DescriptionUpgrade insecure requests: Pipe navigational hosts down into nested documents.
After [1], we need to track hosts (including ancestor hosts) that have
set the 'upgrade-insecure-requests' directive in their respective policies
in order to correctly upgrade navigational requests to one of those
hosts.
This patch adds a 'HashSet<unsigned>' to SecurityContext that holds the
hashes of the hosts which have opted-into such treatment, ensures that
the set is correctly populated when creating a Document or applying a
policy, and uses the set to make decisions about navigational upgrades
inside ResourceFetcher.
[1]: https://github.com/w3c/webappsec/commit/f947b75e9b906c53d0bd6e66ca59b60bfe0aa20e
-----------------------------------------------------------------------
This relands https://src.chromium.org/viewvc/blink?view=rev&revision=191421
which was reverted to fix crashes tracked in https://crbug.com/465497.
These crashes turned out to be a different patch's fault, but I've added
a few null checks anyway, as Yoav correctly noted that they were missing.
-----------------------------------------------------------------------
BUG=455674
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=192082
Patch Set 1 #Patch Set 2 : Rebase. #
Total comments: 6
Patch Set 3 : Feedback. #
Total comments: 1
Patch Set 4 : MOARASSERT #
Messages
Total messages: 9 (3 generated)
|