OLD | NEW |
---|---|
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
6 | 6 |
7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/compiler_specific.h" | 9 #include "base/compiler_specific.h" |
10 #include "base/file_util.h" | 10 #include "base/file_util.h" |
(...skipping 28 matching lines...) Expand all Loading... | |
39 int port = request->url().IntPort(); | 39 int port = request->url().IntPort(); |
40 if (!net::IsPortAllowedByDefault(port) && !net::IsPortAllowedByOverride(port)) | 40 if (!net::IsPortAllowedByDefault(port) && !net::IsPortAllowedByOverride(port)) |
41 return new URLRequestErrorJob(request, net::ERR_UNSAFE_PORT); | 41 return new URLRequestErrorJob(request, net::ERR_UNSAFE_PORT); |
42 | 42 |
43 if (!request->context() || | 43 if (!request->context() || |
44 !request->context()->http_transaction_factory()) { | 44 !request->context()->http_transaction_factory()) { |
45 NOTREACHED() << "requires a valid context"; | 45 NOTREACHED() << "requires a valid context"; |
46 return new URLRequestErrorJob(request, net::ERR_INVALID_ARGUMENT); | 46 return new URLRequestErrorJob(request, net::ERR_INVALID_ARGUMENT); |
47 } | 47 } |
48 | 48 |
49 // We cache the value of the switch because this code path is hit on every | 49 if (scheme == "http" && |
50 // network request. | |
51 static const bool kForceHTTPS = | |
52 CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS); | |
53 if (kForceHTTPS && scheme == "http" && | |
54 request->context()->strict_transport_security_state() && | 50 request->context()->strict_transport_security_state() && |
55 request->context()->strict_transport_security_state()->IsEnabledForHost( | 51 request->context()->strict_transport_security_state()->IsEnabledForHost( |
56 request->url().host())) { | 52 request->url().host())) { |
abarth-chromium
2009/09/10 00:59:02
I'm slightly worried about the performance implica
| |
57 DCHECK_EQ(request->url().scheme(), "http"); | 53 DCHECK_EQ(request->url().scheme(), "http"); |
58 url_canon::Replacements<char> replacements; | 54 url_canon::Replacements<char> replacements; |
59 static const char kNewScheme[] = "https"; | 55 static const char kNewScheme[] = "https"; |
60 replacements.SetScheme(kNewScheme, | 56 replacements.SetScheme(kNewScheme, |
61 url_parse::Component(0, strlen(kNewScheme))); | 57 url_parse::Component(0, strlen(kNewScheme))); |
62 GURL new_location = request->url().ReplaceComponents(replacements); | 58 GURL new_location = request->url().ReplaceComponents(replacements); |
63 return new URLRequestRedirectJob(request, new_location); | 59 return new URLRequestRedirectJob(request, new_location); |
64 } | 60 } |
65 | 61 |
66 return new URLRequestHttpJob(request); | 62 return new URLRequestHttpJob(request); |
(...skipping 412 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
479 SetStatus(URLRequestStatus()); | 475 SetStatus(URLRequestStatus()); |
480 } | 476 } |
481 | 477 |
482 NotifyReadComplete(result); | 478 NotifyReadComplete(result); |
483 } | 479 } |
484 | 480 |
485 bool URLRequestHttpJob::ShouldTreatAsCertificateError(int result) { | 481 bool URLRequestHttpJob::ShouldTreatAsCertificateError(int result) { |
486 if (!net::IsCertificateError(result)) | 482 if (!net::IsCertificateError(result)) |
487 return false; | 483 return false; |
488 | 484 |
489 // Hide the fancy processing behind a command line switch. | |
490 if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS)) | |
491 return true; | |
492 | |
493 // Check whether our context is using Strict-Transport-Security. | 485 // Check whether our context is using Strict-Transport-Security. |
494 if (!context_->strict_transport_security_state()) | 486 if (!context_->strict_transport_security_state()) |
495 return true; | 487 return true; |
496 | 488 |
497 return !context_->strict_transport_security_state()->IsEnabledForHost( | 489 return !context_->strict_transport_security_state()->IsEnabledForHost( |
498 request_info_.url.host()); | 490 request_info_.url.host()); |
499 } | 491 } |
500 | 492 |
501 void URLRequestHttpJob::NotifyHeadersComplete() { | 493 void URLRequestHttpJob::NotifyHeadersComplete() { |
502 DCHECK(!response_info_); | 494 DCHECK(!response_info_); |
(...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
691 void* iter = NULL; | 683 void* iter = NULL; |
692 while (response_info_->headers->EnumerateHeader(&iter, name, &value)) | 684 while (response_info_->headers->EnumerateHeader(&iter, name, &value)) |
693 if (request_->context()->InterceptCookie(request_, &value)) | 685 if (request_->context()->InterceptCookie(request_, &value)) |
694 response_cookies_.push_back(value); | 686 response_cookies_.push_back(value); |
695 } | 687 } |
696 | 688 |
697 | 689 |
698 void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() { | 690 void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() { |
699 DCHECK(response_info_); | 691 DCHECK(response_info_); |
700 | 692 |
701 // Hide processing behind a command line flag. | |
702 if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS)) | |
703 return; | |
704 | |
705 // Only process Strict-Transport-Security from HTTPS responses. | 693 // Only process Strict-Transport-Security from HTTPS responses. |
706 if (request_info_.url.scheme() != "https") | 694 if (request_info_.url.scheme() != "https") |
707 return; | 695 return; |
708 | 696 |
709 // Only process Strict-Transport-Security from responses with valid certificat es. | 697 // Only process Strict-Transport-Security from responses with valid certificat es. |
710 if (response_info_->ssl_info.cert_status & net::CERT_STATUS_ALL_ERRORS) | 698 if (response_info_->ssl_info.cert_status & net::CERT_STATUS_ALL_ERRORS) |
711 return; | 699 return; |
712 | 700 |
713 URLRequestContext* ctx = request_->context(); | 701 URLRequestContext* ctx = request_->context(); |
714 if (!ctx || !ctx->strict_transport_security_state()) | 702 if (!ctx || !ctx->strict_transport_security_state()) |
715 return; | 703 return; |
716 | 704 |
717 std::string name = "Strict-Transport-Security"; | 705 std::string name = "Strict-Transport-Security"; |
718 std::string value; | 706 std::string value; |
719 | 707 |
720 void* iter = NULL; | 708 void* iter = NULL; |
721 while (response_info_->headers->EnumerateHeader(&iter, name, &value)) { | 709 while (response_info_->headers->EnumerateHeader(&iter, name, &value)) { |
722 ctx->strict_transport_security_state()->DidReceiveHeader( | 710 ctx->strict_transport_security_state()->DidReceiveHeader( |
723 request_info_.url, value); | 711 request_info_.url, value); |
724 } | 712 } |
725 } | 713 } |
OLD | NEW |