Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(412)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/renderer_host/resource_dispatcher_host.cc

Issue 3938001: We have to do EV certificate verification for every resource... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Upload before checkin Created 10 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/net/preconnect.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading
6 6
7 #include "chrome/browser/renderer_host/resource_dispatcher_host.h" 7 #include "chrome/browser/renderer_host/resource_dispatcher_host.h"
8 8
9 #include <vector> 9 #include <vector>
10 10
(...skipping 422 matching lines...) Expand 10 before | Expand all | Expand 10 after
433 URLRequest* request = new URLRequest(request_data.url, this); 433 URLRequest* request = new URLRequest(request_data.url, this);
434 request->set_method(request_data.method); 434 request->set_method(request_data.method);
435 request->set_first_party_for_cookies(request_data.first_party_for_cookies); 435 request->set_first_party_for_cookies(request_data.first_party_for_cookies);
436 request->set_referrer(CommandLine::ForCurrentProcess()->HasSwitch( 436 request->set_referrer(CommandLine::ForCurrentProcess()->HasSwitch(
437 switches::kNoReferrers) ? std::string() : request_data.referrer.spec()); 437 switches::kNoReferrers) ? std::string() : request_data.referrer.spec());
438 net::HttpRequestHeaders headers; 438 net::HttpRequestHeaders headers;
439 headers.AddHeadersFromString(request_data.headers); 439 headers.AddHeadersFromString(request_data.headers);
440 request->SetExtraRequestHeaders(headers); 440 request->SetExtraRequestHeaders(headers);
441 441
442 int load_flags = request_data.load_flags; 442 int load_flags = request_data.load_flags;
443 // EV certificate verification could be expensive. We don't want to spend 443 // Although EV status is irrelevant to sub-frames and sub-resources, we have
444 // time performing EV certificate verification on all resources because 444 // to perform EV certificate verification on all resources because an HTTP
445 // EV status is irrelevant to sub-frames and sub-resources. 445 // keep-alive connection created to load a sub-frame or a sub-resource could
446 // be reused to load a main frame.
447 load_flags |= net::LOAD_VERIFY_EV_CERT;
446 if (request_data.resource_type == ResourceType::MAIN_FRAME) { 448 if (request_data.resource_type == ResourceType::MAIN_FRAME) {
447 load_flags |= net::LOAD_VERIFY_EV_CERT | net::LOAD_MAIN_FRAME; 449 load_flags |= net::LOAD_MAIN_FRAME;
448 } else if (request_data.resource_type == ResourceType::SUB_FRAME) { 450 } else if (request_data.resource_type == ResourceType::SUB_FRAME) {
449 load_flags |= net::LOAD_SUB_FRAME; 451 load_flags |= net::LOAD_SUB_FRAME;
450 } 452 }
451 // Raw headers are sensitive, as they inclide Cookie/Set-Cookie, so only 453 // Raw headers are sensitive, as they inclide Cookie/Set-Cookie, so only
452 // allow requesting them if requestor has ReadRawCookies permission. 454 // allow requesting them if requestor has ReadRawCookies permission.
453 if ((load_flags & net::LOAD_REPORT_RAW_HEADERS) 455 if ((load_flags & net::LOAD_REPORT_RAW_HEADERS)
454 && !ChildProcessSecurityPolicy::GetInstance()-> 456 && !ChildProcessSecurityPolicy::GetInstance()->
455 CanReadRawCookies(child_id)) { 457 CanReadRawCookies(child_id)) {
456 VLOG(1) << "Denied unathorized request for raw headers"; 458 VLOG(1) << "Denied unathorized request for raw headers";
457 load_flags &= ~net::LOAD_REPORT_RAW_HEADERS; 459 load_flags &= ~net::LOAD_REPORT_RAW_HEADERS;
(...skipping 1470 matching lines...) Expand 10 before | Expand all | Expand 10 after
1928 return is_prefetch_enabled_; 1930 return is_prefetch_enabled_;
1929 } 1931 }
1930 1932
1931 // static 1933 // static
1932 void ResourceDispatcherHost::set_is_prefetch_enabled(bool value) { 1934 void ResourceDispatcherHost::set_is_prefetch_enabled(bool value) {
1933 is_prefetch_enabled_ = value; 1935 is_prefetch_enabled_ = value;
1934 } 1936 }
1935 1937
1936 // static 1938 // static
1937 bool ResourceDispatcherHost::is_prefetch_enabled_ = false; 1939 bool ResourceDispatcherHost::is_prefetch_enabled_ = false;
OLDNEW
« no previous file with comments | « chrome/browser/net/preconnect.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698