Make URLDataManagerBackend use ResponseHeader::SetHeader()

We want to get rid of the single argument AddHeader() method as the two argument AddHeader() and SetHeader() methods are safer and more flexible. In this case, switching to SetHeader() to make clear that we only expect one instance of each of the headers being set. Bug: 1068194 Change-Id: Ieeeb96ea9b55e8ddb606ee64949d7b3271226aca Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2149686Reviewed-by: dpapad <dpapad@chromium.org> Commit-Queue: dpapad <dpapad@chromium.org> Commit-Queue: Matt Menke <mmenke@chromium.org> Cr-Commit-Position: refs/heads/master@{#759926}

Make URLDataManagerBackend use ResponseHeader::SetHeader()
We want to get rid of the single argument AddHeader() method as the two argument AddHeader() and SetHeader() methods are safer and more flexible. In this case, switching to SetHeader() to make clear that we only expect one instance of each of the headers being set. Bug: 1068194 Change-Id: Ieeeb96ea9b55e8ddb606ee64949d7b3271226aca Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2149686Reviewed-by: dpapad <dpapad@chromium.org> Commit-Queue: dpapad <dpapad@chromium.org> Commit-Queue: Matt Menke <mmenke@chromium.org> Cr-Commit-Position: refs/heads/master@{#759926}
4426a15f · Matt Menke · Commit Bot · 8ef07cd7 · 4426a15f
Commit 4426a15f authored Apr 17, 2020 by Matt Menke Committed by Commit Bot Apr 17, 2020
Show whitespace changes
Inline Side-by-side

Showing with 22 additions and 22 deletions

content/browser/webui/url_data_manager_backend.cc content/browser/webui/url_data_manager_backend.cc +22 -22

No files found.
--- a/content/browser/webui/url_data_manager_backend.cc
+++ b/content/browser/webui/url_data_manager_backend.cc
@@ -51,10 +51,11 @@ namespace content {
 namespace {
-const char kChromeURLContentSecurityPolicyHeaderBase[] =
+const char kChromeURLContentSecurityPolicyHeaderName[] =
-    "Content-Security-Policy: ";
+    "Content-Security-Policy";
-const char kChromeURLXFrameOptionsHeader[] = "X-Frame-Options: DENY";
+const char kChromeURLXFrameOptionsHeaderName[] = "X-Frame-Options";
+const char kChromeURLXFrameOptionsHeaderValue[] = "DENY";
 const char kNetworkErrorKey[] = "netError";
 bool SchemeIsInSchemes(const std::string& scheme,
@@ -139,42 +140,41 @@ scoped_refptr<net::HttpResponseHeaders> URLDataManagerBackend::GetHeaders(
  // that is compatible with a given WebUI URL, and append it to the existing
  // response headers.
  if (source->ShouldAddContentSecurityPolicy()) {
-    std::string base = kChromeURLContentSecurityPolicyHeaderBase;
+    std::string csp_header;
-    base.append(source->GetContentSecurityPolicyScriptSrc());
+    csp_header.append(source->GetContentSecurityPolicyScriptSrc());
-    base.append(source->GetContentSecurityPolicyObjectSrc());
+    csp_header.append(source->GetContentSecurityPolicyObjectSrc());
-    base.append(source->GetContentSecurityPolicyChildSrc());
+    csp_header.append(source->GetContentSecurityPolicyChildSrc());
-    base.append(source->GetContentSecurityPolicyStyleSrc());
+    csp_header.append(source->GetContentSecurityPolicyStyleSrc());
-    base.append(source->GetContentSecurityPolicyImgSrc());
+    csp_header.append(source->GetContentSecurityPolicyImgSrc());
-    base.append(source->GetContentSecurityPolicyWorkerSrc());
+    csp_header.append(source->GetContentSecurityPolicyWorkerSrc());
    // TODO(crbug.com/1051745): Both CSP frame ancestors and XFO headers may be
    // added to the response but frame ancestors would take precedence. In the
    // future, XFO will be removed so when that happens remove the check and
    // always add frame ancestors.
    if (source->ShouldDenyXFrameOptions())
-      base.append(source->GetContentSecurityPolicyFrameAncestors());
+      csp_header.append(source->GetContentSecurityPolicyFrameAncestors());
-    headers->AddHeader(base);
+    headers->SetHeader(kChromeURLContentSecurityPolicyHeaderName, csp_header);
  }
-  if (source->ShouldDenyXFrameOptions())
+  if (source->ShouldDenyXFrameOptions()) {
-    headers->AddHeader(kChromeURLXFrameOptionsHeader);
+    headers->SetHeader(kChromeURLXFrameOptionsHeaderName,
+                       kChromeURLXFrameOptionsHeaderValue);
+  }
  if (!source->AllowCaching())
-    headers->AddHeader("Cache-Control: no-cache");
+    headers->SetHeader("Cache-Control", "no-cache");
  std::string mime_type = source->GetMimeType(path);
-  if (source->ShouldServeMimeTypeAsContentTypeHeader() && !mime_type.empty()) {
+  if (source->ShouldServeMimeTypeAsContentTypeHeader() && !mime_type.empty())
-    std::string content_type = base::StringPrintf(
+    headers->SetHeader(net::HttpRequestHeaders::kContentType, mime_type);
-        "%s:%s", net::HttpRequestHeaders::kContentType, mime_type.c_str());
-    headers->AddHeader(content_type);
-  }
  if (!origin.empty()) {
    std::string header = source->GetAccessControlAllowOriginForOrigin(origin);
    DCHECK(header.empty() || header == origin || header == "*" ||
           header == "null");
    if (!header.empty()) {
-      headers->AddHeader("Access-Control-Allow-Origin: " + header);
+      headers->SetHeader("Access-Control-Allow-Origin", header);
-      headers->AddHeader("Vary: Origin");
+      headers->SetHeader("Vary", "Origin");
    }
  }