[libsoup/content-sniffing-update: 3/7] Implement handling of the X-Content-Type-Options header



commit 1fd0e3664644dd93812c04c118ebe7ede72cec14
Author: Gustavo Noronha Silva <gns gnome org>
Date:   Sun Dec 8 20:04:48 2013 +0100

    Implement handling of the X-Content-Type-Options header

 libsoup/soup-content-sniffer.c |    7 ++++++-
 tests/sniffing-test.c          |   27 +++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletions(-)
---
diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
index 2c60649..d27ef45 100644
--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -477,6 +477,7 @@ soup_content_sniffer_real_sniff (SoupContentSniffer *sniffer, SoupMessage *msg,
                                 SoupBuffer *buffer, GHashTable **params)
 {
        const char *content_type;
+       const char *x_content_type_options;
 
        content_type = soup_message_headers_get_content_type (msg->response_headers, params);
 
@@ -489,7 +490,11 @@ soup_content_sniffer_real_sniff (SoupContentSniffer *sniffer, SoupMessage *msg,
            !g_ascii_strcasecmp (content_type, "*/*"))
                return sniff_unknown (sniffer, buffer, FALSE);
 
-       /* TODO: 2. no-sniff flag handling. */
+       /* 2. If nosniff is specified in X-Content-Type-Options use the supplied MIME type. */
+       x_content_type_options = soup_message_headers_get_one (msg->response_headers, 
"X-Content-Type-Options");
+       if ((x_content_type_options != NULL) &&
+           g_str_equal (x_content_type_options, "nosniff"))
+               return g_strdup (content_type);
 
        /* 3. check-for-apache-bug */
        if ((content_type != NULL) &&
diff --git a/tests/sniffing-test.c b/tests/sniffing-test.c
index 584fa13..ab8dbf3 100644
--- a/tests/sniffing-test.c
+++ b/tests/sniffing-test.c
@@ -59,6 +59,30 @@ server_callback (SoupServer *server, SoupMessage *msg,
                                             "Content-Type", "text/plain");
        }
 
+       if (g_str_has_prefix (path, "/nosniff/")) {
+               char *base_name = g_path_get_basename (path);
+               char *file_name = g_strdup_printf (SRCDIR "/resources/%s", base_name);
+
+               g_file_get_contents (file_name,
+                                    &contents, &length,
+                                    &error);
+
+               g_free (base_name);
+               g_free (file_name);
+
+               if (error) {
+                       g_error ("%s", error->message);
+                       g_error_free (error);
+                       exit (1);
+               }
+
+               soup_message_headers_append (msg->response_headers,
+                                            "X-Content-Type-Options", "nosniff");
+
+               soup_message_headers_append (msg->response_headers,
+                                            "Content-Type", "no/sniffing-allowed");
+       }
+
        if (g_str_has_prefix (path, "/text_or_binary/") || g_str_has_prefix (path, "/apache_bug/")) {
                char *base_name = g_path_get_basename (path);
                char *file_name = g_strdup_printf (SRCDIR "/resources/%s", base_name);
@@ -519,6 +543,9 @@ main (int argc, char **argv)
        test_sniffing ("/apache_bug/text_binary.txt", "application/octet-stream");
        test_sniffing ("/apache_bug/text.txt", "text/plain");
 
+       /* X-Content-Type-Options: nosniff */
+       test_sniffing ("/nosniff/home.gif", "no/sniffing-allowed");
+
        /* GIF is a 'safe' type */
        test_sniffing ("/text_or_binary/home.gif", "image/gif");
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]