Respect the "allowall" value for the X-Frame-Options header, as some

front-ends send this rather than simply omitting the X-Frame-Options
header altogether.

BUG=none
TEST=chrome_frame_unittests.exe

Review URL: http://codereview.chromium.org/404003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@32473 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 20 insertions, 0 deletions

diff --git a/chrome_frame/html_utils.cc b/chrome_frame/html_utils.cc
index 7ab1fd1..e964ab9 100644
--- a/chrome_frame/html_utils.cc
+++ b/chrome_frame/html_utils.cc
@@ -12,6 +12,8 @@
 #include "chrome_frame/utils.h"
 
 const wchar_t kQuotes[] = L"\"'";
+const char kXFrameOptionsHeader[] = "X-Frame-Options";
+const char kXFrameOptionsValueAllowAll[] = "allowall";
 
 HTMLScanner::StringRange::StringRange() {
 }
@@ -352,4 +354,22 @@ std::string GetDefaultUserAgent() {
   return ret;
 }
 
+bool HasFrameBustingHeader(const std::string& http_headers) {
+  net::HttpUtil::HeadersIterator it(
+      http_headers.begin(), http_headers.end(), "\r\n");
+  while (it.GetNext()) {
+    if (it.name() == kXFrameOptionsHeader) {
+      std::string allow_all(kXFrameOptionsValueAllowAll);
+      if (it.values_end() - it.values_begin() != allow_all.length() ||
+          !std::equal(it.values_begin(), it.values_end(),
+              allow_all.begin(),
+              CaseInsensitiveCompareASCII<const char>())) {
+        return true;
+      }
+    }
+  }
+
+  return false;
+}
+
 }  // namespace http_utils