Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(65)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 6873029: Apply HSTS rules to also upgrade ws:// -> wss:// if appropriate. This avoids (Closed)

Created:
9 years, 8 months ago by Chris Evans
Modified:
9 years, 6 months ago
CC:
chromium-reviews, darin-cc_chromium.org, cbentzel+watch_chromium.org, jam, pam+watch_chromium.org
Visibility:
Public.

Description

Apply HSTS rules to also upgrade ws:// -> wss:// if appropriate. This avoids a minor issue whereby failure to set a cookie "Secure" can get leaked via a WebSocket when http itself is mitiagted. TEST=WebSocketJobTest.HSTSUpgrade Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=82069

Patch Set 1 #

Patch Set 2 : '' #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+68 lines, -20 lines) Patch
M content/browser/renderer_host/socket_stream_host.cc View 1 chunk +2 lines, -1 line 0 comments Download
M net/socket_stream/socket_stream_job.h View 1 2 chunks +4 lines, -1 line 1 comment Download
M net/socket_stream/socket_stream_job.cc View 2 chunks +19 lines, -2 lines 0 comments Download
M net/url_request/url_request_context.h View 1 chunk +3 lines, -0 lines 0 comments Download
M net/url_request/url_request_context.cc View 1 chunk +9 lines, -0 lines 1 comment Download
M net/url_request/url_request_http_job.h View 1 chunk +0 lines, -2 lines 0 comments Download
M net/url_request/url_request_http_job.cc View 4 chunks +3 lines, -13 lines 0 comments Download
M net/websockets/websocket_job_unittest.cc View 1 4 chunks +26 lines, -0 lines 0 comments Download
M webkit/tools/test_shell/simple_socket_stream_bridge.cc View 1 chunk +2 lines, -1 line 0 comments Download

Messages

Total messages: 10 (0 generated)
Chris Evans
(Simpler than it looks - some of the change is a minor refactor to share ...
9 years, 8 months ago (2011-04-16 03:37:05 UTC) #1
abarth-chromium
Test?
9 years, 8 months ago (2011-04-16 03:58:07 UTC) #2
Chris Evans
On 2011/04/16 03:58:07, abarth wrote: > Test? Good idea, test added. WebSocketJobTest.HSTSUpgrade
9 years, 8 months ago (2011-04-16 06:25:31 UTC) #3
abarth-chromium
LGTM, but you'll probably also need review from a net OWNER.
9 years, 8 months ago (2011-04-16 06:56:05 UTC) #4
darin1
LGTM
9 years, 8 months ago (2011-04-19 04:45:28 UTC) #5
willchan no longer on Chromium
Who reviewed this that was in net/OWNERS? Do I have to use set noparent? :( ...
9 years, 7 months ago (2011-04-29 18:47:13 UTC) #6
willchan no longer on Chromium
http://codereview.chromium.org/6873029/diff/3003/net/socket_stream/socket_stream_job.h File net/socket_stream/socket_stream_job.h (right): http://codereview.chromium.org/6873029/diff/3003/net/socket_stream/socket_stream_job.h#newcode37 net/socket_stream/socket_stream_job.h:37: const URLRequestContext& context); Please pass in the exact dependencies. ...
9 years, 7 months ago (2011-04-29 19:09:46 UTC) #7
cevans
Thanks Will and sorry you weren't on the original review. I filed http://code.google.com/p/chromium/issues/detail?id=81009 against myself ...
9 years, 7 months ago (2011-04-29 19:14:49 UTC) #8
willchan no longer on Chromium
Np, thanks for being willing to address it post-commit. I'm doing a lot of work ...
9 years, 7 months ago (2011-04-29 19:16:32 UTC) #9
darin (slow to review)
9 years, 7 months ago (2011-04-29 19:24:42 UTC) #10 
IIRC, I was asked to review the webkit/* changes in this patch.  I should
have
made note of that in my LGTM comment.

-Darin


On Fri, Apr 29, 2011 at 11:47 AM, <willchan@chromium.org> wrote:

> Who reviewed this that was in net/OWNERS? Do I have to use set noparent? :(
>
> On 2011/04/19 04:45:28, darin1 wrote:
>
>> LGTM
>>
>
>
>
> http://codereview.chromium.org/6873029/
>

Powered by Google App Engine
This is Rietveld 408576698