SignedExchange: Check if response code is valid.

Bug: 803774 Change-Id: I4ec00babc22db0d0efb96f8481d724e78ee73cca Reviewed-on: https://chromium-review.googlesource.com/c/1313712 Commit-Queue: Kouhei Ueno <kouhei@chromium.org> Reviewed-by: Tsuyoshi Horo <horo@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#605251}

SignedExchange: Check if response code is valid.
Bug: 803774 Change-Id: I4ec00babc22db0d0efb96f8481d724e78ee73cca Reviewed-on: https://chromium-review.googlesource.com/c/1313712 Commit-Queue: Kouhei Ueno <kouhei@chromium.org> Reviewed-by: Tsuyoshi Horo <horo@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#605251}
d75c9507 · Kouhei Ueno · Commit Bot · 45d37acc · d75c9507 · d75c9507
Commit d75c9507 authored Nov 05, 2018 by Kouhei Ueno Committed by Commit Bot Nov 05, 2018
2 changed files
--- a/content/browser/web_package/signed_exchange_envelope.cc
+++ b/content/browser/web_package/signed_exchange_envelope.cc
@@ -180,6 +180,14 @@ bool ParseResponseMap(const cbor::Value& value,
        devtools_proxy, "Failed to parse status code to integer.");
    return false;
  }
+  // TODO(kouhei): Add spec ref here once
+  // https://github.com/WICG/webpackage/issues/326 is resolved.
+  if (response_code != 200) {
+    signed_exchange_utils::ReportErrorAndTraceEvent(devtools_proxy,
+                                                    "Status code is not 200.");
+    return false;
+  }
  out->set_response_code(static_cast<net::HttpStatusCode>(response_code));
  for (const auto& it : response_map) {

--- a/content/browser/web_package/signed_exchange_envelope_unittest.cc
+++ b/content/browser/web_package/signed_exchange_envelope_unittest.cc
@@ -136,6 +136,18 @@ TEST(SignedExchangeEnvelopeTest, UnsafeMethod) {
  ASSERT_FALSE(header.has_value());
 }
+TEST(SignedExchangeEnvelopeTest, InformationalResponseCode) {
+  auto header = GenerateHeaderAndParse(GURL("https://test.example.org/test/"),
+                                       kSignatureString,
+                                       {
+                                           {kMethodKey, "GET"},
+                                       },
+                                       {
+                                           {kStatusKey, "100"},
+                                       });
+  ASSERT_FALSE(header.has_value());
+}
 TEST(SignedExchangeEnvelopeTest, RelativeURL) {
  auto header = GenerateHeaderAndParse(GURL("test/"), kSignatureString,
                                       {
@@ -166,13 +178,12 @@ TEST(SignedExchangeEnvelopeTest, RedirectStatusShouldFail) {
  ASSERT_FALSE(header.has_value());
 }
-TEST(SignedExchangeEnvelopeTest, Status300ShouldSucceed) {
+TEST(SignedExchangeEnvelopeTest, Status300ShouldFail) {
  auto header = GenerateHeaderAndParse(
      GURL("https://test.example.org/test/"), kSignatureString,
      {{kMethodKey, "GET"}},
      {{kStatusKey, "300"}});  // 300 is not a redirect status.
-  ASSERT_TRUE(header.has_value());
+  ASSERT_FALSE(header.has_value());
-  EXPECT_EQ(header->response_code(), static_cast<net::HttpStatusCode>(300u));
 }
 TEST(SignedExchangeEnvelopeTest, StatefulRequestHeader) {