1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // The rules for header parsing were borrowed from Firefox:
6 // http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpResponseHead.cpp
7 // The rules for parsing content-types were also borrowed from Firefox:
8 // http://lxr.mozilla.org/mozilla/source/netwerk/base/src/nsURLHelper.cpp#834
10 #include "net/http/http_response_headers.h"
14 #include "base/logging.h"
15 #include "base/metrics/histogram.h"
16 #include "base/pickle.h"
17 #include "base/strings/string_number_conversions.h"
18 #include "base/strings/string_piece.h"
19 #include "base/strings/string_util.h"
20 #include "base/strings/stringprintf.h"
21 #include "base/time/time.h"
22 #include "base/values.h"
23 #include "net/base/escape.h"
24 #include "net/http/http_util.h"
26 using base::StringPiece;
28 using base::TimeDelta;
32 //-----------------------------------------------------------------------------
36 // These headers are RFC 2616 hop-by-hop headers;
37 // not to be stored by caches.
38 const char* const kHopByHopResponseHeaders[] = {
47 // These headers are challenge response headers;
48 // not to be stored by caches.
49 const char* const kChallengeResponseHeaders[] = {
54 // These headers are cookie setting headers;
55 // not to be stored by caches or disclosed otherwise.
56 const char* const kCookieResponseHeaders[] = {
61 // By default, do not cache Strict-Transport-Security or Public-Key-Pins.
62 // This avoids erroneously re-processing them on page loads from cache ---
63 // they are defined to be valid only on live and error-free HTTPS
65 const char* const kSecurityStateHeaders[] = {
66 "strict-transport-security",
70 // These response headers are not copied from a 304/206 response to the cached
71 // response headers. This list is based on Mozilla's nsHttpResponseHead.cpp.
72 const char* const kNonUpdatedHeaders[] = {
86 // Some header prefixes mean "Don't copy this header from a 304 response.".
87 // Rather than listing all the relevant headers, we can consolidate them into
89 const char* const kNonUpdatedHeaderPrefixes[] = {
95 bool ShouldUpdateHeader(const std::string::const_iterator& name_begin,
96 const std::string::const_iterator& name_end) {
97 for (size_t i = 0; i < arraysize(kNonUpdatedHeaders); ++i) {
98 if (LowerCaseEqualsASCII(name_begin, name_end, kNonUpdatedHeaders[i]))
101 for (size_t i = 0; i < arraysize(kNonUpdatedHeaderPrefixes); ++i) {
102 if (StartsWithASCII(std::string(name_begin, name_end),
103 kNonUpdatedHeaderPrefixes[i], false))
109 void CheckDoesNotHaveEmbededNulls(const std::string& str) {
110 // Care needs to be taken when adding values to the raw headers string to
111 // make sure it does not contain embeded NULLs. Any embeded '\0' may be
112 // understood as line terminators and change how header lines get tokenized.
113 CHECK(str.find('\0') == std::string::npos);
118 struct HttpResponseHeaders::ParsedHeader {
119 // A header "continuation" contains only a subsequent value for the
120 // preceding header. (Header values are comma separated.)
121 bool is_continuation() const { return name_begin == name_end; }
123 std::string::const_iterator name_begin;
124 std::string::const_iterator name_end;
125 std::string::const_iterator value_begin;
126 std::string::const_iterator value_end;
129 //-----------------------------------------------------------------------------
131 HttpResponseHeaders::HttpResponseHeaders(const std::string& raw_input)
132 : response_code_(-1) {
135 // The most important thing to do with this histogram is find out
136 // the existence of unusual HTTP status codes. As it happens
137 // right now, there aren't double-constructions of response headers
138 // using this constructor, so our counts should also be accurate,
139 // without instantiating the histogram in two places. It is also
140 // important that this histogram not collect data in the other
141 // constructor, which rebuilds an histogram from a pickle, since
142 // that would actually create a double call between the original
143 // HttpResponseHeader that was serialized, and initialization of the
144 // new object from that pickle.
145 UMA_HISTOGRAM_CUSTOM_ENUMERATION("Net.HttpResponseCode",
146 HttpUtil::MapStatusCodeForHistogram(
148 // Note the third argument is only
149 // evaluated once, see macro
150 // definition for details.
151 HttpUtil::GetStatusCodesForHistogram());
154 HttpResponseHeaders::HttpResponseHeaders(const Pickle& pickle,
155 PickleIterator* iter)
156 : response_code_(-1) {
157 std::string raw_input;
158 if (pickle.ReadString(iter, &raw_input))
162 void HttpResponseHeaders::Persist(Pickle* pickle, PersistOptions options) {
163 if (options == PERSIST_RAW) {
164 pickle->WriteString(raw_headers_);
168 HeaderSet filter_headers;
170 // Construct set of headers to filter out based on options.
171 if ((options & PERSIST_SANS_NON_CACHEABLE) == PERSIST_SANS_NON_CACHEABLE)
172 AddNonCacheableHeaders(&filter_headers);
174 if ((options & PERSIST_SANS_COOKIES) == PERSIST_SANS_COOKIES)
175 AddCookieHeaders(&filter_headers);
177 if ((options & PERSIST_SANS_CHALLENGES) == PERSIST_SANS_CHALLENGES)
178 AddChallengeHeaders(&filter_headers);
180 if ((options & PERSIST_SANS_HOP_BY_HOP) == PERSIST_SANS_HOP_BY_HOP)
181 AddHopByHopHeaders(&filter_headers);
183 if ((options & PERSIST_SANS_RANGES) == PERSIST_SANS_RANGES)
184 AddHopContentRangeHeaders(&filter_headers);
186 if ((options & PERSIST_SANS_SECURITY_STATE) == PERSIST_SANS_SECURITY_STATE)
187 AddSecurityStateHeaders(&filter_headers);
190 blob.reserve(raw_headers_.size());
192 // This copies the status line w/ terminator null.
193 // Note raw_headers_ has embedded nulls instead of \n,
194 // so this just copies the first header line.
195 blob.assign(raw_headers_.c_str(), strlen(raw_headers_.c_str()) + 1);
197 for (size_t i = 0; i < parsed_.size(); ++i) {
198 DCHECK(!parsed_[i].is_continuation());
200 // Locate the start of the next header.
202 while (++k < parsed_.size() && parsed_[k].is_continuation()) {}
205 std::string header_name(parsed_[i].name_begin, parsed_[i].name_end);
206 StringToLowerASCII(&header_name);
208 if (filter_headers.find(header_name) == filter_headers.end()) {
209 // Make sure there is a null after the value.
210 blob.append(parsed_[i].name_begin, parsed_[k].value_end);
211 blob.push_back('\0');
216 blob.push_back('\0');
218 pickle->WriteString(blob);
221 void HttpResponseHeaders::Update(const HttpResponseHeaders& new_headers) {
222 DCHECK(new_headers.response_code() == 304 ||
223 new_headers.response_code() == 206);
225 // Copy up to the null byte. This just copies the status line.
226 std::string new_raw_headers(raw_headers_.c_str());
227 new_raw_headers.push_back('\0');
229 HeaderSet updated_headers;
231 // NOTE: we write the new headers then the old headers for convenience. The
232 // order should not matter.
234 // Figure out which headers we want to take from new_headers:
235 for (size_t i = 0; i < new_headers.parsed_.size(); ++i) {
236 const HeaderList& new_parsed = new_headers.parsed_;
238 DCHECK(!new_parsed[i].is_continuation());
240 // Locate the start of the next header.
242 while (++k < new_parsed.size() && new_parsed[k].is_continuation()) {}
245 const std::string::const_iterator& name_begin = new_parsed[i].name_begin;
246 const std::string::const_iterator& name_end = new_parsed[i].name_end;
247 if (ShouldUpdateHeader(name_begin, name_end)) {
248 std::string name(name_begin, name_end);
249 StringToLowerASCII(&name);
250 updated_headers.insert(name);
252 // Preserve this header line in the merged result, making sure there is
253 // a null after the value.
254 new_raw_headers.append(name_begin, new_parsed[k].value_end);
255 new_raw_headers.push_back('\0');
261 // Now, build the new raw headers.
262 MergeWithHeaders(new_raw_headers, updated_headers);
265 void HttpResponseHeaders::MergeWithHeaders(const std::string& raw_headers,
266 const HeaderSet& headers_to_remove) {
267 std::string new_raw_headers(raw_headers);
268 for (size_t i = 0; i < parsed_.size(); ++i) {
269 DCHECK(!parsed_[i].is_continuation());
271 // Locate the start of the next header.
273 while (++k < parsed_.size() && parsed_[k].is_continuation()) {}
276 std::string name(parsed_[i].name_begin, parsed_[i].name_end);
277 StringToLowerASCII(&name);
278 if (headers_to_remove.find(name) == headers_to_remove.end()) {
279 // It's ok to preserve this header in the final result.
280 new_raw_headers.append(parsed_[i].name_begin, parsed_[k].value_end);
281 new_raw_headers.push_back('\0');
286 new_raw_headers.push_back('\0');
288 // Make this object hold the new data.
289 raw_headers_.clear();
291 Parse(new_raw_headers);
294 void HttpResponseHeaders::RemoveHeader(const std::string& name) {
295 // Copy up to the null byte. This just copies the status line.
296 std::string new_raw_headers(raw_headers_.c_str());
297 new_raw_headers.push_back('\0');
299 std::string lowercase_name(name);
300 StringToLowerASCII(&lowercase_name);
302 to_remove.insert(lowercase_name);
303 MergeWithHeaders(new_raw_headers, to_remove);
306 void HttpResponseHeaders::RemoveHeaderLine(const std::string& name,
307 const std::string& value) {
308 std::string name_lowercase(name);
309 StringToLowerASCII(&name_lowercase);
311 std::string new_raw_headers(GetStatusLine());
312 new_raw_headers.push_back('\0');
314 new_raw_headers.reserve(raw_headers_.size());
317 std::string old_header_name;
318 std::string old_header_value;
319 while (EnumerateHeaderLines(&iter, &old_header_name, &old_header_value)) {
320 std::string old_header_name_lowercase(name);
321 StringToLowerASCII(&old_header_name_lowercase);
323 if (name_lowercase == old_header_name_lowercase &&
324 value == old_header_value)
327 new_raw_headers.append(old_header_name);
328 new_raw_headers.push_back(':');
329 new_raw_headers.push_back(' ');
330 new_raw_headers.append(old_header_value);
331 new_raw_headers.push_back('\0');
333 new_raw_headers.push_back('\0');
335 // Make this object hold the new data.
336 raw_headers_.clear();
338 Parse(new_raw_headers);
341 void HttpResponseHeaders::AddHeader(const std::string& header) {
342 CheckDoesNotHaveEmbededNulls(header);
343 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]);
344 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]);
345 // Don't copy the last null.
346 std::string new_raw_headers(raw_headers_, 0, raw_headers_.size() - 1);
347 new_raw_headers.append(header);
348 new_raw_headers.push_back('\0');
349 new_raw_headers.push_back('\0');
351 // Make this object hold the new data.
352 raw_headers_.clear();
354 Parse(new_raw_headers);
357 void HttpResponseHeaders::ReplaceStatusLine(const std::string& new_status) {
358 CheckDoesNotHaveEmbededNulls(new_status);
359 // Copy up to the null byte. This just copies the status line.
360 std::string new_raw_headers(new_status);
361 new_raw_headers.push_back('\0');
363 HeaderSet empty_to_remove;
364 MergeWithHeaders(new_raw_headers, empty_to_remove);
367 void HttpResponseHeaders::Parse(const std::string& raw_input) {
368 raw_headers_.reserve(raw_input.size());
370 // ParseStatusLine adds a normalized status line to raw_headers_
371 std::string::const_iterator line_begin = raw_input.begin();
372 std::string::const_iterator line_end =
373 std::find(line_begin, raw_input.end(), '\0');
374 // has_headers = true, if there is any data following the status line.
375 // Used by ParseStatusLine() to decide if a HTTP/0.9 is really a HTTP/1.0.
376 bool has_headers = (line_end != raw_input.end() &&
377 (line_end + 1) != raw_input.end() &&
378 *(line_end + 1) != '\0');
379 ParseStatusLine(line_begin, line_end, has_headers);
380 raw_headers_.push_back('\0'); // Terminate status line with a null.
382 if (line_end == raw_input.end()) {
383 raw_headers_.push_back('\0'); // Ensure the headers end with a double null.
385 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]);
386 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]);
390 // Including a terminating null byte.
391 size_t status_line_len = raw_headers_.size();
393 // Now, we add the rest of the raw headers to raw_headers_, and begin parsing
394 // it (to populate our parsed_ vector).
395 raw_headers_.append(line_end + 1, raw_input.end());
397 // Ensure the headers end with a double null.
398 while (raw_headers_.size() < 2 ||
399 raw_headers_[raw_headers_.size() - 2] != '\0' ||
400 raw_headers_[raw_headers_.size() - 1] != '\0') {
401 raw_headers_.push_back('\0');
404 // Adjust to point at the null byte following the status line
405 line_end = raw_headers_.begin() + status_line_len - 1;
407 HttpUtil::HeadersIterator headers(line_end + 1, raw_headers_.end(),
408 std::string(1, '\0'));
409 while (headers.GetNext()) {
410 AddHeader(headers.name_begin(),
412 headers.values_begin(),
413 headers.values_end());
416 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]);
417 DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]);
420 // Append all of our headers to the final output string.
421 void HttpResponseHeaders::GetNormalizedHeaders(std::string* output) const {
422 // copy up to the null byte. this just copies the status line.
423 output->assign(raw_headers_.c_str());
425 // headers may appear multiple times (not necessarily in succession) in the
426 // header data, so we build a map from header name to generated header lines.
427 // to preserve the order of the original headers, the actual values are kept
428 // in a separate list. finally, the list of headers is flattened to form
429 // the normalized block of headers.
431 // NOTE: We take special care to preserve the whitespace around any commas
432 // that may occur in the original response headers. Because our consumer may
433 // be a web app, we cannot be certain of the semantics of commas despite the
434 // fact that RFC 2616 says that they should be regarded as value separators.
436 typedef base::hash_map<std::string, size_t> HeadersMap;
437 HeadersMap headers_map;
438 HeadersMap::iterator iter = headers_map.end();
440 std::vector<std::string> headers;
442 for (size_t i = 0; i < parsed_.size(); ++i) {
443 DCHECK(!parsed_[i].is_continuation());
445 std::string name(parsed_[i].name_begin, parsed_[i].name_end);
446 std::string lower_name = StringToLowerASCII(name);
448 iter = headers_map.find(lower_name);
449 if (iter == headers_map.end()) {
450 iter = headers_map.insert(
451 HeadersMap::value_type(lower_name, headers.size())).first;
452 headers.push_back(name + ": ");
454 headers[iter->second].append(", ");
457 std::string::const_iterator value_begin = parsed_[i].value_begin;
458 std::string::const_iterator value_end = parsed_[i].value_end;
459 while (++i < parsed_.size() && parsed_[i].is_continuation())
460 value_end = parsed_[i].value_end;
463 headers[iter->second].append(value_begin, value_end);
466 for (size_t i = 0; i < headers.size(); ++i) {
467 output->push_back('\n');
468 output->append(headers[i]);
471 output->push_back('\n');
474 bool HttpResponseHeaders::GetNormalizedHeader(const std::string& name,
475 std::string* value) const {
476 // If you hit this assertion, please use EnumerateHeader instead!
477 DCHECK(!HttpUtil::IsNonCoalescingHeader(name));
483 while (i < parsed_.size()) {
484 i = FindHeader(i, name);
485 if (i == std::string::npos)
493 std::string::const_iterator value_begin = parsed_[i].value_begin;
494 std::string::const_iterator value_end = parsed_[i].value_end;
495 while (++i < parsed_.size() && parsed_[i].is_continuation())
496 value_end = parsed_[i].value_end;
497 value->append(value_begin, value_end);
503 std::string HttpResponseHeaders::GetStatusLine() const {
504 // copy up to the null byte.
505 return std::string(raw_headers_.c_str());
508 std::string HttpResponseHeaders::GetStatusText() const {
509 // GetStatusLine() is already normalized, so it has the format:
510 // <http_version> SP <response_code> SP <status_text>
511 std::string status_text = GetStatusLine();
512 std::string::const_iterator begin = status_text.begin();
513 std::string::const_iterator end = status_text.end();
514 for (int i = 0; i < 2; ++i)
515 begin = std::find(begin, end, ' ') + 1;
516 return std::string(begin, end);
519 bool HttpResponseHeaders::EnumerateHeaderLines(void** iter,
521 std::string* value) const {
522 size_t i = reinterpret_cast<size_t>(*iter);
523 if (i == parsed_.size())
526 DCHECK(!parsed_[i].is_continuation());
528 name->assign(parsed_[i].name_begin, parsed_[i].name_end);
530 std::string::const_iterator value_begin = parsed_[i].value_begin;
531 std::string::const_iterator value_end = parsed_[i].value_end;
532 while (++i < parsed_.size() && parsed_[i].is_continuation())
533 value_end = parsed_[i].value_end;
535 value->assign(value_begin, value_end);
537 *iter = reinterpret_cast<void*>(i);
541 bool HttpResponseHeaders::EnumerateHeader(void** iter,
542 const base::StringPiece& name,
543 std::string* value) const {
545 if (!iter || !*iter) {
546 i = FindHeader(0, name);
548 i = reinterpret_cast<size_t>(*iter);
549 if (i >= parsed_.size()) {
550 i = std::string::npos;
551 } else if (!parsed_[i].is_continuation()) {
552 i = FindHeader(i, name);
556 if (i == std::string::npos) {
562 *iter = reinterpret_cast<void*>(i + 1);
563 value->assign(parsed_[i].value_begin, parsed_[i].value_end);
567 bool HttpResponseHeaders::HasHeaderValue(const base::StringPiece& name,
568 const base::StringPiece& value) const {
569 // The value has to be an exact match. This is important since
570 // 'cache-control: no-cache' != 'cache-control: no-cache="foo"'
573 while (EnumerateHeader(&iter, name, &temp)) {
574 if (value.size() == temp.size() &&
575 std::equal(temp.begin(), temp.end(), value.begin(),
576 base::CaseInsensitiveCompare<char>()))
582 bool HttpResponseHeaders::HasHeader(const base::StringPiece& name) const {
583 return FindHeader(0, name) != std::string::npos;
586 HttpResponseHeaders::HttpResponseHeaders() : response_code_(-1) {
589 HttpResponseHeaders::~HttpResponseHeaders() {
592 // Note: this implementation implicitly assumes that line_end points at a valid
593 // sentinel character (such as '\0').
595 HttpVersion HttpResponseHeaders::ParseVersion(
596 std::string::const_iterator line_begin,
597 std::string::const_iterator line_end) {
598 std::string::const_iterator p = line_begin;
600 // RFC2616 sec 3.1: HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT
601 // TODO: (1*DIGIT apparently means one or more digits, but we only handle 1).
602 // TODO: handle leading zeros, which is allowed by the rfc1616 sec 3.1.
604 if ((line_end - p < 4) || !LowerCaseEqualsASCII(p, p + 4, "http")) {
605 DVLOG(1) << "missing status line";
606 return HttpVersion();
611 if (p >= line_end || *p != '/') {
612 DVLOG(1) << "missing version";
613 return HttpVersion();
616 std::string::const_iterator dot = std::find(p, line_end, '.');
617 if (dot == line_end) {
618 DVLOG(1) << "malformed version";
619 return HttpVersion();
622 ++p; // from / to first digit.
623 ++dot; // from . to second digit.
625 if (!(*p >= '0' && *p <= '9' && *dot >= '0' && *dot <= '9')) {
626 DVLOG(1) << "malformed version number";
627 return HttpVersion();
630 uint16 major = *p - '0';
631 uint16 minor = *dot - '0';
633 return HttpVersion(major, minor);
636 // Note: this implementation implicitly assumes that line_end points at a valid
637 // sentinel character (such as '\0').
638 void HttpResponseHeaders::ParseStatusLine(
639 std::string::const_iterator line_begin,
640 std::string::const_iterator line_end,
642 // Extract the version number
643 parsed_http_version_ = ParseVersion(line_begin, line_end);
645 // Clamp the version number to one of: {0.9, 1.0, 1.1}
646 if (parsed_http_version_ == HttpVersion(0, 9) && !has_headers) {
647 http_version_ = HttpVersion(0, 9);
648 raw_headers_ = "HTTP/0.9";
649 } else if (parsed_http_version_ >= HttpVersion(1, 1)) {
650 http_version_ = HttpVersion(1, 1);
651 raw_headers_ = "HTTP/1.1";
653 // Treat everything else like HTTP 1.0
654 http_version_ = HttpVersion(1, 0);
655 raw_headers_ = "HTTP/1.0";
657 if (parsed_http_version_ != http_version_) {
658 DVLOG(1) << "assuming HTTP/" << http_version_.major_value() << "."
659 << http_version_.minor_value();
662 // TODO(eroman): this doesn't make sense if ParseVersion failed.
663 std::string::const_iterator p = std::find(line_begin, line_end, ' ');
666 DVLOG(1) << "missing response status; assuming 200 OK";
667 raw_headers_.append(" 200 OK");
668 response_code_ = 200;
676 std::string::const_iterator code = p;
677 while (*p >= '0' && *p <= '9')
681 DVLOG(1) << "missing response status number; assuming 200";
682 raw_headers_.append(" 200 OK");
683 response_code_ = 200;
686 raw_headers_.push_back(' ');
687 raw_headers_.append(code, p);
688 raw_headers_.push_back(' ');
689 base::StringToInt(StringPiece(code, p), &response_code_);
695 // Trim trailing whitespace.
696 while (line_end > p && line_end[-1] == ' ')
700 DVLOG(1) << "missing response status text; assuming OK";
701 // Not super critical what we put here. Just use "OK"
702 // even if it isn't descriptive of response_code_.
703 raw_headers_.append("OK");
705 raw_headers_.append(p, line_end);
709 size_t HttpResponseHeaders::FindHeader(size_t from,
710 const base::StringPiece& search) const {
711 for (size_t i = from; i < parsed_.size(); ++i) {
712 if (parsed_[i].is_continuation())
714 const std::string::const_iterator& name_begin = parsed_[i].name_begin;
715 const std::string::const_iterator& name_end = parsed_[i].name_end;
716 if (static_cast<size_t>(name_end - name_begin) == search.size() &&
717 std::equal(name_begin, name_end, search.begin(),
718 base::CaseInsensitiveCompare<char>()))
722 return std::string::npos;
725 void HttpResponseHeaders::AddHeader(std::string::const_iterator name_begin,
726 std::string::const_iterator name_end,
727 std::string::const_iterator values_begin,
728 std::string::const_iterator values_end) {
729 // If the header can be coalesced, then we should split it up.
730 if (values_begin == values_end ||
731 HttpUtil::IsNonCoalescingHeader(name_begin, name_end)) {
732 AddToParsed(name_begin, name_end, values_begin, values_end);
734 HttpUtil::ValuesIterator it(values_begin, values_end, ',');
735 while (it.GetNext()) {
736 AddToParsed(name_begin, name_end, it.value_begin(), it.value_end());
737 // clobber these so that subsequent values are treated as continuations
738 name_begin = name_end = raw_headers_.end();
743 void HttpResponseHeaders::AddToParsed(std::string::const_iterator name_begin,
744 std::string::const_iterator name_end,
745 std::string::const_iterator value_begin,
746 std::string::const_iterator value_end) {
748 header.name_begin = name_begin;
749 header.name_end = name_end;
750 header.value_begin = value_begin;
751 header.value_end = value_end;
752 parsed_.push_back(header);
755 void HttpResponseHeaders::AddNonCacheableHeaders(HeaderSet* result) const {
756 // Add server specified transients. Any 'cache-control: no-cache="foo,bar"'
757 // headers present in the response specify additional headers that we should
758 // not store in the cache.
759 const char kCacheControl[] = "cache-control";
760 const char kPrefix[] = "no-cache=\"";
761 const size_t kPrefixLen = sizeof(kPrefix) - 1;
765 while (EnumerateHeader(&iter, kCacheControl, &value)) {
766 // If the value is smaller than the prefix and a terminal quote, skip
768 if (value.size() <= kPrefixLen ||
769 value.compare(0, kPrefixLen, kPrefix) != 0) {
772 // if it doesn't end with a quote, then treat as malformed
773 if (value[value.size()-1] != '\"')
776 // process the value as a comma-separated list of items. Each
777 // item can be wrapped by linear white space.
778 std::string::const_iterator item = value.begin() + kPrefixLen;
779 std::string::const_iterator end = value.end() - 1;
780 while (item != end) {
781 // Find the comma to compute the length of the current item,
782 // and the position of the next one.
783 std::string::const_iterator item_next = std::find(item, end, ',');
784 std::string::const_iterator item_end = end;
785 if (item_next != end) {
786 // Skip over comma for next position.
787 item_end = item_next;
790 // trim off leading and trailing whitespace in this item.
791 HttpUtil::TrimLWS(&item, &item_end);
793 // assuming the header is not empty, lowercase and insert into set
794 if (item_end > item) {
795 std::string name(&*item, item_end - item);
796 StringToLowerASCII(&name);
797 result->insert(name);
800 // Continue to next item.
806 void HttpResponseHeaders::AddHopByHopHeaders(HeaderSet* result) {
807 for (size_t i = 0; i < arraysize(kHopByHopResponseHeaders); ++i)
808 result->insert(std::string(kHopByHopResponseHeaders[i]));
811 void HttpResponseHeaders::AddCookieHeaders(HeaderSet* result) {
812 for (size_t i = 0; i < arraysize(kCookieResponseHeaders); ++i)
813 result->insert(std::string(kCookieResponseHeaders[i]));
816 void HttpResponseHeaders::AddChallengeHeaders(HeaderSet* result) {
817 for (size_t i = 0; i < arraysize(kChallengeResponseHeaders); ++i)
818 result->insert(std::string(kChallengeResponseHeaders[i]));
821 void HttpResponseHeaders::AddHopContentRangeHeaders(HeaderSet* result) {
822 result->insert("content-range");
825 void HttpResponseHeaders::AddSecurityStateHeaders(HeaderSet* result) {
826 for (size_t i = 0; i < arraysize(kSecurityStateHeaders); ++i)
827 result->insert(std::string(kSecurityStateHeaders[i]));
830 void HttpResponseHeaders::GetMimeTypeAndCharset(std::string* mime_type,
831 std::string* charset) const {
835 std::string name = "content-type";
838 bool had_charset = false;
841 while (EnumerateHeader(&iter, name, &value))
842 HttpUtil::ParseContentType(value, mime_type, charset, &had_charset, NULL);
845 bool HttpResponseHeaders::GetMimeType(std::string* mime_type) const {
847 GetMimeTypeAndCharset(mime_type, &unused);
848 return !mime_type->empty();
851 bool HttpResponseHeaders::GetCharset(std::string* charset) const {
853 GetMimeTypeAndCharset(&unused, charset);
854 return !charset->empty();
857 bool HttpResponseHeaders::IsRedirect(std::string* location) const {
858 if (!IsRedirectResponseCode(response_code_))
861 // If we lack a Location header, then we can't treat this as a redirect.
862 // We assume that the first non-empty location value is the target URL that
863 // we want to follow. TODO(darin): Is this consistent with other browsers?
864 size_t i = std::string::npos;
866 i = FindHeader(++i, "location");
867 if (i == std::string::npos)
869 // If the location value is empty, then it doesn't count.
870 } while (parsed_[i].value_begin == parsed_[i].value_end);
873 // Escape any non-ASCII characters to preserve them. The server should
874 // only be returning ASCII here, but for compat we need to do this.
875 *location = EscapeNonASCII(
876 std::string(parsed_[i].value_begin, parsed_[i].value_end));
883 bool HttpResponseHeaders::IsRedirectResponseCode(int response_code) {
884 // Users probably want to see 300 (multiple choice) pages, so we don't count
885 // them as redirects that need to be followed.
886 return (response_code == 301 ||
887 response_code == 302 ||
888 response_code == 303 ||
889 response_code == 307);
892 // From RFC 2616 section 13.2.4:
894 // The calculation to determine if a response has expired is quite simple:
896 // response_is_fresh = (freshness_lifetime > current_age)
898 // Of course, there are other factors that can force a response to always be
899 // validated or re-fetched.
901 bool HttpResponseHeaders::RequiresValidation(const Time& request_time,
902 const Time& response_time,
903 const Time& current_time) const {
905 GetFreshnessLifetime(response_time);
906 if (lifetime == TimeDelta())
909 return lifetime <= GetCurrentAge(request_time, response_time, current_time);
912 // From RFC 2616 section 13.2.4:
914 // The max-age directive takes priority over Expires, so if max-age is present
915 // in a response, the calculation is simply:
917 // freshness_lifetime = max_age_value
919 // Otherwise, if Expires is present in the response, the calculation is:
921 // freshness_lifetime = expires_value - date_value
923 // Note that neither of these calculations is vulnerable to clock skew, since
924 // all of the information comes from the origin server.
926 // Also, if the response does have a Last-Modified time, the heuristic
927 // expiration value SHOULD be no more than some fraction of the interval since
928 // that time. A typical setting of this fraction might be 10%:
930 // freshness_lifetime = (date_value - last_modified_value) * 0.10
932 TimeDelta HttpResponseHeaders::GetFreshnessLifetime(
933 const Time& response_time) const {
934 // Check for headers that force a response to never be fresh. For backwards
935 // compat, we treat "Pragma: no-cache" as a synonym for "Cache-Control:
936 // no-cache" even though RFC 2616 does not specify it.
937 if (HasHeaderValue("cache-control", "no-cache") ||
938 HasHeaderValue("cache-control", "no-store") ||
939 HasHeaderValue("pragma", "no-cache") ||
940 HasHeaderValue("vary", "*")) // see RFC 2616 section 13.6
941 return TimeDelta(); // not fresh
943 // NOTE: "Cache-Control: max-age" overrides Expires, so we only check the
944 // Expires header after checking for max-age in GetFreshnessLifetime. This
945 // is important since "Expires: <date in the past>" means not fresh, but
946 // it should not trump a max-age value.
948 TimeDelta max_age_value;
949 if (GetMaxAgeValue(&max_age_value))
950 return max_age_value;
952 // If there is no Date header, then assume that the server response was
953 // generated at the time when we received the response.
955 if (!GetDateValue(&date_value))
956 date_value = response_time;
959 if (GetExpiresValue(&expires_value)) {
960 // The expires value can be a date in the past!
961 if (expires_value > date_value)
962 return expires_value - date_value;
964 return TimeDelta(); // not fresh
967 // From RFC 2616 section 13.4:
969 // A response received with a status code of 200, 203, 206, 300, 301 or 410
970 // MAY be stored by a cache and used in reply to a subsequent request,
971 // subject to the expiration mechanism, unless a cache-control directive
972 // prohibits caching.
974 // A response received with any other status code (e.g. status codes 302
975 // and 307) MUST NOT be returned in a reply to a subsequent request unless
976 // there are cache-control directives or another header(s) that explicitly
979 // From RFC 2616 section 14.9.4:
981 // When the must-revalidate directive is present in a response received by
982 // a cache, that cache MUST NOT use the entry after it becomes stale to
983 // respond to a subsequent request without first revalidating it with the
984 // origin server. (I.e., the cache MUST do an end-to-end revalidation every
985 // time, if, based solely on the origin server's Expires or max-age value,
986 // the cached response is stale.)
988 if ((response_code_ == 200 || response_code_ == 203 ||
989 response_code_ == 206) &&
990 !HasHeaderValue("cache-control", "must-revalidate")) {
991 // TODO(darin): Implement a smarter heuristic.
992 Time last_modified_value;
993 if (GetLastModifiedValue(&last_modified_value)) {
994 // The last-modified value can be a date in the past!
995 if (last_modified_value <= date_value)
996 return (date_value - last_modified_value) / 10;
1000 // These responses are implicitly fresh (unless otherwise overruled):
1001 if (response_code_ == 300 || response_code_ == 301 || response_code_ == 410)
1002 return TimeDelta::FromMicroseconds(kint64max);
1004 return TimeDelta(); // not fresh
1007 // From RFC 2616 section 13.2.3:
1009 // Summary of age calculation algorithm, when a cache receives a response:
1013 // * is the value of Age: header received by the cache with
1016 // * is the value of the origin server's Date: header
1018 // * is the (local) time when the cache made the request
1019 // * that resulted in this cached response
1021 // * is the (local) time when the cache received the
1024 // * is the current (local) time
1026 // apparent_age = max(0, response_time - date_value);
1027 // corrected_received_age = max(apparent_age, age_value);
1028 // response_delay = response_time - request_time;
1029 // corrected_initial_age = corrected_received_age + response_delay;
1030 // resident_time = now - response_time;
1031 // current_age = corrected_initial_age + resident_time;
1033 TimeDelta HttpResponseHeaders::GetCurrentAge(const Time& request_time,
1034 const Time& response_time,
1035 const Time& current_time) const {
1036 // If there is no Date header, then assume that the server response was
1037 // generated at the time when we received the response.
1039 if (!GetDateValue(&date_value))
1040 date_value = response_time;
1042 // If there is no Age header, then assume age is zero. GetAgeValue does not
1043 // modify its out param if the value does not exist.
1044 TimeDelta age_value;
1045 GetAgeValue(&age_value);
1047 TimeDelta apparent_age = std::max(TimeDelta(), response_time - date_value);
1048 TimeDelta corrected_received_age = std::max(apparent_age, age_value);
1049 TimeDelta response_delay = response_time - request_time;
1050 TimeDelta corrected_initial_age = corrected_received_age + response_delay;
1051 TimeDelta resident_time = current_time - response_time;
1052 TimeDelta current_age = corrected_initial_age + resident_time;
1057 bool HttpResponseHeaders::GetMaxAgeValue(TimeDelta* result) const {
1058 std::string name = "cache-control";
1061 const char kMaxAgePrefix[] = "max-age=";
1062 const size_t kMaxAgePrefixLen = arraysize(kMaxAgePrefix) - 1;
1065 while (EnumerateHeader(&iter, name, &value)) {
1066 if (value.size() > kMaxAgePrefixLen) {
1067 if (LowerCaseEqualsASCII(value.begin(),
1068 value.begin() + kMaxAgePrefixLen,
1071 base::StringToInt64(StringPiece(value.begin() + kMaxAgePrefixLen,
1074 *result = TimeDelta::FromSeconds(seconds);
1083 bool HttpResponseHeaders::GetAgeValue(TimeDelta* result) const {
1085 if (!EnumerateHeader(NULL, "Age", &value))
1089 base::StringToInt64(value, &seconds);
1090 *result = TimeDelta::FromSeconds(seconds);
1094 bool HttpResponseHeaders::GetDateValue(Time* result) const {
1095 return GetTimeValuedHeader("Date", result);
1098 bool HttpResponseHeaders::GetLastModifiedValue(Time* result) const {
1099 return GetTimeValuedHeader("Last-Modified", result);
1102 bool HttpResponseHeaders::GetExpiresValue(Time* result) const {
1103 return GetTimeValuedHeader("Expires", result);
1106 bool HttpResponseHeaders::GetTimeValuedHeader(const std::string& name,
1107 Time* result) const {
1109 if (!EnumerateHeader(NULL, name, &value))
1112 // When parsing HTTP dates it's beneficial to default to GMT because:
1113 // 1. RFC2616 3.3.1 says times should always be specified in GMT
1114 // 2. Only counter-example incorrectly appended "UTC" (crbug.com/153759)
1115 // 3. When adjusting cookie expiration times for clock skew
1116 // (crbug.com/135131) this better matches our cookie expiration
1117 // time parser which ignores timezone specifiers and assumes GMT.
1118 // 4. This is exactly what Firefox does.
1119 // TODO(pauljensen): The ideal solution would be to return false if the
1120 // timezone could not be understood so as to avoid makeing other calculations
1121 // based on an incorrect time. This would require modifying the time
1122 // library or duplicating the code. (http://crbug.com/158327)
1123 return Time::FromUTCString(value.c_str(), result);
1126 bool HttpResponseHeaders::IsKeepAlive() const {
1127 if (http_version_ < HttpVersion(1, 0))
1130 // NOTE: It is perhaps risky to assume that a Proxy-Connection header is
1131 // meaningful when we don't know that this response was from a proxy, but
1132 // Mozilla also does this, so we'll do the same.
1133 std::string connection_val;
1134 if (!EnumerateHeader(NULL, "connection", &connection_val))
1135 EnumerateHeader(NULL, "proxy-connection", &connection_val);
1139 if (http_version_ == HttpVersion(1, 0)) {
1140 // HTTP/1.0 responses default to NOT keep-alive
1141 keep_alive = LowerCaseEqualsASCII(connection_val, "keep-alive");
1143 // HTTP/1.1 responses default to keep-alive
1144 keep_alive = !LowerCaseEqualsASCII(connection_val, "close");
1150 bool HttpResponseHeaders::HasStrongValidators() const {
1151 std::string etag_header;
1152 EnumerateHeader(NULL, "etag", &etag_header);
1153 std::string last_modified_header;
1154 EnumerateHeader(NULL, "Last-Modified", &last_modified_header);
1155 std::string date_header;
1156 EnumerateHeader(NULL, "Date", &date_header);
1157 return HttpUtil::HasStrongValidators(GetHttpVersion(),
1159 last_modified_header,
1164 // Content-Length = "Content-Length" ":" 1*DIGIT
1165 int64 HttpResponseHeaders::GetContentLength() const {
1166 return GetInt64HeaderValue("content-length");
1169 int64 HttpResponseHeaders::GetInt64HeaderValue(
1170 const std::string& header) const {
1172 std::string content_length_val;
1173 if (!EnumerateHeader(&iter, header, &content_length_val))
1176 if (content_length_val.empty())
1179 if (content_length_val[0] == '+')
1183 bool ok = base::StringToInt64(content_length_val, &result);
1184 if (!ok || result < 0)
1190 // From RFC 2616 14.16:
1191 // content-range-spec =
1192 // bytes-unit SP byte-range-resp-spec "/" ( instance-length | "*" )
1193 // byte-range-resp-spec = (first-byte-pos "-" last-byte-pos) | "*"
1194 // instance-length = 1*DIGIT
1195 // bytes-unit = "bytes"
1196 bool HttpResponseHeaders::GetContentRange(int64* first_byte_position,
1197 int64* last_byte_position,
1198 int64* instance_length) const {
1200 std::string content_range_spec;
1201 *first_byte_position = *last_byte_position = *instance_length = -1;
1202 if (!EnumerateHeader(&iter, "content-range", &content_range_spec))
1205 // If the header value is empty, we have an invalid header.
1206 if (content_range_spec.empty())
1209 size_t space_position = content_range_spec.find(' ');
1210 if (space_position == std::string::npos)
1213 // Invalid header if it doesn't contain "bytes-unit".
1214 std::string::const_iterator content_range_spec_begin =
1215 content_range_spec.begin();
1216 std::string::const_iterator content_range_spec_end =
1217 content_range_spec.begin() + space_position;
1218 HttpUtil::TrimLWS(&content_range_spec_begin, &content_range_spec_end);
1219 if (!LowerCaseEqualsASCII(content_range_spec_begin,
1220 content_range_spec_end,
1225 size_t slash_position = content_range_spec.find('/', space_position + 1);
1226 if (slash_position == std::string::npos)
1229 // Obtain the part behind the space and before slash.
1230 std::string::const_iterator byte_range_resp_spec_begin =
1231 content_range_spec.begin() + space_position + 1;
1232 std::string::const_iterator byte_range_resp_spec_end =
1233 content_range_spec.begin() + slash_position;
1234 HttpUtil::TrimLWS(&byte_range_resp_spec_begin, &byte_range_resp_spec_end);
1236 // Parse the byte-range-resp-spec part.
1237 std::string byte_range_resp_spec(byte_range_resp_spec_begin,
1238 byte_range_resp_spec_end);
1239 // If byte-range-resp-spec != "*".
1240 if (!LowerCaseEqualsASCII(byte_range_resp_spec, "*")) {
1241 size_t minus_position = byte_range_resp_spec.find('-');
1242 if (minus_position != std::string::npos) {
1243 // Obtain first-byte-pos.
1244 std::string::const_iterator first_byte_pos_begin =
1245 byte_range_resp_spec.begin();
1246 std::string::const_iterator first_byte_pos_end =
1247 byte_range_resp_spec.begin() + minus_position;
1248 HttpUtil::TrimLWS(&first_byte_pos_begin, &first_byte_pos_end);
1250 bool ok = base::StringToInt64(StringPiece(first_byte_pos_begin,
1251 first_byte_pos_end),
1252 first_byte_position);
1254 // Obtain last-byte-pos.
1255 std::string::const_iterator last_byte_pos_begin =
1256 byte_range_resp_spec.begin() + minus_position + 1;
1257 std::string::const_iterator last_byte_pos_end =
1258 byte_range_resp_spec.end();
1259 HttpUtil::TrimLWS(&last_byte_pos_begin, &last_byte_pos_end);
1261 ok &= base::StringToInt64(StringPiece(last_byte_pos_begin,
1263 last_byte_position);
1265 *first_byte_position = *last_byte_position = -1;
1268 if (*first_byte_position < 0 || *last_byte_position < 0 ||
1269 *first_byte_position > *last_byte_position)
1276 // Parse the instance-length part.
1277 // If instance-length == "*".
1278 std::string::const_iterator instance_length_begin =
1279 content_range_spec.begin() + slash_position + 1;
1280 std::string::const_iterator instance_length_end =
1281 content_range_spec.end();
1282 HttpUtil::TrimLWS(&instance_length_begin, &instance_length_end);
1284 if (LowerCaseEqualsASCII(instance_length_begin, instance_length_end, "*")) {
1286 } else if (!base::StringToInt64(StringPiece(instance_length_begin,
1287 instance_length_end),
1289 *instance_length = -1;
1293 // We have all the values; let's verify that they make sense for a 206
1295 if (*first_byte_position < 0 || *last_byte_position < 0 ||
1296 *instance_length < 0 || *instance_length - 1 < *last_byte_position)
1302 base::Value* HttpResponseHeaders::NetLogCallback(
1303 NetLog::LogLevel /* log_level */) const {
1304 base::DictionaryValue* dict = new base::DictionaryValue();
1305 base::ListValue* headers = new base::ListValue();
1306 headers->Append(new base::StringValue(GetStatusLine()));
1307 void* iterator = NULL;
1310 while (EnumerateHeaderLines(&iterator, &name, &value)) {
1312 new base::StringValue(base::StringPrintf("%s: %s",
1316 dict->Set("headers", headers);
1321 bool HttpResponseHeaders::FromNetLogParam(
1322 const base::Value* event_param,
1323 scoped_refptr<HttpResponseHeaders>* http_response_headers) {
1324 *http_response_headers = NULL;
1326 const base::DictionaryValue* dict = NULL;
1327 const base::ListValue* header_list = NULL;
1330 !event_param->GetAsDictionary(&dict) ||
1331 !dict->GetList("headers", &header_list)) {
1335 std::string raw_headers;
1336 for (base::ListValue::const_iterator it = header_list->begin();
1337 it != header_list->end();
1339 std::string header_line;
1340 if (!(*it)->GetAsString(&header_line))
1343 raw_headers.append(header_line);
1344 raw_headers.push_back('\0');
1346 raw_headers.push_back('\0');
1347 *http_response_headers = new HttpResponseHeaders(raw_headers);
1351 bool HttpResponseHeaders::IsChunkEncoded() const {
1352 // Ignore spurious chunked responses from HTTP/1.0 servers and proxies.
1353 return GetHttpVersion() >= HttpVersion(1, 1) &&
1354 HasHeaderValue("Transfer-Encoding", "chunked");
1357 #if defined(SPDY_PROXY_AUTH_ORIGIN)
1358 bool HttpResponseHeaders::GetChromeProxyInfo(
1359 base::TimeDelta* bypass_duration) const {
1360 const char kProxyBypass[] = "proxy-bypass";
1361 *bypass_duration = base::TimeDelta();
1363 // Support header of the form Chrome-Proxy: bypass=<duration>, where
1364 // <duration> is the number of seconds to wait before retrying
1365 // the proxy. If the duration is 0, then the default proxy retry delay
1366 // (specified in |ProxyList::UpdateRetryInfoOnFallback|) will be used.
1367 std::string name = "chrome-proxy";
1368 const char kBypassPrefix[] = "bypass=";
1369 const size_t kBypassPrefixLen = arraysize(kBypassPrefix) - 1;
1373 while (EnumerateHeader(&iter, name, &value)) {
1374 if (value.size() > kBypassPrefixLen) {
1375 if (LowerCaseEqualsASCII(value.begin(),
1376 value.begin() + kBypassPrefixLen,
1379 if (!base::StringToInt64(StringPiece(value.begin() + kBypassPrefixLen,
1381 &seconds) || seconds < 0) {
1382 continue; // In case there is a well formed bypass instruction.
1384 *bypass_duration = TimeDelta::FromSeconds(seconds);
1389 // TODO(bengr): Deprecate the use of Connection: Proxy-Bypass.
1390 if (HasHeaderValue("Connection", kProxyBypass))