#pragma once
#include <wtf/Forward.h>
#include <wtf/HashSet.h>
#include <wtf/Optional.h>
#include <wtf/WallTime.h>
#include <wtf/text/StringHash.h>
#include <wtf/text/WTFString.h>
namespace WebCore {
typedef HashSet<String, ASCIICaseInsensitiveHash> HTTPHeaderSet;
enum class HTTPHeaderName;
enum class XSSProtectionDisposition {
Invalid,
Disabled,
Enabled,
BlockEnabled,
};
enum ContentTypeOptionsDisposition {
ContentTypeOptionsNone,
ContentTypeOptionsNosniff
};
enum XFrameOptionsDisposition {
XFrameOptionsNone,
XFrameOptionsDeny,
XFrameOptionsSameOrigin,
XFrameOptionsAllowAll,
XFrameOptionsInvalid,
XFrameOptionsConflict
};
enum class CrossOriginResourcePolicy {
None,
SameOrigin,
SameSite,
Invalid
};
enum class CrossOriginWindowPolicy {
Deny,
AllowPostMessage,
Allow,
};
bool isValidReasonPhrase(const String&);
bool isValidHTTPHeaderValue(const String&);
bool isValidAcceptHeaderValue(const String&);
bool isValidLanguageHeaderValue(const String&);
bool isValidHTTPToken(const String&);
bool parseHTTPRefresh(const String& refresh, double& delay, String& url);
std::optional<WallTime> parseHTTPDate(const String&);
String filenameFromHTTPContentDisposition(const String&);
String extractMIMETypeFromMediaType(const String&);
String extractCharsetFromMediaType(const String&);
void findCharsetInMediaType(const String& mediaType, unsigned int& charsetPos, unsigned int& charsetLen, unsigned int start = 0);
XSSProtectionDisposition parseXSSProtectionHeader(const String& header, String& failureReason, unsigned& failurePosition, String& reportURL);
AtomicString extractReasonPhraseFromHTTPStatusLine(const String&);
WEBCORE_EXPORT XFrameOptionsDisposition parseXFrameOptionsHeader(const String&);
WEBCORE_EXPORT bool parseRange(const String&, long long& rangeOffset, long long& rangeEnd, long long& rangeSuffixLength);
ContentTypeOptionsDisposition parseContentTypeOptionsHeader(const String& header);
enum HTTPVersion { Unknown, HTTP_1_0, HTTP_1_1 };
size_t parseHTTPRequestLine(const char* data, size_t length, String& failureReason, String& method, String& url, HTTPVersion&);
size_t parseHTTPHeader(const char* data, size_t length, String& failureReason, StringView& nameStr, String& valueStr, bool strict = true);
size_t parseHTTPRequestBody(const char* data, size_t length, Vector<unsigned char>& body);
void parseAccessControlExposeHeadersAllowList(const String& headerValue, HTTPHeaderSet&);
bool isForbiddenHeaderName(const String&);
bool isForbiddenResponseHeaderName(const String&);
bool isForbiddenMethod(const String&);
bool isSimpleHeader(const String& name, const String& value);
bool isCrossOriginSafeHeader(HTTPHeaderName, const HTTPHeaderSet&);
bool isCrossOriginSafeHeader(const String&, const HTTPHeaderSet&);
bool isCrossOriginSafeRequestHeader(HTTPHeaderName, const String&);
String normalizeHTTPMethod(const String&);
WEBCORE_EXPORT CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(StringView);
CrossOriginWindowPolicy parseCrossOriginWindowPolicyHeader(StringView);
inline bool isHTTPSpace(UChar character)
{
return character <= ' ' && (character == ' ' || character == '\n' || character == '\t' || character == '\r');
}
inline String stripLeadingAndTrailingHTTPSpaces(const String& string)
{
return string.stripLeadingAndTrailingCharacters(isHTTPSpace);
}
inline StringView stripLeadingAndTrailingHTTPSpaces(StringView string)
{
return string.stripLeadingAndTrailingMatchedCharacters(isHTTPSpace);
}
template<class HashType>
void addToAccessControlAllowList(const String& string, unsigned start, unsigned end, HashSet<String, HashType>& set)
{
StringImpl* stringImpl = string.impl();
if (!stringImpl)
return;
while (start <= end && isSpaceOrNewline((*stringImpl)[start]))
++start;
if (start > end)
return;
while (end && isSpaceOrNewline((*stringImpl)[end]))
--end;
set.add(string.substring(start, end - start + 1));
}
template<class HashType = DefaultHash<String>::Hash>
std::optional<HashSet<String, HashType>> parseAccessControlAllowList(const String& string)
{
HashSet<String, HashType> set;
unsigned start = 0;
size_t end;
while ((end = string.find(',', start)) != notFound) {
if (start != end)
addToAccessControlAllowList(string, start, end - 1, set);
start = end + 1;
}
if (start != string.length())
addToAccessControlAllowList(string, start, string.length() - 1, set);
return set;
}
}