nsHttpResponseHead.cpp (40320B)
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim:set ts=4 sw=2 sts=2 et cin: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 // HttpLog.h should generally be included first 8 #include "HttpLog.h" 9 10 #include "mozilla/dom/MimeType.h" 11 #include "mozilla/StaticPrefs_network.h" 12 #include "mozilla/TextUtils.h" 13 #include "nsHttpResponseHead.h" 14 #include "nsIHttpHeaderVisitor.h" 15 #include "nsPrintfCString.h" 16 #include "prtime.h" 17 #include "nsCRT.h" 18 #include "nsURLHelper.h" 19 #include "CacheControlParser.h" 20 #include <algorithm> 21 22 namespace mozilla { 23 namespace net { 24 25 //----------------------------------------------------------------------------- 26 // nsHttpResponseHead <public> 27 //----------------------------------------------------------------------------- 28 29 // Note that the code below MUST be synchronized with the IPC 30 // serialization/deserialization in PHttpChannelParams.h. 31 nsHttpResponseHead::nsHttpResponseHead(const nsHttpResponseHead& aOther) { 32 nsHttpResponseHead& other = const_cast<nsHttpResponseHead&>(aOther); 33 RecursiveMutexAutoLock monitor(other.mRecursiveMutex); 34 35 mHeaders = other.mHeaders; 36 mVersion = other.mVersion; 37 mStatus = other.mStatus; 38 mStatusText = other.mStatusText; 39 mContentLength = other.mContentLength; 40 mContentType = other.mContentType; 41 mContentCharset = other.mContentCharset; 42 mHasCacheControl = other.mHasCacheControl; 43 mCacheControlPublic = other.mCacheControlPublic; 44 mCacheControlPrivate = other.mCacheControlPrivate; 45 mCacheControlNoStore = other.mCacheControlNoStore; 46 mCacheControlNoCache = other.mCacheControlNoCache; 47 mCacheControlImmutable = other.mCacheControlImmutable; 48 mCacheControlStaleWhileRevalidateSet = 49 other.mCacheControlStaleWhileRevalidateSet; 50 mCacheControlStaleWhileRevalidate = other.mCacheControlStaleWhileRevalidate; 51 mCacheControlMaxAgeSet = other.mCacheControlMaxAgeSet; 52 mCacheControlMaxAge = other.mCacheControlMaxAge; 53 mPragmaNoCache = other.mPragmaNoCache; 54 } 55 56 nsHttpResponseHead& nsHttpResponseHead::operator=( 57 const nsHttpResponseHead& aOther) { 58 nsHttpResponseHead& other = const_cast<nsHttpResponseHead&>(aOther); 59 RecursiveMutexAutoLock monitorOther(other.mRecursiveMutex); 60 RecursiveMutexAutoLock monitor(mRecursiveMutex); 61 62 mHeaders = other.mHeaders; 63 mVersion = other.mVersion; 64 mStatus = other.mStatus; 65 mStatusText = other.mStatusText; 66 mContentLength = other.mContentLength; 67 mContentType = other.mContentType; 68 mContentCharset = other.mContentCharset; 69 mHasCacheControl = other.mHasCacheControl; 70 mCacheControlPublic = other.mCacheControlPublic; 71 mCacheControlPrivate = other.mCacheControlPrivate; 72 mCacheControlNoStore = other.mCacheControlNoStore; 73 mCacheControlNoCache = other.mCacheControlNoCache; 74 mCacheControlImmutable = other.mCacheControlImmutable; 75 mCacheControlStaleWhileRevalidateSet = 76 other.mCacheControlStaleWhileRevalidateSet; 77 mCacheControlStaleWhileRevalidate = other.mCacheControlStaleWhileRevalidate; 78 mCacheControlMaxAgeSet = other.mCacheControlMaxAgeSet; 79 mCacheControlMaxAge = other.mCacheControlMaxAge; 80 mPragmaNoCache = other.mPragmaNoCache; 81 82 return *this; 83 } 84 85 nsHttpResponseHead::nsHttpResponseHead(nsHttpResponseHead&& aOther) { 86 nsHttpResponseHead& other = aOther; 87 RecursiveMutexAutoLock monitor(other.mRecursiveMutex); 88 89 mHeaders = std::move(other.mHeaders); 90 mVersion = std::move(other.mVersion); 91 mStatus = std::move(other.mStatus); 92 mStatusText = std::move(other.mStatusText); 93 mContentLength = std::move(other.mContentLength); 94 mContentType = std::move(other.mContentType); 95 mContentCharset = std::move(other.mContentCharset); 96 mHasCacheControl = std::move(other.mHasCacheControl); 97 mCacheControlPublic = std::move(other.mCacheControlPublic); 98 mCacheControlPrivate = std::move(other.mCacheControlPrivate); 99 mCacheControlNoStore = std::move(other.mCacheControlNoStore); 100 mCacheControlNoCache = std::move(other.mCacheControlNoCache); 101 mCacheControlImmutable = std::move(other.mCacheControlImmutable); 102 mCacheControlStaleWhileRevalidateSet = 103 std::move(other.mCacheControlStaleWhileRevalidateSet); 104 mCacheControlStaleWhileRevalidate = 105 std::move(other.mCacheControlStaleWhileRevalidate); 106 mCacheControlMaxAgeSet = std::move(other.mCacheControlMaxAgeSet); 107 mCacheControlMaxAge = std::move(other.mCacheControlMaxAge); 108 mPragmaNoCache = std::move(other.mPragmaNoCache); 109 mInVisitHeaders = false; 110 } 111 112 HttpVersion nsHttpResponseHead::Version() const { 113 RecursiveMutexAutoLock monitor(mRecursiveMutex); 114 return mVersion; 115 } 116 117 uint16_t nsHttpResponseHead::Status() const { 118 RecursiveMutexAutoLock monitor(mRecursiveMutex); 119 return mStatus; 120 } 121 122 void nsHttpResponseHead::StatusText(nsACString& aStatusText) { 123 RecursiveMutexAutoLock monitor(mRecursiveMutex); 124 aStatusText = mStatusText; 125 } 126 127 int64_t nsHttpResponseHead::ContentLength() { 128 RecursiveMutexAutoLock monitor(mRecursiveMutex); 129 return mContentLength; 130 } 131 132 void nsHttpResponseHead::ContentType(nsACString& aContentType) const { 133 RecursiveMutexAutoLock monitor(mRecursiveMutex); 134 aContentType = mContentType; 135 } 136 137 void nsHttpResponseHead::ContentCharset(nsACString& aContentCharset) { 138 RecursiveMutexAutoLock monitor(mRecursiveMutex); 139 aContentCharset = mContentCharset; 140 } 141 142 bool nsHttpResponseHead::Public() { 143 RecursiveMutexAutoLock monitor(mRecursiveMutex); 144 return mCacheControlPublic; 145 } 146 147 bool nsHttpResponseHead::Private() { 148 RecursiveMutexAutoLock monitor(mRecursiveMutex); 149 return mCacheControlPrivate; 150 } 151 152 bool nsHttpResponseHead::NoStore() { 153 RecursiveMutexAutoLock monitor(mRecursiveMutex); 154 return mCacheControlNoStore; 155 } 156 157 bool nsHttpResponseHead::NoCache() { 158 RecursiveMutexAutoLock monitor(mRecursiveMutex); 159 return NoCache_locked(); 160 } 161 162 bool nsHttpResponseHead::Immutable() { 163 RecursiveMutexAutoLock monitor(mRecursiveMutex); 164 return mCacheControlImmutable; 165 } 166 167 nsresult nsHttpResponseHead::SetHeader(const nsACString& hdr, 168 const nsACString& val, bool merge) { 169 RecursiveMutexAutoLock monitor(mRecursiveMutex); 170 171 if (mInVisitHeaders) { 172 return NS_ERROR_FAILURE; 173 } 174 175 nsHttpAtom atom = nsHttp::ResolveAtom(hdr); 176 if (!atom.get()) { 177 NS_WARNING("failed to resolve atom"); 178 return NS_ERROR_NOT_AVAILABLE; 179 } 180 181 return SetHeader_locked(atom, hdr, val, merge); 182 } 183 184 nsresult nsHttpResponseHead::SetHeader(const nsHttpAtom& hdr, 185 const nsACString& val, bool merge) { 186 RecursiveMutexAutoLock monitor(mRecursiveMutex); 187 188 if (mInVisitHeaders) { 189 return NS_ERROR_FAILURE; 190 } 191 192 return SetHeader_locked(hdr, ""_ns, val, merge); 193 } 194 195 // override the current value 196 nsresult nsHttpResponseHead::SetHeaderOverride(const nsHttpAtom& atom, 197 const nsACString& val) { 198 RecursiveMutexAutoLock monitor(mRecursiveMutex); 199 200 if (mInVisitHeaders) { 201 return NS_ERROR_FAILURE; 202 } 203 204 return mHeaders.SetHeader(atom, ""_ns, val, false, 205 nsHttpHeaderArray::eVarietyResponseOverride); 206 } 207 208 nsresult nsHttpResponseHead::SetHeader_locked(const nsHttpAtom& atom, 209 const nsACString& hdr, 210 const nsACString& val, 211 bool merge) { 212 nsresult rv = mHeaders.SetHeader(atom, hdr, val, merge, 213 nsHttpHeaderArray::eVarietyResponse); 214 if (NS_FAILED(rv)) return rv; 215 216 // respond to changes in these headers. we need to reparse the entire 217 // header since the change may have merged in additional values. 218 if (atom == nsHttp::Cache_Control) { 219 ParseCacheControl(mHeaders.PeekHeader(atom)); 220 } else if (atom == nsHttp::Pragma) { 221 ParsePragma(mHeaders.PeekHeader(atom)); 222 } 223 224 return NS_OK; 225 } 226 227 nsresult nsHttpResponseHead::GetHeader(const nsHttpAtom& h, 228 nsACString& v) const { 229 v.Truncate(); 230 RecursiveMutexAutoLock monitor(mRecursiveMutex); 231 return mHeaders.GetHeader(h, v); 232 } 233 234 void nsHttpResponseHead::ClearHeader(const nsHttpAtom& h) { 235 RecursiveMutexAutoLock monitor(mRecursiveMutex); 236 mHeaders.ClearHeader(h); 237 } 238 239 void nsHttpResponseHead::ClearHeaders() { 240 RecursiveMutexAutoLock monitor(mRecursiveMutex); 241 mHeaders.Clear(); 242 } 243 244 bool nsHttpResponseHead::HasHeaderValue(const nsHttpAtom& h, const char* v) { 245 RecursiveMutexAutoLock monitor(mRecursiveMutex); 246 return mHeaders.HasHeaderValue(h, v); 247 } 248 249 bool nsHttpResponseHead::HasHeader(const nsHttpAtom& h) const { 250 RecursiveMutexAutoLock monitor(mRecursiveMutex); 251 return mHeaders.HasHeader(h); 252 } 253 254 void nsHttpResponseHead::SetContentType(const nsACString& s) { 255 RecursiveMutexAutoLock monitor(mRecursiveMutex); 256 mContentType = s; 257 } 258 259 void nsHttpResponseHead::SetContentCharset(const nsACString& s) { 260 RecursiveMutexAutoLock monitor(mRecursiveMutex); 261 mContentCharset = s; 262 } 263 264 void nsHttpResponseHead::SetContentLength(int64_t len) { 265 RecursiveMutexAutoLock monitor(mRecursiveMutex); 266 267 mContentLength = len; 268 if (len < 0) { 269 mHeaders.ClearHeader(nsHttp::Content_Length); 270 } else { 271 DebugOnly<nsresult> rv = mHeaders.SetHeader( 272 nsHttp::Content_Length, nsPrintfCString("%" PRId64, len), false, 273 nsHttpHeaderArray::eVarietyResponse); 274 MOZ_ASSERT(NS_SUCCEEDED(rv)); 275 } 276 } 277 278 void nsHttpResponseHead::Flatten(nsACString& buf, bool pruneTransients) { 279 RecursiveMutexAutoLock monitor(mRecursiveMutex); 280 if (mVersion == HttpVersion::v0_9) return; 281 282 buf.AppendLiteral("HTTP/"); 283 if (mVersion == HttpVersion::v3_0) { 284 buf.AppendLiteral("3 "); 285 } else if (mVersion == HttpVersion::v2_0) { 286 buf.AppendLiteral("2 "); 287 } else if (mVersion == HttpVersion::v1_1) { 288 buf.AppendLiteral("1.1 "); 289 } else { 290 buf.AppendLiteral("1.0 "); 291 } 292 293 buf.Append(nsPrintfCString("%u", unsigned(mStatus)) + " "_ns + mStatusText + 294 "\r\n"_ns); 295 296 mHeaders.Flatten(buf, false, pruneTransients); 297 } 298 299 void nsHttpResponseHead::FlattenNetworkOriginalHeaders(nsACString& buf) { 300 RecursiveMutexAutoLock monitor(mRecursiveMutex); 301 if (mVersion == HttpVersion::v0_9) { 302 return; 303 } 304 305 mHeaders.FlattenOriginalHeader(buf); 306 } 307 308 nsresult nsHttpResponseHead::ParseCachedHead(const char* block) { 309 RecursiveMutexAutoLock monitor(mRecursiveMutex); 310 LOG(("nsHttpResponseHead::ParseCachedHead [this=%p]\n", this)); 311 312 // this command works on a buffer as prepared by Flatten, as such it is 313 // not very forgiving ;-) 314 315 const char* p = strstr(block, "\r\n"); 316 if (!p) return NS_ERROR_UNEXPECTED; 317 318 ParseStatusLine_locked(nsDependentCSubstring(block, p - block)); 319 320 do { 321 block = p + 2; 322 323 if (*block == 0) break; 324 325 p = strstr(block, "\r\n"); 326 if (!p) return NS_ERROR_UNEXPECTED; 327 328 (void)ParseHeaderLine_locked(nsDependentCSubstring(block, p - block), 329 false); 330 331 } while (true); 332 333 return NS_OK; 334 } 335 336 nsresult nsHttpResponseHead::ParseCachedOriginalHeaders(char* block) { 337 RecursiveMutexAutoLock monitor(mRecursiveMutex); 338 LOG(("nsHttpResponseHead::ParseCachedOriginalHeader [this=%p]\n", this)); 339 340 // this command works on a buffer as prepared by FlattenOriginalHeader, 341 // as such it is not very forgiving ;-) 342 343 if (!block) { 344 return NS_ERROR_UNEXPECTED; 345 } 346 347 char* p = block; 348 nsHttpAtom hdr; 349 nsAutoCString headerNameOriginal; 350 nsAutoCString val; 351 nsresult rv; 352 353 do { 354 block = p; 355 356 if (*block == 0) break; 357 358 p = strstr(block, "\r\n"); 359 if (!p) return NS_ERROR_UNEXPECTED; 360 361 *p = 0; 362 if (NS_FAILED(nsHttpHeaderArray::ParseHeaderLine( 363 nsDependentCString(block, p - block), &hdr, &headerNameOriginal, 364 &val))) { 365 return NS_OK; 366 } 367 368 rv = mHeaders.SetResponseHeaderFromCache( 369 hdr, headerNameOriginal, val, 370 nsHttpHeaderArray::eVarietyResponseNetOriginal); 371 372 if (NS_FAILED(rv)) { 373 return rv; 374 } 375 376 p = p + 2; 377 } while (true); 378 379 return NS_OK; 380 } 381 382 void nsHttpResponseHead::AssignDefaultStatusText() { 383 LOG(("response status line needs default reason phrase\n")); 384 385 // if a http response doesn't contain a reason phrase, put one in based 386 // on the status code. The reason phrase is totally meaningless so its 387 // ok to have a default catch all here - but this makes debuggers and addons 388 // a little saner to use if we don't map things to "404 OK" or other nonsense. 389 // In particular, HTTP/2 does not use reason phrases at all so they need to 390 // always be injected. 391 392 net_GetDefaultStatusTextForCode(mStatus, mStatusText); 393 } 394 395 nsresult nsHttpResponseHead::ParseStatusLine(const nsACString& line) { 396 RecursiveMutexAutoLock monitor(mRecursiveMutex); 397 return ParseStatusLine_locked(line); 398 } 399 400 nsresult nsHttpResponseHead::ParseStatusLine_locked(const nsACString& line) { 401 // 402 // Parse Status-Line: HTTP-Version SP Status-Code SP Reason-Phrase CRLF 403 // 404 405 const char* start = line.BeginReading(); 406 const char* end = line.EndReading(); 407 408 // HTTP-Version 409 ParseVersion(start); 410 411 int32_t index = line.FindChar(' '); 412 413 if (mVersion == HttpVersion::v0_9 || index == -1) { 414 mStatus = 200; 415 AssignDefaultStatusText(); 416 LOG1(("Have status line [version=%u status=%u statusText=%s]\n", 417 unsigned(mVersion), unsigned(mStatus), mStatusText.get())); 418 return NS_OK; 419 } 420 421 // Status-Code: all ASCII digits after any whitespace 422 const char* p = start + index + 1; 423 while (p < end && NS_IsHTTPWhitespace(*p)) ++p; 424 if (p == end || !mozilla::IsAsciiDigit(*p)) { 425 return NS_ERROR_PARSING_HTTP_STATUS_LINE; 426 } 427 const char* codeStart = p; 428 while (p < end && mozilla::IsAsciiDigit(*p)) ++p; 429 430 // Only accept 3 digits (including all leading zeros) 431 // Also if next char isn't whitespace, fail (ie, code is 0x2) 432 if (p - codeStart > 3 || (p < end && !NS_IsHTTPWhitespace(*p))) { 433 return NS_ERROR_PARSING_HTTP_STATUS_LINE; 434 } 435 436 // At this point the code is between 0 and 999 inclusive 437 nsDependentCSubstring strCode(codeStart, p - codeStart); 438 nsresult rv; 439 mStatus = strCode.ToInteger(&rv); 440 if (NS_FAILED(rv)) { 441 return NS_ERROR_PARSING_HTTP_STATUS_LINE; 442 } 443 444 // Reason-Phrase: whatever remains after any whitespace (even empty) 445 while (p < end && NS_IsHTTPWhitespace(*p)) ++p; 446 if (p != end) { 447 mStatusText = nsDependentCSubstring(p, end - p); 448 } 449 LOG1(("Have status line [version=%u status=%u statusText=%s]\n", 450 unsigned(mVersion), unsigned(mStatus), mStatusText.get())); 451 return NS_OK; 452 } 453 454 nsresult nsHttpResponseHead::ParseHeaderLine(const nsACString& line) { 455 RecursiveMutexAutoLock monitor(mRecursiveMutex); 456 return ParseHeaderLine_locked(line, true); 457 } 458 459 nsresult nsHttpResponseHead::ParseHeaderLine_locked( 460 const nsACString& line, bool originalFromNetHeaders) { 461 nsHttpAtom hdr; 462 nsAutoCString headerNameOriginal; 463 nsAutoCString val; 464 465 if (NS_FAILED(nsHttpHeaderArray::ParseHeaderLine( 466 line, &hdr, &headerNameOriginal, &val))) { 467 return NS_OK; 468 } 469 470 // reject the header if there are 0x00 bytes in the value. 471 // (see https://github.com/httpwg/http-core/issues/215 for details). 472 if (val.FindChar('\0') >= 0) { 473 return NS_ERROR_DOM_INVALID_HEADER_VALUE; 474 } 475 476 nsresult rv; 477 if (originalFromNetHeaders) { 478 rv = mHeaders.SetHeaderFromNet(hdr, headerNameOriginal, val, true); 479 } else { 480 rv = mHeaders.SetResponseHeaderFromCache( 481 hdr, headerNameOriginal, val, nsHttpHeaderArray::eVarietyResponse); 482 } 483 if (NS_FAILED(rv)) { 484 return rv; 485 } 486 487 // leading and trailing LWS has been removed from |val| 488 489 // handle some special case headers... 490 if (hdr == nsHttp::Content_Length) { 491 rv = ParseResponseContentLength(val); 492 if (rv == NS_ERROR_ILLEGAL_VALUE) { 493 LOG(("illegal content-length! %s\n", val.get())); 494 return rv; 495 } 496 497 if (rv == NS_ERROR_NOT_AVAILABLE) { 498 LOG(("content-length value ignored! %s\n", val.get())); 499 } 500 501 } else if (hdr == nsHttp::Content_Type) { 502 if (StaticPrefs::network_standard_content_type_parsing_response_headers() && 503 CMimeType::Parse(val, mContentType, mContentCharset)) { 504 } else { 505 bool dummy; 506 net_ParseContentType(val, mContentType, mContentCharset, &dummy); 507 } 508 LOG(("ParseContentType [input=%s, type=%s, charset=%s]\n", val.get(), 509 mContentType.get(), mContentCharset.get())); 510 } else if (hdr == nsHttp::Cache_Control) { 511 ParseCacheControl(mHeaders.PeekHeader(hdr)); 512 } else if (hdr == nsHttp::Pragma) { 513 ParsePragma(val.get()); 514 } 515 return NS_OK; 516 } 517 518 // From section 13.2.3 of RFC2616, we compute the current age of a cached 519 // response as follows: 520 // 521 // currentAge = max(max(0, responseTime - dateValue), ageValue) 522 // + now - requestTime 523 // 524 // where responseTime == now 525 // 526 // This is typically a very small number. 527 // 528 nsresult nsHttpResponseHead::ComputeCurrentAge(uint32_t now, 529 uint32_t requestTime, 530 uint32_t* result) { 531 RecursiveMutexAutoLock monitor(mRecursiveMutex); 532 uint32_t dateValue; 533 uint32_t ageValue; 534 535 *result = 0; 536 537 if (requestTime > now) { 538 // for calculation purposes lets not allow the request to happen in the 539 // future 540 requestTime = now; 541 } 542 543 if (NS_FAILED(GetDateValue_locked(&dateValue))) { 544 LOG( 545 ("nsHttpResponseHead::ComputeCurrentAge [this=%p] " 546 "Date response header not set!\n", 547 this)); 548 // Assume we have a fast connection and that our clock 549 // is in sync with the server. 550 dateValue = now; 551 } 552 553 // Compute apparent age 554 if (now > dateValue) *result = now - dateValue; 555 556 // Compute corrected received age 557 if (NS_SUCCEEDED(GetAgeValue_locked(&ageValue))) { 558 *result = std::max(*result, ageValue); 559 } 560 561 // Compute current age 562 *result += (now - requestTime); 563 return NS_OK; 564 } 565 566 // From section 13.2.4 of RFC2616, we compute the freshness lifetime of a cached 567 // response as follows: 568 // 569 // freshnessLifetime = max_age_value 570 // <or> 571 // freshnessLifetime = expires_value - date_value 572 // <or> 573 // freshnessLifetime = min(one-week, 574 // (date_value - last_modified_value) * 0.10) 575 // <or> 576 // freshnessLifetime = 0 577 // 578 nsresult nsHttpResponseHead::ComputeFreshnessLifetime(uint32_t* result) { 579 RecursiveMutexAutoLock monitor(mRecursiveMutex); 580 *result = 0; 581 582 // Try HTTP/1.1 style max-age directive... 583 if (NS_SUCCEEDED(GetMaxAgeValue_locked(result))) return NS_OK; 584 585 *result = 0; 586 587 uint32_t date = 0, date2 = 0; 588 if (NS_FAILED(GetDateValue_locked(&date))) { 589 date = NowInSeconds(); // synthesize a date header if none exists 590 } 591 592 // Try HTTP/1.0 style expires header... 593 if (NS_SUCCEEDED(GetExpiresValue_locked(&date2))) { 594 if (date2 > date) *result = date2 - date; 595 // the Expires header can specify a date in the past. 596 return NS_OK; 597 } 598 599 // These responses can be cached indefinitely. 600 if (mStatus == 410) { 601 LOG( 602 ("nsHttpResponseHead::ComputeFreshnessLifetime [this = %p] " 603 "Assign an infinite heuristic lifetime\n", 604 this)); 605 *result = uint32_t(-1); 606 return NS_OK; 607 } 608 609 if (mStatus >= 400) { 610 LOG( 611 ("nsHttpResponseHead::ComputeFreshnessLifetime [this = %p] " 612 "Do not calculate heuristic max-age for most responses >= 400\n", 613 this)); 614 return NS_OK; 615 } 616 617 // From RFC 9111 Section 4.2.2 618 // (https://www.rfc-editor.org/rfc/rfc9111.html#name-calculating-heuristic-fresh), 619 // heuristics can only be used on responses without explicit freshness whose 620 // status codes are defined as cacheable by default, and those responses 621 // without explicit freshness that have been marked as explicitly cacheable. 622 // Note that |MustValidate| handled most of non-cacheable status codes. 623 if ((mStatus == 302 || mStatus == 303 || mStatus == 304 || mStatus == 307) && 624 !mCacheControlPublic && !mCacheControlPrivate) { 625 LOG(( 626 "nsHttpResponseHead::ComputeFreshnessLifetime [this = %p] " 627 "Do not calculate heuristic max-age for non-cacheable status code %u\n", 628 this, unsigned(mStatus))); 629 return NS_OK; 630 } 631 632 // Fallback on heuristic using last modified header... 633 if (NS_SUCCEEDED(GetLastModifiedValue_locked(&date2))) { 634 LOG(("using last-modified to determine freshness-lifetime\n")); 635 LOG(("last-modified = %u, date = %u\n", date2, date)); 636 if (date2 <= date) { 637 // this only makes sense if last-modified is actually in the past 638 *result = (date - date2) / 10; 639 const uint32_t kOneWeek = 60 * 60 * 24 * 7; 640 *result = std::min(kOneWeek, *result); 641 return NS_OK; 642 } 643 } 644 645 LOG( 646 ("nsHttpResponseHead::ComputeFreshnessLifetime [this = %p] " 647 "Insufficient information to compute a non-zero freshness " 648 "lifetime!\n", 649 this)); 650 651 return NS_OK; 652 } 653 654 bool nsHttpResponseHead::MustValidate() { 655 RecursiveMutexAutoLock monitor(mRecursiveMutex); 656 LOG(("nsHttpResponseHead::MustValidate ??\n")); 657 658 // Some response codes are cacheable, but the rest are not. This switch should 659 // stay in sync with the list in nsHttpChannel::ContinueProcessResponse3 660 switch (mStatus) { 661 // Success codes 662 case 200: 663 case 203: 664 case 204: 665 case 206: 666 // Cacheable redirects 667 case 300: 668 case 301: 669 case 302: 670 case 303: 671 case 304: 672 case 307: 673 case 308: 674 // Gone forever 675 case 410: 676 break; 677 // Uncacheable redirects 678 case 305: 679 // Other known errors 680 case 401: 681 case 407: 682 case 412: 683 case 416: 684 case 425: 685 case 429: 686 default: // revalidate unknown error pages 687 LOG(("Must validate since response is an uncacheable error page\n")); 688 return true; 689 } 690 691 // The no-cache response header indicates that we must validate this 692 // cached response before reusing. 693 if (NoCache_locked()) { 694 LOG(("Must validate since response contains 'no-cache' header\n")); 695 return true; 696 } 697 698 // Likewise, if the response is no-store, then we must validate this 699 // cached response before reusing. NOTE: it may seem odd that a no-store 700 // response may be cached, but indeed all responses are cached in order 701 // to support File->SaveAs, View->PageSource, and other browser features. 702 if (mCacheControlNoStore) { 703 LOG(("Must validate since response contains 'no-store' header\n")); 704 return true; 705 } 706 707 // Compare the Expires header to the Date header. If the server sent an 708 // Expires header with a timestamp in the past, then we must validate this 709 // cached response before reusing. 710 if (ExpiresInPast_locked()) { 711 LOG(("Must validate since Expires < Date\n")); 712 return true; 713 } 714 715 LOG(("no mandatory validation requirement\n")); 716 return false; 717 } 718 719 bool nsHttpResponseHead::MustValidateIfExpired() { 720 // according to RFC2616, section 14.9.4: 721 // 722 // When the must-revalidate directive is present in a response received by a 723 // cache, that cache MUST NOT use the entry after it becomes stale to respond 724 // to a subsequent request without first revalidating it with the origin 725 // server. 726 // 727 return HasHeaderValue(nsHttp::Cache_Control, "must-revalidate"); 728 } 729 730 bool nsHttpResponseHead::StaleWhileRevalidate(uint32_t now, 731 uint32_t expiration) { 732 RecursiveMutexAutoLock monitor(mRecursiveMutex); 733 734 if (expiration <= 0 || !mCacheControlStaleWhileRevalidateSet) { 735 return false; 736 } 737 738 // 'expiration' is the expiration time (an absolute unit), the swr window 739 // extends the expiration time. 740 CheckedInt<uint32_t> stallValidUntil = expiration; 741 stallValidUntil += mCacheControlStaleWhileRevalidate; 742 if (!stallValidUntil.isValid()) { 743 // overflow means an indefinite stale window 744 return true; 745 } 746 747 return now <= stallValidUntil.value(); 748 } 749 750 bool nsHttpResponseHead::IsResumable() { 751 RecursiveMutexAutoLock monitor(mRecursiveMutex); 752 // even though some HTTP/1.0 servers may support byte range requests, we're 753 // not going to bother with them, since those servers wouldn't understand 754 // If-Range. Also, while in theory it may be possible to resume when the 755 // status code is not 200, it is unlikely to be worth the trouble, especially 756 // for non-2xx responses. 757 return mStatus == 200 && mVersion >= HttpVersion::v1_1 && 758 mHeaders.PeekHeader(nsHttp::Content_Length) && 759 (mHeaders.PeekHeader(nsHttp::ETag) || 760 mHeaders.PeekHeader(nsHttp::Last_Modified)) && 761 mHeaders.HasHeaderValue(nsHttp::Accept_Ranges, "bytes"); 762 } 763 764 bool nsHttpResponseHead::ExpiresInPast() { 765 RecursiveMutexAutoLock monitor(mRecursiveMutex); 766 return ExpiresInPast_locked(); 767 } 768 769 bool nsHttpResponseHead::ExpiresInPast_locked() const { 770 uint32_t maxAgeVal, expiresVal, dateVal; 771 772 // Bug #203271. Ensure max-age directive takes precedence over Expires 773 if (NS_SUCCEEDED(GetMaxAgeValue_locked(&maxAgeVal))) { 774 return false; 775 } 776 777 return NS_SUCCEEDED(GetExpiresValue_locked(&expiresVal)) && 778 NS_SUCCEEDED(GetDateValue_locked(&dateVal)) && expiresVal < dateVal; 779 } 780 781 void nsHttpResponseHead::UpdateHeaders(nsHttpResponseHead* aOther) { 782 LOG(("nsHttpResponseHead::UpdateHeaders [this=%p]\n", this)); 783 784 RecursiveMutexAutoLock monitor(mRecursiveMutex); 785 RecursiveMutexAutoLock monitorOther(aOther->mRecursiveMutex); 786 787 uint32_t i, count = aOther->mHeaders.Count(); 788 for (i = 0; i < count; ++i) { 789 nsHttpAtom header; 790 nsAutoCString headerNameOriginal; 791 792 if (!aOther->mHeaders.PeekHeaderAt(i, header, headerNameOriginal)) { 793 continue; 794 } 795 796 nsAutoCString val; 797 if (NS_FAILED(aOther->GetHeader(header, val))) { 798 continue; 799 } 800 801 // Ignore any hop-by-hop headers... 802 if (header == nsHttp::Connection || header == nsHttp::Proxy_Connection || 803 header == nsHttp::Keep_Alive || header == nsHttp::Proxy_Authenticate || 804 header == nsHttp::Proxy_Authorization || // not a response header! 805 header == nsHttp::TE || header == nsHttp::Trailer || 806 header == nsHttp::Transfer_Encoding || header == nsHttp::Upgrade || 807 // Ignore any non-modifiable headers... 808 header == nsHttp::Content_Location || header == nsHttp::Content_MD5 || 809 header == nsHttp::ETag || 810 // Assume Cache-Control: "no-transform" 811 header == nsHttp::Content_Encoding || header == nsHttp::Content_Range || 812 header == nsHttp::Content_Type || 813 // Ignore wacky headers too... 814 // this one is for MS servers that send "Content-Length: 0" 815 // on 304 responses 816 header == nsHttp::Content_Length) { 817 LOG(("ignoring response header [%s: %s]\n", header.get(), val.get())); 818 } else { 819 LOG(("new response header [%s: %s]\n", header.get(), val.get())); 820 821 // overwrite the current header value with the new value... 822 DebugOnly<nsresult> rv = 823 SetHeader_locked(header, headerNameOriginal, val); 824 MOZ_ASSERT(NS_SUCCEEDED(rv)); 825 } 826 } 827 } 828 829 void nsHttpResponseHead::Reset() { 830 LOG(("nsHttpResponseHead::Reset\n")); 831 832 RecursiveMutexAutoLock monitor(mRecursiveMutex); 833 834 mHeaders.Clear(); 835 836 mVersion = HttpVersion::v1_1; 837 mStatus = 200; 838 mContentLength = -1; 839 mHasCacheControl = false; 840 mCacheControlPublic = false; 841 mCacheControlPrivate = false; 842 mCacheControlNoStore = false; 843 mCacheControlNoCache = false; 844 mCacheControlImmutable = false; 845 mCacheControlStaleWhileRevalidateSet = false; 846 mCacheControlStaleWhileRevalidate = 0; 847 mCacheControlMaxAgeSet = false; 848 mCacheControlMaxAge = 0; 849 mPragmaNoCache = false; 850 mStatusText.Truncate(); 851 mContentType.Truncate(); 852 mContentCharset.Truncate(); 853 } 854 855 nsresult nsHttpResponseHead::ParseDateHeader(const nsHttpAtom& header, 856 uint32_t* result) const { 857 const char* val = mHeaders.PeekHeader(header); 858 if (!val) return NS_ERROR_NOT_AVAILABLE; 859 860 PRTime time; 861 PRStatus st = PR_ParseTimeString(val, true, &time); 862 if (st != PR_SUCCESS) return NS_ERROR_NOT_AVAILABLE; 863 864 *result = PRTimeToSeconds(time); 865 return NS_OK; 866 } 867 868 nsresult nsHttpResponseHead::GetAgeValue(uint32_t* result) { 869 RecursiveMutexAutoLock monitor(mRecursiveMutex); 870 return GetAgeValue_locked(result); 871 } 872 873 nsresult nsHttpResponseHead::GetAgeValue_locked(uint32_t* result) const { 874 const char* val = mHeaders.PeekHeader(nsHttp::Age); 875 if (!val) return NS_ERROR_NOT_AVAILABLE; 876 877 *result = (uint32_t)atoi(val); 878 return NS_OK; 879 } 880 881 // Return the value of the (HTTP 1.1) max-age directive, which itself is a 882 // component of the Cache-Control response header 883 nsresult nsHttpResponseHead::GetMaxAgeValue(uint32_t* result) { 884 RecursiveMutexAutoLock monitor(mRecursiveMutex); 885 return GetMaxAgeValue_locked(result); 886 } 887 888 nsresult nsHttpResponseHead::GetMaxAgeValue_locked(uint32_t* result) const { 889 if (!mCacheControlMaxAgeSet) { 890 return NS_ERROR_NOT_AVAILABLE; 891 } 892 893 *result = mCacheControlMaxAge; 894 return NS_OK; 895 } 896 897 nsresult nsHttpResponseHead::GetDateValue(uint32_t* result) { 898 RecursiveMutexAutoLock monitor(mRecursiveMutex); 899 return GetDateValue_locked(result); 900 } 901 902 nsresult nsHttpResponseHead::GetExpiresValue(uint32_t* result) { 903 RecursiveMutexAutoLock monitor(mRecursiveMutex); 904 return GetExpiresValue_locked(result); 905 } 906 907 nsresult nsHttpResponseHead::GetExpiresValue_locked(uint32_t* result) const { 908 const char* val = mHeaders.PeekHeader(nsHttp::Expires); 909 if (!val) return NS_ERROR_NOT_AVAILABLE; 910 911 PRTime time; 912 PRStatus st = PR_ParseTimeString(val, true, &time); 913 if (st != PR_SUCCESS) { 914 // parsing failed... RFC 2616 section 14.21 says we should treat this 915 // as an expiration time in the past. 916 *result = 0; 917 return NS_OK; 918 } 919 920 if (time < 0) { 921 *result = 0; 922 } else { 923 *result = PRTimeToSeconds(time); 924 } 925 return NS_OK; 926 } 927 928 nsresult nsHttpResponseHead::GetLastModifiedValue(uint32_t* result) { 929 RecursiveMutexAutoLock monitor(mRecursiveMutex); 930 return ParseDateHeader(nsHttp::Last_Modified, result); 931 } 932 933 bool nsHttpResponseHead::operator==(const nsHttpResponseHead& aOther) const 934 MOZ_NO_THREAD_SAFETY_ANALYSIS { 935 nsHttpResponseHead& curr = const_cast<nsHttpResponseHead&>(*this); 936 nsHttpResponseHead& other = const_cast<nsHttpResponseHead&>(aOther); 937 RecursiveMutexAutoLock monitorOther(other.mRecursiveMutex); 938 RecursiveMutexAutoLock monitor(curr.mRecursiveMutex); 939 940 return mHeaders == aOther.mHeaders && mVersion == aOther.mVersion && 941 mStatus == aOther.mStatus && mStatusText == aOther.mStatusText && 942 mContentLength == aOther.mContentLength && 943 mContentType == aOther.mContentType && 944 mContentCharset == aOther.mContentCharset && 945 mHasCacheControl == aOther.mHasCacheControl && 946 mCacheControlPublic == aOther.mCacheControlPublic && 947 mCacheControlPrivate == aOther.mCacheControlPrivate && 948 mCacheControlNoCache == aOther.mCacheControlNoCache && 949 mCacheControlNoStore == aOther.mCacheControlNoStore && 950 mCacheControlImmutable == aOther.mCacheControlImmutable && 951 mCacheControlStaleWhileRevalidateSet == 952 aOther.mCacheControlStaleWhileRevalidateSet && 953 mCacheControlStaleWhileRevalidate == 954 aOther.mCacheControlStaleWhileRevalidate && 955 mCacheControlMaxAgeSet == aOther.mCacheControlMaxAgeSet && 956 mCacheControlMaxAge == aOther.mCacheControlMaxAge && 957 mPragmaNoCache == aOther.mPragmaNoCache; 958 } 959 960 int64_t nsHttpResponseHead::TotalEntitySize() { 961 RecursiveMutexAutoLock monitor(mRecursiveMutex); 962 const char* contentRange = mHeaders.PeekHeader(nsHttp::Content_Range); 963 if (!contentRange) return mContentLength; 964 965 // Total length is after a slash 966 const char* slash = strrchr(contentRange, '/'); 967 if (!slash) return -1; // No idea what the length is 968 969 slash++; 970 if (*slash == '*') { // Server doesn't know the length 971 return -1; 972 } 973 974 int64_t size; 975 if (!nsHttp::ParseInt64(slash, &size)) size = UINT64_MAX; 976 return size; 977 } 978 979 //----------------------------------------------------------------------------- 980 // nsHttpResponseHead <private> 981 //----------------------------------------------------------------------------- 982 983 void nsHttpResponseHead::ParseVersion(const char* str) { 984 // Parse HTTP-Version:: "HTTP" "/" 1*DIGIT "." 1*DIGIT 985 986 LOG(("nsHttpResponseHead::ParseVersion [version=%s]\n", str)); 987 988 Tokenizer t(str, nullptr, ""); 989 // make sure we have HTTP at the beginning 990 if (!t.CheckWord("HTTP")) { 991 if (nsCRT::strncasecmp(str, "ICY ", 4) == 0) { 992 // ShoutCast ICY is HTTP/1.0-like. Assume it is HTTP/1.0. 993 LOG(("Treating ICY as HTTP 1.0\n")); 994 mVersion = HttpVersion::v1_0; 995 return; 996 } 997 LOG(("looks like a HTTP/0.9 response\n")); 998 mVersion = HttpVersion::v0_9; 999 return; 1000 } 1001 1002 if (!t.CheckChar('/')) { 1003 LOG(("server did not send a version number; assuming HTTP/1.0\n")); 1004 // NCSA/1.5.2 has a bug in which it fails to send a version number 1005 // if the request version is HTTP/1.1, so we fall back on HTTP/1.0 1006 mVersion = HttpVersion::v1_0; 1007 return; 1008 } 1009 1010 uint32_t major; 1011 if (!t.ReadInteger(&major)) { 1012 LOG(("server did not send a correct version number; assuming HTTP/1.0")); 1013 mVersion = HttpVersion::v1_0; 1014 return; 1015 } 1016 1017 if (major == 3) { 1018 mVersion = HttpVersion::v3_0; 1019 return; 1020 } 1021 1022 if (major == 2) { 1023 mVersion = HttpVersion::v2_0; 1024 return; 1025 } 1026 1027 if (major != 1) { 1028 LOG(("server did not send a correct version number; assuming HTTP/1.0")); 1029 mVersion = HttpVersion::v1_0; 1030 return; 1031 } 1032 1033 if (!t.CheckChar('.')) { 1034 LOG(("mal-formed server version; assuming HTTP/1.0\n")); 1035 mVersion = HttpVersion::v1_0; 1036 return; 1037 } 1038 1039 uint32_t minor; 1040 if (!t.ReadInteger(&minor)) { 1041 LOG(("server did not send a correct version number; assuming HTTP/1.0")); 1042 mVersion = HttpVersion::v1_0; 1043 return; 1044 } 1045 1046 if (minor >= 1) { 1047 // at least HTTP/1.1 1048 mVersion = HttpVersion::v1_1; 1049 } else { 1050 // treat anything else as version 1.0 1051 mVersion = HttpVersion::v1_0; 1052 } 1053 } 1054 1055 void nsHttpResponseHead::ParseCacheControl(const char* val) { 1056 if (!(val && *val)) { 1057 // clear flags 1058 mHasCacheControl = false; 1059 mCacheControlPublic = false; 1060 mCacheControlPrivate = false; 1061 mCacheControlNoCache = false; 1062 mCacheControlNoStore = false; 1063 mCacheControlImmutable = false; 1064 mCacheControlStaleWhileRevalidateSet = false; 1065 mCacheControlStaleWhileRevalidate = 0; 1066 mCacheControlMaxAgeSet = false; 1067 mCacheControlMaxAge = 0; 1068 return; 1069 } 1070 1071 nsDependentCString cacheControlRequestHeader(val); 1072 CacheControlParser cacheControlRequest(cacheControlRequestHeader); 1073 1074 mHasCacheControl = true; 1075 mCacheControlPublic = cacheControlRequest.Public(); 1076 mCacheControlPrivate = cacheControlRequest.Private(); 1077 mCacheControlNoCache = cacheControlRequest.NoCache(); 1078 mCacheControlNoStore = cacheControlRequest.NoStore(); 1079 mCacheControlImmutable = cacheControlRequest.Immutable(); 1080 mCacheControlStaleWhileRevalidateSet = 1081 cacheControlRequest.StaleWhileRevalidate( 1082 &mCacheControlStaleWhileRevalidate); 1083 mCacheControlMaxAgeSet = cacheControlRequest.MaxAge(&mCacheControlMaxAge); 1084 } 1085 1086 void nsHttpResponseHead::ParsePragma(const char* val) { 1087 LOG(("nsHttpResponseHead::ParsePragma [val=%s]\n", val)); 1088 1089 if (!(val && *val)) { 1090 // clear no-cache flag 1091 mPragmaNoCache = false; 1092 return; 1093 } 1094 1095 // Although 'Pragma: no-cache' is not a standard HTTP response header (it's a 1096 // request header), caching is inhibited when this header is present so as to 1097 // match existing Navigator behavior. 1098 mPragmaNoCache = nsHttp::FindToken(val, "no-cache", HTTP_HEADER_VALUE_SEPS); 1099 } 1100 1101 nsresult nsHttpResponseHead::ParseResponseContentLength( 1102 const nsACString& aHeaderStr) { 1103 int64_t contentLength = 0; 1104 // Ref: https://fetch.spec.whatwg.org/#content-length-header 1105 // Step 1. Let values be the result of getting, decoding, and splitting 1106 // `Content - Length` from headers. 1107 // Step 1 is done by the caller 1108 // Step 2. If values is null, then return null. 1109 if (aHeaderStr.IsEmpty()) { 1110 return NS_ERROR_NOT_AVAILABLE; 1111 } 1112 1113 // Step 3 Let candidateValue be null. 1114 Maybe<nsAutoCString> candidateValue; 1115 // Step 4 For each value of values 1116 for (const nsACString& token : 1117 nsCCharSeparatedTokenizerTemplate< 1118 NS_IsAsciiWhitespace, nsTokenizerFlags::IncludeEmptyTokenAtEnd>( 1119 aHeaderStr, ',') 1120 .ToRange()) { 1121 // Step 4.1 If candidateValue is null, then set candidateValue to value. 1122 if (candidateValue.isNothing()) { 1123 candidateValue.emplace(token); 1124 } 1125 // Step 4.2 Otherwise, if value is not candidateValue, return failure. 1126 if (candidateValue.value() != token) { 1127 return NS_ERROR_ILLEGAL_VALUE; 1128 } 1129 } 1130 // Step 5 If candidateValue is the empty string or has a code point that is 1131 // not an ASCII digit, then return null. 1132 if (candidateValue.isNothing()) { 1133 return NS_ERROR_NOT_AVAILABLE; 1134 } 1135 1136 // Step 6 Return candidateValue, interpreted as decimal number contentLength 1137 const char* end = nullptr; 1138 if (!net::nsHttp::ParseInt64(candidateValue->get(), &end, &contentLength)) { 1139 return NS_ERROR_NOT_AVAILABLE; 1140 } 1141 1142 if (*end != '\0') { 1143 // a number was parsed by ParseInt64 but candidateValue contains non-numeric 1144 // characters 1145 return NS_ERROR_NOT_AVAILABLE; 1146 } 1147 1148 mContentLength = contentLength; 1149 return NS_OK; 1150 } 1151 1152 nsresult nsHttpResponseHead::VisitHeaders( 1153 nsIHttpHeaderVisitor* visitor, nsHttpHeaderArray::VisitorFilter filter) { 1154 RecursiveMutexAutoLock monitor(mRecursiveMutex); 1155 mInVisitHeaders = true; 1156 nsresult rv = mHeaders.VisitHeaders(visitor, filter); 1157 mInVisitHeaders = false; 1158 return rv; 1159 } 1160 1161 namespace { 1162 class ContentTypeOptionsVisitor final : public nsIHttpHeaderVisitor { 1163 public: 1164 NS_DECL_ISUPPORTS 1165 1166 ContentTypeOptionsVisitor() = default; 1167 1168 NS_IMETHOD 1169 VisitHeader(const nsACString& aHeader, const nsACString& aValue) override { 1170 if (!mHeaderPresent) { 1171 mHeaderPresent = true; 1172 } else { 1173 // multiple XCTO headers in response, merge them 1174 mContentTypeOptionsHeader.Append(", "_ns); 1175 } 1176 mContentTypeOptionsHeader.Append(aValue); 1177 return NS_OK; 1178 } 1179 1180 void GetMergedHeader(nsACString& aValue) { 1181 aValue = mContentTypeOptionsHeader; 1182 } 1183 1184 private: 1185 ~ContentTypeOptionsVisitor() = default; 1186 bool mHeaderPresent{false}; 1187 nsAutoCString mContentTypeOptionsHeader; 1188 }; 1189 1190 NS_IMPL_ISUPPORTS(ContentTypeOptionsVisitor, nsIHttpHeaderVisitor) 1191 } // namespace 1192 1193 nsresult nsHttpResponseHead::GetOriginalHeader(const nsHttpAtom& aHeader, 1194 nsIHttpHeaderVisitor* aVisitor) { 1195 RecursiveMutexAutoLock monitor(mRecursiveMutex); 1196 mInVisitHeaders = true; 1197 nsresult rv = mHeaders.GetOriginalHeader(aHeader, aVisitor); 1198 mInVisitHeaders = false; 1199 return rv; 1200 } 1201 1202 bool nsHttpResponseHead::HasContentType() const { 1203 RecursiveMutexAutoLock monitor(mRecursiveMutex); 1204 return !mContentType.IsEmpty(); 1205 } 1206 1207 bool nsHttpResponseHead::HasContentCharset() { 1208 RecursiveMutexAutoLock monitor(mRecursiveMutex); 1209 return !mContentCharset.IsEmpty(); 1210 } 1211 1212 bool nsHttpResponseHead::GetContentTypeOptionsHeader(nsACString& aOutput) { 1213 aOutput.Truncate(); 1214 1215 nsAutoCString contentTypeOptionsHeader; 1216 // We need to fetch original headers and manually merge them because empty 1217 // header values are not retrieved with GetHeader. Ref - Bug 1819642 1218 RefPtr<ContentTypeOptionsVisitor> visitor = new ContentTypeOptionsVisitor(); 1219 (void)GetOriginalHeader(nsHttp::X_Content_Type_Options, visitor); 1220 visitor->GetMergedHeader(contentTypeOptionsHeader); 1221 if (contentTypeOptionsHeader.IsEmpty()) { 1222 // if there is no XCTO header, then there is nothing to do. 1223 return false; 1224 } 1225 1226 // XCTO header might contain multiple values which are comma separated, so: 1227 // a) let's skip all subsequent values 1228 // e.g. " NoSniFF , foo " will be " NoSniFF " 1229 int32_t idx = contentTypeOptionsHeader.Find(","); 1230 if (idx >= 0) { 1231 contentTypeOptionsHeader = Substring(contentTypeOptionsHeader, 0, idx); 1232 } 1233 // b) let's trim all surrounding whitespace 1234 // e.g. " NoSniFF " -> "NoSniFF" 1235 nsHttp::TrimHTTPWhitespace(contentTypeOptionsHeader, 1236 contentTypeOptionsHeader); 1237 1238 aOutput.Assign(contentTypeOptionsHeader); 1239 return true; 1240 } 1241 1242 } // namespace net 1243 } // namespace mozilla