1 // Copyright 2012 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_HTTP_HTTP_SECURITY_HEADERS_H_ 6 #define NET_HTTP_HTTP_SECURITY_HEADERS_H_ 7 8 #include <stdint.h> 9 10 #include <string> 11 12 #include "base/time/time.h" 13 #include "net/base/hash_value.h" 14 #include "net/base/net_export.h" 15 16 namespace net { 17 18 const uint32_t kMaxHSTSAgeSecs = 86400 * 365; // 1 year 19 20 // RFC7469 suggests that 60 days is a reasonable maximum max-age value 21 // http://tools.ietf.org/html/rfc7469#section-4.1 22 const uint32_t kMaxHPKPAgeSecs = 86400 * 60; // 60 days 23 24 // Parses |value| as a Strict-Transport-Security header value. If successful, 25 // returns true and sets |*max_age| and |*include_subdomains|. 26 // Otherwise returns false and leaves the output parameters unchanged. 27 // 28 // value is the right-hand side of: 29 // 30 // "Strict-Transport-Security" ":" 31 // [ directive ] *( ";" [ directive ] ) 32 bool NET_EXPORT_PRIVATE ParseHSTSHeader(const std::string& value, 33 base::TimeDelta* max_age, 34 bool* include_subdomains); 35 36 } // namespace net 37 38 #endif // NET_HTTP_HTTP_SECURITY_HEADERS_H_ 39