#pragma once
#include <wtf/HashSet.h>
#include <wtf/WallTime.h>
#include <wtf/text/StringHash.h>
namespace WebCore {
typedef HashSet<String, ASCIICaseInsensitiveHash> HTTPHeaderSet;
enum class HTTPHeaderName;
enum class XSSProtectionDisposition {
Invalid,
Disabled,
Enabled,
BlockEnabled,
};
enum class ContentTypeOptionsDisposition : bool {
None,
Nosniff
};
enum class XFrameOptionsDisposition : uint8_t {
None,
Deny,
SameOrigin,
AllowAll,
Invalid,
Conflict
};
enum class CrossOriginResourcePolicy {
None,
SameOrigin,
SameSite,
Invalid
};
bool isValidReasonPhrase(const String&);
bool isValidHTTPHeaderValue(const String&);
bool isValidAcceptHeaderValue(const String&);
bool isValidLanguageHeaderValue(const String&);
#if USE(GLIB)
WEBCORE_EXPORT bool isValidUserAgentHeaderValue(const String&);
#endif
bool isValidHTTPToken(const String&);
bool isValidHTTPToken(StringView);
Optional<WallTime> parseHTTPDate(const String&);
String filenameFromHTTPContentDisposition(const String&);
String extractMIMETypeFromMediaType(const String&);
String extractCharsetFromMediaType(const String&);
XSSProtectionDisposition parseXSSProtectionHeader(const String& header, String& failureReason, unsigned& failurePosition, String& reportURL);
AtomString extractReasonPhraseFromHTTPStatusLine(const String&);
WEBCORE_EXPORT XFrameOptionsDisposition parseXFrameOptionsHeader(const String&);
WEBCORE_EXPORT bool parseRange(const String&, long long& rangeOffset, long long& rangeEnd, long long& rangeSuffixLength);
ContentTypeOptionsDisposition parseContentTypeOptionsHeader(StringView header);
size_t parseHTTPHeader(const char* data, size_t length, String& failureReason, StringView& nameStr, String& valueStr, bool strict = true);
size_t parseHTTPRequestBody(const char* data, size_t length, Vector<unsigned char>& body);
bool isForbiddenHeaderName(const String&);
bool isNoCORSSafelistedRequestHeaderName(const String&);
bool isPriviledgedNoCORSRequestHeaderName(const String&);
bool isForbiddenResponseHeaderName(const String&);
bool isForbiddenMethod(const String&);
bool isSimpleHeader(const String& name, const String& value);
bool isCrossOriginSafeHeader(HTTPHeaderName, const HTTPHeaderSet&);
bool isCrossOriginSafeHeader(const String&, const HTTPHeaderSet&);
bool isCrossOriginSafeRequestHeader(HTTPHeaderName, const String&);
String normalizeHTTPMethod(const String&);
bool isSafeMethod(const String&);
WEBCORE_EXPORT CrossOriginResourcePolicy parseCrossOriginResourcePolicyHeader(StringView);
inline bool isHTTPSpace(UChar character)
{
return character <= ' ' && (character == ' ' || character == '\n' || character == '\t' || character == '\r');
}
inline String stripLeadingAndTrailingHTTPSpaces(const String& string)
{
return string.stripLeadingAndTrailingCharacters(isHTTPSpace);
}
inline StringView stripLeadingAndTrailingHTTPSpaces(StringView string)
{
return string.stripLeadingAndTrailingMatchedCharacters(isHTTPSpace);
}
template<class HashType>
bool addToAccessControlAllowList(const String& string, unsigned start, unsigned end, HashSet<String, HashType>& set)
{
StringImpl* stringImpl = string.impl();
if (!stringImpl)
return true;
while (start <= end && isHTTPSpace((*stringImpl)[start]))
++start;
if (start > end)
return true;
while (end && isHTTPSpace((*stringImpl)[end]))
--end;
auto token = string.substring(start, end - start + 1);
if (!isValidHTTPToken(token))
return false;
set.add(WTFMove(token));
return true;
}
template<class HashType = DefaultHash<String>>
Optional<HashSet<String, HashType>> parseAccessControlAllowList(const String& string)
{
HashSet<String, HashType> set;
unsigned start = 0;
size_t end;
while ((end = string.find(',', start)) != notFound) {
if (start != end) {
if (!addToAccessControlAllowList(string, start, end - 1, set))
return { };
}
start = end + 1;
}
if (start != string.length()) {
if (!addToAccessControlAllowList(string, start, string.length() - 1, set))
return { };
}
return set;
}
}