Add a flags to further control response header persistence. We use this to

filter out Set-Cookie and Set-Cookie2 response headers from being forwarded to the renderer. This serves to prevent the renderer from having any access to HttpOnly cookies, and it also prevents XMLHttpRequest consumers from being able to read cookies in the HTTP response headers. This is consistent with changes made to Firefox and WebKit. Patch by marius.schilder@gmail.com R=deanm,darin Review URL: http://codereview.chromium.org/11264 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@5767 0039d316-1c4b-4281-b951-d872f2087c98
author: darin@chromium.org <darin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2008-11-20 08:14:39 +0000
committer: darin@chromium.org <darin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2008-11-20 08:14:39 +0000
commit: cd5b9a73feb4a4178973ccd571b277fcdd83e590 (patch)
tree: 56dee2f3bc2065f4f44b39d3f8dbc25c568a2dde /chrome/common/render_messages.h
parent: 5103a768ef9ba423590b7417baa3f1bda6daa829 (diff)
download: chromium_src-cd5b9a73feb4a4178973ccd571b277fcdd83e590.zip
chromium_src-cd5b9a73feb4a4178973ccd571b277fcdd83e590.tar.gz
chromium_src-cd5b9a73feb4a4178973ccd571b277fcdd83e590.tar.bz2
1 files changed, 4 insertions, 2 deletions
diff --git a/chrome/common/render_messages.h b/chrome/common/render_messages.h
index d74091a..b359e12 100644
--- a/chrome/common/render_messages.h
+++ b/chrome/common/render_messages.h
@@ -1387,8 +1387,10 @@ struct ParamTraits<scoped_refptr<net::HttpResponseHeaders>> {
   typedef scoped_refptr<net::HttpResponseHeaders> param_type;
   static void Write(Message* m, const param_type& p) {
     WriteParam(m, p.get() != NULL);
-    if (p)
-      p->Persist(m, false);
+    if (p) {
+      // Do not disclose Set-Cookie headers over IPC.
+      p->Persist(m, net::HttpResponseHeaders::PERSIST_SANS_COOKIES);
+    }
   }
   static bool Read(const Message* m, void** iter, param_type* r) {
     bool has_object;
author	darin@chromium.org <darin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2008-11-20 08:14:39 +0000
committer	darin@chromium.org <darin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2008-11-20 08:14:39 +0000
commit	cd5b9a73feb4a4178973ccd571b277fcdd83e590 (patch)
tree	56dee2f3bc2065f4f44b39d3f8dbc25c568a2dde /chrome/common/render_messages.h
parent	5103a768ef9ba423590b7417baa3f1bda6daa829 (diff)
download	chromium_src-cd5b9a73feb4a4178973ccd571b277fcdd83e590.zip chromium_src-cd5b9a73feb4a4178973ccd571b277fcdd83e590.tar.gz chromium_src-cd5b9a73feb4a4178973ccd571b277fcdd83e590.tar.bz2