OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 609 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
620 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) | 620 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) |
621 { | 621 { |
622 if (!m_document || !RuntimeEnabledFeatures::experimentalContentSecurityPolic
yFeaturesEnabled()) | 622 if (!m_document || !RuntimeEnabledFeatures::experimentalContentSecurityPolic
yFeaturesEnabled()) |
623 return; | 623 return; |
624 | 624 |
625 KURL url = fetchRequest.resourceRequest().url(); | 625 KURL url = fetchRequest.resourceRequest().url(); |
626 | 626 |
627 // Tack a 'Prefer' header to outgoing navigational requests, as described in | 627 // Tack a 'Prefer' header to outgoing navigational requests, as described in |
628 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect | 628 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect |
629 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne && !SecurityOrigin::isSecure(url)) | 629 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne && !SecurityOrigin::isSecure(url)) |
630 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Prefer", "retu
rn=secure-representation"); | 630 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Prefer", "tls"
); |
631 | 631 |
632 if (m_document->insecureRequestsPolicy() == SecurityContext::InsecureRequest
sUpgrade && url.protocolIs("http")) { | 632 if (m_document->insecureRequestsPolicy() == SecurityContext::InsecureRequest
sUpgrade && url.protocolIs("http")) { |
633 // We always upgrade subresource requests and nested frames, we always u
pgrade form | 633 // We always upgrade subresource requests and nested frames, we always u
pgrade form |
634 // submissions, and we always upgrade requests whose host matches the ho
st of the | 634 // submissions, and we always upgrade requests whose host matches the ho
st of the |
635 // containing document's security origin. | 635 // containing document's security origin. |
636 // | 636 // |
637 // FIXME: We need to check the document that set the policy, not the cur
rent document. | 637 // FIXME: We need to check the document that set the policy, not the cur
rent document. |
638 const ResourceRequest& request = fetchRequest.resourceRequest(); | 638 const ResourceRequest& request = fetchRequest.resourceRequest(); |
639 if (request.frameType() == WebURLRequest::FrameTypeNone | 639 if (request.frameType() == WebURLRequest::FrameTypeNone |
640 || request.frameType() == WebURLRequest::FrameTypeNested | 640 || request.frameType() == WebURLRequest::FrameTypeNested |
641 || request.requestContext() == WebURLRequest::RequestContextForm | 641 || request.requestContext() == WebURLRequest::RequestContextForm |
642 || url.host() == document()->securityOrigin()->host()) | 642 || url.host() == document()->securityOrigin()->host()) |
643 { | 643 { |
644 url.setProtocol("https"); | 644 url.setProtocol("https"); |
645 if (url.port() == 80) | 645 if (url.port() == 80) |
646 url.setPort(443); | 646 url.setPort(443); |
647 fetchRequest.mutableResourceRequest().setURL(url); | 647 fetchRequest.mutableResourceRequest().setURL(url); |
| 648 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Upgraded",
"1"); |
648 } | 649 } |
649 } | 650 } |
650 } | 651 } |
651 | 652 |
652 void FrameFetchContext::addClientHintsIfNecessary(FetchRequest& fetchRequest) | 653 void FrameFetchContext::addClientHintsIfNecessary(FetchRequest& fetchRequest) |
653 { | 654 { |
654 if (!frame() || !RuntimeEnabledFeatures::clientHintsEnabled() || !m_document
) | 655 if (!frame() || !RuntimeEnabledFeatures::clientHintsEnabled() || !m_document
) |
655 return; | 656 return; |
656 | 657 |
657 if (frame()->shouldSendDPRHint()) | 658 if (frame()->shouldSendDPRHint()) |
658 fetchRequest.mutableResourceRequest().addHTTPHeaderField("DPR", AtomicSt
ring(String::number(m_document->devicePixelRatio()))); | 659 fetchRequest.mutableResourceRequest().addHTTPHeaderField("DPR", AtomicSt
ring(String::number(m_document->devicePixelRatio()))); |
659 | 660 |
660 // FIXME: Send the RW hint based on the actual resource width, when we have
it. | 661 // FIXME: Send the RW hint based on the actual resource width, when we have
it. |
661 if (frame()->shouldSendRWHint() && frame()->view()) | 662 if (frame()->shouldSendRWHint() && frame()->view()) |
662 fetchRequest.mutableResourceRequest().addHTTPHeaderField("RW", AtomicStr
ing(String::number(frame()->view()->viewportWidth()))); | 663 fetchRequest.mutableResourceRequest().addHTTPHeaderField("RW", AtomicStr
ing(String::number(frame()->view()->viewportWidth()))); |
663 } | 664 } |
664 | 665 |
665 DEFINE_TRACE(FrameFetchContext) | 666 DEFINE_TRACE(FrameFetchContext) |
666 { | 667 { |
667 visitor->trace(m_document); | 668 visitor->trace(m_document); |
668 FetchContext::trace(visitor); | 669 FetchContext::trace(visitor); |
669 } | 670 } |
670 | 671 |
671 } // namespace blink | 672 } // namespace blink |
OLD | NEW |