1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/http_log_util.h"
7 #include "base/strings/string_util.h"
8 #include "base/strings/stringprintf.h"
9 #include "net/http/http_auth_challenge_tokenizer.h"
10 #include "net/http/http_util.h"
16 bool ShouldRedactChallenge(HttpAuthChallengeTokenizer
* challenge
) {
17 // Ignore lines with commas, as they may contain lists of schemes, and
18 // the information we want to hide is Base64 encoded, so has no commas.
19 if (challenge
->challenge_text().find(',') != std::string::npos
)
22 std::string scheme
= base::StringToLowerASCII(challenge
->scheme());
27 // Ignore Basic and Digest authentication challenges, as they contain
28 // public information.
29 if (scheme
== "basic" || scheme
== "digest")
37 std::string
ElideHeaderValueForNetLog(NetLogCaptureMode capture_mode
,
38 const std::string
& header
,
39 const std::string
& value
) {
40 std::string::const_iterator redact_begin
= value
.begin();
41 std::string::const_iterator redact_end
= value
.begin();
43 if (redact_begin
== redact_end
&&
44 !capture_mode
.include_cookies_and_credentials()) {
45 // Note: this logic should be kept in sync with stripCookiesAndLoginInfo in
46 // chrome/browser/resources/net_internals/log_view_painter.js.
48 if (base::EqualsCaseInsensitiveASCII(header
, "set-cookie") ||
49 base::EqualsCaseInsensitiveASCII(header
, "set-cookie2") ||
50 base::EqualsCaseInsensitiveASCII(header
, "cookie") ||
51 base::EqualsCaseInsensitiveASCII(header
, "authorization") ||
52 base::EqualsCaseInsensitiveASCII(header
, "proxy-authorization")) {
53 redact_begin
= value
.begin();
54 redact_end
= value
.end();
55 } else if (base::EqualsCaseInsensitiveASCII(header
, "www-authenticate") ||
56 base::EqualsCaseInsensitiveASCII(header
, "proxy-authenticate")) {
57 // Look for authentication information from data received from the server
58 // in multi-round Negotiate authentication.
59 HttpAuthChallengeTokenizer
challenge(value
.begin(), value
.end());
60 if (ShouldRedactChallenge(&challenge
)) {
61 redact_begin
= challenge
.params_begin();
62 redact_end
= challenge
.params_end();
67 if (redact_begin
== redact_end
)
70 return std::string(value
.begin(), redact_begin
) +
71 base::StringPrintf("[%ld bytes were stripped]",
72 static_cast<long>(redact_end
- redact_begin
)) +
73 std::string(redact_end
, value
.end());