CSP 1.1: Experiment with 'reflected-xss' directive.
authormkwst@chromium.org <mkwst@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 24 Feb 2013 22:40:23 +0000 (22:40 +0000)
committermkwst@chromium.org <mkwst@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 24 Feb 2013 22:40:23 +0000 (22:40 +0000)
commit7aaa83b87efcb1b9725a526c3d50dd5c674c2296
tree32074d548debb905cdfe6c144d95bd057be20d03
parentf6e6ac238038294cce051ca5f702668b73cd1fbc
CSP 1.1: Experiment with 'reflected-xss' directive.
https://bugs.webkit.org/show_bug.cgi?id=104479

Reviewed by Adam Barth.

Source/WebCore:

Content Security Policy 1.1 defines a 'reflected-xss' directive that
works in much the same way as WebKit's current 'X-XSS-Protection'
header[1]. This patch implements the new directive by parsing it
inside ContentSecurityPolicy, and exposing that state to XSSAuditor.

XSSAuditor now grabs the CSP directive's state, and mixes it with the
X-XSS-Protection header's state to determine how the page should be
handled. Moreover, both headers' states are now expressed in terms of
ContentSecurityPolicy::ReflectedXSSDisposition.

[1]: https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#reflected-xss--experimental

Tests: http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-allow.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-filter.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-invalid.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-unset.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-allow.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-filter.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-invalid.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-unset.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-allow.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-filter.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-invalid.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-unset.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-allow.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-filter.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-invalid.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-unset.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid.html
       http/tests/security/contentSecurityPolicy/1.1/reflected-xss-parsing.html

* html/parser/XSSAuditor.cpp:
(WebCore::combineXSSProtectionHeaderAndCSP):
    Given both headers' states, return the state which the XSSAuditor
    should use when parsing a page. Blocking overrides filtering, which
    overrides disabling.
(WebCore):
(WebCore::XSSAuditor::init):
    Process the 'X-XSS-Protection' header before grabbing the CSP
    header's state. Both are passed into the new
    combineXSSProtectionHeaderAndCSP method to generate the final
    state that ought to be used.
(WebCore::XSSAuditor::XSSAuditor):
(WebCore::XSSAuditor::filterToken):
* html/parser/XSSAuditor.h:
    Switch to ContentSecurityPolicy::ReflectedXSSDisposition internally
    in XSSAuditor.
* page/ContentSecurityPolicy.cpp:
(WebCore::CSPDirectiveList::reflectedXSSDisposition):
    Enum defining the possible state of the 'reflected-xss' CSP directive.
(CSPDirectiveList):
(WebCore::CSPDirectiveList::CSPDirectiveList):
(WebCore::CSPDirectiveList::parseReflectedXSS):
    Given a 'reflected-xss' directive's value, set the
    ReflectedXSSDisposition into a new property on the CSPDirectiveList.
(WebCore):
(WebCore::CSPDirectiveList::addDirective):
    Accept 'reflected-xss' as a valid directive if we're in
    experimental mode.
(WebCore::ContentSecurityPolicy::reflectedXSSDisposition):
    Expose the directive's state via the public API.
(WebCore::ContentSecurityPolicy::reportInvalidReflectedXSS):
    Generate console errors when invalid reflected-xss directive values
    are encounted during parsing.
* page/ContentSecurityPolicy.h:
* platform/network/HTTPParsers.cpp:
(WebCore::parseXSSProtectionHeader):
* platform/network/HTTPParsers.h:
(WebCore):
    Start using ContentSecurityPolicy::ReflectedXSSDisposition rather
    than the XSSProtectionDisposition enum.

LayoutTests:

* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-allow-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-allow.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-filter-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-filter.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-invalid-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-invalid.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-unset-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-unset.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-allow-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-allow.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-filter-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-filter.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-invalid-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-invalid.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-unset-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-unset.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-allow-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-allow.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-filter-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-filter.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-invalid-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-invalid.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-unset-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-unset.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-allow-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-allow.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-filter-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-filter.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-invalid-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-invalid.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-unset-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-unset.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-parsing-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-parsing.html: Added.
* http/tests/security/contentSecurityPolicy/resources/reflected-xss-and-xss-protection.js: Added.
(testMixedHeader):
(frameLoaded):
(frameErrored):
* http/tests/security/xssAuditor/resources/echo-intertag.pl:
    Added the ability to send an 'X-WebKit-CSP' header to test 'reflected-xss' behavior.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@143880 268f45cc-cd09-0410-ab3c-d52691b4dbfc
72 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-allow-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-allow.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-filter-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-filter.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-invalid-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-invalid.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-unset-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-unset.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-allow-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-allow.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-filter-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-filter.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-invalid-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-invalid.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-unset-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-unset.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-allow-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-allow.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-filter-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-filter.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-invalid-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-invalid.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-unset-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-unset.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-allow-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-allow.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-filter-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-filter.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-invalid-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-invalid.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-unset-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-unset.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-parsing-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reflected-xss-parsing.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/resources/reflected-xss-and-xss-protection.js [new file with mode: 0644]
LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl
Source/WebCore/ChangeLog
Source/WebCore/html/parser/XSSAuditor.cpp
Source/WebCore/html/parser/XSSAuditor.h
Source/WebCore/page/ContentSecurityPolicy.cpp
Source/WebCore/page/ContentSecurityPolicy.h
Source/WebCore/platform/network/HTTPParsers.cpp
Source/WebCore/platform/network/HTTPParsers.h