| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 267 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 278 int HttpNetworkTransaction::Read(IOBuffer* buf, int buf_len, | 278 int HttpNetworkTransaction::Read(IOBuffer* buf, int buf_len, |
| 279 CompletionCallback* callback) { | 279 CompletionCallback* callback) { |
| 280 DCHECK(buf); | 280 DCHECK(buf); |
| 281 DCHECK_LT(0, buf_len); | 281 DCHECK_LT(0, buf_len); |
| 282 | 282 |
| 283 State next_state = STATE_NONE; | 283 State next_state = STATE_NONE; |
| 284 | 284 |
| 285 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders()); | 285 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders()); |
| 286 if (headers_valid_ && headers.get() && stream_request_.get()) { | 286 if (headers_valid_ && headers.get() && stream_request_.get()) { |
| 287 // We're trying to read the body of the response but we're still trying | 287 // We're trying to read the body of the response but we're still trying |
| 288 // to establish an SSL tunnel through the proxy. We can't read these | 288 // to establish an SSL tunnel through an HTTP proxy. We can't read these |
| 289 // bytes when establishing a tunnel because they might be controlled by | 289 // bytes when establishing a tunnel because they might be controlled by |
| 290 // an active network attacker. We don't worry about this for HTTP | 290 // an active network attacker. We don't worry about this for HTTP |
| 291 // because an active network attacker can already control HTTP sessions. | 291 // because an active network attacker can already control HTTP sessions. |
| 292 // We reach this case when the user cancels a 407 proxy auth prompt. | 292 // We reach this case when the user cancels a 407 proxy auth prompt. We |
| 293 // also don't worry about this for an HTTPS Proxy, because the |
| 294 // communication with the proxy is secure. |
| 293 // See http://crbug.com/8473. | 295 // See http://crbug.com/8473. |
| 294 DCHECK(proxy_info_.is_http() || proxy_info_.is_https()); | 296 DCHECK(proxy_info_.is_http() || proxy_info_.is_https()); |
| 295 DCHECK_EQ(headers->response_code(), 407); | 297 DCHECK_EQ(headers->response_code(), 407); |
| 296 LOG(WARNING) << "Blocked proxy response with status " | 298 LOG(WARNING) << "Blocked proxy response with status " |
| 297 << headers->response_code() << " to CONNECT request for " | 299 << headers->response_code() << " to CONNECT request for " |
| 298 << GetHostAndPort(request_->url) << "."; | 300 << GetHostAndPort(request_->url) << "."; |
| 299 return ERR_TUNNEL_CONNECTION_FAILED; | 301 return ERR_TUNNEL_CONNECTION_FAILED; |
| 300 } | 302 } |
| 301 | 303 |
| 302 // Are we using SPDY or HTTP? | 304 // Are we using SPDY or HTTP? |
| 303 next_state = STATE_READ_BODY; | 305 next_state = STATE_READ_BODY; |
| 304 DCHECK(stream_->GetResponseInfo()->headers); | |
| 305 | 306 |
| 306 read_buf_ = buf; | 307 read_buf_ = buf; |
| 307 read_buf_len_ = buf_len; | 308 read_buf_len_ = buf_len; |
| 308 | 309 |
| 309 next_state_ = next_state; | 310 next_state_ = next_state; |
| 310 int rv = DoLoop(OK); | 311 int rv = DoLoop(OK); |
| 311 if (rv == ERR_IO_PENDING) | 312 if (rv == ERR_IO_PENDING) |
| 312 user_callback_ = callback; | 313 user_callback_ = callback; |
| 313 return rv; | 314 return rv; |
| 314 } | 315 } |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 403 } | 404 } |
| 404 | 405 |
| 405 void HttpNetworkTransaction::OnNeedsClientAuth( | 406 void HttpNetworkTransaction::OnNeedsClientAuth( |
| 406 SSLCertRequestInfo* cert_info) { | 407 SSLCertRequestInfo* cert_info) { |
| 407 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); | 408 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); |
| 408 | 409 |
| 409 response_.cert_request_info = cert_info; | 410 response_.cert_request_info = cert_info; |
| 410 OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED); | 411 OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED); |
| 411 } | 412 } |
| 412 | 413 |
| 414 void HttpNetworkTransaction::OnHttpsProxyTunnelResponse( |
| 415 const HttpResponseInfo& response_info, |
| 416 HttpStream* stream) { |
| 417 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); |
| 418 |
| 419 headers_valid_ = true; |
| 420 response_ = response_info; |
| 421 stream_.reset(stream); |
| 422 stream_request_.reset(); // we're done with the stream request |
| 423 OnIOComplete(ERR_HTTPS_PROXY_TUNNEL_RESPONSE); |
| 424 } |
| 425 |
| 413 bool HttpNetworkTransaction::is_https_request() const { | 426 bool HttpNetworkTransaction::is_https_request() const { |
| 414 return request_->url.SchemeIs("https"); | 427 return request_->url.SchemeIs("https"); |
| 415 } | 428 } |
| 416 | 429 |
| 417 void HttpNetworkTransaction::DoCallback(int rv) { | 430 void HttpNetworkTransaction::DoCallback(int rv) { |
| 418 DCHECK_NE(rv, ERR_IO_PENDING); | 431 DCHECK_NE(rv, ERR_IO_PENDING); |
| 419 DCHECK(user_callback_); | 432 DCHECK(user_callback_); |
| 420 | 433 |
| 421 // Since Run may result in Read being called, clear user_callback_ up front. | 434 // Since Run may result in Read being called, clear user_callback_ up front. |
| 422 CompletionCallback* c = user_callback_; | 435 CompletionCallback* c = user_callback_; |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 528 DCHECK(stream_request_.get()); | 541 DCHECK(stream_request_.get()); |
| 529 return ERR_IO_PENDING; | 542 return ERR_IO_PENDING; |
| 530 } | 543 } |
| 531 | 544 |
| 532 int HttpNetworkTransaction::DoCreateStreamComplete(int result) { | 545 int HttpNetworkTransaction::DoCreateStreamComplete(int result) { |
| 533 if (result == OK) { | 546 if (result == OK) { |
| 534 next_state_ = STATE_INIT_STREAM; | 547 next_state_ = STATE_INIT_STREAM; |
| 535 DCHECK(stream_.get()); | 548 DCHECK(stream_.get()); |
| 536 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { | 549 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { |
| 537 result = HandleCertificateRequest(result); | 550 result = HandleCertificateRequest(result); |
| 551 } else if (result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) { |
| 552 // Return OK and let the caller read the proxy's error page |
| 553 next_state_ = STATE_NONE; |
| 554 return OK; |
| 538 } | 555 } |
| 539 | 556 |
| 540 // At this point we are done with the stream_request_. | 557 // At this point we are done with the stream_request_. |
| 541 stream_request_.reset(); | 558 stream_request_.reset(); |
| 542 return result; | 559 return result; |
| 543 } | 560 } |
| 544 | 561 |
| 545 int HttpNetworkTransaction::DoInitStream() { | 562 int HttpNetworkTransaction::DoInitStream() { |
| 546 DCHECK(stream_.get()); | 563 DCHECK(stream_.get()); |
| 547 next_state_ = STATE_INIT_STREAM_COMPLETE; | 564 next_state_ = STATE_INIT_STREAM_COMPLETE; |
| (...skipping 638 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1186 default: | 1203 default: |
| 1187 return priority; | 1204 return priority; |
| 1188 } | 1205 } |
| 1189 } | 1206 } |
| 1190 | 1207 |
| 1191 | 1208 |
| 1192 | 1209 |
| 1193 #undef STATE_CASE | 1210 #undef STATE_CASE |
| 1194 | 1211 |
| 1195 } // namespace net | 1212 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4935001:
Allow a non-200 (or non-407) response for a CONNECT request from an HTTPS pro... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/