xref: /aosp_15_r20/external/cronet/net/http/http_security_headers.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b)
1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_HTTP_HTTP_SECURITY_HEADERS_H_
6 #define NET_HTTP_HTTP_SECURITY_HEADERS_H_
7 
8 #include <stdint.h>
9 
10 #include <string>
11 
12 #include "base/time/time.h"
13 #include "net/base/hash_value.h"
14 #include "net/base/net_export.h"
15 
16 namespace net {
17 
18 const uint32_t kMaxHSTSAgeSecs = 86400 * 365;  // 1 year
19 
20 // RFC7469 suggests that 60 days is a reasonable maximum max-age value
21 // http://tools.ietf.org/html/rfc7469#section-4.1
22 const uint32_t kMaxHPKPAgeSecs = 86400 * 60;  // 60 days
23 
24 // Parses |value| as a Strict-Transport-Security header value. If successful,
25 // returns true and sets |*max_age| and |*include_subdomains|.
26 // Otherwise returns false and leaves the output parameters unchanged.
27 //
28 // value is the right-hand side of:
29 //
30 // "Strict-Transport-Security" ":"
31 //     [ directive ]  *( ";" [ directive ] )
32 bool NET_EXPORT_PRIVATE ParseHSTSHeader(const std::string& value,
33                                         base::TimeDelta* max_age,
34                                         bool* include_subdomains);
35 
36 }  // namespace net
37 
38 #endif  // NET_HTTP_HTTP_SECURITY_HEADERS_H_
39