// Copyright 2018 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "services/network/cors/preflight_result.h" #include <string> #include <string_view> #include <vector> #include "base/feature_list.h" #include "base/memory/ptr_util.h" #include "base/metrics/histogram_macros.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" #include "base/strings/string_util.h" #include "base/time/default_tick_clock.h" #include "base/time/tick_clock.h" #include "base/time/time.h" #include "base/values.h" #include "net/http/http_request_headers.h" #include "net/http/http_util.h" #include "services/network/cors/cors_util.h" #include "services/network/public/cpp/cors/cors.h" #include "services/network/public/cpp/features.h" namespace network::cors { namespace { // Timeout values below are at the discretion of the user agent. // Default cache expiry time for an entry that does not have // Access-Control-Max-Age header in its CORS-preflight response. constexpr base::TimeDelta kDefaultTimeout = …; // Maximum cache expiry time. Even if a CORS-preflight response contains // Access-Control-Max-Age header that specifies a longer expiry time, this // maximum time is applied. constexpr base::TimeDelta kMaxTimeout = …; // Holds TickClock instance to overwrite TimeTicks::Now() for testing. const base::TickClock* tick_clock_for_testing = …; // We define the value here because we want a lower-cased header name. constexpr char kAuthorization[] = …; base::TimeTicks Now() { … } base::TimeDelta ParseAccessControlMaxAge( const std::optional<std::string>& max_age) { … } // Parses `string` as a Access-Control-Allow-* header value, storing the result // in `set`. This function returns false when `string` does not satisfy the // syntax here: https://fetch.spec.whatwg.org/#http-new-header-syntax. bool ParseAccessControlAllowList(const std::optional<std::string>& string, base::flat_set<std::string>* set, bool insert_in_lower_case) { … } // Joins the strings in the given `set ` with commas. std::string JoinSet(const base::flat_set<std::string>& set) { … } } // namespace // static void PreflightResult::SetTickClockForTesting( const base::TickClock* tick_clock) { … } // static std::unique_ptr<PreflightResult> PreflightResult::Create( const mojom::CredentialsMode credentials_mode, const std::optional<std::string>& allow_methods_header, const std::optional<std::string>& allow_headers_header, const std::optional<std::string>& max_age_header, std::optional<mojom::CorsError>* detected_error) { … } PreflightResult::PreflightResult(const mojom::CredentialsMode credentials_mode) : … { … } PreflightResult::~PreflightResult() = default; std::optional<CorsErrorStatus> PreflightResult::EnsureAllowedCrossOriginMethod( const std::string& method, bool acam_preflight_spec_conformant) const { … } std::optional<CorsErrorStatus> PreflightResult::EnsureAllowedCrossOriginHeaders( const net::HttpRequestHeaders& headers, bool is_revalidating, NonWildcardRequestHeadersSupport non_wildcard_request_headers_support) const { … } bool PreflightResult::IsExpired() const { … } bool PreflightResult::EnsureAllowedRequest( mojom::CredentialsMode credentials_mode, const std::string& method, const net::HttpRequestHeaders& headers, bool is_revalidating, NonWildcardRequestHeadersSupport non_wildcard_request_headers_support, bool acam_preflight_spec_conformant) const { … } std::optional<mojom::CorsError> PreflightResult::Parse( const std::optional<std::string>& allow_methods_header, const std::optional<std::string>& allow_headers_header, const std::optional<std::string>& max_age_header) { … } bool PreflightResult::HasAuthorizationCoveredByWildcard( const net::HttpRequestHeaders& headers) const { … } base::Value::Dict PreflightResult::NetLogParams() const { … } } // namespace network::cors
Codebase Browser
chromium