nsresult
nsHttpHeaderArray::SetHeaderFromNet(nsHttpAtom header, const nsACString &value)
{
nsEntry *entry = nsnull;
PRInt32 index;
index = LookupEntry(header, &entry);
if (!entry) {
if (value.IsEmpty()) {
if (!TrackEmptyHeader(header)) {
LOG(("Ignoring Empty Header: %s\n", header.get()));
return NS_OK; // ignore empty headers by default
}
}
entry = mHeaders.AppendElement(); //new nsEntry(header, value);
if (!entry)
return NS_ERROR_OUT_OF_MEMORY;
entry->header = header;
entry->value = value;
} else if (!IsSingletonHeader(header)) {
MergeHeader(header, entry, value);
} else {
// Multiple instances of non-mergeable header received from network
// - ignore if same value
if (!entry->value.Equals(value)) {
if (IsSuspectDuplicateHeader(header)) {
// reply may be corrupt/hacked (ex: CLRF injection attacks)
return NS_ERROR_CORRUPTED_CONTENT;
} // else silently drop value: keep value from 1st header seen
LOG(("Header %s silently dropped as non mergeable header\n",
header.get()));
}
}
return NS_OK;
}
nsresult
nsHttpHeaderArray::SetHeaderFromNet(nsHttpAtom header,
const nsACString &value,
bool response)
{
// mHeader holds the consolidated (merged or updated) headers.
// mHeader for response header will keep the original heades as well.
nsEntry *entry = nullptr;
LookupEntry(header, &entry);
if (!entry) {
if (value.IsEmpty()) {
if (!gHttpHandler->KeepEmptyResponseHeadersAsEmtpyString() &&
!TrackEmptyHeader(header)) {
LOG(("Ignoring Empty Header: %s\n", header.get()));
if (response) {
// Set header as original but not as response header.
return SetHeader_internal(header, value,
eVarietyResponseNetOriginal);
}
return NS_OK; // ignore empty headers by default
}
}
HeaderVariety variety = eVarietyRequestOverride;
if (response) {
variety = eVarietyResponseNetOriginalAndResponse;
}
return SetHeader_internal(header, value, variety);
} else if (!IsSingletonHeader(header)) {
HeaderVariety variety = eVarietyRequestOverride;
if (response) {
variety = eVarietyResponse;
}
nsresult rv = MergeHeader(header, entry, value, variety);
if (NS_FAILED(rv)) {
return rv;
}
if (response) {
rv = SetHeader_internal(header, value,
eVarietyResponseNetOriginal);
}
return rv;
} else {
// Multiple instances of non-mergeable header received from network
// - ignore if same value
if (!entry->value.Equals(value)) {
if (IsSuspectDuplicateHeader(header)) {
// reply may be corrupt/hacked (ex: CLRF injection attacks)
return NS_ERROR_CORRUPTED_CONTENT;
} // else silently drop value: keep value from 1st header seen
LOG(("Header %s silently dropped as non mergeable header\n",
header.get()));
}
if (response) {
return SetHeader_internal(header, value,
eVarietyResponseNetOriginal);
}
}
return NS_OK;
}