Fix proxy CONNECT response handling

Don't trust most non-success responses to a CONNECT request -- as the BUG=
explains, the rest of the stack will treat the response as if it came from
the target server, not the proxy.  This trivially lets a proxy run code as
any HTTPS site the user tries to connect to, which is Very Bad™.

Do, however, accept 302 responses, but sanitize them so they contain only
the Location header and no response body.  Many proxies use this for login
pages, so we can't break it.

Update the HttpProxyClientSocketPool unittests to expect failure in all but
the 302 case, and add a 302-specific test case.

BUG=137891
TEST=Added cases to Http- and SpdyProxyClientSocket unittests.  net_unittests pass.

Review URL: https://chromiumcodereview.appspot.com/10825030

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150749 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 9 insertions, 0 deletions

diff --git a/net/http/http_util.h b/net/http/http_util.h
index 0bc5687..7560b92 100644
--- a/net/http/http_util.h
+++ b/net/http/http_util.h
@@ -194,6 +194,15 @@ class NET_EXPORT HttpUtil {
                                   const std::string& last_modified_header,
                                   const std::string& date_header);
 
+  // Gets a vector of common HTTP status codes for histograms of status
+  // codes.  Currently returns everything in the range [100, 600), plus 0
+  // (for invalid responses/status codes).
+  static std::vector<int> GetStatusCodesForHistogram();
+
+  // Maps an HTTP status code to one of the status codes in the vector
+  // returned by GetStatusCodesForHistogram.
+  static int MapStatusCodeForHistogram(int code);
+
   // Used to iterate over the name/value pairs of HTTP headers.  To iterate
   // over the values in a multi-value header, use ValuesIterator.
   // See AssembleRawHeaders for joining line continuations (this iterator