OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/base_switches.h" | 8 #include "base/base_switches.h" |
9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
(...skipping 988 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
999 | 999 |
1000 return !encoding_types.empty() | 1000 return !encoding_types.empty() |
1001 ? Filter::Factory(encoding_types, *filter_context_) : NULL; | 1001 ? Filter::Factory(encoding_types, *filter_context_) : NULL; |
1002 } | 1002 } |
1003 | 1003 |
1004 bool URLRequestHttpJob::IsSafeRedirect(const GURL& location) { | 1004 bool URLRequestHttpJob::IsSafeRedirect(const GURL& location) { |
1005 // We only allow redirects to certain "safe" protocols. This does not | 1005 // We only allow redirects to certain "safe" protocols. This does not |
1006 // restrict redirects to externally handled protocols. Our consumer would | 1006 // restrict redirects to externally handled protocols. Our consumer would |
1007 // need to take care of those. | 1007 // need to take care of those. |
1008 | 1008 |
1009 // This is a special case: we need to disallow redirects to chrome:// | |
1010 // URIs by network resources for security reasons | |
1011 if (location.SchemeIs("chrome")) | |
abarth-chromium
2011/09/12 19:51:21
The net module shouldn't really know anything abou
kenrb
2011/09/12 20:05:05
I know. This is a hack at this point, but the alte
| |
1012 return false; | |
1013 | |
1009 if (!URLRequest::IsHandledURL(location)) | 1014 if (!URLRequest::IsHandledURL(location)) |
abarth-chromium
2011/09/12 19:51:21
Do we think that "chrome" is a handled URL?
kenrb
2011/09/12 20:05:05
Note the ! in the condition. It is not a handled U
rvargas (doing something else)
2011/09/12 21:07:14
I don't think hard coding "chrome:" is a good idea
kenrb
2011/09/13 00:27:53
Sorry, my mistake. I was confusing this with a lis
| |
1010 return true; | 1015 return true; |
1011 | 1016 |
1012 static const char* kSafeSchemes[] = { | 1017 static const char* kSafeSchemes[] = { |
1013 "http", | 1018 "http", |
1014 "https", | 1019 "https", |
1015 "ftp" | 1020 "ftp" |
1016 }; | 1021 }; |
1017 | 1022 |
1018 for (size_t i = 0; i < arraysize(kSafeSchemes); ++i) { | 1023 for (size_t i = 0; i < arraysize(kSafeSchemes); ++i) { |
1019 if (location.SchemeIs(kSafeSchemes[i])) | 1024 if (location.SchemeIs(kSafeSchemes[i])) |
1020 return true; | 1025 return true; |
1021 } | 1026 } |
1022 | 1027 |
1023 return false; | 1028 return false; |
abarth-chromium
2011/09/12 19:51:21
If so, it seems like we should be returning false
| |
1024 } | 1029 } |
1025 | 1030 |
1026 bool URLRequestHttpJob::NeedsAuth() { | 1031 bool URLRequestHttpJob::NeedsAuth() { |
1027 int code = GetResponseCode(); | 1032 int code = GetResponseCode(); |
1028 if (code == -1) | 1033 if (code == -1) |
1029 return false; | 1034 return false; |
1030 | 1035 |
1031 // Check if we need either Proxy or WWW Authentication. This could happen | 1036 // Check if we need either Proxy or WWW Authentication. This could happen |
1032 // because we either provided no auth info, or provided incorrect info. | 1037 // because we either provided no auth info, or provided incorrect info. |
1033 switch (code) { | 1038 switch (code) { |
(...skipping 441 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1475 if (done_) | 1480 if (done_) |
1476 return; | 1481 return; |
1477 done_ = true; | 1482 done_ = true; |
1478 | 1483 |
1479 RecordPerfHistograms(reason); | 1484 RecordPerfHistograms(reason); |
1480 if (reason == FINISHED) | 1485 if (reason == FINISHED) |
1481 RecordCompressionHistograms(); | 1486 RecordCompressionHistograms(); |
1482 } | 1487 } |
1483 | 1488 |
1484 } // namespace net | 1489 } // namespace net |
OLD | NEW |