Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(87)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/url_request/url_request_http_job.cc

Issue 6873029: Apply HSTS rules to also upgrade ws:// -> wss:// if appropriate. This avoids (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/url_request/url_request_context.cc ('K') | « net/url_request/url_request_http_job.h ('k') | net/websockets/websocket_job_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/url_request/url_request_http_job.h" 5 #include "net/url_request/url_request_http_job.h"
6 6
7 #include "base/base_switches.h" 7 #include "base/base_switches.h"
8 #include "base/command_line.h" 8 #include "base/command_line.h"
9 #include "base/compiler_specific.h" 9 #include "base/compiler_specific.h"
10 #include "base/file_util.h" 10 #include "base/file_util.h"
(...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after
176 NOTREACHED() << "requires a valid context"; 176 NOTREACHED() << "requires a valid context";
177 return new URLRequestErrorJob(request, ERR_INVALID_ARGUMENT); 177 return new URLRequestErrorJob(request, ERR_INVALID_ARGUMENT);
178 } 178 }
179 179
180 TransportSecurityState::DomainState domain_state; 180 TransportSecurityState::DomainState domain_state;
181 if (scheme == "http" && 181 if (scheme == "http" &&
182 request->context()->transport_security_state() && 182 request->context()->transport_security_state() &&
183 request->context()->transport_security_state()->IsEnabledForHost( 183 request->context()->transport_security_state()->IsEnabledForHost(
184 &domain_state, 184 &domain_state,
185 request->url().host(), 185 request->url().host(),
186 IsSNIAvailable(request->context()))) { 186 request->context()->IsSNIAvailable())) {
187 if (domain_state.mode == 187 if (domain_state.mode ==
188 TransportSecurityState::DomainState::MODE_STRICT) { 188 TransportSecurityState::DomainState::MODE_STRICT) {
189 DCHECK_EQ(request->url().scheme(), "http"); 189 DCHECK_EQ(request->url().scheme(), "http");
190 url_canon::Replacements<char> replacements; 190 url_canon::Replacements<char> replacements;
191 static const char kNewScheme[] = "https"; 191 static const char kNewScheme[] = "https";
192 replacements.SetScheme(kNewScheme, 192 replacements.SetScheme(kNewScheme,
193 url_parse::Component(0, strlen(kNewScheme))); 193 url_parse::Component(0, strlen(kNewScheme)));
194 GURL new_location = request->url().ReplaceComponents(replacements); 194 GURL new_location = request->url().ReplaceComponents(replacements);
195 return new URLRequestRedirectJob(request, new_location); 195 return new URLRequestRedirectJob(request, new_location);
196 } else { 196 } else {
(...skipping 461 matching lines...) Expand 10 before | Expand all | Expand 10 after
658 // merges into a SPDY connection to www.example.com, and gets a different 658 // merges into a SPDY connection to www.example.com, and gets a different
659 // certificate. 659 // certificate.
660 const SSLInfo& ssl_info = transaction_->GetResponseInfo()->ssl_info; 660 const SSLInfo& ssl_info = transaction_->GetResponseInfo()->ssl_info;
661 if (result == OK && 661 if (result == OK &&
662 ssl_info.is_valid() && 662 ssl_info.is_valid() &&
663 context_->transport_security_state()) { 663 context_->transport_security_state()) {
664 TransportSecurityState::DomainState domain_state; 664 TransportSecurityState::DomainState domain_state;
665 if (context_->transport_security_state()->IsEnabledForHost( 665 if (context_->transport_security_state()->IsEnabledForHost(
666 &domain_state, 666 &domain_state,
667 request_->url().host(), 667 request_->url().host(),
668 IsSNIAvailable(context_)) && 668 context_->IsSNIAvailable()) &&
669 ssl_info.is_issued_by_known_root && 669 ssl_info.is_issued_by_known_root &&
670 !domain_state.IsChainOfPublicKeysPermitted(ssl_info.public_key_hashes)){ 670 !domain_state.IsChainOfPublicKeysPermitted(ssl_info.public_key_hashes)){
671 result = ERR_CERT_INVALID; 671 result = ERR_CERT_INVALID;
672 } 672 }
673 } 673 }
674 674
675 if (result == OK) { 675 if (result == OK) {
676 SaveCookiesAndNotifyHeadersComplete(); 676 SaveCookiesAndNotifyHeadersComplete();
677 } else if (ShouldTreatAsCertificateError(result)) { 677 } else if (ShouldTreatAsCertificateError(result)) {
678 // We encountered an SSL certificate error. Ask our delegate to decide 678 // We encountered an SSL certificate error. Ask our delegate to decide
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
713 if (result == ERR_CERT_UNABLE_TO_CHECK_REVOCATION) 713 if (result == ERR_CERT_UNABLE_TO_CHECK_REVOCATION)
714 return true; 714 return true;
715 715
716 // Check whether our context is using Strict-Transport-Security. 716 // Check whether our context is using Strict-Transport-Security.
717 if (!context_->transport_security_state()) 717 if (!context_->transport_security_state())
718 return true; 718 return true;
719 719
720 TransportSecurityState::DomainState domain_state; 720 TransportSecurityState::DomainState domain_state;
721 // TODO(agl): don't ignore opportunistic mode. 721 // TODO(agl): don't ignore opportunistic mode.
722 const bool r = context_->transport_security_state()->IsEnabledForHost( 722 const bool r = context_->transport_security_state()->IsEnabledForHost(
723 &domain_state, request_info_.url.host(), IsSNIAvailable(context_)); 723 &domain_state, request_info_.url.host(), context_->IsSNIAvailable());
724 724
725 return !r || domain_state.mode == 725 return !r || domain_state.mode ==
726 TransportSecurityState::DomainState::MODE_OPPORTUNISTIC; 726 TransportSecurityState::DomainState::MODE_OPPORTUNISTIC;
727 } 727 }
728 728
729 void URLRequestHttpJob::RestartTransactionWithAuth( 729 void URLRequestHttpJob::RestartTransactionWithAuth(
730 const string16& username, 730 const string16& username,
731 const string16& password) { 731 const string16& password) {
732 username_ = username; 732 username_ = username;
733 password_ = password; 733 password_ = password;
(...skipping 629 matching lines...) Expand 10 before | Expand all | Expand 10 after
1363 } 1363 }
1364 } 1364 }
1365 1365
1366 bool URLRequestHttpJob::IsCompressibleContent() const { 1366 bool URLRequestHttpJob::IsCompressibleContent() const {
1367 std::string mime_type; 1367 std::string mime_type;
1368 return GetMimeType(&mime_type) && 1368 return GetMimeType(&mime_type) &&
1369 (IsSupportedJavascriptMimeType(mime_type.c_str()) || 1369 (IsSupportedJavascriptMimeType(mime_type.c_str()) ||
1370 IsSupportedNonImageMimeType(mime_type.c_str())); 1370 IsSupportedNonImageMimeType(mime_type.c_str()));
1371 } 1371 }
1372 1372
1373 // static
1374 bool URLRequestHttpJob::IsSNIAvailable(URLRequestContext* context) {
1375 if (!context->ssl_config_service())
1376 return false;
1377
1378 SSLConfig ssl_config;
1379 context->ssl_config_service()->GetSSLConfig(&ssl_config);
1380 return ssl_config.tls1_enabled;
1381 }
1382
1383 } // namespace net 1373 } // namespace net
OLDNEW
« net/url_request/url_request_context.cc ('K') | « net/url_request/url_request_http_job.h ('k') | net/websockets/websocket_job_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698