xref: /aosp_15_r20/external/cronet/net/third_party/quiche/src/quiche/balsa/http_validation_policy.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2022 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef QUICHE_BALSA_HTTP_VALIDATION_POLICY_H_
6 #define QUICHE_BALSA_HTTP_VALIDATION_POLICY_H_
7 
8 #include <ostream>
9 
10 #include "quiche/common/platform/api/quiche_export.h"
11 
12 namespace quiche {
13 
14 // An HttpValidationPolicy captures policy choices affecting parsing of HTTP
15 // requests.  It offers individual Boolean members to be consulted during the
16 // parsing of an HTTP request.  For historical reasons, every member is set up
17 // such that `true` means more strict validation.
18 struct QUICHE_EXPORT HttpValidationPolicy {
19   // https://tools.ietf.org/html/rfc7230#section-3.2.4 deprecates "folding"
20   // of long header lines onto continuation lines.
21   bool disallow_header_continuation_lines = false;
22 
23   // A valid header line requires a header name and a colon.
24   bool require_header_colon = false;
25 
26   // https://tools.ietf.org/html/rfc7230#section-3.3.2 disallows multiple
27   // Content-Length header fields with the same value.
28   bool disallow_multiple_content_length = false;
29 
30   // https://tools.ietf.org/html/rfc7230#section-3.3.2 disallows
31   // Transfer-Encoding and Content-Length header fields together.
32   bool disallow_transfer_encoding_with_content_length = false;
33 
34   // If true, signal an error if Transfer-Encoding has a value other than
35   // "chunked" or "identity", or if there are multiple Transfer-Encoding field
36   // lines. If false, ignore inconsistencies with Transfer-Encoding field lines,
37   // also force `disallow_transfer_encoding_with_content_length` to false, but
38   // still make an effort to determine whether chunked transfer encoding is
39   // indicated.
40   bool validate_transfer_encoding = true;
41 
42   // If true, signal a REQUIRED_BODY_BUT_NO_CONTENT_LENGTH error if a request
43   // with a method POST or PUT, which requires a body, has neither a
44   // "Content-Length" nor a "Transfer-Encoding: chunked" header.
45   bool require_content_length_if_body_required = true;
46 
47   // If true, signal an INVALID_HEADER_NAME_CHARACTER or
48   // INVALID_TRAILER_NAME_CHARACTER error if the header or trailer name contains
49   // the character '"'.
50   bool disallow_double_quote_in_header_name = false;
51 
52   // If true, then signal an INVALID_HEADER_CHARACTER warning or error, or
53   // neither, depending on InvalidCharsLevel, if a response header contains an
54   // invalid character. Invalid characters are always disallowed according to
55   // InvalidCharsLevel in request headers.
56   bool disallow_invalid_header_characters_in_response = false;
57 
58   // If true, then signal an INVALID_HEADER_CHARACTER warning or error, or
59   // neither, depending on InvalidCharsLevel, if a request header value contains
60   // a carriage return that is not succeeded by a line feed.
61   bool disallow_lone_cr_in_request_headers = false;
62 
63   // The RFC is quite specific about chunk extensions formatting, but we only
64   // verify that there are no CR without a subsequent LF.
65   bool disallow_lone_cr_in_chunk_extension = false;
66 };
67 
68 }  // namespace quiche
69 
70 #endif  // QUICHE_BALSA_HTTP_VALIDATION_POLICY_H_
71