OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 615 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
626 return; | 626 return; |
627 | 627 |
628 KURL url = fetchRequest.resourceRequest().url(); | 628 KURL url = fetchRequest.resourceRequest().url(); |
629 | 629 |
630 // Tack a 'Prefer' header to outgoing navigational requests, as described in | 630 // Tack a 'Prefer' header to outgoing navigational requests, as described in |
631 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect | 631 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect |
632 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne && !SecurityOrigin::isSecure(url)) | 632 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne && !SecurityOrigin::isSecure(url)) |
633 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Prefer", "tls"
); | 633 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Prefer", "tls"
); |
634 | 634 |
635 if (m_document->insecureRequestsPolicy() == SecurityContext::InsecureRequest
sUpgrade && url.protocolIs("http")) { | 635 if (m_document->insecureRequestsPolicy() == SecurityContext::InsecureRequest
sUpgrade && url.protocolIs("http")) { |
636 // We always upgrade subresource requests and nested frames, we always u
pgrade form | 636 ASSERT(m_document->insecureNavigationsToUpgrade()); |
637 // submissions, and we always upgrade requests whose host matches the ho
st of the | 637 |
638 // containing document's security origin. | 638 // We always upgrade requests that meet any of the following criteria: |
639 // | 639 // |
640 // FIXME: We need to check the document that set the policy, not the cur
rent document. | 640 // 1. Are for subresources (including nested frames). |
| 641 // 2. Are form submissions. |
| 642 // 3. Whose hosts are contained in the document's InsecureNavigationSet. |
641 const ResourceRequest& request = fetchRequest.resourceRequest(); | 643 const ResourceRequest& request = fetchRequest.resourceRequest(); |
642 if (request.frameType() == WebURLRequest::FrameTypeNone | 644 if (request.frameType() == WebURLRequest::FrameTypeNone |
643 || request.frameType() == WebURLRequest::FrameTypeNested | 645 || request.frameType() == WebURLRequest::FrameTypeNested |
644 || request.requestContext() == WebURLRequest::RequestContextForm | 646 || request.requestContext() == WebURLRequest::RequestContextForm |
645 || url.host() == m_document->securityOrigin()->host()) | 647 || (!url.host().isNull() && m_document->insecureNavigationsToUpgrade
()->contains(url.host().impl()->hash()))) |
646 { | 648 { |
647 url.setProtocol("https"); | 649 url.setProtocol("https"); |
648 if (url.port() == 80) | 650 if (url.port() == 80) |
649 url.setPort(443); | 651 url.setPort(443); |
650 fetchRequest.mutableResourceRequest().setURL(url); | 652 fetchRequest.mutableResourceRequest().setURL(url); |
651 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Upgraded",
"1"); | 653 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Upgraded",
"1"); |
652 } | 654 } |
653 } | 655 } |
654 } | 656 } |
655 | 657 |
(...skipping 10 matching lines...) Expand all Loading... |
666 fetchRequest.mutableResourceRequest().addHTTPHeaderField("RW", AtomicStr
ing(String::number(frame()->view()->viewportWidth()))); | 668 fetchRequest.mutableResourceRequest().addHTTPHeaderField("RW", AtomicStr
ing(String::number(frame()->view()->viewportWidth()))); |
667 } | 669 } |
668 | 670 |
669 DEFINE_TRACE(FrameFetchContext) | 671 DEFINE_TRACE(FrameFetchContext) |
670 { | 672 { |
671 visitor->trace(m_document); | 673 visitor->trace(m_document); |
672 FetchContext::trace(visitor); | 674 FetchContext::trace(visitor); |
673 } | 675 } |
674 | 676 |
675 } // namespace blink | 677 } // namespace blink |
OLD | NEW |