diff --git a/include/capi/cef_resource_handler_capi.h b/include/capi/cef_resource_handler_capi.h index 19593087a..4b073fda3 100644 --- a/include/capi/cef_resource_handler_capi.h +++ b/include/capi/cef_resource_handler_capi.h @@ -33,7 +33,7 @@ // by hand. See the translator.README.txt file in the tools directory for // more information. // -// $hash=64a8d248c8c6c5b17a8ce1bdf79b82e791d87a1a$ +// $hash=e3c016e00f14211a972961650b847d761cec5e25$ // #ifndef CEF_INCLUDE_CAPI_CEF_RESOURCE_HANDLER_CAPI_H_ @@ -80,8 +80,12 @@ typedef struct _cef_resource_handler_t { // (0) or the specified number of bytes have been read. Use the |response| // object to set the mime type, http status code and other optional header // values. To redirect the request to a new URL set |redirectUrl| to the new - // URL. If an error occured while setting up the request you can call - // set_error() on |response| to indicate the error condition. + // URL. |redirectUrl| can be either a relative or fully qualified URL. It is + // also possible to set |response| to a redirect http status code and pass the + // new URL via a Location header. Likewise with |redirectUrl| it is valid to + // set a relative or fully qualified URL as the Location header value. If an + // error occured while setting up the request you can call set_error() on + // |response| to indicate the error condition. /// void(CEF_CALLBACK* get_response_headers)(struct _cef_resource_handler_t* self, struct _cef_response_t* response, diff --git a/include/cef_resource_handler.h b/include/cef_resource_handler.h index 02ccea91f..318667f4c 100644 --- a/include/cef_resource_handler.h +++ b/include/cef_resource_handler.h @@ -71,7 +71,11 @@ class CefResourceHandler : public virtual CefBaseRefCounted { // false or the specified number of bytes have been read. Use the |response| // object to set the mime type, http status code and other optional header // values. To redirect the request to a new URL set |redirectUrl| to the new - // URL. If an error occured while setting up the request you can call + // URL. |redirectUrl| can be either a relative or fully qualified URL. + // It is also possible to set |response| to a redirect http status code + // and pass the new URL via a Location header. Likewise with |redirectUrl| it + // is valid to set a relative or fully qualified URL as the Location header + // value. If an error occured while setting up the request you can call // SetError() on |response| to indicate the error condition. /// /*--cef()--*/ diff --git a/libcef/browser/net/resource_request_job.cc b/libcef/browser/net/resource_request_job.cc index 1499e35af..9a242ebfc 100644 --- a/libcef/browser/net/resource_request_job.cc +++ b/libcef/browser/net/resource_request_job.cc @@ -15,6 +15,7 @@ #include "libcef/common/response_impl.h" #include "base/logging.h" +#include "base/strings/string_util.h" #include "net/base/io_buffer.h" #include "net/base/load_flags.h" #include "net/base/mime_util.h" @@ -27,6 +28,21 @@ using net::URLRequestStatus; namespace { +using HeaderMap = std::multimap; + +struct CaseInsensitiveComparator { + base::StringPiece search; + CaseInsensitiveComparator(const std::string& s) : search(s) {} + bool operator()(const HeaderMap::value_type& p) const { + return base::EqualsCaseInsensitiveASCII(search, p.first.ToString()); + } +}; + +HeaderMap::const_iterator FindHeader(const HeaderMap& m, + const std::string& name) { + return std::find_if(m.begin(), m.end(), CaseInsensitiveComparator(name)); +} + bool SetHeaderIfMissing(CefRequest::HeaderMap& headerMap, const std::string& name, const std::string& value) { @@ -294,7 +310,7 @@ bool CefResourceRequestJob::IsRedirectResponse( if (redirect_url_.is_valid()) { // Redirect to the new URL. *http_status_code = 303; - location->Swap(&redirect_url_); + *location = redirect_url_; redirect = true; } else if (response_.get()) { // Check for HTTP 302 or HTTP 303 redirect. @@ -302,17 +318,29 @@ bool CefResourceRequestJob::IsRedirectResponse( if (status == 302 || status == 303) { CefResponse::HeaderMap headerMap; response_->GetHeaderMap(headerMap); - CefRequest::HeaderMap::iterator iter = headerMap.find("Location"); + CefRequest::HeaderMap::const_iterator iter = + FindHeader(headerMap, "Location"); if (iter != headerMap.end()) { - GURL new_url = GURL(std::string(iter->second)); - *http_status_code = status; - location->Swap(&new_url); - redirect = true; + GURL new_url = request_->url().Resolve(std::string(iter->second)); + if (new_url.is_valid()) { + *http_status_code = status; + *location = new_url; + redirect = true; + } } } } if (redirect) { + if (request_->upgrade_if_insecure()) { + if (location->SchemeIs("http")) { + *insecure_scheme_was_upgraded = true; + GURL::Replacements replacements; + replacements.SetSchemeStr("https"); + *location = location->ReplaceComponents(replacements); + } + } + // Set the correct response status. This avoids a DCHECK in // RedirectInfo::ComputeRedirectInfo. request_->response_headers()->ReplaceStatusLine( @@ -392,7 +420,7 @@ void CefResourceRequestJob::SendHeaders() { if (!redirectUrl.empty()) { std::string redirectUrlStr = redirectUrl; - redirect_url_ = GURL(redirectUrlStr); + redirect_url_ = request_->url().Resolve(redirectUrlStr); } if (remaining_bytes_ > 0) diff --git a/tests/ceftests/urlrequest_unittest.cc b/tests/ceftests/urlrequest_unittest.cc index eee23c113..34540c60d 100644 --- a/tests/ceftests/urlrequest_unittest.cc +++ b/tests/ceftests/urlrequest_unittest.cc @@ -58,6 +58,8 @@ enum RequestTestMode { REQTEST_GET_ALLOWCOOKIES, REQTEST_GET_REDIRECT, REQTEST_GET_REDIRECT_STOP, + REQTEST_GET_REDIRECT_LOCATION, + REQTEST_GET_REDIRECT_INSECURE_UPGR, REQTEST_GET_REFERRER, REQTEST_POST, REQTEST_POST_FILE, @@ -1061,6 +1063,10 @@ class RequestTestRunner : public base::RefCountedThreadSafe { REGISTER_TEST(REQTEST_GET_REDIRECT, SetupGetRedirectTest, SingleRunTest); REGISTER_TEST(REQTEST_GET_REDIRECT_STOP, SetupGetRedirectStopTest, SingleRunTest); + REGISTER_TEST(REQTEST_GET_REDIRECT_LOCATION, SetupGetRedirectLocationTest, + SingleRunTest); + REGISTER_TEST(REQTEST_GET_REDIRECT_INSECURE_UPGR, + SetupGetRedirectInsecureUpgrTest, SingleRunTest); REGISTER_TEST(REQTEST_GET_REFERRER, SetupGetReferrerTest, SingleRunTest); REGISTER_TEST(REQTEST_POST, SetupPostTest, SingleRunTest); REGISTER_TEST(REQTEST_POST_FILE, SetupPostFileTest, SingleRunTest); @@ -1171,12 +1177,16 @@ class RequestTestRunner : public base::RefCountedThreadSafe { } } + std::string GetTestPath(const std::string& name) { + return std::string(run_in_browser_process_ ? "/Browser" : "/Renderer") + + name; + } + std::string GetTestURL(const std::string& name) { // Avoid name duplication between tests running in different processes. // Otherwise we'll get unexpected state leakage (cache hits) when running // multiple tests. - return GetRequestOrigin(is_server_backend_) + "/" + - (run_in_browser_process_ ? "Browser" : "Renderer") + name; + return GetRequestOrigin(is_server_backend_) + GetTestPath(name); } void SetupGetTestShared() { @@ -1278,6 +1288,54 @@ class RequestTestRunner : public base::RefCountedThreadSafe { complete_callback.Run(); } + void SetupGetRedirectLocationTest(const base::Closure& complete_callback) { + // Start with the normal get test. + SetupGetTestShared(); + + // Add a redirect request. + settings_.redirect_request = CefRequest::Create(); + settings_.redirect_request->SetURL(GetTestURL("redirect.html")); + settings_.redirect_request->SetMethod("GET"); + + settings_.redirect_response = CefResponse::Create(); + settings_.redirect_response->SetMimeType("text/html"); + settings_.redirect_response->SetStatus(302); + settings_.redirect_response->SetStatusText("Found"); + + CefResponse::HeaderMap headerMap; + headerMap.insert(std::make_pair("LoCaTioN", GetTestPath("GetTest.html"))); + settings_.redirect_response->SetHeaderMap(headerMap); + + complete_callback.Run(); + } + + void SetupGetRedirectInsecureUpgrTest( + const base::Closure& complete_callback) { + // Start with the normal get test. + SetupGetTestShared(); + + // Add a redirect request. + settings_.redirect_request = CefRequest::Create(); + settings_.redirect_request->SetURL(GetTestURL("redirect.html")); + settings_.redirect_request->SetMethod("GET"); + { + CefRequest::HeaderMap headerMap; + headerMap.insert(std::make_pair("Upgrade-Insecure-Requests", "1")); + settings_.redirect_request->SetHeaderMap(headerMap); + } + + settings_.redirect_response = CefResponse::Create(); + settings_.redirect_response->SetMimeType("text/html"); + settings_.redirect_response->SetStatus(302); + settings_.redirect_response->SetStatusText("Found"); + + CefResponse::HeaderMap headerMap; + headerMap.insert(std::make_pair("location", GetTestPath("GetTest.html"))); + settings_.redirect_response->SetHeaderMap(headerMap); + + complete_callback.Run(); + } + void SetupGetReferrerTest(const base::Closure& complete_callback) { settings_.request = CefRequest::Create(); settings_.request->SetURL(GetTestURL("GetTest.html")); @@ -2250,6 +2308,11 @@ void RegisterURLRequestCustomSchemes( true, test_server_backend); \ REQ_TEST(BrowserGETRedirectStop##suffix, REQTEST_GET_REDIRECT_STOP, \ context_mode, true, test_server_backend); \ + REQ_TEST(BrowserGETRedirectLocation##suffix, REQTEST_GET_REDIRECT_LOCATION, \ + context_mode, true, test_server_backend); \ + REQ_TEST(BrowserGETRedirectInsecureUpgr##suffix, \ + REQTEST_GET_REDIRECT_INSECURE_UPGR, context_mode, true, \ + test_server_backend); \ REQ_TEST(BrowserGETReferrer##suffix, REQTEST_GET_REFERRER, context_mode, \ true, test_server_backend); \ REQ_TEST(BrowserPOST##suffix, REQTEST_POST, context_mode, true, \ @@ -2270,6 +2333,11 @@ void RegisterURLRequestCustomSchemes( false, test_server_backend); \ REQ_TEST(RendererGETRedirectStop##suffix, REQTEST_GET_REDIRECT_STOP, \ context_mode, false, test_server_backend); \ + REQ_TEST(RendererGETRedirectLocation##suffix, REQTEST_GET_REDIRECT_LOCATION, \ + context_mode, false, test_server_backend); \ + REQ_TEST(RendererGETRedirectInsecureUpgr##suffix, \ + REQTEST_GET_REDIRECT_INSECURE_UPGR, context_mode, false, \ + test_server_backend); \ REQ_TEST(RendererGETReferrer##suffix, REQTEST_GET_REFERRER, context_mode, \ false, test_server_backend); \ REQ_TEST(RendererPOST##suffix, REQTEST_POST, context_mode, false, \