requests with no
// initiator origin.
if (factory_params.process_id == mojom::kBrowserProcessId &&
!request.initiator().has_value()) {
return HeaderValue::kNoOrigin;
// Otherwise, calculate the |header_value| by comparing the initiator with the
// full chain of request URLs.
HeaderValue header_value = HeaderValue::kSameOrigin;
url::Origin initiator = GetTrustworthyInitiator(
factory_params.request_initiator_site_lock, request.initiator());
for (const GURL& target_url : request.url_chain()) {
header_value =
std::max(header_value, CalculateHeaderValue(target_url, initiator));
if (pending_redirect_url) {
header_value = std::max(
header_value, CalculateHeaderValue(*pending_redirect_url, initiator));
return header_value;
const char* GetHeaderString(const HeaderValue& value) {
switch (value) {
case HeaderValue::kNoOrigin:
return "none";
case HeaderValue::kSameOrigin:
return "same-origin";
case HeaderValue::kSameSite:
return "same-site";
case HeaderValue::kCrossSite:
return "cross-site";
} // namespace
void SetSecFetchSiteHeader(
net::URLRequest* request,
const GURL* pending_redirect_url,
const mojom::URLLoaderFactoryParams& factory_params) {
DCHECK_NE(0u, request->url_chain().size());
if (!base::FeatureList::IsEnabled(features::kFetchMetadata))
// Only append the header to potentially trustworthy URLs.
const GURL& target_url =
pending_redirect_url ? *pending_redirect_url : request->url();
if (!IsUrlPotentiallyTrustworthy(target_url))
// Set the request header.
const char kHeaderName[] = "Sec-Fetch-Site";
HeaderValue header_value =
CalculateHeaderValue(*request, pending_redirect_url, factory_params);
kHeaderName, GetHeaderString(header_value), /* overwrite = */ true);
void MaybeRemoveSecHeaders(net::URLRequest* request,
const GURL& pending_redirect_url) {
if (!base::FeatureList::IsEnabled(features::kFetchMetadata))
// If our redirect destination is not trusted it would not have had sec-ch- or
// sec-fetch- prefixed headers added to it. Our previous hops may have added
// these headers if the current url is trustworthy though so we should try to
// remove these now.
if (IsUrlPotentiallyTrustworthy(request->url()) &&
!IsUrlPotentiallyTrustworthy(pending_redirect_url)) {
// Check each of our request headers and if it is a "sec-ch-" or
// "sec-fetch-" prefixed header we'll remove it.
const net::HttpRequestHeaders::HeaderVector request_headers =
for (const auto& header : request_headers) {
if (StartsWith(header.key, "sec-ch-",
base::CompareCase::INSENSITIVE_ASCII) ||
StartsWith(header.key, "sec-fetch-",
base::CompareCase::INSENSITIVE_ASCII)) {
} // namespace network