Chromium Code Reviews Chromium Code Reviews
Issue 14421:
Command line switch for the ultra security concious: --force-https!... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | |
| 8 #include "base/command_line.h" | |
| 7 #include "base/compiler_specific.h" | 9 #include "base/compiler_specific.h" |
| 8 #include "base/file_util.h" | 10 #include "base/file_util.h" |
| 9 #include "base/file_version_info.h" | 11 #include "base/file_version_info.h" |
| 10 #include "base/message_loop.h" | 12 #include "base/message_loop.h" |
| 11 #include "base/string_util.h" | 13 #include "base/string_util.h" |
| 12 #include "net/base/cookie_monster.h" | 14 #include "net/base/cookie_monster.h" |
| 13 #include "net/base/filter.h" | 15 #include "net/base/filter.h" |
| 14 #include "net/base/load_flags.h" | 16 #include "net/base/load_flags.h" |
| 15 #include "net/base/net_errors.h" | 17 #include "net/base/net_errors.h" |
| 16 #include "net/base/net_util.h" | 18 #include "net/base/net_util.h" |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 30 | 32 |
| 31 if (!net::IsPortAllowedByDefault(request->url().IntPort())) | 33 if (!net::IsPortAllowedByDefault(request->url().IntPort())) |
| 32 return new URLRequestErrorJob(request, net::ERR_UNSAFE_PORT); | 34 return new URLRequestErrorJob(request, net::ERR_UNSAFE_PORT); |
| 33 | 35 |
| 34 if (!request->context() || | 36 if (!request->context() || |
| 35 !request->context()->http_transaction_factory()) { | 37 !request->context()->http_transaction_factory()) { |
| 36 NOTREACHED() << "requires a valid context"; | 38 NOTREACHED() << "requires a valid context"; |
| 37 return new URLRequestErrorJob(request, net::ERR_INVALID_ARGUMENT); | 39 return new URLRequestErrorJob(request, net::ERR_INVALID_ARGUMENT); |
| 38 } | 40 } |
| 39 | 41 |
| 42 // We cache the value of the switch because this code path is hit on every | |
| 43 // network request. | |
| 44 static const bool kForceHTTPS = | |
| 45 CommandLine().HasSwitch(switches::kForceHTTPS); | |
|
wtc
2008/12/15 18:14:15
Nit: this line seems to be over-indented.
| |
| 46 if (kForceHTTPS && scheme == "http") | |
|
jar (doing other things)
2008/12/15 08:34:17
Perhaps you should even be more aggressive and use
| |
| 47 return new URLRequestErrorJob(request, net::ERR_DISALLOWED_URL_SCHEME); | |
| 48 | |
| 40 return new URLRequestHttpJob(request); | 49 return new URLRequestHttpJob(request); |
| 41 } | 50 } |
| 42 | 51 |
| 43 URLRequestHttpJob::URLRequestHttpJob(URLRequest* request) | 52 URLRequestHttpJob::URLRequestHttpJob(URLRequest* request) |
| 44 : URLRequestJob(request), | 53 : URLRequestJob(request), |
| 45 transaction_(NULL), | 54 transaction_(NULL), |
| 46 response_info_(NULL), | 55 response_info_(NULL), |
| 47 proxy_auth_state_(net::AUTH_STATE_DONT_NEED_AUTH), | 56 proxy_auth_state_(net::AUTH_STATE_DONT_NEED_AUTH), |
| 48 server_auth_state_(net::AUTH_STATE_DONT_NEED_AUTH), | 57 server_auth_state_(net::AUTH_STATE_DONT_NEED_AUTH), |
| 49 ALLOW_THIS_IN_INITIALIZER_LIST( | 58 ALLOW_THIS_IN_INITIALIZER_LIST( |
| (...skipping 318 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 368 // If the transaction was destroyed, then the job was cancelled, and | 377 // If the transaction was destroyed, then the job was cancelled, and |
| 369 // we can just ignore this notification. | 378 // we can just ignore this notification. |
| 370 if (!transaction_.get()) | 379 if (!transaction_.get()) |
| 371 return; | 380 return; |
| 372 | 381 |
| 373 // Clear the IO_PENDING status | 382 // Clear the IO_PENDING status |
| 374 SetStatus(URLRequestStatus()); | 383 SetStatus(URLRequestStatus()); |
| 375 | 384 |
| 376 if (result == net::OK) { | 385 if (result == net::OK) { |
| 377 NotifyHeadersComplete(); | 386 NotifyHeadersComplete(); |
| 378 } else if (net::IsCertificateError(result)) { | 387 } else if (net::IsCertificateError(result) && |
| 388 !CommandLine().HasSwitch(switches::kForceHTTPS)) { | |
| 379 // We encountered an SSL certificate error. Ask our delegate to decide | 389 // We encountered an SSL certificate error. Ask our delegate to decide |
| 380 // what we should do. | 390 // what we should do. |
| 381 // TODO(wtc): also pass ssl_info.cert_status, or just pass the whole | 391 // TODO(wtc): also pass ssl_info.cert_status, or just pass the whole |
| 382 // ssl_info. | 392 // ssl_info. |
| 383 request_->delegate()->OnSSLCertificateError( | 393 request_->delegate()->OnSSLCertificateError( |
| 384 request_, result, transaction_->GetResponseInfo()->ssl_info.cert); | 394 request_, result, transaction_->GetResponseInfo()->ssl_info.cert); |
| 385 } else { | 395 } else { |
| 386 NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, result)); | 396 NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, result)); |
| 387 } | 397 } |
| 388 } | 398 } |
| (...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 535 DCHECK(response_cookies_.empty()); | 545 DCHECK(response_cookies_.empty()); |
| 536 | 546 |
| 537 std::string name = "Set-Cookie"; | 547 std::string name = "Set-Cookie"; |
| 538 std::string value; | 548 std::string value; |
| 539 | 549 |
| 540 void* iter = NULL; | 550 void* iter = NULL; |
| 541 while (response_info_->headers->EnumerateHeader(&iter, name, &value)) | 551 while (response_info_->headers->EnumerateHeader(&iter, name, &value)) |
| 542 response_cookies_.push_back(value); | 552 response_cookies_.push_back(value); |
| 543 } | 553 } |
| 544 | 554 |
| OLD | NEW |
