Commit e2c95165 authored by bengr's avatar bengr Committed by Commit bot

Maybe add CORS headers to data reduction proxy redirect

When the data reduction proxy responds with a bypass message,
chromium constructs a redirect response and feeds that through
the network stack. This results in the request being retried
directly to the origin. If the original request had an
Origin header, then the manufactured redirect should have the
appropriate CORS headers.

BUG=415644

Review URL: https://codereview.chromium.org/603323002

Cr-Commit-Position: refs/heads/master@{#296942}
parent 5d07d365
......@@ -182,6 +182,20 @@ void OverrideResponseAsRedirect(
(*override_response_headers)->RemoveHeader("Location");
(*override_response_headers)->AddHeader("Location: " +
request->url().spec());
std::string http_origin;
const net::HttpRequestHeaders& request_headers =
request->extra_request_headers();
if (request_headers.GetHeader("Origin", &http_origin)) {
// If this redirect is used in a cross-origin request, add CORS headers to
// make sure that the redirect gets through. Note that the destination URL
// is still subject to the usual CORS policy, i.e. the resource will only
// be available to web pages if the server serves the response with the
// required CORS response headers.
(*override_response_headers)->AddHeader(
"Access-Control-Allow-Origin: " + http_origin);
(*override_response_headers)->AddHeader(
"Access-Control-Allow-Credentials: true");
}
// TODO(bengr): Should we pop_back the request->url_chain?
}
......
......@@ -353,6 +353,50 @@ TEST_F(DataReductionProxyProtocolTest, OverrideResponseAsRedirect) {
}
}
// Tests that the response is correctly overwritten as a redirect with CORS
// headers when an Origin header is provided in the initial request.
TEST_F(DataReductionProxyProtocolTest, OverrideResponseAsRedirectCORS) {
net::TestURLRequestContext context;
const struct {
const char* headers;
const char* expected_headers;
} tests[] = {
{ "HTTP/1.1 200 0K\n"
"Chrome-Proxy: block=1\n"
"Via: 1.1 Chrome-Compression-Proxy\n",
"HTTP/1.1 302 Found\n"
"Chrome-Proxy: block=1\n"
"Via: 1.1 Chrome-Compression-Proxy\n"
"Location: http://www.google.com/\n"
"Access-Control-Allow-Origin: http://www.else.com\n"
"Access-Control-Allow-Credentials: true\n"
},
};
for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
std::string headers(tests[i].headers);
HeadersToRaw(&headers);
scoped_refptr<HttpResponseHeaders> original_response_headers(
new HttpResponseHeaders(headers));
scoped_refptr<HttpResponseHeaders> override_response_headers;
TestDelegate test_delegate;
scoped_ptr<net::URLRequest> request(
context.CreateRequest(GURL("http://www.google.com/"),
net::DEFAULT_PRIORITY,
NULL,
NULL));
request->SetExtraRequestHeaderByName("Origin", "http://www.else.com", true);
OverrideResponseAsRedirect(request.get(), original_response_headers.get(),
&override_response_headers);
int expected_flags = net::LOAD_DISABLE_CACHE | net::LOAD_BYPASS_PROXY;
EXPECT_EQ(expected_flags, request->load_flags());
std::string override_headers;
override_response_headers->GetNormalizedHeaders(&override_headers);
EXPECT_EQ(std::string(tests[i].expected_headers), override_headers);
}
}
// After each test, the proxy retry info will contain zero, one, or two of the
// data reduction proxies depending on whether no bypass was indicated by the
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment